www.criminalip.io
Open in
urlscan Pro
2606:4700:10::6816:214
Public Scan
Submitted URL: http://criminalip.io/
Effective URL: https://www.criminalip.io/
Submission: On May 06 via manual from US — Scanned from DE
Effective URL: https://www.criminalip.io/
Submission: On May 06 via manual from US — Scanned from DE
Form analysis
1 forms found in the DOM<form class="form">
<div class="searchStyle__SearchInputWrap-sc-2fe4b922-5 julCkv SearchInputWrap "><input data-role="inputbox" maxlength="500" placeholder="Try to search assets with the following filter examples below" autocomplete="off" name="query"
class="searchStyle__SearchInput-sc-2fe4b922-6 ignLtX" value=""><button id="SearchButton" class="searchStyle__SearchButton-sc-2fe4b922-7 gfydR gtm-click-search-button" type="submit" title="search"></button></div>
</form>
Text Content
Cybersecurity Search Engine | Criminal IP Search Engine Products Resources About Contact Us * English * Français * 日本語 * 한국어 * العربية Pricing Login SEARCH FOR INFORMATION ON EVERYTHING CONNECTED TO THE PUBLIC INTERNET. SEARCH FOR INFORMATION ON COMPUTERS CONNECTED TO THE PUBLIC INTERNET. Top 10KeywordIP 1 webcamXP 5’ 1 154.26.164.117 2 webcamxp 2 194.61.24.102 3 webcam 3 85.239.54.2 4 IP Camera 4 162.0.209.47 5 transmission interface 5 109.74.204.123 6 powermta 6 45.143.9.30 7 jenkins 7 91.215.85.142 8 Elasticsearch 8 162.19.101.129 9 open webif 9 164.68.102.223 10 iresponse 10 72.167.150.12 AssetDomainImageHacking GroupExploit AssetDomainImageActorsExploit; Look up my IP addressCreate a Free Account CYBERSECURITY REPORT Cybersecurity Report DETECTING DEVICES VULNERABLE TO PALO ALTO NETWORKS OS COMMAND INJECTION VULNERABILITY CVE-2024-3400 Recently, a random file creation vulnerability ‘CVE-2024-3400′ was discovered in the GlobalProtect function of Palo Alto Networks’ PAN-OS version software. This vulnerability allows an unverified attacker to inject malicious commands and execute arbitrary code with root privileges in the firewall. I 2024.04.26 Cybersecurity Report DETECTING VULNERABLE TELESQUARE DEVICES VIA HTTP SERVER RESPONSE CONTENT LENGTH Recently, a vulnerability that could be remotely attacked was discovered in Telesquare’s wired/wireless Internet router model ‘TLR-2005KSH’. Telesquare is a router product from Korea that supports wired data communication by connecting to 3G/LTE wireless networks. The vulnerability allows unauthoriz 2024.04.15 Cybersecurity Report DETECTING A SERVER EXPOSED TO THE CVSS 10-POINT SCREENCONNECT VULNERABILITY (CVE-2024-1709) A month ago, the security industry faced a major issue with attacks exploiting the ScreenConnect vulnerability in ConnectWise, a company providing remote desktop solutions. ConnectWise ScreenConnect consists of server and client software components, enabling remote desktop access for various compani 2024.03.28 Cybersecurity Report OVER 1,000 DEVICES VULNERABLE TO FORTINET RCE BUG (CVE-2024-21762) Many FortiOS and FortiProxy secure web gateway systems have been discovered still vulnerable to a new Fortinet RCE bug (CVE-2024-21762) disclosed on February 9, 2024. This Fortinet RCE bug is a critical vulnerability that could allow an unauthenticated attacker to remotely execute arbitrary code. CI 2024.03.20 Cybersecurity Report MICROSOFT EXCHANGE SERVER ZERO-DAY: 160,000 UNITS EXPOSED (CVE-2024-21410) Since its disclosure on February 14, 2024, the privilege escalation zero-day vulnerability CVE-2024-21410 for Microsoft Exchange Server has been exploited actively. As per findings from multiple security firms and researchers, around 100,000 Microsoft Exchange servers remain unpatched and vulnerable 2024.02.23 Cybersecurity Report [NOTICE] CHANGES TO CRIMINAL IP PAID PLANS Dear Criminal IP users, First, we would like to express our gratitude to all the users who utilize our service.Extensive data and enhanced search and intelligence capabilities have been added since the official launch of Criminal IP in 2023.We have already made these features accessible to a large n 2024.01.12 Cybersecurity Report DETECTING DEVICES VULNERABLE TO PALO ALTO NETWORKS OS COMMAND INJECTION VULNERABILITY CVE-2024-3400 Recently, a random file creation vulnerability ‘CVE-2024-3400′ was discovered in the GlobalProtect function of Palo Alto Networks’ PAN-OS version software. This vulnerability allows an unverified attacker to inject malicious commands and execute arbitrary code with root privileges in the firewall. I 2024.04.26 Cybersecurity Report DETECTING VULNERABLE TELESQUARE DEVICES VIA HTTP SERVER RESPONSE CONTENT LENGTH Recently, a vulnerability that could be remotely attacked was discovered in Telesquare’s wired/wireless Internet router model ‘TLR-2005KSH’. Telesquare is a router product from Korea that supports wired data communication by connecting to 3G/LTE wireless networks. The vulnerability allows unauthoriz 2024.04.15 Cybersecurity Report DETECTING A SERVER EXPOSED TO THE CVSS 10-POINT SCREENCONNECT VULNERABILITY (CVE-2024-1709) A month ago, the security industry faced a major issue with attacks exploiting the ScreenConnect vulnerability in ConnectWise, a company providing remote desktop solutions. ConnectWise ScreenConnect consists of server and client software components, enabling remote desktop access for various compani 2024.03.28 Cybersecurity Report OVER 1,000 DEVICES VULNERABLE TO FORTINET RCE BUG (CVE-2024-21762) Many FortiOS and FortiProxy secure web gateway systems have been discovered still vulnerable to a new Fortinet RCE bug (CVE-2024-21762) disclosed on February 9, 2024. This Fortinet RCE bug is a critical vulnerability that could allow an unauthenticated attacker to remotely execute arbitrary code. CI 2024.03.20 Cybersecurity Report MICROSOFT EXCHANGE SERVER ZERO-DAY: 160,000 UNITS EXPOSED (CVE-2024-21410) Since its disclosure on February 14, 2024, the privilege escalation zero-day vulnerability CVE-2024-21410 for Microsoft Exchange Server has been exploited actively. As per findings from multiple security firms and researchers, around 100,000 Microsoft Exchange servers remain unpatched and vulnerable 2024.02.23 Cybersecurity Report [NOTICE] CHANGES TO CRIMINAL IP PAID PLANS Dear Criminal IP users, First, we would like to express our gratitude to all the users who utilize our service.Extensive data and enhanced search and intelligence capabilities have been added since the official launch of Criminal IP in 2023.We have already made these features accessible to a large n 2024.01.12 CRIMINAL IP SEARCH TIP HOW TO USE A LINK SCANNER TO IDENTIFY USPS PHISHING SITES AND TEXT SCAMS Recently, the results of a security company investigation showing that the traffic of domains impersonating USPS was significantly higher than the actual traffic on the official website was reported in various global media, and it has become an issue.In this article, we aim to explore how phishing attackers are exploiting USPS impersonation domains. Additionally, we will share how to use the Domain Search link scanner feature of the threat intelligence search engine Criminal IP to identify text scams exploiting suspicious phishing sites.Subtle Techniques of USPS Phishing Sites and Text Scams In 2001, USPS reportedly sent over 103.6 billion delivery status emails to users. This high volume indicates the widespread use of USPS services in the United States. Nowadays, with the prevalence of mobile text services that are more convenient than email systems, checking real-time delivery status has become easier. However, along with the convenience of mobile services, there is also a rise in text scams targeting parcel users. If you examine the URLs inserted in text messages sent as USPS text scams, you’ll often find domains using keywords like “Track,” “Monitor,” or “Package” to entice users waiting for their parcels to click on them.Examples of SMS messages sent by domains impersonating USPSAccording to a report, Akamai, a distributed computing specialist, analyzed suspicious USPS phishing SMS messages redirecting to domains containing malicious JavaScript code for five months. The analysis revealed that the total number of queries from USPS phishing sites using popular top-level domains (TLDs) such as “.com,” “.top,” “.shop,” “.xyz,” “.org,” and “.info” exceeded one million. Moreover, starting from late November into the winter holiday season, the total queries from phishing sites surpassed those from the official site usps.com. Clicking on the malicious URLs inserted in SMS messages could lead to the leakage of sensitive information such as user account details and card information linked to mobile devices.Statistics on the number of queries for USPS impersonation domains. Source: AkamaiStatistics of USPS Phishing Sites Detected by AI Link ScannersWe analyzed USPS phishing sites detected by the AI link scanner extension Criminal IP over the past 8 months. Similar to Akamai’s analysis insights, there was a significant increase in phishing sites during the year-end and early-year period when parcel usage was high. In January, which saw the highest detection of phishing sites, a total of 323 domains impersonating USPS were discovered in one month. Recently, there have been around 100 to 200 phishing sites detected per month. USPS phishing site statistics detected by AI link scanner extension Criminal IPThe more famous the service, the easier it is for cyber attackers to be targeted by phishing attacks. Also, as can be seen from statistics, during periods when attacks occur a lot, the number of domains blocked due to victims’ reports or cyber investigations also increases, and more new phishing sites are created.Identifying USPS Phishing Sites With a Real-time Link ScannerDue to their notoriety, USPS phishing sites are swiftly generated and taken down. This rapid turnover means that victims are repeatedly targeted with new smishing attacks featuring freshly inserted phishing sites, making it increasingly difficult to discern legitimate links from fraudulent ones. What’s needed in such situations is a real-time link scanner and URL inspection tool. Criminal IP’s Domain Search allows users to input suspicious URLs and scan them to detect phishing sites in real-time. We recently scanned the domain of the USPS phishing site used in the smithing attack into Domain Search.The URL for the phishing site is usps-pr [.] helptme [.] top/address.html, which uses the .top top-level domain, and the URI also contains USPS strings and keywords that induce users to click, such as helpme.Check the USPS phishing site link scanner scan results: https://www.criminalip.io/domain/report?scan_id=12637492USPS phishing site scanned using real-time link scanner Criminal IP Domain SearchThe scan results reveal that the site has been assessed with a critical domain score of 99% in terms of risk level and is a newly created domain, active for less than a month. Furthermore, within the HTML code, there are embedded redirection events commonly associated with malicious intent. The site’s favicon is also identified as a fraudulent favicon. Most importantly, the AI analysis indicates a very high likelihood of phishing with a Probability of Phishing URL at 96.38%.Phishing attacks such as USPS phishing and text scams, which are popular among attackers, frequently employ new domains. Therefore, it’s wise to employ scanning tools or threat intelligence to prevent such attacks. If you receive a text containing an unsolicited package or mail delivery tracking link, it’s crucial to scan it with Criminal IP before clicking to verify the legitimacy of the elements mentioned. It’s important to avoid clicking on domains used in phishing attacks because they can lead to the download of malicious code or the leakage of information just by accessing them. The Criminal IP link scan results include screenshot data, enabling you to view the access screen of the domain without actually visiting the phishing site. The left image shows the actual USPS official site’s shipment tracking screen, while the right image displays the screen of the phishing site scanned with Domain Search. Comparing the two screens, you can see that USPS phishing sites are crafted with sophistication, making them appear genuine enough to prompt victims to enter personal information without suspicion.Comparison between the actual USPS shipment tracking screen (left) and the phishing site’s screen (right)Prevent Text Scam With Criminal IP Domain SearchThe rapid advancement of AI technology has led to a significant increase in domains impersonating not just USPS but also numerous global brands, resulting in a rise in phishing attack incidents. As phishing sites become more sophisticated and faster, it’s crucial to enhance prevention methods accordingly. When identifying suspicious domains, using Criminal IP’s Domain Search as a link scanner enables you to not only detect phishing but also access detailed security intelligence about each component of the domain. It is advisable to utilize Criminal IP Domain Search to scan the domain address and mitigate the risk of falling victim to text scams when accessing a suspicious site.For more information, check out the article: Can Threat Intelligence Detect QR Code Phishing That Evades Spam Blocking Solutions?This report is based on data from Criminal IP, a Cyber Threat Intelligence search engine. Create a free Criminal IP account today to access the search results cited in the report and search for more extensive threat Intelligence.Data source: Criminal IP (https://www.criminalip.io)Related articles: Can Threat Intelligence Detect QR Code Phishing That Evades Spam Blocking Solutions? 2024.05.03 Read More Search DETECTING MESHAGENT C2: HOW TO PREVENT POTENTIAL MALWARE ATTACKS Recently, an incident occurred in which the North Korean hacking group Andariel used the MeshAgent C2 server to spread malware to Korean companies. It is known that Andariel downloaded the MeshAgent C2 server under the name “fav.ico” from an external source and distributed malware such as AndarLoader and ModeLoader to the attack target during the lateral movement.MeshAgent C2 Server Installation LogMeshAgent is a remote management tool that provides a variety of functions such as collecting basic information for remote control, executing commands, offering RDP and VNC functions, along with power and account control. Although Andariel’s abuse of MeshAgent is known for the first time, cyberattacks using MeshAgent C2 servers have occurred frequently. Andariel is also a hacking group that distributes malware by exploiting software installed on attack targets or exploiting vulnerabilities. There are concerns that cyberattacks using MeshAgent will increase in the future. Detection of Exposed MeshAgent C2 ServersSince the search engine Criminal IP tags the IP address where the MeshAgent C2 server is installed, we used the tag filter in Asset Search to search for the MeshAgent C2 server.Search Query: tag: “c2_meshagent”Results of searching exposed MeshAgent C2 servers using the tag filter in Criminal IP Asset SearchA total of 2,136 MeshAgent C2 servers were detected, and some of these servers may be traces of malicious installation by attackers for attacks. In addition, there are concerns that cyberattacks using MeshAgent will become more active in the future, so even servers that are not installed for malicious purposes are more likely to become targets of attacks if exposed externally. Exploiting C2 servers not only distributes malicious code, but also enables malicious activities such as DDoS attacks or cryptocurrency mining through botnets, and can lead to information theft and additional attacks that exploit vulnerabilities within the system. In particular, hacking attacks targeting companies can cause financial damage as well as the leakage of personal and important information, and are a factor that undermines the trustworthiness of companies.The country with the most MeshAgent servers exposed is the United States with 682 servers, followed by Germany and Russia.Statistics of countries with exposed MeshAgent C2 servers confirmed by Criminal IPExposed Remote Administration Pages and C2 ServersIn the search results, the IP address hosting the login page of the open-source remote monitoring and management server “MeshCentral” was exposed and confirmed. The fact that the login page of a remote management system is exposed externally means that it is vulnerable to server infiltration and hacking threats for remote control functions. Hackers can use credential stuffing, default passwords, social engineering techniques, or infected software to discover user account information and attempt to access internal systems.As shown in the screenshot below, it is crucial to take swift action to block external access to exposed remote control systems and allow only authorized access.Login page of MeshCentral, an externally exposed open-source remote monitoring and management serverIn addition to MeshAgent C2 used in this malware distribution attack, C2 servers are also being abused in various cyberattacks. Previously, the CIP blog covered the dark web leak of military documents that exploited the C2 framework and introduced a method for detecting IP addresses that exploit C2 servers to perform malicious network activities. In addition to the queries introduced in the blog, you can use the C2 tag of the Criminal IP below to detect C2 servers that may be exploited for cyberattacks.tag: “C2”tag: “c2_covenant”tag: “c2_metasploit”tag: “c2_posh”Results of searching tag: “C2” in Criminal IP Asset SearchDetecting the external exposure of C2 servers installed on the company’s systems and monitoring internal access to the IP addresses of these C2 servers is crucial from a security standpoint. Using tags in Criminal IP queries greatly helps simplify and streamline cybersecurity and response processes.Criminal IP’s C2 tag can be used from the Pro plan or higher, and in relation to this, you can refer to Chilean Army Documents Leak: Exploiting Cobalt Strike With Rhysida Ransomware. This report is based on data from Criminal IP, a Cyber Threat Intelligence search engine. Sign up for a free Criminal IP account today to explore the search results mentioned in the report and delve into comprehensive threat intelligence.Source: Criminal IP (https://www.criminalip.io)Related Article(s): Chilean Army Documents Leak: Exploiting Cobalt Strike With Rhysida Ransomware 2024.04.09 Read More Search UNCOVERING 57,000 QNAP NAS DEVICES EXPOSED ON THE INTERNET Recently, Taiwanese hardware vendor QNAP successfully prevented an attack by removing malicious servers used for brute-force attacks targeting the QNAP NAS (Network Attached Storage) devices. This attack was possible due to the exposed devices using weak passwords.QNAP successfully blocked hundreds of zombie IP addresses within 7 hours using QuFirewall, a default firewall built into QNAP devices. They also identified the source of the C C (Command Control) servers within 48 hours. Fortunately, the quick responses prevented further attacks on numerous QNAP NAS devices exposed online.Uncovering Externally Exposed QNAP NAS DevicesThe exposed QNAP NAS devices are a regular target of brute-force attacks. In the event of a brute-force attack, a ransomware attack is also plausible to happen. Despite QNAP reacting quickly to mitigate attack damages, the exposed NAS devices remain a target for attackers.By utilizing the product filter in Criminal IP Asset Search, you can find QNAP servers connected to the internet.Search Query: “product:QNAP”Searching for exposed QNAP servers using the product filter in Criminal IP Asset SearchThe search revealed more than 57,000 servers still running exposed QNAP NAS devices.While not all servers are at risk of brute-force attacks or ransomware, attackers will prioritize targeting externally exposed NAS devices when identifying potential victims. If you use weak passwords on any of these devices/servers, your information could be stolen through a brute-force attack. Moreover, you may even suffer economic damages from a ransomware attack. Countries with externally exposed QNAP NAS devices confirmed by Criminal IPAccording to country statistics on exposed QNAP devices, Germany has the highest number with 6,700, followed by Italy and Taiwan. Even if it is not a QNAP device, all externally exposed NAS servers can easily be targeted by attackers. Because NAS is often used for back-ups and sharing sensitive files, it can be targeted by attackers looking to steal, encrypt important documents, as well as install information-stealing malware.QNAP NAS Servers Still VulnerableAmong the exposed QNAP NAS servers searched, many servers are in a dangerous state and are prone to easily being targeted by attackers. By blocking attackers, QNAP has mitigated recent threats, but attackers can have different methods up their sleeves. In the Asset Search report below, you can observe an IP address linked to a QNAP NAS device.There are a total of 7 open ports, a QNAP NAS device is running on port 21, and port 22 is open pertaining to several vulnerabilities. Devices that operate on IP addresses with such vulnerabilities are more susceptible to being targeted by attackers.Searching for vulnerable QNAP NAS servers in Criminal IP Asset SearchIn addition to recent attacks targeting QNAP, an ongoing attack targeting NAS servers is still occurring. Synology, another NAS manufacturer, also warns its customers about brute-force attacks attempted through the botnet: StealthWorker. It advises clients to be aware that successful attacks could lead to ransomware infections and alerts users to pay close attention.To keep your NAS devices safe, QNAP recommends changing the default access port number as well as disabling port forwarding on the router and UPnP on the NAS device. QNAP also urged people to implement appropriate security measures such as strong passwords for their accounts, password policies, and disabling administrator accounts. All businesses and organizations utilizing NAS should follow these vendor recommendations. Furthermore, they should always use tools such as the Criminal IP search engine or Criminal IP ASM (Attack Surface Management) to check for exposed external devices.Also check out our article on Cisco IOS XE Zero-Day Vulnerabilities: Uncovering Over 56,000 Exposed Devices.This report is based on data from Criminal IP, a Cyber Threat Intelligence search engine. Create a free Criminal IP account today to access the search results cited in the report and search for more extensive threat Intelligence.Source: Criminal IP (https://www.criminalip.io)Related Article(s):Cisco IOS XE Zero-Day Vulnerabilities: Uncovering Over 56,000 Exposed Devices 2023.12.05 Read More Search CISCO IOS XE ZERO-DAY VULNERABILITIES: UNCOVERING OVER 56,000 EXPOSED DEVICES Cisco IOS XE zero-day vulnerability has recently become a hot topic in the cybersecurity industry. This particular vulnerability was identified within the Web UI functionality of the IOS XE software developed by Cisco. The zero-day vulnerabilities that are being actively exploited in the actual attacks are CVE-2023-20198 and CVE-2023-20273. Notably, CVE-2023-20198 has been assigned the highest CVSS score of 10, with Cisco describing this vulnerability as “a vulnerability that allows an attacker to access the victim’s system with 15-level privileges. The exploitation of the Cisco IOS XE zero-day vulnerability proves more severe than anticipated, allowing for the execution of all commands and changes to configuration settings. On October 16, Cisco issued a security advisory for these vulnerabilities, highlighting that, at present, the only recommended defense is to disable the Web UI feature of IOS XE.Cisco security advisory on IOS XE zero-day vulnerabilities released on October 16How to Detect Devices Exposed to Cisco IOS XE Zero-Day ThreatsTo identify devices vulnerable to Cisco IOS XE zero-day threats, use the search query ‘WebUI Product: “OpenResty”. This query searches for OpenResty products that run Cisco Web UI and allows you to find Cisco IOS XE Web UI devices that can be accessed from the internet. With the Product Filter in Criminal IP Asset Search, you can search for the IP addresses associated with specific products.Search Query: WebUI product: “OpenResty”Search results for Cisco IOS XE Web UI using product filter in Criminal IP Asset SearchThe search results discovered more than 56,000 Cisco IOS XE devices running on OpenResty servers. Given Cisco’s global popularity, you can see that these devices are being used all around the world. A total of 176 countries appeared to be using Cisco IOS XE Web UI devices. Among them, the United States appeared the most with 9,599 devices, followed by the Philippines with 4,131 devices, and Peru with 4,080 devices.Statistics on countries with Cisco IOS XE Web UI devices confirmed by Criminal IPStatistics for Autonomous System Related Cisco IOS XE Zero-Day DevicesWith the Criminal IP Element Analysis, you can use the as_name filter to check the statistics for the autonomous system using devices related to the Web UI feature.https://www.criminalip.io/intelligence/element-analysis/search?query=WebUI+product%3A+%22OpenResty%22 category=asset element=as_name Statistics for autonomous system related to Cisco IOS XE Web UI devices confirmed by Criminal IP Element AnalysisThe autonomous systems that topped the statistics charts were ISPs providing internet access to households and companies. Filipino telecommunication company Globe Telecoms appeared the most with 2,607 devices, followed by Chilean telecommunication company CTC Corp S.A. Telefonica Empresas with 2,334 devices, and Peruvian telecommunications company America Movil Peru S.A.C with 2,113 devices. No security patch has been released for the existing Cisco IOS XE Web UI zero-day vulnerability. Ongoing research is investigating the potential for further exploits. If you use a Cisco IOS XE device, we recommend staying informed by checking the latest security advisories on the official site.Check out the article on the MOVEit Zero-Day: Detecting Servers Exposed to Data Leak Attacks.This report is based on data from Criminal IP, a Cyber Threat Intelligence search engine. Create a free Criminal IP account today to access the search results cited in the report and search for more extensive threat Intelligence.Source: Criminal IP (https://www.criminalip.io) Related article(s): MOVEit Zero-Day: Detecting Servers Exposed to Data Leak Attacks 2023.11.10 Read More Search BEST PRACTICES CIP WEEKLY DENYLIST: ANONYMOUS IPS IN THE 4TH WEEK OF APRIL Criminal IP identifies and provides IP addresses that have a history of suspicious or malicious activity on the internet, including credential stuffing, indiscriminate brute-force attacks, DDoS attacks, scanning, spam, phishing, hacking, bad reputation, malware, and more.Criminal IP Weekly Denylist 2024.04.26 NEGLECTED BASIC FRAUD RESPONSE STRATEGIES: INSIGHTS FROM CREDIT CARD COMPANIES According to recent coverage in a South Korean daily newspaper, users of a prominent South Korean credit card company (referred to as “Company A”) found themselves victim to unauthorized transactions totaling thousands of dollars on popular domestic online shopping platforms like Coupang and 11Stree 2024.04.18 USE CASE OF CRIMINAL IP FDS ANOMALY DETECTION SOLUTION IN AN E-COMMERCE COMPANY Criminal IP FDS is an AI-based fraud detection solution that is used in various fields such as finance and banking, e-commerce, online games, government and public services, and insurance. In this article, we introduce customer insights and a case study on how Criminal IP FDS improved E-commerce com 2024.03.27 USE CASE OF CRIMINAL IP FDS CREDENTIAL STUFFING PREVENTION SOLUTION IN AN ONLINE GAMING COMPANY Criminal IP FDS is an AI-based fraud detection solution that is used in various fields such as finance and banking, e-commerce, online games, government and public services, and insurance.In this article, we introduce customer insights and a case study on how Criminal IP FDS improved online gaming c 2024.03.25 WHAT'S NEW ON CRIMINAL IP 2024.04.25[#Criminal_IP v1.55.1 Release Note] Updated Free membership plan's features and Pricing page Added Quad9 API Integration Added C2 tags Data added to Domain Search File exposure Please check more details https://blog.criminalip.io/2024/04/25/criminal-ip-v1-55-1-2024-04-25-release-note/… https://blog.criminalip.io/2024/04/25/criminal-ip-v1-55-1-2024-04-25-release-note/2024.03.28[#Criminal_IP v1.53.1 Release Note] Criminal IP FDS Page Opened Criminal IP Menu and Footer Redesigned Two-step Authentication for Login Added Domain / Asset Search API Error Code Added Please check more details https://blog.criminalip.io/2024/03/28/criminal-ip-v1-53-1-2024-03-28-release-note/… https://t.co/nupMP1ZFSx2024.03.14[#Criminal_IP v1.52.1 Release Note] Improved UI for displaying SSL certificate data Improved display of Hacking Group data Changed pagination in search results Adjusted search result scope for Free & non-member users Please check more details https://blog.criminalip.io/2024/03/14/criminal-ip-v1-52-1-2024-03-14-release-note/… https://t.co/8pixnPIJ2X2024.02.28[#Criminal_IP v1.51.1 Release Note] Released Hacking Group (Actors) Intelligence Users can retrieve IOC, IOA, TTP, Software, and the hacking group's activity history to respond to attacks. Added tag: Directory Listing please check more details https://blog.criminalip.io/2024/02/28/criminal-ip-v1-51-1-2024-02-28-release-note/… https://t.co/dGYnbA3K02 Subscribe CYBERSECURITY NEWS 2024.05.02Cobalt's 2024 State of Pentesting Report Reveals Cybersecurity Industry Needs Cobalt, the pioneers of Pentest as a Service (PtaaS) and leading provider of offensive security solutions, today announced its sixth annual State of Pentesting Report. 2024.05.02Bitwarden launches new MFA Authenticator app for iOS, Android Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. 2024.04.30Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023 Google announced they have prevented 2.28 million policy-violating apps from being published in the official Google Play. API INTEGRATION We provide straightforward, easy-to-use APIs that are designed to block risk-scored IPs or malicious domain links. Use Criminal IP code samples to seamlessly integrate all other functions and the database in your organization's infrastructure. Get StartedCode Samples * Identification of VPN/hosting/Tor of the accessed IP * Detection of malicious domain links * Management of attack surface vulnerabilities within an organizational infrastructure → root@criminalip ~ % | { "ip": "8.8.8.8", "score": { "inbound": "Moderate", "outbound": "Low" }, "country": "United States", "country_code": "us", "region": "California", "city": "Los Angeles", "isp": "GOOGLE", "org_name": "Google", "as_no": 15169, "postal_code": "90009", "latitude": 34.0544, "longitude": -118.2441, "status": 200 } → root@criminalip ~ % | HOW API WORKS Criminal IP’s API integration will detect and block potential malicious users accessing login services in real time. FAQMOST FREQUENTLY ASKED QUESTIONS ABOUT CRIMINAL IP Frequently Asked Questions What is Criminal IP? Criminal IP is a Cyber Threat Intelligence (CTI) search engine that scans the open ports of IP addresses worldwide daily to discover all devices connected to the Internet. Using AI-based technology, it identifies malicious IP addresses and domains and provides a 5-level risk assessment. The data is indexed with various filters and tags for effective searching. Additionally, it can be integrated with other systems through an API. What are some functions of Criminal IP? You can search for vulnerabilities and all devices connected to the Internet, such as IP addresses, domains, IoT, and ICS. It provides four search functions: Asset, Domain, Image, and Exploit, and five intelligence functions: Banner Explorer, Vulnerability, Statistics, Element Analysis, and Maps, along with an API. Where can Criminal IP be used? Criminal IP allows you to search or inquire via an API threat intelligence on all devices, servers, and domains connected to the Internet. It can be used for cyber security, attack surface management, penetration testing, vulnerability and malware analysis, as well as for investigation and research. For example, when a new vulnerability or ransomware is discovered, you can determine how many PCs or servers are vulnerable or infected, and check whether the IP address or domain in use is also vulnerable. Additionally, it scans in real-time for malicious URLs generated by hackers and phishing URLs, allowing you to analyze threat information without directly accessing them. To see more examples on how to use Criminal IP, please refer to the Best Practice page. How frequently does Criminal IP update data? Criminal IP constantly collects and updates data in real-time. Which Internet browsers can be used for Criminal IP? As Criminal IP is a web-based search engine, it is accessible via computers, mobile devices, and tablets. It is specially optimized for Chrome browsers. Do I need a separate program installation? Criminal IP does not require a separate program installation. It is available as a SaaS service, accessible from anywhere with Internet access via web, tablet, or mobile devices. Do you have any sample codes for Criminal IP? Criminal IP provides sample codes for each Search and Intelligence function, including API. For more information, please refer to the Sample Code page. How do I create a Criminal IP account? You can create a Criminal IP account on the Register page using your email, Google, or Twitter account. I want to change my account email. Once an email account is created, you cannot change your registered email. If you still need to change it, please contact Customer Support. I would like to receive recent news about Criminal IP. Follow Criminal IP's official Twitter account to receive the latest news about Criminal IP. In addition, you can receive the weekly Criminal IP newsletter by activating the 'Subscribe to the CIP Newsletter' checkbox on the My Information page. Criminal IP Search Quick Guide What is "Asset Search"? Asset Search is a search feature that provides the risk level of an IP address in 5 stages and comprehensive information including Domain, Open Ports, vulnerabilities, WHOIS information, and screenshots associated with that IP address. For more information, please refer to the Asset Search page. What is "Domain Search"? Domain Search is a search feature that provides information about URLs. By scanning a URL, you can check in real-time whether a site is a phishing site or contains malware, as well as the connected IP addresses, subdomains, network logs, and technologies that were used. For more information, please refer to the Domain Search page. What is "Image Search"? Image Search is a search feature that provides image information on devices, websites, and corporate or personal information that are exposed to the Internet. For more information, please refer to the Image Search page. What is "Exploit Search"? Exploit Search is a search feature that maps exploitable vulnerabilities based on searches for CVE IDs, vulnerability types, platforms, and more in real-time. For more information, please refer to the Exploit Search page. What is "Banner Explorer"? Banner Explorer is an intelligence feature that provides threat intelligence information classified into product and service categories such as cryptocurrency, database, and IoT. For more information, please refer to the Banner Explorer page. What is "Vulnerability"? Vulnerability is an intelligence feature that provides information on attack surface exposure and vulnerability of assets via classification by CVE ID and product name, which helps proactively monitor vulnerabilities of the applications in use. For more information, please refer to the Vulnerability page. What is "Statistics"? Statistics is an intelligence feature that provides a dashboard with 10-day statistical graphs that determine the maliciousness of IP addresses and domain information, as well as the presence of VPNs. For more information, please refer to the Statistics page. What is "Element Analysis"? Element Analysis is an intelligence feature that provides the results of analyzing assets and vulnerability data according to the desired filters and elements. For more information, please refer to the Element Analysis page. What is "Maps"? Maps is an intelligence feature that provides a visual representation of the country and location information for an IP address on a map, as well as statistics by AS name, product, and country. For more information, please refer to the Maps page. Which filters are available for "Asset Search"? Asset Search provides filters to enhance search accuracy and convenience. Please refer to the Filters page. Which filters are available for "Image Search"? Image Search provides filters to enhance search accuracy and convenience. Please refer to the Filters page. Which filters are available for "Exploit Search"? Exploit Search provides filters to enhance search accuracy and convenience. Please refer to the Filters page. Which tags can I use for "Asset Search"? Asset Search provides tags to enhance search accuracy and convenience. Please refer to the Tags page. Which tags can I use for "Image Search"? Image Search provides tags to enhance search accuracy and convenience. Please refer to the Tags page. What categories are searchable through "Banner Explorer"? Banner Explorer provides category-specific searches for cryptocurrencies, databases, industrial control systems, IoT, network infrastructure, and video games. For more information, please refer to the Banner Explorer page. Which products are searchable through "Vulnerability"? Vulnerability provides various major product categories such as MySQL, Linux, WebLogic Server, and HTTP server that help you easily search for vulnerabilities in specific products. For more information, please refer to the Vulnerability page. What can I search for on the "Element Analysis" page? You can search for all assets and vulnerabilities collected by Criminal IP by country, service, ASN, product, and port number. API Quick Guide Where can I get an API Key? You can copy your API Key on the My Information page after signing up and logging in to your account. Where can I get the API codes? You can use API codes for each function on the API page. Do I need to use a separate software for API? No separate software is required. How do I make API calls? After copying the issued API Key, you can use the command line on the API page or use various application codes in the GitHub to call the API and check the results as a JSON response. Is there a limit on the number of API calls? The number of available API calls varies depending on the credits provided by each plan. Please refer to the Pricing page for the number of credits provided by each plan. What is the API call speed? When using the Enterprise plan, high-speed APIs within 1 second are supported. For more information, please refer to the Pricing page. Which data can be provided through the API? All threat intelligence of Criminal IP is equally provided as APIs. For more information, please refer to the API page. How can the Criminal IP API be utilized? Criminal IP API can be easily applied to databases and security systems in use. It can be used to block account takeover, credential stuffing, and malicious access by determining the maliciousness and vulnerability information of IPs and domains in real-time, and protect customers and assets. Questions for Membership Do you have a free plan? If a customer creates an account but does not pay for a plan, the Free Membership plan will be automatically applied. Free Membership provides a certain amount of credits that can be used to access Criminal IP features. Once all the free credits have been used, customers can upgrade to a paid plan at any time. Upgrading to a paid plan will provide access to more search criteria and search results. What if the free plan does not meet my needs? You can use three paid plans for monthly subscriptions, Lite, Medium, and Pro. These plans offer a much larger amount of credits than the Free Membership plan and allow you to use more features and filters. Additionally, with the Enterprise plan, you can use all features without any limit on data volume. For more information, please refer to the Pricing page. Is it possible to get unlimited access to the database? Yes, it is possible. With the Enterprise plan, you can use all the data and features without any limitations. For more information, please refer to the Pricing page. How can I check my payment information? You can check your current paid plan, payment history, and payment method information on the My Order page. What if I want to change my plan? If you are currently using the Free Membership, you can choose the appropriate plan on the Pricing page to start subscribing to a paid plan. If you are already using a paid plan, you can change or cancel your plan on the Which payment methods are accepted? Criminal IP offers various payment methods by country. Credit card payment is available by default and simple payment methods such as PayPal are supported. Enterprise customers can Contact Us to select a separate payment option. I want to cancel my plan. You can cancel your plan anytime on the My Order page after logging in to Criminal IP. Even if you cancel your plan, you can continue to use the service until the next regular payment date. If you have any additional questions regarding plan cancellation, please contact customer support at any time. I want to delete my account. After logging into your account, you can access the membership withdrawal page and proceed after agreeing. When you delete your account, all your search and account history as well as remaining credits will be deleted and permanently removed. I have a question about the Enterprise plan. Please contact us through the Contact Us page. More questions? What if I have other questions? If you already have a Criminal IP account, please contact us through the customer support page for inquiries. For inquiries regarding the Enterprise membership, or if you do not have an account, please contact us through the Contact Us page. go to top PRIVACY We use cookies to provide you with the best experience on our websites. Click ‘Accept All’ to accept all cookies. If you want to choose which others we use, you can do so through 'Cookie settings'. Please see our Cookie Policy for more information. Cookie SettingsAccept All * Search Engine Search Asset SearchDomain SearchImage SearchExploit Search Intelligence Banner ExplorerVulnerabilityStatisticsElement AnalysisMapsHacking Group (Actors) * Products Criminal IP ASM Criminal IP FDS Chrome Extension * Resources Developer Best PracticeFilters, TagsAPICode SamplesAPI IntegrationsGitHub Reference Blog * About AI Spera Partners * Contact Us Contact Us Bug Bounty Contact Ussupport@aispera.com v1.55.1 - 2024.04.25 © 2024, All Rights Reserved - AI Spera Inc. Terms of Use Privacy Policy Cookie Policy