Criminal IP ( collects global IP address data, which includes synthetic CTI intelligence such as connected domains, Whois information, location information, and vulnerability and port information. Port is primarily used in software as a unit to distinguish between network services and processes, and can be distinguished by port numbers from 0 to 65535. In particular, ports 0 to 1023 are called well-known ports”, which are usually matched with frequently used services. Criminal IP detects open ports connected to specific IPs, including well-known ports as well as registered and dynamic ports, and identifies port state changes and vulnerabilities.

Identifying Port Information Connected to IP

Some open ports are unnecessarily open, regardless of network communications or service operation needs. Open ports left in the blind spot become perfect attack points for cyberattacks. Therefore, you need information such as whether there are ports accidentally left open or left unattended, and what vulnerabilities they have, whether they should be closed immediately. If this can be seen at a glance, appropriate preemptive defense can be efficiently taken.

If you search for a specific IP in Asset Search (, you can see the list of open ports detected in the “Current Open Ports” between search results. Among open ports, ports with vulnerabilities are classified as ports that require countermeasures.

Open port for specific IPs detected by Criminal IP Asset Search

 Open ports for specific IP detected by Criminal IP Asset Search

The “Current Open Ports” detail section below provides information on detected ports, including the service used, product name, version, server status, date and time when the open port was detected, and banner information. In addition, you can also view vulnerability information found on that port on the right.

More details of detected open ports and vulnerabilities

More details of detected open ports and vulnerabilities

Vulnerable Open Ports for Penetration Testing and Detecting Cyberattack Surfaces

In the case of well-known ports, the service operating on each port is clear, so there are specific ports that are targeted for penetration testing or cyberattacks. In particular, port 22, which was also found in the screenshot above, is a port that operates Secure Shell (SSH), a TCP port that ensures secure remote access to the server. Port 22 can be a serious security issue just by being open. In addition, if a vulnerability is found, a brute force attack can be carried out, and in serious cases, complete access to admin accounts or servers can be stolen.

Criminal IP Code Samples ( introduce commands on topics that may interest users. The asciinema video corresponding to Asset Search shows commands that can get IP vulnerabilities, open ports, banner information, and host information.

Open ports detected using sample code commands applicable to Asset Search

Getting Accurate Data Using “Port” Filter and Visualizing Using “Maps”

In addition to being able to see port information as one of the assets connected to IP addresses in Criminal IP Asset Search, you can also search for specific port information directly using a filter such as port: 22″on Maps. This provides visualized information related to port 22 including geographic information, risk scores (Critical, Dangerous, Moderate, Low, Safe) and statistics.

Open ports detected using sample code commands applicable to Asset Search

Malicious VPN usage has been on the rise, especially in the economy sector. IP spoofing is a common tool for those seeking to commit financial fraud, and preventing malicious actors from accessing these tools must be the priority. Use Criminal IP’s API to determine VPNs, Tors, Proxies, and Servers and prevent attacks from happening in the first place. In addition, criminal IP can detect anomaly behavior and combine this technology through artificial intelligence and machine learning, emerging as a leading cybersecurity provider.

Furthermore, Criminal IP has gathered over 70 million cases of fraud accounts, all collected through OSINT technology. This has made our services recognized as one of the best fraud protection services on the market. This list was provided by– a research-based online publication on which you can find everything from bitcoin news to suggestions for the best digital workplace products.

All Criminal IP data, including open port vulnerabilities, can be retrieved directly from the search engine platform or by issuing an API key from My Page after registering a Criminal IP account ( IP also provides a customized number of calls for enterprise customers that require a large number of API calls.

If you want to know more about open port vulnerabilities, you can also read Criminal IP Analysis Report on Overlooked Multi-Function Printer Vulnerability.

Contact the Criminal IP Sales team for more Criminal IP use cases.

Source : Criminal IP (

Related content :