# Police AI Platform — *.ia.policia.gov.co ## Colombian National Police AI Infrastructure ## SEVERITY: CRITICAL **Dump Size**: 2.9MB, 19 files --- ## Subdomains Discovered (5) | Subdomain | Purpose | Status | |-----------|---------|--------| | app.ia.policia.gov.co | Main AI platform | Login page (Next.js) | | nadia.ia.policia.gov.co | NADIA AI assistant | Login page (Vite React) | | maps.analytics.ia.policia.gov.co | Geospatial analytics | Kepler.gl SPA | | catalog.ia.policia.gov.co | Data catalog BFF | Login redirect | | iam.ia.policia.gov.co | Identity & access mgmt | Auth server | --- ## Critical Credentials ### AWS STS (rotates every page load) - **Account**: 926162397524 - **S3 Bucket**: pon-prod-ai-platform-926162397524 - **Region**: us-east-1 - **Access Key**: ASIA5PI4UVFKL3IFXKMF (temporary, 15-min) - **Impact**: Fresh S3 access tokens on every page load — trivial automated harvesting ### AWS Cognito - **User Pool ID**: us-east-1_s8S1IYnxv - **Source**: nadia.ia.policia.gov.co JS bundle (2.4MB) - **Impact**: User enumeration, brute force potential ### API Gateway - **Endpoint**: https://qb4jva2046.execute-api.us-east-1.amazonaws.com - **Status**: 401 (Cognito auth required) - **Backend**: 10 AI models via Amazon Bedrock ### Session Cookies - secret=ogPXHONRigakoecq - ds cookie expires **2035** (9-year lifetime!) --- ## AI Models (Amazon Bedrock) | Model | Type | |-------|------| | Claude 4 Opus | LLM | | Claude 4 Sonnet | LLM | | Claude 3.7 Sonnet | LLM | | Claude 3.5 Sonnet v1 | LLM | | Claude 3.5 Sonnet v2 | LLM | | Claude 3.5 Haiku v1 | LLM | | Claude 3 Opus | LLM | | Claude 3 Haiku | LLM | | Amazon Titan Embedding Text v2 | Embedding | | Cohere Embed Multilingual v3 | Embedding | --- ## Vendor **Houndoc.ai** (www.houndoc.ai) — Colombian AI startup - Provides: document parsing, semantic search, data extraction, map visualization - Map tiles served from: www.houndoc.ai/maps-assets/ - Styles: streets-dark.json, streets-light.json, streets.json --- ## Files Index | File | Size | Description | |------|------|-------------| | aws-credentials-extracted.json | 574B | STS creds + account info | | nadia-infrastructure.json | 1.2KB | Cognito, API GW, Bedrock models | | nadia-app-bundle.js | 2.4MB | Full NADIA React bundle | | maps-analytics-bundle.js | 345KB | Maps Analytics bundle | | maps-analytics-endpoints.json | 857B | Extracted endpoints + vendor | | maps-analytics.html | 2.4KB | Kepler.gl page source | | app-login-page.html | 16KB | Next.js login with S3 URLs | | app-next-data.json | 16KB | Next.js build data | | app-graphql-schema.json | 17KB | GraphQL schema | | nadia-page.html | 1.1KB | NADIA page source | | nadia-api-*.json | 1.1KB ea | API endpoint probes | | catalog.html | 1.6KB | Catalog page source | | aisearchengine.html | 2.0KB | Search engine page |