Today we are announcing changes and the addition of features to our site. We are happy introduce first and last timestamps per data source, tags, a new results UI, AS lookups and version 2.0 of the API. Below is an example of the additional fields and tags that are that are returned for an IP address search: When searching for an Autonomous System (AS), which requires authentication, the response contains similar first and last seen timestamps, but also a tag if the AS is frequently abused. Pagination exists for larger numbers of results and each page of 25 IP addresses will consume one API quota credit: Version 2.0 of the API has also been overhauled to include first and last timestamps, geolocation information, and AS information in the response, none of which were included in API version 1.0. POST /api/getip response (version 1.0) POST /api/v2/getip response (version 2.0) API version 1.0 will not cease to exist. We will continue monitor the use of the version 1.0 end...
One of our affiliates recently had an iPhone stolen while on vacation. It goes without saying, once the phone has been turned off and you can't see it in Apple's Find My, best of luck getting it back. One of the issues with stealing an iPhone is the iCloud Activation Lock. When you enable Find My, the device is linked to your iCloud account and you must manually disable it before the phone can be transferred to another person. A few days after the phone was stolen, the new phone received an SMS phishing message with the following URL: hxxps://lcoud.com-1pr7[.]us/?id=XXXXX In our instance, we had a five-digit ID number that started with the number 8. We began to attempt iterations of the 5-digit ID and sure enough, we got a valid HTTP 200 response on the first attempt: When navigating to the resolving IP, we noted there was a wildcard certificate in place for a bunch of other domains: Stepping back, let’s look at the root domain of the original phishing page, com-1pr7.us . The...