An update and maintenance to Criminal IP v1.86.0 has been released. Previous Notice of Criminal IP Pricing Plan Update (Effective September 4, 2025)The current Lite, Medium, and Pro Plans will be consolidated into a Starter plan.| CIP Blog
An update and maintenance to Criminal IP v1.85.0 has been released. [Criminal IP v1.85.0] Regular Maintenance and Update Release Note Maintenance and Update Period: 2025.08.07 05:00~10:00 AM (UTC) [New Changes] New API Integration – Palo Alto Networks The collaboration between Palo Alto Networks and Criminal IP integrates advanced threat intelligence and automated analysis capabilities to [...] The post [Criminal IP v1.85.0] 2025-08-07 Release Note appeared first on CIP Blog.| CIP Blog
A U.S.-based healthcare organization integrated Criminal IP Threat Intelligence (TI) into its internal security operations to accelerate IOC (Indicator of Compromise) analysis, improve infrastructure visibility, and enhance threat correlation capabilities. By connecting Criminal IP TI with internal platforms such as Wazuh XDR via API, the organization enabled real-time indicator analysis and automated threat detection. Pre-Deployment Challenges Before implementing Criminal IP TI, [...] ...| CIP Blog
In this post, we review the security breaches experienced by these companies and assess how an Attack Surface Management (ASM) solution...| CIP Blog
In July 2025, a proof-of-concept (PoC) code for a memory leak vulnerability (CVE-2025-5777) affecting Citrix NetScaler ADC and Gateway appliances was publicly released. Since then, exploitation attempts targeting these devices have increased significantly worldwide. This vulnerability poses a significant risk as it allows unauthorized attackers to leak sensitive information directly from memory, similar to the [...] The post CitrixBleed 2 (CVE-2025-5777) Mitigation: A Guide to Detecting Expos...| CIP Blog
To gain comprehensive visibility into national digital infrastructure, Spain’s national cybersecurity agency adopted Criminal IP ASM (Attack Surface Management). By combining ASM’s continuous asset discovery capabilities with real-time threat intelligence, the agency significantly enhanced its monitoring, detection, and response capabilities. This integration has empowered the agency to more effectively fulfill its mission of protecting national assets against [...] The post Criminal IP...| CIP Blog
Visit the new Criminal IP DarkWeb produce page to see how our intelligence detects and visualizes exposed IPs, domains...| CIP Blog
An update to Criminal IP v1.82.0 has been released. [Criminal IP v1.82.0] Regular Maintenance and Update Release Note| CIP Blog
An update to Criminal IP v1.83.0 has been released. [Criminal IP v1.83.0] Regular Maintenance and Update Release Note Maintenance Period: 2025.07.10 05:00~10:00 AM (UTC) [Improvement] Added GitHub Reference One official Criminal IP GitHub repository, 9 open-source use cases, and 12 recommended repositories have been added. Bug Fixes and Stability Improvements Thank you to all Criminal IP users.We will [...] The post [Criminal IP v1.83.0] 2025-07-10 Release Note appeared first on CIP Blog.| CIP Blog
Nation-state cyber warfare has evolved beyond simple data theft into a complex threat that can paralyze critical infrastructure. For over a decade, Israel and Iran have engaged in a series of cyber confrontations, turning cyberspace into a battlefield as intense as any physical conflict. Notable incidents—such as Stuxnet, which disabled Iran’s nuclear facilities, and cyberattacks targeting Israel’s [...] The post Israel–Iran Digital Warfare: National Cyber Attack Surface Analysis Us...| CIP Blog
Phishing attack post shared by David Zhang on X [Source: https://x.com/dazhengzhang/status/1937773747068682432]> On June 25, 2025, David Zhang, co-founder of the stablecoin platform Stably and the public grant protocol dTRINITY, revealed a highly sophisticated phishing attack in a post on X (formerly Twitter). Unlike traditional phishing that simply lures victims into clicking malicious links, this attack used social engineering techniques that impersonated a [...] The post North Korea...| CIP Blog
To establish real-time visibility between national infrastructure and external threat actors, the agency integrated Criminal IP Threat Intelligence (TI) into its internal analysis system. Through API-based data integration and automated threat search, they significantly enhanced both the efficiency and precision of their threat analysis. Pre-Deployment Challenges Before implementing Criminal IP TI, the agency faced several [...] The post Criminal IP Case Study: Threat Detection Automation by ...| CIP Blog
Criminal IP Dorks Cheat Sheet: A Practical Guide to Threat Intelligence Queries (Part 2)| CIP Blog
We introduce hands-on examples of how to use Criminal IP's Tag and Filter functions to uncover real-world attack infrastructure.| CIP Blog
On May 30, 2025, Ahmed Mobasher, Manager of AI SPERA’s Global Business Division, appeared as a guest speaker on the SourceForge podcast.| CIP Blog
이 글에서는 CVE-2025-49113의 주요 내용과 위협, CTI 기반으로 외부에 노출된 Roundcube 서버 탐지 방법을 소개하고자 한다. Criminal IP에서 검색된 Roundcube 인스턴스는 56,225건에 달한다.| CIP Blog
We’ll introduce practical search queries using Criminal IP’s Tag and Filter system to explore real-world malicious infrastructure.| CIP Blog
We will cover the latest vulnerability of Oracle's WebLogic Server RCE Vulnerability. As it is a global Cloud service, large-scale customers such as corporations and government agencies have been affected.| CIP Blog
AWS 마켓플레이스에 CTI 검색엔진 크리미널 IP가 입점되었습니다. 앞으로 AWS의 글로벌 유저는 AWS 마켓플레이스를 통해 크리미널 IP를 구매할 수 있으며, 크리미널 IP 검색엔진과 AWS 환경 내에서 위협 인텔리전스를 자유롭게 활용할 수 있습니다.| CIP Blog
공격자가 스팸메일 차단 솔루션 의 탐지 로직을 교묘하게 피해 공격하면 스팸 필터를 연동해 놓아도 악성 메일이 수신 됩니다. 이 골치 아픈 문제도 IP 인텔리전스를 활용하면 상당 부분 보완할 수 있습니다.| CIP Blog
It provides the threat of cryptocurrency mining malware that exploits exposed Docker API port 2375, along with CTI-based response strategies.| CIP Blog
SAP NetWeaver vulnerability CVE-2025-31324 is a vulnerability that may lead to server hijacking and RCE via unrestricted file uploads.| CIP Blog
This powerful app integrates seamlessly with Splunk to analyze IP addresses in real-time against the Criminal IP Threat Intelligence Database.| CIP Blog
An update to Criminal IP v1.79.0 has been released. Checksum detection data has been added to the Network Log feature...| CIP Blog
Criminal IP is a global cybersecurity platform, trusted in over 150 countries, and recognized for its AI-driven threat detection and comprehensive OSINT data collection capabilities. It leads innovation in both Cyber Threat Intelligence (CTI) and Attack Surface Management (ASM).| CIP Blog
Among over 90 threat intelligence platforms used to analyze a specific IP address involved in a hacking attack, only Criminal IP identified it as malicious. This article presents a real-world case that highlights Criminal IP’s advanced technology for detecting malicious infrastructure.| CIP Blog
A single link can drain your crypto wallet or shut down your business. AI-powered phishing is getting smarter — here’s how to fight back with the Criminal IP Malicious Link Detector.| CIP Blog
To deliver more powerful threat intelligence, we are enhancing the user experience across our plans effective April 28, 2025.| CIP Blog
This article reviews the Erlang/OTP SSH vulnerability (CVE-2025-32433) and explains how to detect exposed servers via Criminal IP Asset Search, offering actionable response strategies.| CIP Blog
Criminal IP has released a connector integration with Fortinet FortiSOAR, enhancing threat intelligence automation and improving the efficiency of security response.| CIP Blog
[Criminal IP v1.77.0] Regular Maintenance and Update Release Note. Maintenance Period: 2025.04.10 05:00~10:00 AM (UTC). Added custom User Agent feature for full URL scan in Domain Search.| CIP Blog
A brief overview of the Next.js middleware authentication bypass vulnerability (CVE-2025-29927), threat hunting insights using Shodan and Criminal IP, and practical security countermeasures.| CIP Blog
This article explores Chimmed and Rusmedtorg’s operations and details how Criminal IP Asset Search and Criminal IP Domain Search...| CIP Blog
최근 생성형 AI 기술의 발전으로 피싱 이메일 공격이 더욱 정교하고 다양해져 개인과 기업의 보안에 심각한 위협이 되고 있습니다. 발전하는 피싱 이메일을 예방하기 위한 방법으로 Criminal IP...| CIP Blog
Cases of malware distribution through phishing websites exploiting DeepSeek's popularity, leading to increased use of...| CIP Blog
This article explores the exploitation of the CVE-2023-30799 vulnerability, the botnet formation process, and the importance of...| CIP Blog
이번 글에서는 보안을 위해 설치한 스팸 방지 플러그인 CleanTalk이 오히려 사이트의 보안을 위협하게 된 두 가지 취약점의 악용 가능 여부 및 영향과, 실제로 취약한 워드프레스 플러그인 영향을 받는 사이트를 위협 헌팅 도구로 찾는 방법을 알아보도록 한다.| CIP Blog
An update for Criminal IP is now live! Read the patch notes to check out the changes for Criminal IP v1.72.0.| CIP Blog
Threat intelligence plays a crucial role in cybersecurity decision-making. It involves identifying and gathering cybersecurity information.| CIP Blog
Oracle WebLogic vulnerability CVE-2020-2883, demonstrates its potential dangers through a proof of concept (PoC), and emphasizes...| CIP Blog
Changes to Credit Allocations by Criminal IP Plan On April 1, 2025, we will change the number of credits available for each plan across four categories.| CIP Blog
Criminal IP v1.71.0 update released. Criminal IP yearly plan released. Asset Search filter bug fix. C2-tagged assets risk scoring adjusted.| CIP Blog
Attack Surface Management (ASM) is the process of continuously detecting, discovering, analyzing, remediating, and monitoring the cybersecurity| CIP Blog
Prometheus, an open-source monitoring and alerting toolkit, is widely used by organizations for its robust functionalities. However...| CIP Blog
CIP Weekly Denylist: Anonymous IPs in the 4th Week of December - the list of Anonymous IP addresses detected in the second week of December.| CIP Blog
This article explores how to identify devices vulnerable to these PAN-OS exploits using the attack surface-based threat intelligence (TI)...| CIP Blog
[ Criminal IP vs. Shodan : A Comparative Analysis of CVE Data] This article compares and analyzes the CVE data from Criminal IP and Shodan.| CIP Blog
An update to Criminal IP v1.70.0 has been released. Improved File Exposure Logic, added Suspicious HTML Element Detection Logic| CIP Blog
Open-source intelligence (OSINT) refers to the sum of information collected from publicly available sources that anyone can access.| CIP Blog
CIP Weekly Denylist: Phishing and Malicious Domain Search Terms in the 3rd Week of December Google Phishing Site, Steam Phishing Site etc.| CIP Blog
CIP Weekly Denylist: Anonymous IPs in the 2nd Week of December - the list of Anonymous IP addresses detected in the second week of December.| CIP Blog
An update to Criminal IP v1.69.0 has been released. Criminal IP CTIDB Product Page Launch, Link Copy Function Added to Domain Search DOM...| CIP Blog
We would like to inform you in advance about the scheduled service maintenance that will take place on Thursday, December 5, 2024.| CIP Blog
In this article, we discuss the malware distribution of TAG-112 via Cobalt Strike, analysis of domains used in the attack and response plans.| CIP Blog
[Criminal IP v1.68.0] 2024-11-21 Release Note: Vulnerability CVE Page Data Sort Order Change, Domain Search Phishing URL Detection Rate Improvement| CIP Blog
This article explores how to check for IP camera hacking threats linked to your IP address. Internet-connected IP cameras are widely...| CIP Blog
Malicious domains detected by Criminal IP in the 3rd week of November. Santander, SwissPass, Microsoft, Facebook, Instagram...| CIP Blog
Exposed admin panels using threat-hunting tools, and importance of monitoring with attack surface management (ASM) solutions.| CIP Blog
Anonymous IPs in the 2nd Week of November - Here is the list of Anonymous IP addresses detected in the second week of Nov...| CIP Blog
A newly discovered vulnerability, CVE-2024-10443, has been found in Synology’s NAS (Network Attached Storage) systems. This zero-click...| CIP Blog
A critical security vulnerability (CVE-2024-37383) has been identified in the Roundcube webmail platform, allowing attackers to steal user...| CIP Blog
It has been a month since vulnerabilities were discovered in DrayTek routers. Initially, 700,000 DrayTek routers were confirmed to be...| CIP Blog
In support of Cybersecurity Awareness Month 2024, Criminal IP provides cybersecurity tips and resources to enhance your digital security.| CIP Blog
Exploring how CVE-2024-43044 can be exploited, the devices affected, and how to identify exposed Jenkins devices using threat-hunting tools.| CIP Blog
Malicious domains detected by Criminal IP in the 4th week of August. Air Canada, Yahoo, Naver, Roblox, Google, Steam, Netflix...| CIP Blog
Anonymous IPs, in the 3rd week of August. It identifies IPs involved in credential stuffing, brute-force, DDoS, phishing, hacking, malware...| CIP Blog
Malicious domains detected by Criminal IP in the 3rd week of August. Meta, MBH Bank , Microsoft, RAM Hand-to-Hand Couriers...| CIP Blog
We will analyze a recent trend in financial software attacks where Quasar RAT is distributed using Home Trading System...| CIP Blog
Malicious domains detected by Criminal IP in the 2nd week of August. Steam, OneDrive, EasyPark, Facebook, Telegram...| CIP Blog
On May 8, 2024, a serious remote code execution (RCE) vulnerability 'CVE-2024-29212' was discovered in Veeam's VSPC (Veeam Service Provider Console).| CIP Blog
An update to Criminal IP v1.53.1 has been released.| CIP Blog
We searched for devices affected by the Fortinet RCE bug vulnerability, CVE-2024-21762, using Criminal IP. Over 340,000 servers are exposed.| CIP Blog
Malicious domains detected by Criminal IP in the 5th week of January. AT&T, Amazon, Bing, and Steam phishing domains.| CIP Blog
An update to Criminal IP v1.49.1 has been released. Maintenance Period: 2024.01.25 05:00 ~ 10:00 AM (UTC). Criminal IP Plan Feature Changes.| CIP Blog
Malicious domains detected by Criminal IP in the 4th week of January. AT&T, DHL, Bing, and Facebook phishing domains.| CIP Blog
Malicious domains detected by Criminal IP in the 3rd week of January. Apple, Microsoft, Netflix, and Instagram phishing domains.| CIP Blog
In the future, we plan to elevate the usage of certain features within Criminal IP by enhancing our paid plan policy. features.| CIP Blog
An update to Criminal IP v1.47.5 has been released. Maintenance Period: 2024.01.04 05:00 ~ 10:00 AM (UTC). /v1/banner/search API Adjustment.| CIP Blog
An update to Criminal IP v1.47.1 has been released. Domain Search Summary has been improved. Sumo Logic, quad9x have been added as partners.| CIP Blog
