Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


GetIPIntel.net - Free proxy / VPN / bad IP detection via API & web Interface
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

GetIPIntel.net - Free proxy / VPN / bad IP detection via API & web Interface

blackblack Member
edited November 2015 in General

I'm making a new thread because of how much this project has changed and improved (approved by mpkossen).

There are many services that offer proxy detection (including paid services) that uses block lists. GetIPIntel.net uses a combination of block lists, grey lists, and machine learning / probability theory techniques to generate the result (More Info). Using a combination of these tactics yield results that are much more accurate, even compared to paid services. The system (as of now) is serving millions of API queries a week and growing at a exponential pace. You can find uses for this service for almost any online infrastructure.

A free web lookup interface: http://getipintel.net/#web

A free API interface: http://getipintel.net/#API

What has changed as of this post from the previous one:

  • Version 1 took up to 8 secs, version 2 took up to 5 secs. The current version takes ~650 ms (as this post ages it'll probably be even less). The results are much more accurate and more features are available (documented on the website).
  • Partial support for IPv6 with full support for IPv4.
  • Detect "Bad IPs" that are compromised systems involved in spamming / brute forcing / spreading malware / etc. IPs that are behaving in an automated and / or bad manner.
  • There are various flags you can use with the system to cater to your needs.
  • JSON format if you request it.
  • A lot more data sets.

    If you're using the old system, it's fully deprecated so please move to this one.

It's a fast moving project and I add in features on a regular basis so I encourage users to look at the website for up to date information. If you'd like to discuss anything, feel free to contact me.

«1

Comments

  • Can you use the old design please ?

  • dotted said: Can you use the old design please ?

    You actually prefer the old design?

  • @black said:
    You actually prefer the old design?

    Yeah, it's better than the new one IMO... You can add a poll to your post if you want and see what the other members think.

  • blackblack Member
    edited November 2015

    dotted said: Yeah, it's better than the new one IMO... You can add a poll to your post if you want and see what the other members think.

    Poll added. I made the text a little bit darker so it's easier on the eyes.

    Edit:
    Looks like I'm going to derail my own thread.

    Which one is better?

    http://getipintel.net/new/

    http://getipintel.net/whitenew/

    http://getipintel.net/old

    I can't delete a poll and add another one :(

    Thanked by 1GoatSeller
  • @black said:
    Which one is better?

    White new. White new. White new.

    Important things repeated 3 times.

    Thanked by 1black
  • looks fine to me. if you're going to commercialise it then maybe I'd say spend time on it.

    Congrats on your persistence developing this.

    Thanked by 2Mark_R black
  • New

    Thanked by 1black
  • @black I prefer the white new design.

    I'm going to be adding this into the AboveCloud's Control Panel later on tonight (it's been on the list for a while) as part of the initial fraud checks.

    I cannot express how much I appreciate the development on this project. :)

    Thanked by 1black
  • Master_BoMaster_Bo Member
    edited November 2015

    I think I shall give the project promotion. I admire promoting services related to IT security :)|

    Good luck in development!

    Thanked by 1black
  • doghouchdoghouch Member
    edited November 2015

    Is the Bitcoin address on the site active? I'd be glad to shoot a tip over (this service is actually pretty good at detecting bad IPs) :)

    Thanked by 1black
  • timnboystimnboys Member
    edited November 2015

    I use this service in my fraudrecord module and according to my tests it works great thank black for designing this as I got tired of maxmind costs so when I wrote my module I included this api instead of maxmind or fraud labs pro even since it is free and also better since it catches people better

    Thanked by 1black
  • lol worthless site, i cant even check my ip on my own home connection...

  • hawchawc Moderator, LIR

    An IP from my phone provider (Three UK) gets 0.98764997720718

    I highly doubt the accuracy

    Thanked by 1black
  • @hawc said:
    An IP from my phone provider (Three UK) gets 0.98764997720718

    I highly doubt the accuracy

    One error is enough for you to "highly doubt" the accuracy?

    @Tripleflix said:
    lol worthless site, i cant even check my ip on my own home connection...

    you're probably doing it wrong.

    Thanked by 2black doghouch
  • I prefer the dark new. It is easier on my eyes. Maybe offer a color switch widget?

    Thanked by 1black
  • @Jonchun said:
    you're probably doing it wrong.

    how, i go to the website, i fill in my ip... gives me errors saying i can only check from home ip's...

    Thanked by 1black
  • KuJoeKuJoe Member, Host Rep
    edited November 2015

    This is an awesome service! I use it on a few websites with different scripts and it's blocked a lot of orders that Maxmind had missed.

    Shameless plug for a free hook if people want to add this to WHMCS and have it block people from ordering: https://github.com/KuJoe/chkProxy

    EDIT: whitenew gets my vote.

    Thanked by 1black
  • @Jonchun said:
    you're probably doing it wrong.

    Nah, when you an error message like the one below:-

    Imgur

    it is really hard to fault the user.

    Thanked by 1black
  • Thanks for the kind words. If you think the score is incorrect @ranpha @Tripleflix @hawc , please PM me your IP (or just the first 3 octates) and I'll look into it. If you're on a residential IP and your score is high, it's most likely you're on some black list.

    @doghouch Yep, bitcoin address is still active. I'd appreciate the tip.

  • @black Why is 8.8.8.8 getting a 0 ?

  • blackblack Member
    edited November 2015

    tr1cky said: @black Why is 8.8.8.8 getting a 0 ?

    Google's DNS is specifically white-listed. Someone tried to interface with the system on a lower level of the network stack (I only recommend application level but people are going to do what they want) so this user started to have network issues. I thought I'd save him some trouble and possibly future users from encountering the same problem.

  • My dedicated server IP gets a flat 1, doesn't really matter dont use it as a desktop or proxy anyway. Just was curious.

  • blackblack Member
    edited December 2015

    CFarence said: My dedicated server IP gets a flat 1, doesn't really matter dont use it as a desktop or proxy anyway. Just was curious.

    That should be correct and here's the reasoning:

    It is assumed that the IP you're looking up is making a request to your services on an application level. 

    So, if your server is making a connection with someone that's using
    getIPIntel on an application level, then it is correct to say it's a
    proxy or bot traffic, which results in a high score of "1". I realize
    you may not have any proxy software of the sorts installed on your
    server or anything like that. If that's true, then no one should lookup
    your server's IP address with GetIPIntel.

    Hopefully that makes sense.

  • @black,

    Not really expecting a detailed answer, but mind sharing what type of data you look at/how you obtain the data?

  • nowprovisionnowprovision Member
    edited December 2015

    The json api could do with some work - incorrect content-type header, error numerics wrapped as string etc..

    Thanked by 1black
  • blackblack Member
    edited December 2015

    @Jonchun any data specifically? PM me and I'll discuss this further.

    @nowprovision Good points. I don't specifically cast values into strings, it's done by PHP. Though it's not traditional, I think it won't be too much of an issue. As for json headers, I have fixed that. JSON data is created with PHP's json_encode() function which should adhere to RFC standards.

    I will add HTTP error codes when an error is returned soon. Thanks for the suggestions.

    Edit: The system will return HTTP 400 when an error occurs.

  • @black i have sent you my ip before, when you were testing this service of yours and allready explained and told what is up with my ip. seems like you havent done a thing with that information...

  • Tripleflix said: @black i have sent you my ip before, when you were testing this service of yours and allready explained and told what is up with my ip. seems like you havent done a thing with that information...

    Oh right, I remember this. I asked

    Does your ISP hand out static IPs and allow hosting? 

    and your response was

    Yes and Yes, [info removed for privacy reasons] is kind of a ISP for tweakers and people that know their way around the net

    Unfortunately, I couldn't do anything beyond this point because it looks like a hosting network.

  • blackblack Member

    Two more features are now live

    flags=f  If your application doesn't need have a real time requirement, use this flag to force a full check with all datasets on an IP address 
     oflags=b returns an additional value with the results that tells you if the system thinks it's a bad IP or not (the bad IP definition is on the website). 

    Some general improvements in accuracy of results :)

    Thanked by 1KuJoe
  • My home IP is also not loved by this service. @black explained some of the logic to me via PM and while I think its an interesting idea its very prone to false positives, so I wouldn't use his score as the only factor in making a decision either way. Its certainly a nice indicator to flag when reviewing things manually.

    I'll assume that if he wanted the algorithm public he'd have done so by now, so all I say is his design makes some assumptions that do not apply to a large number of ISPs, especially outside the US. The US residential ISP market is quite different to the EU - there are dozens of residential ISPs in the UK, and hundreds of not thousands across the EU - many of which do not conform to his assumptions and will always come up positive. These assumptions will also get worse as IP space increasingly rationalised and traded as it becomes more and more scarce.

    Thanked by 1black
Sign In or Register to comment.