
TORRANCE, Calif., July 06, 2026 (GLOBE NEWSWIRE) —
Criminal IP has announced the official availability of its threat intelligence integration with OpenCTI, an open-source cyber threat intelligence platform. The integration enables security teams to automate the transformation of IP addresses, domains, and URLs into structured intelligence within the OpenCTI knowledge graph.
The integration automatically enriches ingested indicators with Criminal IP’s infrastructure intelligence, dual-perspective reputation scoring, vulnerability data, behavioral signals, and phishing analysis. The enriched data is structured as OpenCTI entities and relationships, allowing analysts to investigate connected infrastructure, map attack surfaces, and prioritize indicators.

Integration Highlights
- Contextual Risk Scoring: Criminal IP delivers dual-perspective risk scoring reflecting both inbound targeting and outbound behavior. This model provides signals to assist analysts with the prioritization of high-risk infrastructure.

- Infrastructure Intelligence: The integration creates structured OpenCTI entities and relationships, mapping vulnerabilities (CVEs), Autonomous Systems (ISPs), and geolocation to allow analysts to pivot across components within the graph.
- Service Exposure & Vulnerability Correlation: By linking observed services to known CVEs, the integration provides insight into whether an IP is malicious, exploitable, or actively leveraged in attacks.
- Threat Labeling & Behavioral Signals: Generated labels incorporate multiple data points including anonymization technologies (VPN, proxy, TOR), hosting characteristics, and malicious classifications.
- Domain & Phishing Intelligence: Criminal IP performs URL analysis for domains to detect phishing activity, credential harvesting, suspicious files, and impersonation techniques, providing tied confidence scores.
- Infrastructure Mapping: Indicators are linked to network ownership (Autonomous Systems), physical locations, and resolved IP infrastructure to identify hosting patterns and regional clustering.
Key Use Cases
- SOC Triage and Alert Validation: Validates suspicious IPs and domains using risk scoring, infrastructure context, and phishing intelligence to prioritize high-risk indicators.
- Threat Hunting and Infrastructure Pivoting: Utilizes enriched relationships such as CVEs, Autonomous Systems, and geolocation to trace connected infrastructure and attacker operations.
- Phishing and Campaign Analysis: Identifies malicious domains, credential harvesting pages, and supporting infrastructure to track broader campaign patterns.
About OpenCTI Platform
OpenCTI is an open-source cyber threat intelligence platform designed to structure, store, and analyze threat data using a graph-based model. It enables organizations to connect indicators, vulnerabilities, threat actors, and campaigns into a unified knowledge base for investigation, collaboration, and intelligence sharing.
About Criminal IP
Criminal IP delivers cyber threat intelligence by analyzing IP addresses, domains, and URLs across the global internet. Powered by AI and OSINT, it provides reputation scoring, infrastructure visibility, and real-time detection of malicious activity, including phishing, exposed services, and anonymization technologies such as VPNs and proxies. Its API-first architecture enables integration into security platforms to enhance visibility, automation, and response.
Contact:
Michael Sena
AI SPERA
support@aispera.com
Photos accompanying this announcement are available at:
https://www.globenewswire.com/NewsRoom/AttachmentNg/e14c20d0-a607-4706-922a-3b891a94c330
https://www.globenewswire.com/NewsRoom/AttachmentNg/768b72e9-a9b4-430e-a361-6705de0c54a5
https://www.globenewswire.com/NewsRoom/AttachmentNg/c68ee647-5826-406b-8f7c-bc95d995ee28

