IP Intelligence

Firewall Dynamic Blocklists

VulnCheck IP Intelligence includes a Tags API endpoint that returns a list of IP addresses associated with a given tag or filter.

VulnCheck IP Intelligence includes a Tags API that makes our C2 data easily consumable by third-party controls, such as Next-Generation Firewalls, which support External Blocklists (EBL) or Dynamic Blocklists (DBL).

Supported IP Intelligence Tags

Below is a list of currently supported IP Intelligence tags:

Tag Name	Dynamic Tag URL
vulncheck-c2	https://api.vulncheck.com/v3/tags/vulncheck-c2

Example Request for C2 IP Addresses (Newline-Separated)

curl --request GET \
    --url https://api.vulncheck.com/v3/tags/vulncheck-c2 \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer insert_token_here'

package main

import (
    "fmt"
    "github.com/vulncheck-oss/sdk-go"
)

func main() {
    client := sdk.Connect("https://api.vulncheck.com", "insert_token_here")
    response, err := client.GetTag("vulncheck-c2")

    if err != nil {
        panic(err)
    }

    fmt.Println(response)
}

import vulncheck_sdk

configuration = vulncheck_sdk.Configuration(host="https://api.vulncheck.com/v3")
configuration.api_key["Bearer"] = "insert_token_here"

with vulncheck_sdk.ApiClient(configuration) as api_client:
    endpoints_client = vulncheck_sdk.EndpointsApi(api_client)

    api_response = endpoints_client.tags_vulncheck_c2_get()

    print(api_response)

vulncheck tag vulncheck-c2

Response

1.11.114.146
1.12.36.221
1.12.44.34
1.12.56.98
1.12.58.65
1.12.181.224
1.12.221.241
1.12.228.16
1.12.230.223
1.12.253.64
...

Example Request for C2 IP Addresses (JSON)

curl --request GET \
    --url https://api.vulncheck.com/v3/tags/vulncheck-c2?format=json \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer insert_token_here'

package main

import (
    "fmt"
    "io"
    "net/http"
)

func main() {
    request, _ := http.NewRequest("GET", "https://api.vulncheck.com/v3/tags/vulncheck-c2?format=json", nil)
    request.Header.Set("Accept", "application/json")
    request.Header.Set("Authorization", "Bearer insert_token_here")

    response, _ := http.DefaultClient.Do(request)
    defer response.Body.Close()
    bodyBytes, _ := io.ReadAll(response.Body)
    fmt.Println(string(bodyBytes))
}

import requests
url = "https://api.vulncheck.com/v3/tags/vulncheck-c2?format=json"
headers = {
    "accept": "application/json"
}
cookies = {
    "token": "insert_token_here"
}

response = requests.get(url, headers=headers, cookies=cookies)
print(response.json())

vulncheck tag vulncheck-c2 --json

Searching IP Data

Protective DNS