In South Korea, illegal webtoon platforms like Blacktoon have become notorious for causing both copyright infringement and financial harm.Whenever authorities block access to these sites, operators immediately register new domains—often by simply changing a number in the domain name—to keep the service alive. This is a classic evasion tactic designed to bypass enforcement efforts. Screenshot of an illegal webtoon site — pirated [...] The post Illegal Webtoon Sites Evading Blocks ...| CIP Blog
October 21 – 23, 2025 Booth J30, Sands Expo Singapore 1761004800 일 시간 분 초종료: Criminal IP is joining GovWare 2025, one of Asia’s largest cybersecurity conferences! 1761004800 일 시간 분 초종료: Powered by AI-driven detection technology and OSINT-based data collection capabilities, Criminal IP is a security platform serving more than 150 countries worldwide, leading [...] The post Criminal IP at GovWare 2025 | October 21 – 23 appeared first on CIP Blog.| CIP Blog
This white paper explores how Criminal IP is redefining threat intelligence and helping enterprises stay one step ahead of AI-powered...| CIP Blog
Telegram QR Phishing Threat – Account Takeover with a Single Scan| CIP Blog
Telegram QR code phishing has recently been spreading rapidly, emerging as a significant cybersecurity threat. While Telegram is recognized for its strong security and privacy features, attackers are now exploiting its QR login functionality to compromise user accounts. With just a single scan, attackers can gain full access to an account, leading to far more sophisticated and [...] The post Telegram QR Phishing Threat – Account Takeover with a Single Scan appeared first on CIP Blog.| CIP Blog
On August 14, 2025, Lotte Card’s online payment server in South Korea was compromised, leading to large-scale data exfiltration attempts. The attack persisted for two days, with signs that at least 1.7GB of internal data was about to be extracted. The critical issue was delayed detection. Malicious code and a web shell were only discovered [...] The post CVE-2017-10271: Oracle WebLogic Server Vulnerability appeared first on CIP Blog.| CIP Blog
The Criminal IP search engine, used in over 180 countries worldwide, collects a vast amount of search data every day.What are the most common keywords entered by security professionals? In this post, we highlight four of the Top 10 Criminal IP keywords as of August 2025, explaining the threats each represents and how Criminal IP [...] The post Exploring Threat Infrastructures Detected by Security Professionals Through Criminal IP’s Top 10 Keywords appeared first on CIP Blog.| CIP Blog
An update and maintenance to Criminal IP v1.87.0 has been released. [Criminal IP v1.87.0] Regular Maintenance and Update Release Note Maintenance and Update Period: 2025.09.04 05:00~10:00 AM (UTC) [New Changes] Criminal IP Pricing Plan Restructuring As previously announced, the Criminal IP paid plans have been restructured. The existing Lite, Medium, and Pro subscription plans have [...] The post [Criminal IP v1.87.0] 2025-09-04 Release Note appeared first on CIP Blog.| CIP Blog
This article reviews the vulnerabilities and current threat landscape while demonstrating how Criminal IP can be used to detect and respond to| CIP Blog
An update and maintenance to Criminal IP v1.86.0 has been released. Previous Notice of Criminal IP Pricing Plan Update (Effective September 4, 2025)The current Lite, Medium, and Pro Plans will be consolidated into a Starter plan.| CIP Blog
An update and maintenance to Criminal IP v1.85.0 has been released. [Criminal IP v1.85.0] Regular Maintenance and Update Release Note Maintenance and Update Period: 2025.08.07 05:00~10:00 AM (UTC) [New Changes] New API Integration – Palo Alto Networks The collaboration between Palo Alto Networks and Criminal IP integrates advanced threat intelligence and automated analysis capabilities to [...] The post [Criminal IP v1.85.0] 2025-08-07 Release Note appeared first on CIP Blog.| CIP Blog
A U.S.-based healthcare organization integrated Criminal IP Threat Intelligence (TI) into its internal security operations to accelerate IOC...| CIP Blog
In this post, we review the security breaches experienced by these companies and assess how an Attack Surface Management (ASM) solution...| CIP Blog
Visit the new Criminal IP DarkWeb produce page to see how our intelligence detects and visualizes exposed IPs, domains...| CIP Blog
An update to Criminal IP v1.82.0 has been released. [Criminal IP v1.82.0] Regular Maintenance and Update Release Note| CIP Blog
We introduce hands-on examples of how to use Criminal IP's Tag and Filter functions to uncover real-world attack infrastructure.| CIP Blog
On May 30, 2025, Ahmed Mobasher, Manager of AI SPERA’s Global Business Division, appeared as a guest speaker on the SourceForge podcast.| CIP Blog
이 글에서는 CVE-2025-49113의 주요 내용과 위협, CTI 기반으로 외부에 노출된 Roundcube 서버 탐지 방법을 소개하고자 한다. Criminal IP에서 검색된 Roundcube 인스턴스는 56,225건에 달한다.| CIP Blog
We’ll introduce practical search queries using Criminal IP’s Tag and Filter system to explore real-world malicious infrastructure.| CIP Blog
It provides the threat of cryptocurrency mining malware that exploits exposed Docker API port 2375, along with CTI-based response strategies.| CIP Blog
SAP NetWeaver vulnerability CVE-2025-31324 is a vulnerability that may lead to server hijacking and RCE via unrestricted file uploads.| CIP Blog
This powerful app integrates seamlessly with Splunk to analyze IP addresses in real-time against the Criminal IP Threat Intelligence Database.| CIP Blog
An update to Criminal IP v1.79.0 has been released. Checksum detection data has been added to the Network Log feature...| CIP Blog
A single link can drain your crypto wallet or shut down your business. AI-powered phishing is getting smarter — here’s how to fight back with the Criminal IP Malicious Link Detector.| CIP Blog
To deliver more powerful threat intelligence, we are enhancing the user experience across our plans effective April 28, 2025.| CIP Blog
This article reviews the Erlang/OTP SSH vulnerability (CVE-2025-32433) and explains how to detect exposed servers via Criminal IP Asset Search, offering actionable response strategies.| CIP Blog
Criminal IP has released a connector integration with Fortinet FortiSOAR, enhancing threat intelligence automation and improving the efficiency of security response.| CIP Blog
[Criminal IP v1.77.0] Regular Maintenance and Update Release Note. Maintenance Period: 2025.04.10 05:00~10:00 AM (UTC). Added custom User Agent feature for full URL scan in Domain Search.| CIP Blog
A brief overview of the Next.js middleware authentication bypass vulnerability (CVE-2025-29927), threat hunting insights using Shodan and Criminal IP, and practical security countermeasures.| CIP Blog
This article explores Chimmed and Rusmedtorg’s operations and details how Criminal IP Asset Search and Criminal IP Domain Search...| CIP Blog
최근 생성형 AI 기술의 발전으로 피싱 이메일 공격이 더욱 정교하고 다양해져 개인과 기업의 보안에 심각한 위협이 되고 있습니다. 발전하는 피싱 이메일을 예방하기 위한 방법으로 Criminal IP...| CIP Blog
Cases of malware distribution through phishing websites exploiting DeepSeek's popularity, leading to increased use of...| CIP Blog
This article explores the exploitation of the CVE-2023-30799 vulnerability, the botnet formation process, and the importance of...| CIP Blog
이번 글에서는 보안을 위해 설치한 스팸 방지 플러그인 CleanTalk이 오히려 사이트의 보안을 위협하게 된 두 가지 취약점의 악용 가능 여부 및 영향과, 실제로 취약한 워드프레스 플러그인 영향을 받는 사이트를 위협 헌팅 도구로 찾는 방법을 알아보도록 한다.| CIP Blog
An update for Criminal IP is now live! Read the patch notes to check out the changes for Criminal IP v1.72.0.| CIP Blog
Threat intelligence plays a crucial role in cybersecurity decision-making. It involves identifying and gathering cybersecurity information.| CIP Blog
Oracle WebLogic vulnerability CVE-2020-2883, demonstrates its potential dangers through a proof of concept (PoC), and emphasizes...| CIP Blog
Changes to Credit Allocations by Criminal IP Plan On April 1, 2025, we will change the number of credits available for each plan across four categories.| CIP Blog
Criminal IP v1.71.0 update released. Criminal IP yearly plan released. Asset Search filter bug fix. C2-tagged assets risk scoring adjusted.| CIP Blog
Attack Surface Management (ASM) is the process of continuously detecting, discovering, analyzing, remediating, and monitoring the cybersecurity| CIP Blog
Prometheus, an open-source monitoring and alerting toolkit, is widely used by organizations for its robust functionalities. However...| CIP Blog
CIP Weekly Denylist: Anonymous IPs in the 4th Week of December - the list of Anonymous IP addresses detected in the second week of December.| CIP Blog
This article explores how to identify devices vulnerable to these PAN-OS exploits using the attack surface-based threat intelligence (TI)...| CIP Blog
[ Criminal IP vs. Shodan : A Comparative Analysis of CVE Data] This article compares and analyzes the CVE data from Criminal IP and Shodan.| CIP Blog
An update to Criminal IP v1.70.0 has been released. Improved File Exposure Logic, added Suspicious HTML Element Detection Logic| CIP Blog
Open-source intelligence (OSINT) refers to the sum of information collected from publicly available sources that anyone can access.| CIP Blog
CIP Weekly Denylist: Phishing and Malicious Domain Search Terms in the 3rd Week of December Google Phishing Site, Steam Phishing Site etc.| CIP Blog
CIP Weekly Denylist: Anonymous IPs in the 2nd Week of December - the list of Anonymous IP addresses detected in the second week of December.| CIP Blog
An update to Criminal IP v1.69.0 has been released. Criminal IP CTIDB Product Page Launch, Link Copy Function Added to Domain Search DOM...| CIP Blog
We would like to inform you in advance about the scheduled service maintenance that will take place on Thursday, December 5, 2024.| CIP Blog
In this article, we discuss the malware distribution of TAG-112 via Cobalt Strike, analysis of domains used in the attack and response plans.| CIP Blog
[Criminal IP v1.68.0] 2024-11-21 Release Note: Vulnerability CVE Page Data Sort Order Change, Domain Search Phishing URL Detection Rate Improvement| CIP Blog
This article explores how to check for IP camera hacking threats linked to your IP address. Internet-connected IP cameras are widely...| CIP Blog
Malicious domains detected by Criminal IP in the 3rd week of November. Santander, SwissPass, Microsoft, Facebook, Instagram...| CIP Blog
Exposed admin panels using threat-hunting tools, and importance of monitoring with attack surface management (ASM) solutions.| CIP Blog
Anonymous IPs in the 2nd Week of November - Here is the list of Anonymous IP addresses detected in the second week of Nov...| CIP Blog
A newly discovered vulnerability, CVE-2024-10443, has been found in Synology’s NAS (Network Attached Storage) systems. This zero-click...| CIP Blog
A critical security vulnerability (CVE-2024-37383) has been identified in the Roundcube webmail platform, allowing attackers to steal user...| CIP Blog
It has been a month since vulnerabilities were discovered in DrayTek routers. Initially, 700,000 DrayTek routers were confirmed to be...| CIP Blog
In support of Cybersecurity Awareness Month 2024, Criminal IP provides cybersecurity tips and resources to enhance your digital security.| CIP Blog
Exploring how CVE-2024-43044 can be exploited, the devices affected, and how to identify exposed Jenkins devices using threat-hunting tools.| CIP Blog
Malicious domains detected by Criminal IP in the 4th week of August. Air Canada, Yahoo, Naver, Roblox, Google, Steam, Netflix...| CIP Blog
Anonymous IPs, in the 3rd week of August. It identifies IPs involved in credential stuffing, brute-force, DDoS, phishing, hacking, malware...| CIP Blog
Malicious domains detected by Criminal IP in the 3rd week of August. Meta, MBH Bank , Microsoft, RAM Hand-to-Hand Couriers...| CIP Blog
We will analyze a recent trend in financial software attacks where Quasar RAT is distributed using Home Trading System...| CIP Blog
Malicious domains detected by Criminal IP in the 2nd week of August. Steam, OneDrive, EasyPark, Facebook, Telegram...| CIP Blog
An update to Criminal IP v1.53.1 has been released.| CIP Blog
We searched for devices affected by the Fortinet RCE bug vulnerability, CVE-2024-21762, using Criminal IP. Over 340,000 servers are exposed.| CIP Blog
Malicious domains detected by Criminal IP in the 5th week of January. AT&T, Amazon, Bing, and Steam phishing domains.| CIP Blog
An update to Criminal IP v1.49.1 has been released. Maintenance Period: 2024.01.25 05:00 ~ 10:00 AM (UTC). Criminal IP Plan Feature Changes.| CIP Blog
Malicious domains detected by Criminal IP in the 4th week of January. AT&T, DHL, Bing, and Facebook phishing domains.| CIP Blog
Malicious domains detected by Criminal IP in the 3rd week of January. Apple, Microsoft, Netflix, and Instagram phishing domains.| CIP Blog
In the future, we plan to elevate the usage of certain features within Criminal IP by enhancing our paid plan policy. features.| CIP Blog
An update to Criminal IP v1.47.5 has been released. Maintenance Period: 2024.01.04 05:00 ~ 10:00 AM (UTC). /v1/banner/search API Adjustment.| CIP Blog
An update to Criminal IP v1.47.1 has been released. Domain Search Summary has been improved. Sumo Logic, quad9x have been added as partners.| CIP Blog
