Saturday, July 13, 2024

Criminal IP and Quad9 Collaborate to Exchange Domain and IP Threat Intelligence

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has recently signed a technology partnership to exchange threat intelligence data based on domains and potentially on the IP address to protect users by blocking threats to end users. 

Criminal IP underwent rigorous data evaluation to integrate with Quad9’s threat-blocking service, demonstrating high data uniqueness and accuracy. Particularly, test results revealed a remarkable outcome: 99.1% of malicious domains identified by Criminal IP’s threat intelligence were found to be non-duplicative with other TI data.

Through this integration, Quad9 leverages the most up-to-date threat intelligence lists, incorporating data from Criminal IP’s database of malicious domains to block harmful hostnames. This process not only safeguards computers, mobile devices, and IoT systems from a diverse array of threats like malware, phishing, spyware, and botnets, ensuring privacy, but also optimizes performance.

Quad9’s Threat Blocking Enhanced by Criminal IP’s Threat Intelligence

Quad9 is a free anycast DNS platform delivering robust security protections and privacy guarantees that comply with rigorous Swiss Data Protection and GDPR rules. Quad9 is operated as a non-profit by the Quad9 Foundation in Switzerland for the purpose of improving the privacy and cybersecurity of Internet users.

Operating on a high-performance global network, Quad9 partners with Criminal IP, which offers extensive cyber threat information, including malicious IPs, domains, and CVEs, derived from sophisticated IP and domain scoring algorithms and big data analysis on a worldwide scale, enhances this mission.

<Results of the blocking test for the Quad9 threat-blocking security service integrated with Criminal IP TI>

The specially designed Criminal IP Malicious Domains Retrieval API is used to send the Domain Data Feed identified as malicious to Quad9 for integration. This feed is then utilized alongside other threat intelligence (TI) data sources integrated into the Quad9 platform, such as IBM, OpenPhish, F-Secure, RiskIQ, and Domain Tools, to create a comprehensive user-protection blocklist.

Criminal IP’s specialized Domain Threat Intelligence

In addition to these comprehensive threat-blocking results on Quad9, for those seeking more information about each component of domains, users can use Domain Search of Criminal IP. The vulnerability scanner tool meticulously analyzes a wide array of domain details including screenshots, WHOIS data, utilized technologies, page redirections, and certificates. It also identifies potentially malicious content and replicated phishing domains, providing an overall domain score and a Domain Generation Algorithm (DGA) score. This global threat intelligence is updated daily and can be accessed through flexible API integration enabling seamless incorporation of the data into existing security systems, such as SOAR and SIEM. 

<Results of searching malicious domain in Criminal IP Domain Search>

“Our partnership with Quad9 is a recognition of the accuracy of Criminal IP’s data,” stated Byungtak Kang, CEO of AI SPERA. “It is expected that our collaboration will contribute to the protection of Quad9’s end-users, who have a global reach, while simultaneously enhancing the quality of Criminal IP’s data.”

End users interested in utilizing the integrated threat-blocking security service of Quad9, which is linked with Criminal IP threat intelligence, can automatically activate the service simply by using the Quad9 DNS server (


AI SPERA launched its global cybersecurity service, Criminal IP, on April 17, 2023, following a successful year-long beta phase. The company has established technical and business partnerships with acclaimed global security firms and educational institutions, including VirusTotal, Cisco, Tenable, and Sumo Logic.

Criminal IP offers personalized plan options, also suitable for company use. Users can check their own credit usage for specific features (Web, Vulnerability Scanner, Tags, etc.) and API on the dashboard, and upgrade the plan anytime according to their needs.

Criminal IP is available in five languages (English, French, Arabic, Korean, and Japanese), providing a powerful and accurate CTI search engine for users worldwide. AI SPERA has been delivering cybersecurity solutions worldwide through various products, including Criminal IP CTI Search Engine, Criminal IP ASM, and Criminal IP FDS.


Michael Sena
[email protected]


Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Kaaviya Balaji
Kaaviya Balaji
Kaaviya is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles