GhostProxies

IP-Level Cyber Threat Data For Open Network Firewall Efficiency

GhostProxies is an IP address security risk intelligence database as a low-latency, primitive firewall defense without false positives against preventable cyber attacks from distributed open proxy servers.

Spotlight

171.4.16.41: A High-Risk IPv4 Address 30 Seconds Ago

171.4.16.41: A High-Risk IP Address

An open HTTP proxy server forwarded an unauthenticated connection from the gateway IP 171.4.16.41 on port 8080 through the exit IP 171.4.16.41.

Explanation

Problem

Hackers connect to open "ghost proxy" servers on public IP addresses and unleash havoc with automated, distributed cyber attacks.

Advanced defense solutions using AI, device fingeprinting and user behavior analysis can be effective but inefficient whenever objective IP-level threats are identifiable.

Furthermore, other IP-level intelligence solutions report a substantial amount of false positives by ignoring critical details in connection responses and using poisoned data sources unintentionally.

Solution

GhostProxies manages distributed public IP monitoring systems with connection handshakes to confirm threat levels and recursive scanning intervals to reveal hidden IPs behind open gateway proxy servers.

Integrate the GhostProxies database into high-performance open network firewalls and web applications as the first line of defense to automatically block the highest-risk traffic efficiently with the only reliable security risk metric database that avoids false positives completely.

Metric

A risk level 0 IP never revealed an open proxy server to GhostProxies scanners.

A risk level 1 IP revealed an open proxy server to GhostProxies scanners more than 2 weeks ago.

A risk level 2 IP revealed an open proxy server to GhostProxies scanners less than 2 weeks ago.

Database

Introduction

GhostProxies provides a link to download a highly-compressed, up-to-date zip file containing a minimal database with each a.b.c.d IP in a /a/b/c/d/ directory.

For example, the directory for 10.9.8.7 would be /10/9/8/7/.

Try one of the following subscription options risk-free for 7 days with a full money-back guarantee.

The default rate limit is 20 downloads per subscription per hour.

Basic

The basic database contains an empty file in each IP directory named as a risk level of either 1 or 2.

For example, the full path to the database file for 10.9.8.7 with a risk level 2 would be /ghostproxies-basic/10/9/8/7/2.

Subscribe for $19 per month to receive a download link within 24-48 hours.

Advanced

The advanced database contains an f file for each first confirmed proxy, and an l file for each last confirmed proxy.

Each f and l file contains data formatted as timestamp-port-protocol-listening_ip.

timestamp is the 10-digit Unix timestamp of the confirmed proxy connection.

port is the gateway proxy port as a positive number less than 65536.

protocol is either h for HTTP or s for SOCKS.

listening_ip is the listening IP that initially forwarded the proxy connection. When the listening IP is the same as the confirmed proxy IP, the data format is timestamp-port-protocol.

For example, the IP data for a new confirmed HTTP proxy directly on 10.9.8.7 using port 80 would be 1738951971-80-h. The full path to the database file would be /ghostproxies-advanced/10/9/8/7/l.

Subscribe for $79 per month to receive a download link within 24-48 hours.