Proxy Attack Summaries 2016/04/11 thru 2016/04/30

Sorted by Source Network Range
Sorted by Total Connections From Source Network
Sorted by Source Country
Sorted by Total Connections From Source Country
Counts by fetch target URL.
Counts by fetch target URL - sorted by URL in rev. domain order.

Sorted by Source Network Range


Source Network Registered owner Local Target IP or range Target Ports
5.196.219.112 - 5.196.219.127 ayhan meric nargul sitesi dblok d6 16100 bursa TR OVH Ltd 3 Southwark street GB attacked MULTIPLE-IPS for ports 22x4
23.96.0.0 - 23.103.255.255 Microsoft Corporation Redmond, WA, US attacked MULTIPLE-IPS for ports 22x8
23.253.0.0 - 23.253.255.255 Rackspace Hosting San Antonio, TX, US attacked 132.235.1.72 for ports 22x2
37.59.0.0 - 37.59.63.255 OVH SAS Dedicated servers http://www.ovh.com OVH ISP FR attacked MULTIPLE-IPs for ports 22x8
37.187.52.0 - 37.187.52.255 OVH SAS VPS http://www.ovh.com FR attacked 132.235.1.58 for ports 22x2
42.1.60.0 - 42.1.63.255 Exa Bytes Network Sdn.Bhd. 1-18-8 Suntech Penang Cybercity MY attacked 132.235.1.11 for ports 22
46.102.240.0 - 46.102.243.255 ELVSOFT SRL Capronilaan 2 1119 Schiphol-Rijk, Netherlands NL attacked 132.235.1.56 for ports 22x2
54.176.0.0 - 54.191.255.255 Amazon Technologies Inc. Seattle, WA, US attacked 132.235.1.54 for ports 22x2
75.80.0.0 - 75.87.255.255 Time Warner Cable Internet LLC Herndon, VA, US attacked MULTIPLE-IPS for ports 22x16
92.43.104.64 - 92.43.104.79 CORE-BACKBONE CH attacked MULTIPLE-IPS for ports 22x64
94.231.176.0 - 94.231.191.255 Galitski Telekommunications LTD Sichovykh Striltsiv 7 Burshtyn, Ivano-Frankivsk region 77111, Ukraine Pl.Rynok 9/3 Berezhany UA attacked 132.235.1.86 for ports 22x2
98.126.0.0 - 98.126.255.255 Krypt Technologies Orange, CA, US attacked 132.235.1.249 for ports 22
104.156.240.192 - 104.156.240.223 London Trust Media Inc Miami, FL, US attacked MULTIPLE-IPs for ports 22x12
106.128.0.0 - 106.191.255.255 KDDI CORPORATION GARDEN AIR TOWER,3-10-10,Iidabashi,Chiyoda-ku,Tokyo JP attacked MULTIPLE-IPs for ports 22x38
107.20.0.0 - 107.23.255.255 Amazon.com, Inc. Seattle, WA, US attacked 132.235.1.67 for ports 22x2
107.170.0.0 - 107.170.255.255 Digital Ocean, Inc. New York, NY, US attacked 132.235.1.222 for ports 22x2
108.0.0.0 - 108.57.255.255 MCI Communications Services, Inc. d/b/a Verizon Business Ashburn, VA, US attacked 132.235.1.239 for ports 22x2
118.193.16.0 - 118.193.31.255 137-139, Connaught Road Central, Hongkong 137-139, Connaught Road Central, Hongkong, Hongkong HK attacked MULTIPLE-IPs for ports 22x67
128.199.0.0 - 128.199.255.255 Digital Ocean, Inc. 101 Ave of the Americas New York 10013 UNITED STATES 101 Ave of the Americas, 10th Floor SG attacked 132.235.1.13 for ports 22x2
162.244.8.0 - 162.244.15.255 Power Up Hosting, Inc. Los Angeles, CA, US attacked MULTIPLE-IPS for ports 22x4
166.78.0.0 - 166.78.255.255 Rackspace Hosting San Antonio, TX, US attacked 132.235.1.9 for ports 22x2
172.98.67.0 - 172.98.67.255 Hosting Services, Inc. Toronto, ON, CA attacked MULTIPLE-IPS for ports 22x94
184.72.0.0 - 184.73.255.255 Amazon.com, Inc. Seattle, WA, US attacked 132.235.1.234 for ports 22x2
185.94.190.152 - 185.94.190.159 Cyberghost-Budapest HU attacked 132.235.1.2 for ports 22x3
188.64.220.0 - 188.64.223.255 P-t-P (PPTP, PPPoE, VLAN) client connections RU attacked 132.235.1.81 for ports 22x2
192.249.64.0 - 192.249.79.255 GMO-Z.com USA, INC Newport Beach, CA, US attacked MULTIPLE-IPs for ports 22x367
198.101.240.0 - 198.101.247.255 Rackspace Cloud Servers San Antonio, TX, US attacked 132.235.1.59 for ports 22x2
206.217.128.0 - 206.217.143.255 ColoCrossing Buffalo, NY, US attacked MULTIPLE-IPS for ports 22x36
212.83.160.0 - 212.83.191.255 Iliad Online SAS FR attacked MULTIPLE-IPS for ports 22x14
213.155.96.0 - 213.155.96.255 Ida Yeni Nesil Ajans ve Bilisim Hiz. Ltd. Sti. TR attacked 132.235.1.64 for ports 22x2

Sorted By Total Connections From Source Network

Count Source Network Registered Owner Local Target IP or Range Target Ports
1 42.1.60.0 - 42.1.63.255 Exa Bytes Network Sdn.Bhd. 1-18-8 Suntech Penang Cybercity MY attacked 132.235.1.11 for ports 22
1 98.126.0.0 - 98.126.255.255 Krypt Technologies Orange, CA, US attacked 132.235.1.249 for ports 22
2 23.253.0.0 - 23.253.255.255 Rackspace Hosting San Antonio, TX, US attacked 132.235.1.72 for ports 22x2
2 37.187.52.0 - 37.187.52.255 OVH SAS VPS http://www.ovh.com FR attacked 132.235.1.58 for ports 22x2
2 46.102.240.0 - 46.102.243.255 ELVSOFT SRL Capronilaan 2 1119 Schiphol-Rijk, Netherlands NL attacked 132.235.1.56 for ports 22x2
2 54.176.0.0 - 54.191.255.255 Amazon Technologies Inc. Seattle, WA, US attacked 132.235.1.54 for ports 22x2
2 94.231.176.0 - 94.231.191.255 Galitski Telekommunications LTD Sichovykh Striltsiv 7 Burshtyn, Ivano-Frankivsk region 77111, Ukraine Pl.Rynok 9/3 Berezhany UA attacked 132.235.1.86 for ports 22x2
2 107.20.0.0 - 107.23.255.255 Amazon.com, Inc. Seattle, WA, US attacked 132.235.1.67 for ports 22x2
2 107.170.0.0 - 107.170.255.255 Digital Ocean, Inc. New York, NY, US attacked 132.235.1.222 for ports 22x2
2 108.0.0.0 - 108.57.255.255 MCI Communications Services, Inc. d/b/a Verizon Business Ashburn, VA, US attacked 132.235.1.239 for ports 22x2
2 128.199.0.0 - 128.199.255.255 Digital Ocean, Inc. 101 Ave of the Americas New York 10013 UNITED STATES 101 Ave of the Americas, 10th Floor SG attacked 132.235.1.13 for ports 22x2
2 166.78.0.0 - 166.78.255.255 Rackspace Hosting San Antonio, TX, US attacked 132.235.1.9 for ports 22x2
2 184.72.0.0 - 184.73.255.255 Amazon.com, Inc. Seattle, WA, US attacked 132.235.1.234 for ports 22x2
2 188.64.220.0 - 188.64.223.255 P-t-P (PPTP, PPPoE, VLAN) client connections RU attacked 132.235.1.81 for ports 22x2
2 198.101.240.0 - 198.101.247.255 Rackspace Cloud Servers San Antonio, TX, US attacked 132.235.1.59 for ports 22x2
2 213.155.96.0 - 213.155.96.255 Ida Yeni Nesil Ajans ve Bilisim Hiz. Ltd. Sti. TR attacked 132.235.1.64 for ports 22x2
3 185.94.190.152 - 185.94.190.159 Cyberghost-Budapest HU attacked 132.235.1.2 for ports 22x3
4 5.196.219.112 - 5.196.219.127 ayhan meric nargul sitesi dblok d6 16100 bursa TR OVH Ltd 3 Southwark street GB attacked MULTIPLE-IPS for ports 22x4
4 162.244.8.0 - 162.244.15.255 Power Up Hosting, Inc. Los Angeles, CA, US attacked MULTIPLE-IPS for ports 22x4
8 23.96.0.0 - 23.103.255.255 Microsoft Corporation Redmond, WA, US attacked MULTIPLE-IPS for ports 22x8
8 37.59.0.0 - 37.59.63.255 OVH SAS Dedicated servers http://www.ovh.com OVH ISP FR attacked MULTIPLE-IPs for ports 22x8
12 104.156.240.192 - 104.156.240.223 London Trust Media Inc Miami, FL, US attacked MULTIPLE-IPs for ports 22x12
14 212.83.160.0 - 212.83.191.255 Iliad Online SAS FR attacked MULTIPLE-IPS for ports 22x14
16 75.80.0.0 - 75.87.255.255 Time Warner Cable Internet LLC Herndon, VA, US attacked MULTIPLE-IPS for ports 22x16
36 206.217.128.0 - 206.217.143.255 ColoCrossing Buffalo, NY, US attacked MULTIPLE-IPS for ports 22x36
38 106.128.0.0 - 106.191.255.255 KDDI CORPORATION GARDEN AIR TOWER,3-10-10,Iidabashi,Chiyoda-ku,Tokyo JP attacked MULTIPLE-IPs for ports 22x38
64 92.43.104.64 - 92.43.104.79 CORE-BACKBONE CH attacked MULTIPLE-IPS for ports 22x64
67 118.193.16.0 - 118.193.31.255 137-139, Connaught Road Central, Hongkong 137-139, Connaught Road Central, Hongkong, Hongkong HK attacked MULTIPLE-IPs for ports 22x67
94 172.98.67.0 - 172.98.67.255 Hosting Services, Inc. Toronto, ON, CA attacked MULTIPLE-IPS for ports 22x94
367 192.249.64.0 - 192.249.79.255 GMO-Z.com USA, INC Newport Beach, CA, US attacked MULTIPLE-IPs for ports 22x367

Summarized By Source Country

Source Country Local Target IP or Range Target Ports
CA attacked MULTIPLE-IPS for ports 22x94
CH attacked MULTIPLE-IPS for ports 22x64
FR attacked MULTIPLE-IPs for ports 22x24
GB attacked MULTIPLE-IPS for ports 22x4
HK attacked MULTIPLE-IPs for ports 22x67
HU attacked 132.235.1.2 for ports 22x3
JP attacked MULTIPLE-IPs for ports 22x38
MY attacked 132.235.1.11 for ports 22
NL attacked 132.235.1.56 for ports 22x2
RU attacked 132.235.1.81 for ports 22x2
SG attacked 132.235.1.13 for ports 22x2
TR attacked 132.235.1.64 for ports 22x2
UA attacked 132.235.1.86 for ports 22x2
US attacked MULTIPLE-IPs for ports 22x460

Summarized By Source Country

Total Connection Counts Source Country Local Target IP or Range Target Ports
1 MY attacked 132.235.1.11 for ports 22
2 NL attacked 132.235.1.56 for ports 22x2
2 RU attacked 132.235.1.81 for ports 22x2
2 SG attacked 132.235.1.13 for ports 22x2
2 TR attacked 132.235.1.64 for ports 22x2
2 UA attacked 132.235.1.86 for ports 22x2
3 HU attacked 132.235.1.2 for ports 22x3
4 GB attacked MULTIPLE-IPS for ports 22x4
24 FR attacked MULTIPLE-IPs for ports 22x24
38 JP attacked MULTIPLE-IPs for ports 22x38
64 CH attacked MULTIPLE-IPS for ports 22x64
67 HK attacked MULTIPLE-IPs for ports 22x67
94 CA attacked MULTIPLE-IPS for ports 22x94
460 US attacked MULTIPLE-IPs for ports 22x460

Summarized By Target URL to Fetch - sorted by attempts made

Count Target host name GET/PUT/etc Target URL to Fetch
1 http://clientapi.ipip.net/echo.php?info=20160427180418
1 http://clientapi.ipip.net/echo.php?info=20160427213847
1 http://clientapi.ipip.net/echo.php?info=20160427224418
1 http://clientapi.ipip.net/echo.php?info=20160428041734
1 http://ip.filefab.com/index.php
1 http://proxyjudge3.proxyfire.net/fastenv
1 http://search.yahoo.com/search?p=amazon
1 http://search.yahoo.com/search?p=dugduggo
1 http://www.bing.com/search?q=dugduggo
1 http://www.stopforumspam.com/ipcheck/132.235.1.13
1 http://www.stopforumspam.com/ipcheck/132.235.1.2
1 http://www.stopforumspam.com/ipcheck/132.235.1.59
1 http://www.stopforumspam.com/ipcheck/132.235.1.64
1 http://www.stopforumspam.com/ipcheck/132.235.1.68
1 http://www.stopforumspam.com/ipcheck/132.235.1.9
2 104.31.84.236:80
2 104.67.67.100:443
2 192.241.167.18/azenv.php
2 192.241.167.18:80
2 54.88.39.163:80
2 http://judge2.gear.host/
2 http://www.bing.com/search?q=amazon
2 http://www.bing.com/search?q=bing
2 https://www.ticketmaster.com/member?tm_link=tm_homeA_header_my_account
5 104.31.85.236:80
5 127.0.0.1:80
5 173.252.90.36:443
5 184.85.64.45:80
5 198.41.203.157:443
5 199.59.148.73:443
5 204.79.197.200:80
5 208.82.237.226:80
5 52.72.204.184:80
5 54.239.26.128:80
5 87.106.158.3:80
5 94.23.209.142:80
5 HTTP/1.0
5 http://judge.gear.host/
5 http://stoutdata.com/checker/proxyjudge.php
5 http://whatismyipaddress.com/proxy-check
5 http://www.amazon.com
5 http://www.ingosander.net/azenv.php
5 http://www.mesregies.com/azz.php
5 https://m.facebook.com/
5 https://mobile.twitter.com/i/guest
5 https://www.whatismyip.com/
6 164.132.135.241:80
6 193.178.223.25:80
6 195.20.205.9:80
6 206.214.211.166:80
6 208.65.155.20:80
6 23.212.17.206:80
6 46.165.197.129:80
6 67.222.35.66:80
6 http://www.30tech.com/iptest.php
6 http://www.babaip.com/
6 http://www.bdsmpichunter.com/dde32.php
6 http://www.ebay.com/
6 http://www.energoautomatika.ru/opg.php
6 http://www.sbjudge2.com/ip4.php
6 jaliuzi.com:80
6 www.30tech.com:80
7 104.28.16.9:80
7 192.254.185.4:80
7 204.246.56.80:80
7 212.27.63.114:80
7 49.129.255.101:80
7 50.56.126.107:80
7 64.62.216.151:80
7 http://azenv.net/
7 http://bham.craigslist.org/search/sss/?excats=&sort=date&cat_id=150%2C169&cat_id=149%2C162&cat_i
7 http://birdingonthe.net/cgi-bin/env.pl
7 http://jagerman.com/env.cgi
7 http://jaliuzi.com/azenv.php
7 http://pascal.hoez.free.fr/azenv.php
7 http://proxydetect.com/
7 http://www.knowops.com/cgi-bin/textenv.pl
7 http://www.meow.org.uk/cgi-bin/env.pl
7 http://www2t.biglobe.ne.jp/~take52/test/env.cgi
8 18.181.0.43:80
8 209.227.234.202:80
8 64.15.148.105:80
8 72.52.99.44:80
8 http://scripts.mit.edu/~jbarnold/demo/env.pl
8 http://www.cooleasy.com/azenv.php
8 http://www.dvdshop.it/cgi-bin/ev.pl
8 http://www.google.com/search?q=bing
8 http://www.stilllistener.com/checkpoint1/ssi/
9 http://www.anonymousproxylist.net/azenv2.php
10 http://www.google.com/search?q=dugduggo
11 http://www.google.com/search?q=amazon
11 http://www.google.com/search?q=wikipedia
12 http://www.ipip.net/
13 http://www.google.com/search?q=lenovo
26 /
47 173.194.32.144:80
48 http://proxyjudge.us/judge.php
54 45.33.54.195:80
94

Summarized By Target URL to Fetch - sorted in reverse domain order

Target host name Count GET/PUT/etc Target URL to Fetch
94
/ 26
104.28.16.9:80 7
104.31.84.236:80 2
104.31.85.236:80 5
104.67.67.100:443 2
127.0.0.1:80 5
164.132.135.241:80 6
173.194.32.144:80 47
173.252.90.36:443 5
18.181.0.43:80 8
184.85.64.45:80 5
192.241.167.18/azenv.php 2
192.241.167.18:80 2
192.254.185.4:80 7
193.178.223.25:80 6
195.20.205.9:80 6
198.41.203.157:443 5
199.59.148.73:443 5
204.246.56.80:80 7
204.79.197.200:80 5
206.214.211.166:80 6
208.65.155.20:80 6
208.82.237.226:80 5
209.227.234.202:80 8
212.27.63.114:80 7
23.212.17.206:80 6
45.33.54.195:80 54
46.165.197.129:80 6
49.129.255.101:80 7
50.56.126.107:80 7
52.72.204.184:80 5
54.239.26.128:80 5
54.88.39.163:80 2
64.15.148.105:80 8
64.62.216.151:80 7
67.222.35.66:80 6
72.52.99.44:80 8
87.106.158.3:80 5
94.23.209.142:80 5
HTTP/1.0 5
http://azenv.net/ 7
http://bham.craigslist.org/search/sss/?excats=&sort=date&cat_id=150%2C169&cat_id=149%2C162&cat_i 7
http://birdingonthe.net/cgi-bin/env.pl 7
http://clientapi.ipip.net/echo.php?info=20160427180418 1
http://clientapi.ipip.net/echo.php?info=20160427213847 1
http://clientapi.ipip.net/echo.php?info=20160427224418 1
http://clientapi.ipip.net/echo.php?info=20160428041734 1
http://ip.filefab.com/index.php 1
http://jagerman.com/env.cgi 7
http://jaliuzi.com/azenv.php 7
http://judge.gear.host/ 5
http://judge2.gear.host/ 2
http://pascal.hoez.free.fr/azenv.php 7
http://proxydetect.com/ 7
http://proxyjudge.us/judge.php 48
http://proxyjudge3.proxyfire.net/fastenv 1
http://scripts.mit.edu/~jbarnold/demo/env.pl 8
http://search.yahoo.com/search?p=amazon 1
http://search.yahoo.com/search?p=dugduggo 1
http://stoutdata.com/checker/proxyjudge.php 5
http://whatismyipaddress.com/proxy-check 5
http://www.30tech.com/iptest.php 6
http://www.amazon.com 5
http://www.anonymousproxylist.net/azenv2.php 9
http://www.babaip.com/ 6
http://www.bdsmpichunter.com/dde32.php 6
http://www.bing.com/search?q=amazon 2
http://www.bing.com/search?q=bing 2
http://www.bing.com/search?q=dugduggo 1
http://www.cooleasy.com/azenv.php 8
http://www.dvdshop.it/cgi-bin/ev.pl 8
http://www.ebay.com/ 6
http://www.energoautomatika.ru/opg.php 6
http://www.google.com/search?q=amazon 11
http://www.google.com/search?q=bing 8
http://www.google.com/search?q=dugduggo 10
http://www.google.com/search?q=lenovo 13
http://www.google.com/search?q=wikipedia 11
http://www.ingosander.net/azenv.php 5
http://www.ipip.net/ 12
http://www.knowops.com/cgi-bin/textenv.pl 7
http://www.meow.org.uk/cgi-bin/env.pl 7
http://www.mesregies.com/azz.php 5
http://www.sbjudge2.com/ip4.php 6
http://www.stilllistener.com/checkpoint1/ssi/ 8
http://www.stopforumspam.com/ipcheck/132.235.1.13 1
http://www.stopforumspam.com/ipcheck/132.235.1.2 1
http://www.stopforumspam.com/ipcheck/132.235.1.59 1
http://www.stopforumspam.com/ipcheck/132.235.1.64 1
http://www.stopforumspam.com/ipcheck/132.235.1.68 1
http://www.stopforumspam.com/ipcheck/132.235.1.9 1
http://www2t.biglobe.ne.jp/~take52/test/env.cgi 7
https://m.facebook.com/ 5
https://mobile.twitter.com/i/guest 5
https://www.ticketmaster.com/member?tm_link=tm_homeA_header_my_account 2
https://www.whatismyip.com/ 5
jaliuzi.com:80 6
www.30tech.com:80 6