
A vulnerability rating of your IP address - shadowashe
http://www.securityrating.io
======
mediumdeviation
On a side note, if your fan started spinning up when you opened this, it's
because of the particle simulation in the header.

I know because I reviewed this library
([https://github.com/VincentGarreau/particles.js](https://github.com/VincentGarreau/particles.js))
when a colleague wanted to add something similar to our site. The problem is
it uses a naive O(n^2) algorithm for linking up particles when they get near
each other, which wastes _a lot_ of CPU cycles.

Running this script with a large number of particles and auto-linking on is
ill-advised - but fortunately you can delete the <canvas> element quite easily
to stop the script.

~~~
dave5104
I also noticed they have some janky Javascript playing with the scrolling on
the page, which also prevents me from using swipes to go back in my browser.
Very annoying when sites mess with that. Give me my usual scrolling inertia!

~~~
balgan
Thanks for this info, I've asked the guys to try and fix this! Apologies in
advance!

------
helb
_> Torrent Downloads: If an IP address detected downloading torrents, the risk
level is considered extreme._

Why?

There is some more info in the README at Github
([https://github.com/binaryedge/ratemyip-
openframework](https://github.com/binaryedge/ratemyip-openframework)), but
nothing about why torrents induce _extreme risk level_.

~~~
balgan
We will add this information, but essentially we and other partners have seen
a high quantity of torrents infected with malware. We intend to fine tune this
in the future to differentiate the torrents depending on category!

~~~
helb
Thanks!

Additional non-related questions:

\- How do you scan ipv6s? Scanning the entire space is easy for ipv4 (we do
that for some router-security-related projects), but ipv6 space is freaking
huge.

\- Have you considered using something like Shodan
([https://www.shodan.io/](https://www.shodan.io/)) API instead of scanning the
address space by yourselves?

~~~
balgan
\- For IPv6 rather than scanning the entire space, we are currently passively
collecting addresses from multiple sources and scan specific addresses

\- We wouldn't use shodan as we developed our own custom scanners and
methodologies of scanning to increase data quality which is extremely
important for our customers (cyberinsurers, SoCs, cyberrating companies). We
also do some specific things with data which you can check on
[http://blog.binaryedge.io/2016/11/18/bsides-
lisbon-2015/](http://blog.binaryedge.io/2016/11/18/bsides-lisbon-2015/)

------
v4n4d1s
This tool does not provide enough information about the scan and the detected
"problems".

1\. It's only scanning for default ports.

2\. It told me about having a CVE-Score "3/3", please provide me with the
exact CVEs, so I can patch my system accordingly.

3\. Running a webserver on Port 80 is not insecure per se, it's just not
encrypted.

4\. No feature to rescan, provided information is probably old.

While I like the overall design, I think this tool is not for technical
people, but for everyone who uses the word "cyber" on a daily unironically
basis.

~~~
jsight
Yeah, the CVE scan was really strange to me. I don't see the benefit if I
can't see the CVEs themselves.

~~~
sli
That's how I felt about all of the ratings. Just arbitrary numbers. I have one
out of two ports open? Or do two or more open ports automatically go red? No
clue, it doesn't say.

6/6 on HTTP with SSL. Again, six what? Total open HTTP connections? Couldn't I
have more than six, and wouldn't that data be important? No clue, it doesn't
say.

Trying the site with my VPN connection enabled is amusing.

------
distortedsignal
Does this work with dynamic IP addresses? In the fine print at the bottom of
the page, it says that "the data has been collected passively over the last
month," and I'm not sure how you can do that for a dynamic IP address. Could
you enlighten me?

~~~
balgan
Hi, essentially we scan the entire IPv4 space, 200 ports per month. What we
mean by that is that when you open the page a scan won't open targeted
directly at your ip address!

~~~
revelation
Sure, but for dynamic IP addresses, the box that had the IP when you scanned
it days ago is not necessarily the same that has it now.

~~~
sofaofthedamned
Exactly, this makes this of dubious use at best.

------
pmontra
Some of the assessments make sense for a server but this is going to be called
from client machines. Is there an endpoint to call and pass an IP address to
test?

~~~
balgan
Using the "auto detection" is part of our free offering, our partners usually
are able to look at specific ips as we work with cyberinsurers!

------
dom0
The numbers don't add up.

For example, I get 14 out of 100. Encryption are all 0, yet "Overall" is 3 out
of 6. The only other non-zero value is "Number of open ports" (2). 2+3 != 14.
Σ0 = 0 != 3.

Obviously, I have no idea what those 12 risk points are. The three encryption
points are not explained at all, neither are the remaining nine.

~~~
filipacsr
The overall value of each category is truncated to the maximum value of that
category - for example, if you have 10 open ports, you will get an overall
score in "Attack Surface" category of 2, because it's the maximum value
(vulnerability importance) that we attributed to that category. The final
score is the sum of the overall values of all categories, and then it's
normalized between 0 and 100. If you have all 0 in Encryption, and then the
overall result for that category is 3, something went wrong... thank you for
your feedback!

~~~
dom0
Here's a screenshot
[http://i.imgur.com/TMXbdpv.png](http://i.imgur.com/TMXbdpv.png)

------
IgorPartola
No IPv6? Goddamnit, it is 2017.

~~~
balgan
we will be adding this soon!

~~~
ceejayoz
You already have it.

What it needs is a way for me to switch. I'm seeing my IPv6 reputation, but
I'm more interested in my IPv4.

------
rishabhd
Reminds me of stuff from Bitsight Tech except they use a proprietary algorithm
to rate and give a rating on Organization basis which may have a lot of
IPv4/v6 blocks. Also, Censys.io (discounting shodan & zoomeye).

------
wink
Wow, I am amazed. Was actually expecting to be bombarded with false positives
when I proxy via one of my servers to check that IP - but 0/100 all the time
so far.

Maybe it's broken the other way round? ;)

------
scierama
I report any scanning done against my IP's. I do not know what the intentions
of the scanner are. People trying to make money making a product that scans my
IP's and wastes bandwidth and computing resources that I have to pay for
should be jailed in my humble opinion.

~~~
balgan
We respect a blacklist, just drop us an email on info@binaryedge.io and we can
add your ips to the blacklist and we will never touch them again!

~~~
fweespeech
Please just set up some sort of robots.txt related thing.

E-mailing every single company that does this is ridiculous.

