Originally Posted by Barry-xlovecam
(Post 21802345)
Use ruby nicinfo to inspect some (or all incoming hits). For ad buys a 10% random sample should be enough to determine if you are being scammed on your traffic buys. No point in polling that info real time if you want to just check the ad traffic's origin -- this can be done with logging.
https://github.com/arineng/nicinfoht...rineng/nicinfo
with ruby already installed;
sudo gem install nicinfo
sudo gem install netaddr --user-install
Code:
barry@DS10:~$ nicinfo --pager no 23.66.166.151
# NicInfo v.1.1.1
[ NOTICE ] Terms of Service
1 By using the ARIN RDAP/Whois service, you are agreeing to the RDAP/Whois Terms of Use
About https://www.arin.net/whois_tou.html
# Query type is IP4ADDR. Result type is IP.
[ RESPONSE DATA ]
1= NET-23-32-0-0-1
`--- 1= Akamai Technologies, Inc. ( AKAMAI )
|--- 1= ipadmin ( IPADM11-ARIN )
|--- 2= Justin Zipkin ( ZIPKI-ARIN )
|--- 3= Steven Jay Schecter ( SJS98-ARIN )
`--- 4= NOC United States ( NUS-ARIN )
[ IP NETWORK ]
Handle: NET-23-32-0-0-1
Start Address: 023.032.000.000
End Address: 023.067.255.255
IP Version: v4
Last Changed: Fri, 02 Mar 2012 08:03:18 -0500
Registration: Mon, 16 May 2011 15:49:09 -0400
[ ENTITY ]
Handle: AKAMAI
Name: Akamai Technologies, Inc.
Roles: Registrant
Last Changed: Tue, 07 Mar 2017 12:51:59 -0500
Registration: Thu, 21 Jan 1999 00:00:00 -0500
[ ENTITY ]
Handle: IPADM11-ARIN
Name: ipadmin
Organization: ipadmin
Email: [email protected]
Phone: +1-617-444-0017 ( work, voice )
Roles: Technical, Administrative
Status: Validated
Last Changed: Thu, 02 Feb 2017 13:26:51 -0500
Registration: Fri, 30 Aug 2002 14:11:32 -0400
[ ENTITY ]
Handle: ZIPKI-ARIN
Name: Justin Zipkin
Email: [email protected]
Phone: +1-617-444-9713 ( work, voice )
Roles: Technical
Status: Validated
Last Changed: Tue, 10 Jan 2017 10:38:38 -0500
Registration: Thu, 12 Sep 2013 13:27:15 -0400
[ ENTITY ]
Handle: SJS98-ARIN
Name: Steven Jay Schecter
Email: [email protected]
Phone: +1-617-274-7134 ( work, voice )
Roles: Technical
Status: Validated
Last Changed: Wed, 16 Nov 2016 08:54:36 -0500
Registration: Wed, 15 Jan 2014 19:21:57 -0500
[ ENTITY ]
Handle: NUS-ARIN
Name: NOC United States
Organization: NOC United States
Email: [email protected]
Phone: +1-617-444-2535 ( work, voice )
Roles: Abuse
Status: Validated
Last Changed: Tue, 07 Mar 2017 12:49:03 -0500
Registration: Mon, 18 Nov 2002 12:58:03 -0500
# Use "nicinfo 1=" to show NET-23-32-0-0-1
# Use "nicinfo 1.1=" to show Akamai Technologies, Inc. ( AKAMAI )
# Use "nicinfo https://rdap.arin.net/registry/ip/023.032.000.000" to directly query this resource in the future.
# Use "nicinfo -h" for help.
Then you have to sort out server farms and VPN networks from that.
Chasing monsters in the dark;
Code:
barry@DS10:~$ nicinfo --pager no -V 172.217.8.174
# NicInfo v.1.1.1
## Using configuration found in /home/barry/.NicInfo
## Evicted 0 files from the cache
## Assuming query value is IP4ADDR
## Looking up bootstrap from /home/barry/.NicInfo/bsfiles/ipv4.json
## Issuing GET for https://rdap.arin.net/registry/ip/172.217.8.174
## Persisting https://rdap.arin.net/registry/ip/172.217.8.174 as https%3A%2F%2Frdap.arin.net%2Fregistry%2Fip%2F172.217.8.174
## Server conforms to rdap_level_0
## Persisting https://rdap.arin.net/registry/ip/172.217.000.000 as https%3A%2F%2Frdap.arin.net%2Fregistry%2Fip%2F172.217.000.000
## Persisting https://rdap.arin.net/registry/entity/GOGL as https%3A%2F%2Frdap.arin.net%2Fregistry%2Fentity%2FGOGL
## Persisting https://rdap.arin.net/registry/entity/ABUSE5250-ARIN as https%3A%2F%2Frdap.arin.net%2Fregistry%2Fentity%2FABUSE5250-ARIN
## Persisting https://rdap.arin.net/registry/entity/ZG39-ARIN as https%3A%2F%2Frdap.arin.net%2Fregistry%2Fentity%2FZG39-ARIN
[ NOTICE ] Terms of Service
1 By using the ARIN RDAP/Whois service, you are agreeing to the RDAP/Whois Terms of Use
About https://www.arin.net/whois_tou.html
# Query type is IP4ADDR. Result type is IP.
[ RESPONSE DATA ]
1= NET-172-217-0-0-1
`--- 1= Google Inc. ( GOGL )
|--- 1= Abuse ( ABUSE5250-ARIN )
`--- 2= Google Inc ( ZG39-ARIN )
[ IP NETWORK ]
Handle: NET-172-217-0-0-1
Object Class Name: ip network
Start Address: 172.217.000.000
End Address: 172.217.255.255
IP Version: v4
Name: GOOGLE
Parent Handle: NET-172-0-0-0-0
Last Changed: Mon, 16 Apr 2012 11:24:30 -0400
Registration: Mon, 16 Apr 2012 11:24:30 -0400
Links: -- for NET-172-217-0-0-1 --
Reference: https://rdap.arin.net/registry/ip/172.217.000.000
More: https://whois.arin.net/rest/net/NET-172-217-0-0-1
[ ENTITY ]
Handle: GOGL
Object Class Name: entity
Name: Google Inc.
Roles: Registrant
Port 43 Whois: whois.arin.net
Last Changed: Sat, 28 Jan 2017 08:32:29 -0500
Registration: Thu, 30 Mar 2000 00:00:00 -0500
Address: -- for Google Inc. ( GOGL ) --
1: 1600 Amphitheatre Parkway
2: Mountain View
3: CA
4: 94043
5: UNITED STATES
Kind: org
Links: -- for Google Inc. ( GOGL ) --
Reference: https://rdap.arin.net/registry/entity/GOGL
More: https://whois.arin.net/rest/org/GOGL
[ ENTITY ]
Handle: ABUSE5250-ARIN
Object Class Name: entity
Name: Abuse
Organization: Abuse
Email: [email protected]
Phone: +1-650-253-0000 ( work, voice )
Roles: Abuse
Status: Validated
Port 43 Whois: whois.arin.net
Last Changed: Tue, 08 Nov 2016 14:12:52 -0500
Registration: Fri, 06 Nov 2015 15:36:35 -0500
Address: -- for Abuse ( ABUSE5250-ARIN ) --
1: 1600 Amphitheatre Parkway
2: Mountain View
3: CA
4: 94043
5: UNITED STATES
Kind: group
Remarks: -- Registration Comments --
1: Please note that the recommended way to file abuse complaints are located in the
: following links.
2:
3: To report abuse and illegal activity:
: https://www.google.com/intl/en_US/goodtoknow/online-safety/reporting-abuse/
4:
5: For legal requests: http://support.google.com/legal
6:
7: Regards,
8: The Google Team
Links: -- for Abuse ( ABUSE5250-ARIN ) --
Reference: https://rdap.arin.net/registry/entity/ABUSE5250-ARIN
More: https://whois.arin.net/rest/poc/ABUSE5250-ARIN
[ ENTITY ]
Handle: ZG39-ARIN
Object Class Name: entity
Name: Google Inc
Organization: Google Inc
Email: [email protected]
Phone: +1-650-253-0000 ( work, voice )
Roles: Technical, Administrative
Status: Validated
Port 43 Whois: whois.arin.net
Last Changed: Mon, 13 Mar 2017 07:08:09 -0400
Registration: Thu, 30 Nov 2000 13:54:08 -0500
Address: -- for Google Inc ( ZG39-ARIN ) --
1: 1600 Amphitheatre Parkway
2: Mountain View
3: CA
4: 94043
5: UNITED STATES
Kind: group
Links: -- for Google Inc ( ZG39-ARIN ) --
Reference: https://rdap.arin.net/registry/entity/ZG39-ARIN
More: https://whois.arin.net/rest/poc/ZG39-ARIN
# Use "nicinfo 1=" to show NET-172-217-0-0-1
# Use "nicinfo 1.1=" to show Google Inc. ( GOGL )
# Use "nicinfo https://rdap.arin.net/registry/ip/172.217.000.000" to directly query this resource in the future.
# Use "nicinfo -h" for help.
|