IPAbuseCheck was designed to provide a simple, free web interface to query your IP addresses against a database that we have built containing unauthenticated IP addresses that have attempted to forward abusive or unwanted traffic through one or more of our proxies. The database contains abusive IPs identified from July to present, and contains well over 20K unique IP addresses. Here is a screenshot showing an example report of an IP listed in our DB:
In this case, a client IP at a very large software company is infected and attempted to issue tens of thousands of login POST requests through our proxies to Megaupload servers (and others such as Rapidshare, Hotfiles, and Yahoo webmail) using the "Googlebot" user-agent. Note: URL parameter values have been stripped from the URLs in our database. This particular client IP is not listed in any IP denylists (checked using rbls.org). Very often, IP denylists list client IP addresses visible from the server perspective - in this case, it would have been our proxy IP if we let these transactions through. Our database provides a bit of a different perspective from many of these existing denylists, in that we are listing abusive clients that are using proxies.
The goal of this free service is to provide those interested (ISPs, companies/organizations, security professionals, etc.) with this data to identify and clean-up clients that are participating in this form of abuse. Clients leverage proxies to distribute and/or mask their origin when conducting forms of abuse, such as:
- Brute-force web-based logins
- Search Engine Optimization (SEO)
- Forum spamming
- Pay-per action cheating
- Open proxy scanning
- Bulk account registration
- Site popularity / voting inflation
- other forms of abuse (DDoS and web-site scraping)
The idea for this service stemmed from two Zscaler blog posts:
