Zscaler ThreatLabZ Releases Free IPAbuseCheck

IPAbuseCheck lets company query an IP address to see if it's intentionally or unintentionally being abusive

October 20, 2011

3 Min Read


Sunnyvale, California, October 19, 2011 – Zscaler, The Cloud Security Company, today announced the release of a free web service that the public can access at http://ipabuse.zscaler.com, which will allow them to query a dynamic ThreatLabZ database to identify whether any of their endpoint clients and IP addresses are being used for malicious purposes. Users who leverage the new IPAbuseCheck service will now be able to identify and clean-up compromised endpoint clients that are unintentionally participating in some form of Internet proxy abuse—including brute-force web logins, forum spamming, pay-per action cheating, open proxy scanning, DDoS attacks and web-site scraping.

The Zscaler ThreatLabz IPAbuseCheck service combines a simple, easy-to-use web interface with an extensive ThreatLabz database that contains IP addresses that have attempted to forward abusive or unwanted traffic through one or more Zscaler cloud proxies.

Unlike other publically available services and tools, ThreatLabZ IPAbuseCheck provides a different perspective on Internet abuse. Lists that track forum spamming and other types of Internet abuse, for example, often log the ‘source’ IP address from the perspective of the spammed web server. This approach, however, will often result in the identification of a source address that represents a proxy IP address that is being abused, as opposed to the actual infected client. IPAbuseCheck is different than standard blacklists in that the clients listed have specifically attempted some form of Internet abuse through one or more web proxies within Zscaler’s global security cloud.

“Malicious or compromised clients leverage proxies to distribute and/or mask their origin when conducting forms of abuse,” said Mike Geide, senior researcher at Zscaler ThreatLabZ and developer of the new IPAbuseCheck tool. “We've seen so many IP addresses bang against our proxies hundreds of thousands of times the past few months, attempting to brute-force web logins. Yet, searching for these IPs against multiple blacklists does not identify them as being offensive. This new IPAbuseCheck service will provide another helpful resource to identify and clean-up compromised endpoint clients.”

According to Michael Sutton, VP of Security Research, “Most enterprises have infected machines participating in botnets, but don’t even know about it. IPAbuseCheck is a simple, dynamic service that will allow both consumers and enterprises to quickly determine if their machines are being used for such activity.”

Client IP addresses listed in the IPAbuseCheck database include both those that are intentionally used for abuse and those that are from infected hosts that are unknowingly abusing proxies on the internet. Zscaler's global, cloud-delivered service provides policy and security enforcement through its proxies from its customers. Valid Zscaler customers must first authenticate to the Zscaler cloud before being able to use these proxies. Transactions listed in the IPAbuseCheck database are from non-authenticated clients attempting to utilize one or more Zscaler proxies in an open manner – as a way to distribute and mask traffic for their abuse.

The Zscaler ThreatLabZ IPAbuseCheck is freely available to everyone and can be accessed at http://ipabuse.zscaler.com.



Office: +1-408-776-1400, Mobile: +1-408-893-8750

[email protected]

About Zscaler: The Cloud Security Company™

Zscaler enforces business policy, mitigates risk and provides twice the functionality at a fraction of the cost of current solutions, utilizing a multi-tenant, globally-deployed infrastructure. Zscaler’s integrated, cloud-delivered security services include Web Security, Mobile Security, Email Security and DLP. Zscaler services enable organizations to provide the right access to the right users, from any place and on any device—all while empowering the end-user with a rich Internet experience. For more information, visit www.zscaler.com.

About Zscaler ThreatLabZ™

Zscaler ThreatLabZ is the global security research team for Zscaler. Leveraging an aggregate view of billions of daily web transaction, from millions of users across the globe, Zscaler ThreatLabZ identifies new and emerging threats as they occur, and deploys protections across the Zscaler Security Cloud in real time to protect customers from advanced threats.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights