Criminal-IP — The Best Cyber Threat Intelligence Based Search Engine

ZeusCybersec
InfoSec Write-ups
Published in
7 min readApr 22, 2023
Introducing Criminal IP by Ai Spera, “Search for anything, Secure Everything”

The Cybersecurity Industry is rapidly moving towards AI and Automation and there are various Threat Intelligence based Search Engines in the Cybersecurity Industry however, i recently found one that stands out and goes by the name Criminal-IP from the company AI Spera which is a a well established company having branches in countries like USA, South Korea,Japan and Singapore.In this article i’ll quickly tell you about Criminal-IP, How you can use it and what makes it So Powerful.In fact this Solution had also made its debut at RSA Conference in 2022 which is Very Popular among the Hacking Community.

WHAT IS CRIMINAL-IP?

Criminal IP is a Cyber Threat Intelligence (CTI) search engine that monitors the open ports of IP addresses around the world on a daily basis to discover all Internet-connected devices. It recognises malicious IP addresses and domains and delivers a 5-level risk evaluation using AI-based technology. For successful searching, the material is indexed with numerous filters and tags. It can also be integrated with other systems via an API.

WHAT CAN IT DO?

It has 4.2 billion IP address data collected in real time which can help you find all types of internet-facing information on malicious IPs, phishing sites, malicious links, certificates, industrial control systems, IoTs, servers, CCTVs, and more, Thereby proving to be a valuable asset for your company.

It has applications in cyber security, attack surface management, penetration testing, vulnerability and malware analysis, and investigation and research. When a new vulnerability or ransomware is identified, you can discover how many PCs or servers are vulnerable or infected, as well as whether the IP address or domain in use is also vulnerable. Furthermore, it searches in real time for harmful URLs and phishing sites made by hackers

Criminal-IP also collects VPN Ip Address Data worldwide from various Vpn providers which can help block intrusion attempts by Hackers who try to hide their identity behind Vpn and Tor.It can pinpoint location of an ip address on Map and to allow/block them as per their geographic location.It can also block malicious ip addresses like Tor and proxy which most hackers use for anonymity.

Organizations can also be safeguarded against phishing/APT attacks by informing them of the risk factors associated with the outbound IP address/domain that their users wish to access.Morever it proves to be a useful solution for Security Researchers and can help them find all types of internet-facing information on ip addresses,domain,IOT devices, thus helping in an External / BlackBox type of Penetration Test.

HOW TO USE CRIMINAL-IP?

The Amazing part about this Search engine is that it is Free to Use for normal users.All you have to do is go to their official website https://www.criminalip.io/en and Register- (https://www.criminalip.io/en/register) which hardly takes a minute.Once done,you can start playing with the search engine.

All you have to do is search

Finally, Lets try to use it.I will be going through some useful Filters & Tags and finding information about real time assets.

For a detailed information on how to use it and leverage this powerful search engine, You can Enroll in their Free Udemy Training-https://www.udemy.com/course/a-beginners-guide-to-managing-criminal-ip/?kw=Criminal+IP&src=sac

FILTERS & TAGS

Criminal-IP provides four search functions: Asset, Domain, Image, and Exploit, and five intelligence functions: Banner Explorer, Vulnerability, Statistics, Element Analysis, and Maps, along with an API. Let me show you some Real life examples !

SELECT YOUR SCAN OPTION

ASSET SEARCH

Asset Search in my opinion is the most useful feature of Criminal-IP. It helps in finding complete information about an Ip address such as it’s open ports, owner of the ip address, the country of origin, SSL certificate, associated domains and detection of suspicious VPN IP, TOR IP, Hosting IP, CDN, Scanner IP. Moreove it also provides information of past abuse history, and vulnerabilities. The score provided has 5 levels- Safe,Low,Moderate,Dangerous & Critical.

In my case, i have searched for an ip address.It is immediately flagged as malicious and has a Critical score of 99%.It has port 80(http) open,and also 3 vulnerabilities.The country of origin is Japan/

If we scroll down, we can see that a service named lighttpd is running on port 80 and Criminal-IP has given us a list of CVE’s which the ip has.

These real time information can greatly help Companies and Security Researchers.

DOMAIN SEARCH

Domain Search scans the target domain to offer extensive information and a Risk Score based on whether it is utilised as a phishing domain, includes malicious links, or has legitimate CA certificates. It also helps finding Fake SSL diagnosis, abuse record, hidden features in html, ,network redirection, and suspicious cookies. In the given demo, i have tried finding phishing websites in USA.

search query — country: US category: phishing

As we can see, it has 1 phishing record but seems rather safe.

However this is not the case with our next example. Now i have directly searched for a domain name which seems to be hosted on godaddy and there is a very high probability that this site is used for phishing attacks.A company should avoid opening such domains and using Criminal-IP they can easily identify malicious ip’s and url’s, thus saving critical data from unauthorized access.

As we can see, it is using the CA certificate of godaddy, has many subdomains and also using a Vulnerable and outdated Javascript library.An attacker can easily exploit this.

IMAGE SEARCH

By running Image Search using search terms such as RDP, phishing, webcam, RTSP, you can view in the form of images the assets that are left wide open to cyberthreats. In this example i had searched for webcam with port 80 open since many cameras run on http port.

search query— image: webcam port: 80

I Found a camera in Italy, its IP, open ports and Vulnerabilities. Now click on the ip shown above and it immediately suggests an option to Asset Search.

You can clearly see How Vulnerable this device is. It has a 99% critical score.Someone has already discovered this before me (maybe even tried to exploit it). Moreover we get a list of CVE’s which we can use to gain access to this webcam or if it was ours, we can patch these exploits to secure our asset.

EXPLOIT SEARCH

Exploit Search helps in finding exploitable vulnerabilities based on searches for CVE IDs, vulnerability types, platforms,Authors and more in real-time. In my case, i searched for CVE-2017–0144 or the popular “Eternal Blue Exploit” of Windows and immediately found it.

search query — cve_id: CVE-2017–0144

Next i also searched for Php exploits for web applications and found many.These queries can be useful during a penetration test to find the right exploit for our target.

search query — type: WEBAPPS platform: PHP

API INTEGRATION

A Feature that stands out is that Criminal IP has API integration which can help Security Researchers to block attackers from infiltrating internal assets and monitor assets that may be unknowingly exposed on the attack surface in real time. The API is easy to use and they have also provided code snippets in their website.

API Code- https://www.criminalip.io/en/developer/api/post-user-me

PRICING

After Registering as a new user, you get a Free Membership plan which provides a small number of credits, which allows you to use the various functions of Criminal IP. When these credits are depleted, you can always upgrade to a paid plan. Paid plans provide more search criteria and results and are worth opting for. As of now, the premium plan of Criminal-IP comes in 3 options- Lite, Medium and Pro.

For Pricing-Information refer- https://www.criminalip.io/en/pricing

CONTACT

[+] To Contact the Sales Team Visit-https://www.criminalip.io/en/about/contact-us

[+] Official Website- www.criminalip.io

[+] For Support/Queries email - support@aispera.com

[+] Criminal-IP Blog Post - Criminal IP

[+] Criminal-IP Twitter - https://twitter.com/CriminalIP_US

MY SUGGESTIONS !

I hope you learned a lot about Criminal-IP from this article and I will Highly Recommend you to try it whether you are a Cybersecurity Student/ a Seasoned Professional or a Company trying to stay safe from increasing cyber attacks. If you find it’s free membership useful, then it is worth going for the premium plan as it can provide value to your company/clients.

Feel free to comment down below if you have any queries regarding Criminal-IP and if you found the search engine useful.

VISIT- www.criminalip.io

Published in InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Written by ZeusCybersec

I am a Penetration Tester, Currently pursuing OSCP. Skilled in Network Pen-testing and Developing Security Tools using Python. YouTube-ZeusCybersec

Responses (28)

What are your thoughts?

Let me know if you have any questions regarding Criminal and what did you search with it?

Never heard about it, i will try it and let you know.

Thanks for the informative article! Just created an account with Criminal IP, verified acct email and was promptly informed that the login credentials are incorrect. Ugh!