From 29a73e3d5489716b70f35e27e5cd9233da7313bf Mon Sep 17 00:00:00 2001 From: Kevin KADOSH Date: Thu, 18 Dec 2025 15:38:25 +0100 Subject: [PATCH 1/5] Add screenshots --- README.md | 5 + img/ipdex_file.svg | 215 +++++++++++++++++++++++++++++++++++ img/ipdex_search.svg | 243 ++++++++++++++++++++++++++++++++++++++++ img/ipdex_single_ip.svg | 143 +++++++++++++++++++++++ 4 files changed, 606 insertions(+) create mode 100644 img/ipdex_file.svg create mode 100644 img/ipdex_search.svg create mode 100644 img/ipdex_single_ip.svg diff --git a/README.md b/README.md index bc1dd43..3883c95 100644 --- a/README.md +++ b/README.md @@ -149,6 +149,8 @@ Enter your API key and set your preferences. ipdex 1.2.3.4 ``` +

ipdex querying a single IP

+ ### 5. Scan a file ```bash @@ -156,6 +158,8 @@ ipdex file ips.txt ipdex file /var/log/nginx.log ``` +

ipdex scanning a file

+ --- ## Configuration @@ -258,6 +262,7 @@ By default, the `since` parameter is set to `30d`. ⚠️ Each queried page counts as 1 quota. +

ipdex running a search query

#### Search IPs reported for a specific CVE diff --git a/img/ipdex_file.svg b/img/ipdex_file.svg new file mode 100644 index 0000000..b5c7ad7 --- /dev/null +++ b/img/ipdex_file.svg @@ -0,0 +1,215 @@ + + + + + + + + + + + + +ipdex ips.txt -y -d + + + + + + + + + + + + +Enriching with CrowdSec CTI: 47.128.18.160[15/15]███████████████████100%| 0s + + +General + + +Report ID 12 + + +Report Name Photon-Pulse-Report + + +Creation Date 2025-12-18 15:22:08 + + +File path /Users/crowdsec/github/ipdex/ips.txt + + +SHA256 7ef60e5a47311f55b89167bb3cf6bb556141d400d207289fb52cd81da4c23e1b + + +Number of IPs 15 + + +Number of known IPs 15 (100%) + + +Number of IPs in Blocklist15 (100%) + + +Stats + + +🌟Top Reputation + + +Malicious 15 (100%) + + +Unknown 0 (0%) + + +🗂️Top Classifications + + +Bytedance AI crawler 15 (100%) + + +CrowdSec Community Blocklist 15 (100%) + + +🤖Top Behaviors + + +HTTP Scan 15 (100%) + + +HTTP DoS 3 (20%) + + +HTTP Exploit 2 (13%) + + +HTTP Bruteforce 1 (7%) + + +HTTP Crawl 1 (7%) + + +Top Blocklists + + +CrowdSec Intelligence Blocklist 15 (100%) + + +Targeted Country: Germany 4 (27%) + + + +🌐 +Top IP Ranges + + +47.128.0.0/14 15 (100%) + + +unknown 0 (0%) + + +🛰️Top Autonomous Systems + + +AMAZON-02 15 (100%) + + +unknown 0 (0%) + + +🌎Top Countries + + +SG 🇸🇬15 (100%) + + +unknown 🏳️0 (0%) + + +IP | Country| AS Name | Reputation| Confidence| Reverse DNS | Profile | Behaviors | Range + + +47.128.18.145| 🇸🇬SG | AMAZON-02| malicious| high| ...t-1.compute.amazonaws.com| CrowdSec Community Blocklist| HTTP Scan... | 47.128.0.0/14 + + +47.128.18.146| 🇸🇬SG | AMAZON-02| malicious| high| ...t-1.compute.amazonaws.com| CrowdSec Community Blocklist| HTTP Scan | 47.128.0.0/14 + + +47.128.18.147| 🇸🇬SG | AMAZON-02| malicious| high| ...t-1.compute.amazonaws.com| CrowdSec Community Blocklist| HTTP Scan | 47.128.0.0/14 + + +47.128.18.148| 🇸🇬SG | AMAZON-02| malicious| high| ...t-1.compute.amazonaws.com| CrowdSec Community Blocklist| HTTP Scan | 47.128.0.0/14 + + +47.128.18.149| 🇸🇬SG | AMAZON-02| malicious| high| ...t-1.compute.amazonaws.com| CrowdSec Community Blocklist| HTTP Scan, HTTP Exploit| 47.128.0.0/14 + + +47.128.18.15 | 🇸🇬SG | AMAZON-02| malicious| high| ...t-1.compute.amazonaws.com| CrowdSec Community Blocklist| HTTP Scan, HTTP Exploit| 47.128.0.0/14 + + +47.128.18.150| 🇸🇬SG | AMAZON-02| malicious| high| ...t-1.compute.amazonaws.com| CrowdSec Community Blocklist| HTTP Scan, HTTP DoS | 47.128.0.0/14 + + +47.128.18.151| 🇸🇬SG | AMAZON-02| malicious| high| ...t-1.compute.amazonaws.com| CrowdSec Community Blocklist| HTTP Scan | 47.128.0.0/14 + + +47.128.18.153| 🇸🇬SG | AMAZON-02| malicious| high| ...t-1.compute.amazonaws.com| CrowdSec Community Blocklist| HTTP Scan, HTTP Crawl | 47.128.0.0/14 + + +47.128.18.154| 🇸🇬SG | AMAZON-02| malicious| high| ...t-1.compute.amazonaws.com| CrowdSec Community Blocklist| HTTP Scan | 47.128.0.0/14 + + +47.128.18.156| 🇸🇬SG | AMAZON-02| malicious| high| ...t-1.compute.amazonaws.com| CrowdSec Community Blocklist| HTTP Scan, HTTP DoS | 47.128.0.0/14 + + +47.128.18.157| 🇸🇬SG | AMAZON-02| malicious| high| ...t-1.compute.amazonaws.com| CrowdSec Community Blocklist| HTTP Scan, HTTP DoS | 47.128.0.0/14 + + +47.128.18.159| 🇸🇬SG | AMAZON-02| malicious| high| ...t-1.compute.amazonaws.com| CrowdSec Community Blocklist| HTTP Scan | 47.128.0.0/14 + + +47.128.18.16 | 🇸🇬SG | AMAZON-02| malicious| high| ...t-1.compute.amazonaws.com| CrowdSec Community Blocklist| HTTP Scan | 47.128.0.0/14 + + +47.128.18.160| 🇸🇬SG | AMAZON-02| malicious| high| ...t-1.compute.amazonaws.com| CrowdSec Community Blocklist| HTTP Scan | 47.128.0.0/14 + + +Created report with ID '12'. + + +View report ipdex report show 12 + + +View all IPs in report ipdex report show 12 -d + + + + + + + + + \ No newline at end of file diff --git a/img/ipdex_search.svg b/img/ipdex_search.svg new file mode 100644 index 0000000..9c94fcb --- /dev/null +++ b/img/ipdex_search.svg @@ -0,0 +1,243 @@ + + + + + + + + + + + +ipdex search 'cves:CVE-2025-55182' --since 30m + + + + + + + + + + + + + + +SUCCESS Fetching complete! + + +General + + +Report ID 10 + + +Report Name Echo-Shadow-Report + + +Creation Date 2025-12-18 15:20:00 + + +Query cves:CVE-2025-55182 + + +Since Duration 30m + + +Since Time 2025-12-18 14:50:00 + + +Number of IPs 110 + + +Number of known IPs 110 (100%) + + +Number of IPs in Blocklist7 (6%) + + +Stats + + +🌟Top Reputation + + +Suspicious 55 (50%) + + +Known 32 (29%) + + +Malicious 22 (20%) + + +Benign 1 (1%) + + +Unknown 0 (0%) + + +🗂️Top Classifications + + +Data Center IP 101 (92%) + + +CrowdSec Community Blocklist 5 (5%) + + +Many Services Exposed 2 (2%) + + +Attacker Group: Exciting Dodgerblue Quetzal 2 (2%) + + +Residential IP 2 (2%) + + +🤖Top Behaviors + + +HTTP Exploit 110 (100%) + + +HTTP Scan 24 (22%) + + +HTTP Bruteforce 12 (11%) + + +HTTP DoS 4 (4%) + + +SSH Bruteforce 3 (3%) + + +Top Blocklists + + +CVE-2025-55182 - React2Shell Attackers 5 (5%) + + +CrowdSec Intelligence Blocklist 3 (3%) + + +High Background Noise 2 (2%) + + +Targeted Country: Germany 1 (1%) + + +Education Attackers 1 (1%) + + +💥Top CVEs + + +CVE-2025-55182 110 (100%) + + +CVE-2017-9841 1 (1%) + + +CVE-2021-26086 1 (1%) + + +CVE-2022-35914 1 (1%) + + +CVE-2024-21887 1 (1%) + + + +🌐 +Top IP Ranges + + +35.176.0.0/13 7 (6%) + + +3.96.0.0/11 7 (6%) + + +44.224.0.0/11 6 (5%) + + +108.128.0.0/13 5 (5%) + + +3.128.0.0/10 4 (4%) + + +🛰️Top Autonomous Systems + + +AMAZON-02 86 (78%) + + +AMAZON-AES 9 (8%) + + +DIGITALOCEAN-ASN 3 (3%) + + +OVH SAS 3 (3%) + + +Yandex.Cloud LLC 2 (2%) + + +🌎Top Countries + + +US 🇺🇸36 (33%) + + +CA 🇨🇦14 (13%) + + +IE 🇮🇪14 (13%) + + +JP 🇯🇵14 (13%) + + +DE 🇩🇪10 (9%) + + +Created report with ID '10'. + + +View report ipdex report show 10 + + +View all IPs in report ipdex report show 10 -d + + + + + + + + + \ No newline at end of file diff --git a/img/ipdex_single_ip.svg b/img/ipdex_single_ip.svg new file mode 100644 index 0000000..2a8fa59 --- /dev/null +++ b/img/ipdex_single_ip.svg @@ -0,0 +1,143 @@ + + + + + + + + + + + +ipdex 137.184.231.98 + + + + + + + + + + + + +IP Information + + +IP 137.184.231.98 + + +Reputation malicious + + +Confidence high + + +Country US 🇺🇸 + + +Autonomous System DIGITALOCEAN-ASN + + +Reverse DNS zgxnutraceuticals.com + + +Range 137.184.224.0/20 + + +First Seen 2022-04-22T18:00:00 + + +Last Seen 2025-12-02T19:45:00 + + +Console URL https://app.crowdsec.net/cti/137.184.231.98 + + +Last Local Refresh 2025-12-18 14:00:49 + + +Threat Information + + +Behaviors + + +HTTP Scan + + +HTTP Exploit + + +HTTP Bruteforce + + +... and 1 more + + +Classifications + + +Data Center IP + + +Attacker Group: Nervous Teal Creeper + + +CrowdSec Community Blocklist + + +Blocklists + + +HTTP Exploit Attackers + + +CrowdSec CVE-2024-4577 + + +Exploiting CVEs + + +CVE-2025-8943 + + +CVE-2025-8868 + + +CVE-2025-64446 + + +... and 237 more + + +Target countries + + +🇺🇸US 28% + + +🇩🇪DE 17% + + +🇫🇷FR 17% + + +... and 2 more + + + + + + + + + \ No newline at end of file From 52b9441a1ee80a00fdb80d88fc2a3528004313e3 Mon Sep 17 00:00:00 2001 From: Kevin KADOSH Date: Thu, 18 Dec 2025 15:39:47 +0100 Subject: [PATCH 2/5] test here --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3883c95..f07353b 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,8 @@ Your ultimate IP dex! **ipdex** is a simple CLI tool to gather insight about a list of IPs or an IP using the [CrowdSec CTI](https://www.crowdsec.net/cyber-threat-intelligence) (Cyber Threat Intelligence) API. +

ipdex querying a single IP

+ --- ## Table of Contents @@ -154,8 +156,8 @@ ipdex 1.2.3.4 ### 5. Scan a file ```bash -ipdex file ips.txt -ipdex file /var/log/nginx.log +ipdex ips.txt +ipdex /var/log/nginx.log ```

ipdex scanning a file

From 2592734f03f3a309ed16e1f4660f9475c3719695 Mon Sep 17 00:00:00 2001 From: Kevin KADOSH Date: Thu, 18 Dec 2025 15:40:39 +0100 Subject: [PATCH 3/5] test here --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f07353b..0bde8c3 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Your ultimate IP dex! **ipdex** is a simple CLI tool to gather insight about a list of IPs or an IP using the [CrowdSec CTI](https://www.crowdsec.net/cyber-threat-intelligence) (Cyber Threat Intelligence) API. -

ipdex querying a single IP

+

ipdex querying a single IP

--- From 8c760dd8fa4f5c3abe068750be423e8f093d1a8a Mon Sep 17 00:00:00 2001 From: Kevin KADOSH Date: Thu, 18 Dec 2025 15:41:51 +0100 Subject: [PATCH 4/5] test here --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0bde8c3..210f88a 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Your ultimate IP dex! **ipdex** is a simple CLI tool to gather insight about a list of IPs or an IP using the [CrowdSec CTI](https://www.crowdsec.net/cyber-threat-intelligence) (Cyber Threat Intelligence) API. -

ipdex querying a single IP

+

ipdex scanning a file

--- @@ -151,7 +151,7 @@ Enter your API key and set your preferences. ipdex 1.2.3.4 ``` -

ipdex querying a single IP

+

ipdex querying a single IP

### 5. Scan a file From 3b6b50a7a01f3d8e24e2ceb0c663a52336789a37 Mon Sep 17 00:00:00 2001 From: Kevin KADOSH Date: Thu, 18 Dec 2025 15:44:18 +0100 Subject: [PATCH 5/5] test here --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 210f88a..c18bbb7 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Your ultimate IP dex! **ipdex** is a simple CLI tool to gather insight about a list of IPs or an IP using the [CrowdSec CTI](https://www.crowdsec.net/cyber-threat-intelligence) (Cyber Threat Intelligence) API. -

ipdex scanning a file

+

ipdex querying a single IP

--- @@ -264,7 +264,7 @@ By default, the `since` parameter is set to `30d`. ⚠️ Each queried page counts as 1 quota. -

ipdex running a search query

+

ipdex running a search query

#### Search IPs reported for a specific CVE