Global IP address data collected by Criminal IP ( includes synthetic CTI intelligence which is including connected domains and Whois information, location information, vulnerabilities and port information. Port is primarily used in software as a unit to distinguish between network services and processes, and can be distinguished by port numbers from 0 to 65535. In particular, ports 0 to 1023 are called well-known ports”, which are usually matched with frequently used services. Criminal IP detects open ports connected to specific IPs, including well-known ports as well as registered and dynamic ports, and identifies port state changes and vulnerabilities.

Identifying Port Information Connected to IP

Some open ports are unnecessarily open, regardless of needs of network communications or service operation. Open ports left in the blind spot become perfect attack points for cyberattacks. Therefore, you need information such as whether there are ports accidentally left open or left unattended, and what vulnerabilities they have, whether they should be closed immediately. If this can be seen at a glance, appropriate preemptive defense can be efficiently taken.

If you search for a specific IP in Asset Search (, you can see the list of open ports detected in the “Current Open Ports” between search results. Among open ports, ports with vulnerabilities are classified as ports that require countermeasures.

Open port for specific IPs detected by Criminal IP Asset Search

Open port for specific IPs detected by Criminal IP Asset Search

Information on detected ports is provided in the “Current Open Ports” detail section below, including the service that used, product name, version, server status, date and time when the open port was detected, and banner information. In addition, you can also view vulnerability information found on that port on the right.

More details of detected open ports and vulnerabilities

More details of detected open ports and vulnerabilities

Vulnerable Open Ports for Penetration Testing and Detecting Cyberattack Surfaces

The case of well-known ports, there are certain ports that are targeted for penetration testing or cyberattacks because the services running on each port are clear. Especially, port 22, which was also found in the screenshot above, is a port that operates Secure Shell (SSH), a TCP port that ensures secure remote access to the server. Port 22 can be a serious security issue just by being open. In addition, if a vulnerability is found, a brute force attack can be carried out, and in serious cases, complete access to admin accounts or servers can be stolen.

Criminal IP Code Samples ( introduce commands on topics that may users who are interested in. The asciinema video corresponding to Asset Search shows commands that can get IP vulnerabilities, open ports, banner information, and host information.

Open ports detected using sample code commands applicable to Asset Search

Open ports detected using sample code commands applicable to Asset Search

Getting Accurate Data Using “Port” Filter and Visualizing Using “Maps”

In addition to being able to see port information as one of assets connected to IP addresses in Criminal IP Asset Search, you can also search for specific port information directly using a filter such as port: 22″on Maps. This provides visualized information related to port 22 including geographic information, risk scores (Critical, Dangerous, Moderate, Low, Safe) and statistics.

Result when searched with the keyword "port:22" on Criminal IP Maps.

Result when searched with the keyword “port:22” on Criminal IP Maps.

Malicious VPN usage have been on the rise, especially in the economy sector. IP spoofing is a common tool for those seeking to commit financial fraud and preventing malicious actors from accessing these tools must be the priority.Use Criminal IP’s API to determine VPNS, Tors, Proxies and Severs, and prevent attacks from happening in the first place. Criminal IP can detect anomaly behavior and combine this technology through artificial intelligence and machine learning, emerging as a leading cybersecurity provider.

Furthermore, Criminal IP has gathered over 70 million cases of fraud accounts, all gathered through OSINT technology. This has led our services to become recognized as one of the best fraud protection services on the market.This list was provided by– a research-based online publication, on which you can find everything from news about bitcoin to suggestions of the best digital workplace products.

All of Criminal IP data, including open port vulnerabilities, can be retrieved directly from the search engine platform or issuing an API key from My Page after registering a Criminal IP account ( Criminal IP also provides a customized number of calls for enterprise customers that require a large number of API calls.

If you want to know more about open port vulnerabilities, you can also read Criminal IP Analysis Report on Overlooked Multi-Function Printer Vulberability.

Contact Criminal IP Sales team for more Criminal IP use cases.

Source : Criminal IP (

Related content :