Ip Intelligence

Firewall Dynamic Blocklists

VulnCheck IP Intelligence includes a Tags API endpoint that returns a list of IP addresses associated with a given tag or filter.

VulnCheck IP Intelligence includes a Tags API that makes our C2 data easily consumable by third-party controls, such as Next-Generation Firewalls, which support External Blocklists (EBL) or Dynamic Blocklists (DBL).

Supported IP Intelligence Tags

Below is a list of currently supported IP Intelligence tags:

Tag NameDynamic Tag URL
vulncheck-c2https://api.vulncheck.com/v3/tags/vulncheck-c2

Example Request for C2 IP Addresses (Newline-Separated)

curl --request GET \
    --url https://api.vulncheck.com/v3/tags/vulncheck-c2 \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer insert_token_here'

Response

1.11.114.146
1.12.36.221
1.12.44.34
1.12.56.98
1.12.58.65
1.12.181.224
1.12.221.241
1.12.228.16
1.12.230.223
1.12.253.64
...

Example Request for C2 IP Addresses (JSON)

curl --request GET \
    --url https://api.vulncheck.com/v3/tags/vulncheck-c2?format=json \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer insert_token_here'

Searching IP Data

VulnCheck IP Intelligence includes tracking of potentially vulnerable systems that may be targeted by initial access exploits as well as tracking of command & control (C2) attacker infrastructure and honeypots.

Protective DNS

VulnCheck IP Intelligence includes a Protective DNS API endpoint that returns a list of hostnames associated with a given tag or filter.