Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
NoFraud - Proxy/VPN/Fraud Detection System
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

NoFraud - Proxy/VPN/Fraud Detection System

hey folks, i have just started working on this new small project of mine and one of my colleague, - https://nofraud.co/v1/

a bit of a background, my friend and i ran a GPT site for about a year back in the day (probably around 2 years ago) which forced us to face and deal with fraudulent users (those with proxies, VPNs, as well as botnet IPs) which were trying complete some CPA offers and surveys. So, out of curiosity and also insipired by (but NOT based on nor are we using the data of) getipintel.net / @black 's system, we have decided to try and make our own IP detection system which allows y'all to check whether an IP is considered "bad" (source of proxy/vpn/ssh brute force attacks/http attacks/datacenter ip/etc.. you name it.) using a public API.

You can use this on your forum registration page, order/checkout page, CPA landing page, CPM, CPC, TE, or any service that you run.

The system will give you an estimation (0 will be a clean IP, while 1 is considered tainted/bad, and between 0 - 1 is considered medium-high risk ip addresses. test this with your own data).

Free API (600 queries/day):

http://api.nofraud.co/ip.php?ip=xxx.xxx.xxx.xxx

*Please take note that:

  • test the data that the system will produce with your own dataset. i wont be responsible for any damage/losses. ToS and disclaimer can be seen on the homepage of my project.
  • it is FREE to use, so please dont abuse this API.
  • please report bugs if u find any.
  • more testing is still needed to clear some false positives and to find out the best way to calculate the scoring system

Live statistics for the blacklisted IPs are shown at the frontpage, as well as some simple javascript & python modules (bulk checking is also available through the .py module) and implementations are available on the website.

we have several scrapers on work as well as multiple honeypot systems. we have been building the list since a month ago, and so far it's been working relatively well. please let me know if there's any miscalculation on our part.

any constructive ideas and/or suggestions are very much welcome. thanks

https://retas.io/ | Vulnerability Assessment - Penetration Testing

Comments

  • Make it opensource. Fork it. Allow community to update and evolve your work

    hostwp.net -- Wordpress Hosting for Developers.

  • @LTniger will be taken into consideration ;)

    https://retas.io/ | Vulnerability Assessment - Penetration Testing

  • NeoonNeoon Member
    edited April 2018

    @LTniger said:
    Make it opensource. Fork it. Allow community to update and evolve your work

    Its not hard, to create it by yourself.

    Thanked by 2pxhaxor zavier
  • WebProjectWebProject Member, Provider

    1 and 0 as result, I can't see any point in that, try FraudLabs Pro services to see the difference.

    VPS Price Match Guarantee on: All our range of DDOS protected XEN-HVM VPS Plans
    Are you looking for best price for self-managed VPS? See WebProVPS website for more details.
  • @WebProject said:
    1 and 0 as result, I can't see any point in that, try FraudLabs Pro services to see the difference.

    1 means it exists in my db, i have seen some results between 0-1 aswell. But as for now, it doesnt rlly come up that often. Probably need to work on the algo later on.

    As for fraudlabs, they're definitely an established company and a well developed one with limited api requests per month. To compare this small project which barely one month old with that site is probably a bit unfair .

    https://retas.io/ | Vulnerability Assessment - Penetration Testing

  • JanevskiJanevski Member
    edited April 2018

    I go to the invalid input link - it says -1.

    I enter my ip - it says 0.

    I enter 8.8.8.8 - it says 1.

    Is Google evil?

    Am i not evil?

    I am fiberglassed.

    Thanked by 1dedicados

    You are dreaming. | And it's a nightmare. | THE SECRET THREAD | THE TRUTH | HAVES YOU SEEN THIS YURA?
    „Homo homini rattus.“ | It's not nightmare, it's reality, but it's still nightmare.

  • WebProject said: 1 and 0 as result, I can't see any point in that

    It's simply true / false. So the IP is either known for fraud / VPN / etc, or it is not. The underlying thought for returning a number between 0 and 1 is probably because that's how basic neural networks function in programming.

    @pxhaxor Always good to see someone who brings an initiative to the table, well done. Please do support JSON as this is far more easy to implement than the "text/html" you're sending right now as a response. Try to wrap it in an object like so: "{ "result": 0 }", and set HTTP response header to "application/json". Also, please add HTTPS support, HTTP for fraud checking is... well, not the best approach.

  • pxhaxorpxhaxor Member
    edited April 2018

    @Janevski said:
    I go to the invalid input link - it says -1.

    I enter my ip - it says 0.

    I enter 8.8.8.8 - it says 1.

    Is Google evil?

    Am i not evil?

    I am fiberglassed.

    It's probably because google's dns is considered as one of the dc IP but your IP is a residential IP and haven't done anything bad. But thanks for pointing that out. I'd probably whitelisted some more known dns IPs and alike

    @solaire said:

    WebProject said: 1 and 0 as result, I can't see any point in that

    It's simply true / false. So the IP is either known for fraud / VPN / etc, or it is not. The underlying thought for returning a number between 0 and 1 is probably because that's how basic neural networks function in programming.

    @pxhaxor Always good to see someone who brings an initiative to the table, well done. Please do support JSON as this is far more easy to implement than the "text/html" you're sending right now as a response. Try to wrap it in an object like so: "{ "result": 0 }", and set HTTP response header to "application/json". Also, please add HTTPS support, HTTP for fraud checking is... well, not the best approach.

    Thanks! Gonna take json into consideration. True, i'm gonna need to find out what's the best way to calculate a score. As for now, a simple algorithm is in place to call whether an IP is considered tainted or not. This is definitely something that i'd need to solve later on :)

    https://retas.io/ | Vulnerability Assessment - Penetration Testing

  • BlaZeBlaZe Member, Provider

    Woah! My home IP is marked as High Risk? Why?

    I'm not using any VPN/TOR/etc just plain broadband-router based ISP and still getting 1 as the result. So I would say it needs more work or your data is not useful.

    I inserted some more known IPs which are just plain VPS and still showing as 1

    @pxhaxor, If you want I can share my IP address for you to check.

    Thanked by 1pxhaxor

    ExoticVM.com - Find VPS in exotic locations! - Discussion Thread

  • It looks like all datacenter IPs are on the fraud list?

  • NeoonNeoon Member

    @rick2610 said:
    It looks like all datacenter IPs are on the fraud list?

    Thats how you block most of the VPN services, they mostly run from a datacenter, so just go and block the ASN's related to datacenters.

  • @Neoon said:

    @rick2610 said:
    It looks like all datacenter IPs are on the fraud list?

    Thats how you block most of the VPN services, they mostly run from a datacenter, so just go and block the ASN's related to datacenters.

    Its a bit old school, companies are using workstations in the cloud, corporate proxies, mobile proxies, managed firewalls etc. Also a lot of ASNs are mixed with DSL and datacenter services.

    Thanked by 2FHR ma2t
  • JackHJackH Moderator

    My personal IP range is at 1 for some reason on a non-DC ASN. Not entirely sure how accurate this service really is. It was basically new when I picked it up and isn't used for anything other than my project work.

    NVMe KVM VPS in Amsterdam, Stockholm, Oslo, Vienna and LA ($2.50/1GB RAM/10GB NVMe/month) (AFF LINK)

  • JanevskiJanevski Member
    edited April 2018

    pxhaxor said: It's probably because google's dns is considered as one of the dc IP but your IP is a residential IP and haven't done anything bad. But thanks for pointing that out. I'd probably whitelisted some more known dns IPs and alike

    Nah, you don't have to. I'm pretty sure no real person is going to use such ips.

    Thanked by 1pxhaxor

    You are dreaming. | And it's a nightmare. | THE SECRET THREAD | THE TRUTH | HAVES YOU SEEN THIS YURA?
    „Homo homini rattus.“ | It's not nightmare, it's reality, but it's still nightmare.

  • pxhaxorpxhaxor Member
    edited April 2018

    @BlaZe said:
    Woah! My home IP is marked as High Risk? Why?

    I'm not using any VPN/TOR/etc just plain broadband-router based ISP and still getting 1 as the result. So I would say it needs more work or your data is not useful.

    I inserted some more known IPs which are just plain VPS and still showing as 1

    @pxhaxor, If you want I can share my IP address for you to check.

    it'd be awesome if u are willing to inbox ur IP. thanks! will take a look at it :)

    @jackhadrill said:
    My personal IP range is at 1 for some reason on a non-DC ASN. Not entirely sure how accurate this service really is. It was basically new when I picked it up and isn't used for anything other than my project work.

    u mind inboxing the IP? i'm gonna take a look at it. thanks! :D

    Thanked by 1BlaZe

    https://retas.io/ | Vulnerability Assessment - Penetration Testing

  • NeoonNeoon Member

    @rick2610 said:
    Its a bit old school, companies are using workstations in the cloud, corporate proxies, mobile proxies, managed firewalls etc. Also a lot of ASNs are mixed with DSL and datacenter services.

    Thats collateral damage.

  • JackHJackH Moderator

    pxhaxor said: u mind inboxing the IP? i'm gonna take a look at it. thanks! :D

    Sent :-)

    NVMe KVM VPS in Amsterdam, Stockholm, Oslo, Vienna and LA ($2.50/1GB RAM/10GB NVMe/month) (AFF LINK)

  • BlaZeBlaZe Member, Provider

    @pxhaxor said:
    it'd be awesome if u are willing to inbox ur IP. thanks! will take a look at it :)

    Sent

    ExoticVM.com - Find VPS in exotic locations! - Discussion Thread

  • deankdeank Member, Troll

    @BlaZe, does this mean you are a dangerous mofo?

    There are two things that make Earth spin: Money and PMS.

  • cubedatacubedata Member, Provider
    edited April 2018

    so what is the difference between yours and @black 's api?
    as it would be nice to tell us why if we are using black's api for fraud detection, why should we use yours instead? basically what makes your api different than black's that is already basically "mature" and outputs json response?

    this is basically the "age old" question that is usually asked, that basically states "why should anyone use your product over someone else's? what makes your product stand out and makes it different than the competition?"

    Thanked by 1pxhaxor

    Check out all of our custom modules here: https://cubedata.net for both blesta & whmcs.

  • @cubedata said:
    so what is the difference between yours and @black 's api?
    as it would be nice to tell us why if we are using black's api for fraud detection, why should we use yours instead? basically what makes your api different than black's that is already basically "mature" and outputs json response?

    this is basically the "age old" question that is usually asked, that basically states "why should anyone use your product over someone else's? what makes your product stand out and makes it different than the competition?"

    As always, the most obvious reason would probably be the accuracy that both system produce. Just as vps/dedi providers, the more options that you have, the better it is for the consumer i assume. So that u could find something that really suits your needs/even budgets.

    As for for me though, i like to learn how things work especially something like this in the field of compsec. A perfect way to spend my spare time when i dont really have any important things to do irl. :D

    https://retas.io/ | Vulnerability Assessment - Penetration Testing

  • Throwing my hat in the ring, I cooked up a .NET Library for use with NoFraud.

    https://github.com/v10networks/NoFraud

    This library should work with most .NET Standards and does not require any external libraries and/or platform specific API's.

    Thanked by 2pxhaxor inklight

    BuyPrivacy | Privacy focused VPN's starting from $2.05/month | PayPal and CryptoCurrencies (BTC,BCC,DOGE,ETH and more) Accepted!

    Also, a .NET Core evangelist.

  • @TriJetScud said:
    Throwing my hat in the ring, I cooked up a .NET Library for use with NoFraud.

    https://github.com/v10networks/NoFraud

    This library should work with most .NET Standards and does not require any external libraries and/or platform specific API's.

    pretty neat!

    https://retas.io/ | Vulnerability Assessment - Penetration Testing

  • kasslekassle Member
    edited April 2018

    LET dilemma, meanwhile others discuss about proxy to bypass fraud detection.

    PS: i pick this side (read: fight againts fraud)

  • mikecmikec Member

    It looks like NoFraud proxy IP detection is a subset of comprehensive machine learning algorithm like FraudLabs Pro or Sift Science. It is a good lightweight API but I have concern about a binary result 0/1

  • Thanks, pxhaxor. I tried this earlier and was impressed by its accuracy.

    I really like the 0 - 1 result so you can determine your own level of risk depending on the returned value.

    Lookups are quick, which is important for my use case; I hope the http option remains even if you introduce https.

    Great!

    Thanked by 1pxhaxor
  • @mikec said:
    It looks like NoFraud proxy IP detection is a subset of comprehensive machine learning algorithm like FraudLabs Pro or Sift Science. It is a good lightweight API but I have concern about a binary result 0/1

    Who said something about machine learning? I feel this is a list of DC IPs and residential IPs. All DC IPs are bad, all residential IPs are good. If you find some hotspot using an IP from a residential IP space it can't really tell. It works for basic filtering, but is annoying for users with a legit VPN infrastructure.

    Thanked by 1pxhaxor
  • Would prefer some more information on the risk rating, 'known dc', 'known proxy (Hola)', 'known fraud / malicious'.

    Information on the sources of this data would be useful too!

    Thanked by 1pxhaxor

    Security Consultant

  • @eastonch said:
    Would prefer some more information on the risk rating, 'known dc', 'known proxy (Hola)', 'known fraud / malicious'.

    Information on the sources of this data would be useful too!

    yep, planning to create a json api for this in the future!

    https://retas.io/ | Vulnerability Assessment - Penetration Testing

  • as suggested by @solaire and based on the idea of @eastonch , i have made a json api for the site.

    http://api.nofraud.co/json.php?ip=

    atm, the limit is 25 requests/day (combined with your other requests to the legacy API)

    Thanked by 1ma2t

    https://retas.io/ | Vulnerability Assessment - Penetration Testing

Sign In or Register to comment.