Author: Heige (a.k.a Superhei) of KnownSec 404 Team https://twitter.com/80vul 09/08/2021 Yesterday, a detailed article on “behavior mapping” in cyberspace was published. The article introduced an example of using a ZoomEye query to get all the Trickbot C2 ips all at once: https://80vul.medium.com/behavior-mapping-in-cyberspace-one-net-cleans-apt-and-botnet-c2s-ed49a9b7d426 Today I will bring you another typical case：…

Author: Heige (a.k.a Superhei) of KnownSec 404 Team https://twitter.com/80vul 09/07/2021 “Behavior (American English) or behaviour (British English; see spelling differences) is the actions and mannerisms made by individuals, organisms, systems or artificial entities in conjunction with themselves or their environment, which includes the other systems or organisms around as well…

Author: Heige (a.k.a Superhei) of KnownSec 404 Team https://twitter.com/80vul 06/15/2021 In recent years, there have been many cases of power outages at the national level due to cyber attacks and other reasons. Of course, there are also occasions when the country actively disconnects from the Internet due to sudden political…

* Add filter “iconhash:” to support favicon.ico hash search (support both md5 hash and mmh3 hash) Eg: iconhash:891e510219786f543ca998282ed99f45 or iconhash:325177753

Previously, ZoomEye released a survey report on the Plex UDP port used for reflection amplification DDos attacks (https://80vul.medium.com/zoomeye-report-nearly-40-000-plex-services-around-the-world-may-be-used-for-reflective-ddos-c1257dade7df ). Baidu Labs released a report (https://paper.seebug.org/1482/ ) on the use of https DTLS protocol for reflection amplification DDos attacks on February 5, 2021.

On January 7, 2021, Baidu Security Lab issued an early warning saying that a DDoS reflection attack initiated by the network service of Plex (media playback platform) was captured in January 2021 [1] According to the article of Baidu Security Lab, the hacker used the DDoS reflection attack based on…

Author: Heige(a.k.a Superhei) of KnownSec 404 Team 01/16/2021 Currently, the objects of cyberspace surveying and mapping are mainly around IPv4/IPv6/website/darkweb ，Of course most search engines only support IPv4/IPv6 addresses . In addition to ZoomEye that focuses on IPv4/IPv6/Website mapping, we have also developed a product for dark web mapping ,we…

Author: Heige(a.k.a Superhei) of KnownSec 404 Team 12/10/2020 As the world’s leading search engine for cyberspace mapping, ZoomEye has been working hard! I would like to thank all the friends who support ZoomEye. API-KEY ZoomEye has always been committed to being more friendly and open to developers. For example, in August…

Author: Heige(a.k.a Superhei) of KnownSec 404 Team 05/25/2020 [Article release: https://paper.seebug.org/1219/ (Chinese) https://paper.seebug.org/1220/ (English)] We had released ZoomEye’s historical data API query interface in ZoomEye 2020 that had launched in January this year: https://medium.com/@80vul/zoomeye-2020-has-started-8414d6aaf38 Next, I will introduce some examples of using ZoomEye History API to capture the traces of…