Ip Intelligence

Searching IP Data

VulnCheck IP Intelligence includes tracking of potentially vulnerable systems that may be targeted by initial access exploits as well as tracking of command & control (C2) attacker infrastructure and honeypots.

VulnCheck IP Intelligence includes tracking of potentially vulnerable systems that may be targeted by initial access exploits as well as tracking of command & control (C2) attacker infrastructure and honeypots.

API Query Parameters

VulnCheck IP Intelligence makes it easy to query our IP data set with a number of API query parameters, useful for filtering the results. Supported API query parameters are as follows:

Query ParameterDescription
asnFilter based on ASN: e.g., "AS719"
cidrFilter based on IP address or range: e.g., "165.227.231.125"
countryFilter based on country_code: e.g., "Australia"
country_codeFilter based on country_code: e.g., "AU"
hostnameFilter based on keyword or FQDN: e.g., "google" or "amazonaws.com"
idFilter based on supported detection types: e.g., "c2", "honeypot", or "initial-access"

Example API Queries

VulnCheck IP Intelligence supports a wide range of use cases.

C2 Detections in Sweden

By combining two of the API query parameters (Country and ID) we can quickly zoom in one Command & Control (C2) detections in a given geography -- in this case, Sweden.

curl --request GET \
    --url https://api.vulncheck.com/v3/index/ipintel-3d?id=c2&country=Sweden \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer insert_token_here'

Offline Backups Available

Offline BackupDescription
ipintel-3dIP Intelligence detections for the past 3 days
ipintel-10dIP Intelligence detections for the past 10 days
ipintel-30dIP Intelligence detections for the past 30 days
ipintel-90dIP Intelligence detections for the past 90 days

To request a specific offline backup, simply call /v3/backup/:index as follows (ipintel-3d shown below):

curl --request GET \
    --url https://api.vulncheck.com/v3/backup/ipintel-3d \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer insert_token_here'

Introduction

VulnCheck IP Intelligence includes tracking of potentially vulnerable systems that may be targeted by initial access exploits as well as tracking of command & control (C2) attacker infrastructure and honeypots.

Firewall Dynamic Blocklists

VulnCheck IP Intelligence includes a Tags API endpoint that returns a list of IP addresses associated with a given tag or filter.