IPduh.com About IPduh Internet Tools Propaganda |
IPduh is a set of Internet Forencics and Troubleshooting Tools made to work Together. IPduh may be used as an Internet Forensics Search Engine or a General Purpose Search Engine. Smart Humans and Aliens researching the internetz on Earth Love IPduh.
IPduh Tools
ip Tools Menu
IP address verbose report
input:
an IPv4 address in dot-decimal notation
output:
For non public, special IP addresses a short explanation and a URI to more information.
xor
For public and special public IP addresses:
- The IANA designation of the /8 block containing this IP address.
- The Internet Regional Registry of this IP address.
- The Autonomous System Path.
- The IP Prefix.
- The Autonomous System Number.
- The Organization using this IP address.
- The country or city of the organization to which this IP address is assigned.
Sometimes the machine(s) using this IP address happen to be in the same country or city.
The geographical coordinates of the country or the city.
Two Databases made by IPduh and the MaxMind database are used to determine the geographical location of the IP address. The databases made by IPduh are based mostly on data provided by the Regional Internet Registries. A macro view of the IPduh Country database used is available.
The physical location of the machine(s) using this IP address is not guaranteed to be the same as the location suggested by IPduh . - The name of the IP address ( known as Reverse DNS record ).
- The A record of the IP address name.
- The registered domain name associated with the IP address name.
- The A records registered domain name.
- The dot-decimal IP address entered as a 32b Base 10 Integer.
Examples of using ip with GET requests
- http://ipduh.com/ip/?20.19.18.17
- http://ipduh.com/ip/?10.11.12.13
- http://ipduh.com/ip/?8.8.8.8
- http://ipduh.com/ip/?0.4.4.0
- http://ipduh.com/ip/?147.102.222.230
ip/dnstrace Tools Menu
input:
A pubic IPv4 address
output:
The delegation path from the root Name Servers to the Authoritative DNS Netwok Servers of the PTR.
Examples of using ip/dnstrace.
- http://ipduh.com/ip/dnstrace/?89.99.109.119
- http://ipduh.com/ip/dnstrace/?99.100.101.102
- http://ipduh.com/ip/dnstrace/?24.48.72.96
ipv6/dnstrace Tools Menu
input:
A pubic IPv6 address
output:
The delegation path from the root Name Servers to the Authoritative DNS Netwok Servers of the IPv6 address PTR.
Examples of using ip/dnstrace.
- http://ipduh.com/ipv6/dnstrace/?2001:beef:0000:fee5::
- http://ipduh.com/ipv6/dnstrace/?2a00:1450::f00
- http://ipduh.com/ipv6/dnstrace/?2001:470::
ip/tor-exit Tools Menu
input:
A unicast IPv4 address
output:
- If the IPv4 address entered is listed on the IPduh Tor Exit List, the first and the last times it was seen used as a Tor Exit.
- If the IPv4 address entered is listed on the tor.dan.me.uk DNSBL ( a list of currently used Tor Exits ), some information regarding its Tor Network characteristics.
The lookups performed by ip/tor-exit are performed by ip/dnsbl as well.
Examples of using ip/tor-exit.
- http://ipduh.com/ip/tor-exit/?151.66.94.134
- http://ipduh.com/ip/tor-exit/?108.4.208.93
- http://ipduh.com/ip/tor-exit/?220.255.2.49
dns/list Tools Menu
Create a List of DNS names
input:
DNS names
ipduh-list built-in variables and punctuation marks:
&list= --- , &title= ; &www=1 &sc=1 &sa=1
comments:
All listed strings of characters not Identified by dns/list as DNS names are printed.
A ; stops list processing and hides all characters following it.
output:
A list of DNS names along with links to the appropriate IPduh tools and the URL producing the list.
Examples of using dns/list.
ip/list Tools Menu
Create a List of IP numbers
input:
IP numbers:
[ IPv4 address | IPv6 address | IPv4 CIDR block | IPv6 CIDR block | Autonomous System Number ]
ipduh-list built-in variables and punctuation marks:
&list= -- , &title= ;
comments:
All listed strings of characters not Identified by ip/list as IP numbers are printed.
A ; stops list processing and hides all characters following it.
output:
A list of IP numbers along with links to the appropriate IPduh tools and the URL producing the list.
Examples of using ip/list.
- http://ipduh.com/ip/list/?list=%0A8.4.2.1--%0A16.8.4.2/32--%0A32.16.8.4--%0A666--%0AAS9999--%0A2a00:1450:4001:c01:0:0:0:79--%0A2A00:0000::/12
- http://ipduh.com/ip/list/?&title=Public%20DNS%20caching%20servers%0A&list=%0AGoogle--%0A8.8.8.8--8.8.4.4--2001:4860:4860::8888--2001:4860:4860::8844 --.--%0AOpenDNS--%0A208.67.222.222--208.67.220.220--%0A--.-- %0ANorton--%0A198.153.192.40--198.153.194.40--%0A --Warns%20about%20and%20censors%20DNS%20names%20used%20by%20malicious%20sites-- %0A198.153.192.50--198.153.194.50--%0A --Warns%20about%20and%20censors%20DNS%20names%20used%20by%20malicious%20 or%20Pornography%20sites%20-- %0A198.153.192.60--198.153.194.60--%0A-- Warns%20about%20and%20censors%20DNS%20names%20used%20by%20malicious%20 or%20Pornography%20or%20Non-Family-Friendly%20sites%0A--.-- %0AVerizon--%0A4.2.2.1--4.2.2.2--4.2.2.3--4.2.2.4--4.2.2.5--4.2.2.6--%0A--.-- %0ALevel3--%0A209.244.0.3--209.244.0.4%0A--.-- %0AComodo--%0A8.26.56.26--8.20.247.20%0A--.-- %0ACisco--%0A64.102.255.44--128.107.241.185%0A--.--
- http:/ip/list/?title=Special Purpose IPv4%0A&list=%0A224.0.0.0/24--Multicast IPv4 assignments -Former D--.--%0A240.0.0.0/4--Reserved for future addressing modes -Former E--.--%0A0.0.0.0/8--The this Network--.--%0A10.0.0.0/8--Used in Private Networks--.--%0A127.0.0.0/8--Host loopback address space--.--%0A172.16.0.0/12--Used in Private Networks--.--%0A198.18.0.0/15--Allocated for use in benchmark tests of network interconnect devices--.--%0A169.254.0.0/16--The Link-Local block--.--%0A192.168.0.0/16--Used in Private Networks--.--%0A192.0.0.0/24--reserved for IETF protocol assignments--.--%0A192.0.2.0/24--TEST-NET-1 for use in documentation and example code--.--%0A198.51.100.0/24--TEST-NET-2 for use in documentation and example code--.--%0A203.0.113.0/24--TEST-NET-3 for use in documentation and example code--.--%0A192.88.99.0/24--6to4 relay anycast addresses
IPduh List Syntax Tools Menu about ip/list about dns/list about demux/list
IPduh list syntax is used to create lists with ip/list , dns/list , and demux/list and it is a simple way of denoting lists in a form text area or a URL.
HTML tags are not allowed.
URL Enconding and URL decoding are handled by the list tools.
- &title= is optional and it is used to set the list title
eg: http://ipduh.com/dns/list/?&title=This an one item list&list=sixxs.net
If &title= is omitted then the title is set to 'First List Element - Last List Element'
eg: http://ipduh.com/dns/list/?&list=twitter.com,linkedin.com,facebook.com - &list= is needed and it is used to set a list
eg:http://ipduh.com/dns/list/?&list=blogspot.com--tumblr.com--wordpress.com
Omitting or not setting &list= results to an empty list error
eg:http://ipduh.com/dns/list/?&title=I am not a list
eg:http://ipduh.com/dns/list/?&title=I am an empty list&list= - , is used as a list item delimeter
eg: http://ipduh.com/dns/list/?&list=youtube.com,v.qq.com - -- is used as a list item delimeter on ip lists and it is equivalent and interchangeable with ,
eg: http://ipduh.com/ip/list/?&list=1.2.3.4--2.4.8.16--3.6.9.12--3.9.27.81 - --- it is used as a list item delimeter and it is equivalent and interchangeable with ,
eg: http://ipduh.com/dns/list/?&list=google.com.hk---google.co.in---google.de---google.co.uk---google.co.jp - ; is used to stop list processing and hide whatever follows
eg: http://ipduh.com/ip/list/?&list=4.2.2.2--8.8.8.8;hidden--nothing--niente-testing - &www=1 is optional and it is used to put external links for all DNS names on the list. The external links are checked by the Bouncer. eg: http://ipduh.com/dns/list/?&title=example%20list&www=1&list=example.com,example.net,example.org
&sc=1 optional , puts the count of listed items.
&sa=1 optional , puts one advertisement.
eg: Web Ads Sites
Every list item not identified as an IP number by ip/list , a DNS name by dns/list , and an IP number or a DNS name or a URI by demux/list will be printed without IPduh links. This way comments and almost empty lines may be put in a list.
eg:http://ipduh.com/dns/list/?&list=`---google.fr---Google in French---.---google.gr---Google in Greek---'
ipv6/dnstrace Tools Menu
input:
A pubic IPv6 address
output:
The delegation path from the root Name Servers to the Authoritative DNS Netwok Servers of the IPv6 address PTR.
Examples of using ip/dnstrace.
- http://ipduh.com/ipv6/dnstrace/?2001:beef:0000:fee5::
- http://ipduh.com/ipv6/dnstrace/?2a00:1450::f00
- http://ipduh.com/ipv6/dnstrace/?2001:470::
dns/trace Tools Menu
input:
A DNS domain name
output:
The delegation path from the root Name Servers to the Authoritative Name Servers of the DNS name.
Examples of using ip/dnstrace.
- http://ipduh.com/dns/trace/?forecast.uoa.gr
- http://ipduh.com/dns/trace/?www.ci.tuwien.ac.at
- http://ipduh.com/dns/trace/?axion.physics.ubc.ca
ipv6/cidr Tools Menu
input:
An IPv6 CIDR block in CIDR notation
output:
- Whether the IPv6 CIDR block entered is valid.
- If the IPv6 CIDR block entered is invalid a correction is attempted.
- The Type of the IPv6 network address.
- The IPv6 Range. Network Address - Broadcast Address.
- The Number of IPv6 addresses in the CIDR block.
Examples of using ipv6/cidr
ipv6/traceroute Tools Menu
input:
An IPv6 address
output:
If the IPv6 address entered is a routable Unicast Internet IPv6 address, the intermediate routers along the path from an IPduh Internet Host to the Internet host using the IPv6 address entered. For each of the routers in the path ipv6/traceroute attempts to output their reverse records, their IPv6 addresses, the Autonomous Systems in which they belong, and the time it took them to respond to the traceroute probes.
ipv6 Tools Menu
IPv6 address basic information lookup
input:
An IPv6 Address
output:
- The type of the IPv6 address entered, URIs to more information and the appropriate RFC, if needed.
- Allocation Prefix , Status , Responsible RIR , Allocation Date.
- The short form of the IPv6 address entered.
- The long form of IPv6 address entered Hexadecimal and Binary.
- The unsigned integer number represantating the IPv6 address entered.
- The Country in which the Organization using this IPv6 address is located.
The machine(s) using this IPv6 address may not be on the same country.
The Location is determined by the Regional Internet Registries data and a macro view of the IPv6 addresses per country is also available.
Examples of using ipv6.
- http://ipduh.com/ipv6/?1A7E::FEE5
- http://ipduh.com/ipv6/?2011:11FE:15:A:BEAC:4::
- http://ipduh.com/ipv6/?2012:11FE:15:C001::
as/prefix Tools Menu
IP prefixes originating an Autonomous System
input:
An Autonomous System Number
output:
The IP prefixes originating the autonomous system
Examples of using as/prefix.
Still in Beta release --Not consistent Results.
Glitch - Bug: If you get "I did not find IP prefixes originating from 'AS#'" for an autonomous system number with prefixes in the IPduh Database, try to refresh the page.
ipv6/whois Tools Menu
IPv6 address whois information lookup
input:
An IPv6 Address
output:
For non Global Unicast IPv6 addresses,
a short explanation and a URI to more information or the apprpopriate RFC.
For Global Unicast IPv6 addresses,
- The parent IANA block.
- The IANA status.
- The Regional Internet Registry.
- The whois server.
- The whois information for the owner of the block.
Examples of using ipv6.
ipv6/ptr Tools Menu
IPv6 address PTR ( Reverse DNS name ) lookup
input:
An IPv6 address
output:
The PTR of the IPv6 address entered.
Examples of ipv6/ptr.
ip/ptr/24 Tools Menu
The PTR of all IP addresses in a /24 network
input:
A pubic IPv4 address or a /24 CIDR or the three first Bytes of an IP address in decimal dotted notation
output:
The PTR ( Reverse DNS names ) for all the IP addresses in the /24 ( C ) Network along with pointers to more information.
Examples of using ip/ptr/24 .
- http://ipduh.com/ip/ptr/24/?2.4.4.2
- http://ipduh.com/ip/ptr/24/?77.72.230
- http://ipduh.com/ip/ptr/24/?140.186.70.0/24
idn/ace Tools Menu
IDNA - Unicode to ACE convertion
input:
An International Domain Name in Unicode.
output:
An ASCII Comptible Encoded string of characters.
Examples of using idn/ace.
idn/unicode Tools Menu
IDNA - ACE to UNICODE convertion
input:
An International Domain Name in ASCII Compatible Encoding ACE.
output:
The International Domain Name in Unicode.
Examples of using idn/unicode.
- http://ipduh.com/idn/unicode/?xn--qu-cja.com
- http://ipduh.com/idn/unicode/?xn--ar-hpa.com
- http://ipduh.com/idn/unicode/?xn--caf-dma.com
- http://ipduh.com/idn/unicode/?xn--espaa-rta.com
- http://ipduh.com/idn/unicode/?xn--jxalpdlp.com
pdb/as Tools Menu
PeeringDB information about an Autonomous System
input:
An autonomous system number
output:
The information that the Autonomous System Owner put in the Peering database.
The peeringdb information is cached for at least 15 days. The latest PeeringDB information can be viewed at peeringdb.com.
Examples of using pdb/as.
ip/whois Tools Menu
IP address whois lookup
input:
a public IPv4 address
output:
The whois information for the IP address entered.
Examples of using ip/whois with GET requests
- http://ipduh.com/ip/whois/?2.4.4.2
- http://ipduh.com/ip/whois/?16.8.4.2
- http://ipduh.com/ip/whois/?3.9.27.81
Caveat
ip/whois caches whois information for 15 days.
idn Tools Menu
International Domain Name convertions ( Unicode to ACE xor ACE to Unicode )
input:
a Domain Name
output:
If the domain entered is an international domain name encoded in Unicode it's ASCII Compatible encoded ( ACE ) version.
If the domain name entered is an Internation domain name encode in ACE it's equivalent Unicode encoded version.
Examples of using idn.
- http://ipduh.com/idn/?Яндекс.рф
- http://ipduh.com/idn/?xn--80aa9ahjp.com
- http://ipduh.com/idn/?xn--fiqz9s.xn--fiqz9s
- http://ipduh.com/idn/?xn--hgbk6aj7f53bba.com
- http://ipduh.com/idn/?xn--jxalpdlp.
ip/whois/as Tools Menu
Autonomous System Number whois lookup
input:
an Autonomous System number
an Autonomous System number with the "AS" prefix
an Autonomous System number with the "ASN" prefix.
output:
The whois information for an Internet Autonomous System.
If the Autonomous System Number entered is not used in Internet BGP routing an explanation is attempted.
Examples of using ip/whois/as with GET requests
- http://ipduh.com/ip/whois/as/?1234
- http://ipduh.com/ip/whois/as/?AS3333
- http://ipduh.com/ip/whois/as/?ASN45555555
ip/cidr Tools Menu
IP CIDR Calculator
input:
A network block in CIDR notation
output:
- If the network address on the CIDR is valid and the network mask on the CIDR is valid. Each Byte in the network address in Binary (put your cursor above the network address on the CIDR block)
- If the CIDR block is invalid ( the network address is not compatible with the network mask ) a valid CIDR block is suggested.
- The IP Range. Network Address - Broadcast Address.
- The Network Mask in decimal dotted notation and each Byte in binary ( put your cursor above the mask).
- The Number of IP addresses in the network block.
- If the the CIDR block is in a special block a short explanation and URI to more information, usually the appropriate RFC.
Examples of using ip/cidr with GET requests
- http://ipduh.com/ip/cidr/?72.21.192.0/19
- http://ipduh.com/ip/cidr/?199.59.148.0/22
- http://ipduh.com/ip/cidr/?192.168.1.0/24
ip/reverse or ip/ptr Tools Menu
IP address PTR RR lookup - IP reverse mapping - reverse IP address DNS lookup
ip/reverse or ip/ptr is based on a IP PTR RR lookup also known as reverse DNS lookup and it is usefull in associating an IP address with a host name or a DNS name.
input:
a public IPv4 address
output:
- The IP PTR resource record.
- The registered domain name -deduced by the PTR record.
- The A records of the registered domain name.
Note
For single IP addresses ip output includes the ip/reverse output as well.
Examples of using ip/reverse with GET requests
- http://ipduh.com/ip/reverse/?3.3.3.3
- http://ipduh.com/ip/reverse/?64.95.64.197
- http://ipduh.com/ip/reverse/?95.4.4.4
epoch Tools Menu
Epoch Clock and Epoch to Date Conversion
input:
An Epoch -an integer number
output:
- The equivalent UTC Date.
- The Δsec since the Unix Epoch.
- The Δsec from the Unix epoch timestamp entered.
Examples of using epoch.
- http://ipduh.com/epoch/?-1234567890
- http://ipduh.com/epoch/?1333333333
- http://ipduh.com/epoch/?12345678901
- http://ipduh.com/epoch/?1010101010
- http://ipduh.com/epoch/?10101010101
- http://ipduh.com/epoch/?1234567890
url/decode Tools Menu
Percent Decode a URI
input:
A URI
output:
A percent-decoded string along with an attempt to break up the URI to its main parts.
Examples of using url/decode.
- http://xn--lzg.net:80/looking/for/a/404/index.htm
- http://www.baidu.com/s?wd=ipduh
- http://www.google.com/search?client=foo&channel=9&q=%E1%BC%93%CE%BD+%CE%BF%E1%BC%B6%CE%B4%CE%B1+%E1%BD%85%CF%84%CE%B9+%CE%BF%E1%BD%90%CE%B4%E1%BD%B2%CE%BD+%CE%BF%E1%BC%B6%CE%B4%CE%B1&oe=utf-8
url/bouncer Tools Menu
Bounce URLs - Basic Protection against Malicious URLs
input:
[ IPv4 address | IPv6 address | URI | DNS name ]
output:
The Bouncer will lookup the DNS name or the IP address contained in the URI in a few major Black Lists. If the URI , IP address , or DNS name pass the test , the bouncer will redirect you there after a few seconds.
The Bouncer transforms plain DNS names , plain IPv4 addresses , and plain IPv6 addresses to HTTP URLs.
The Bouncer will bounce URIs using the protocols used often with web browsers: HTTP , HTTPS , and FTP.
The Bouncer runs a basic test against the host you are destined.
For a more thorough test consult dns/bl for domain names and ip/dnsbl for IPv4 address.
The Bouncer is ideal when you need to link to URIs beyond your control or to hide your referrer.
Examples of using url/bouncer.
- http://ipduh.com/url/bouncer/?http://alog.ipduh.com
- http://ipduh.com/url/bouncer/?alog.ipduh.com
- http://ipduh.com/url/bouncer/?http://85.25.242.245:80
- http://ipduh.com/url/bouncer/?85.25.242.245
- http://ipduh.com/url/bouncer/?2001:470:1f0a:2e2:da::
The Bouncer waits for 4.5 sec before redirecting.
If you do not like the 4.5 sec wait time before the redirection you may use one of the following:
/url/bouncer/1
/url/bouncer/2
/url/bouncer/3
/url/bouncer/4
/url/bouncer/1 waits 0.5 sec before redirecting and it may be used in the same way.
eg:http://ipduh.com/url/bouncer/1/?http://alog.ipduh.com
/url/bouncer/2 waits 1.5 sec before redirecting and it may be used in the same way.
eg:http://ipduh.com/url/bouncer/2/?http://alog.ipduh.com
/url/bouncer/3 waits 2.5 sec before redirecting and it may be used in the same way.
eg:http://ipduh.com/url/bouncer/3/?http://alog.ipduh.com
url/encode Tools Menu
Percent Encode a URI
input:
A URI
output:
A percent-encoded URI.
Examples of using url/encode.
ip/dnsbl Tools Menu
IP address Blacklist check.
input:
a public IPv4 address
output:
- The answer for this IP address from each of the major IP DNS BlackLists and IP 'black' lists queried.
- An explanation for each answer and if needed a URI to more information.
DNS BlackLists and IP 'black' lists queried by ip/dnsbl
- ZEN - zen.spamhaus.org
ZEN combines all Spamhaus IP DNSBLs.- Spamhaus Block List - SBL - sbl.spamhaus.org
A database of IP addresses of spam-sources, spam support services, and snowshoe spammers ( the CSS component ). - Exploits Block List - XBL - xbl.spamhaus.org
XBL includes CBL and a customized NJABL- Composite Blocking List - CBL - cbl.abuseat.org
CBL lists IP addresses exhibiting characteristics which are specific to open proxies, spam bots, and spam malware. - Not Just Another Bogus List - NJABL - njabl.org
An IP database of known and potential spam sources ( open relays, open proxies, open form to mail HTTP gateways, dynamic IP pools, and direct spammers )
- Composite Blocking List - CBL - cbl.abuseat.org
- Policy Block List - PBL - pbl.spamhaus.org
A database of end-user IP addresses which should not be delivering unauthenticated SMTP email to any Internet mail server.
Many ISPs participate in the PBL project. The PBL lists both dynamic and static IP addresses which by policy whether the block owner's or -interim in its absence- Spamhaus' policy) should not be sending email directly to the MX servers of third parties.
- Spamhaus Block List - SBL - sbl.spamhaus.org
- SORBS - dnsbl.sorbs.net
Contains all the SORBS DNSBLs- http.dnsbl.sorbs.net
List of Open HTTP Proxy Servers. - socks.dnsbl.sorbs.net
List of Open SOCKS Proxy Servers. - misc.dnsbl.sorbs.net
List of open Proxy Servers not listed in the SOCKS or HTTP lists. - smtp.dnsbl.sorbs.net
List of Open SMTP relay servers. - web.dnsbl.sorbs.net
Hosts that have abusable vulnerabilities - spam.dnsbl.sorbs.net
List of hosts that have been noted as sending spam/UCE/UBE to the administrators of SORBS. This zone also contains net blocks of spam supporting service providers, including those who provide web sites, DNS or drop boxes for a spammer. Spam supporters are added on a 'third strike and you are out' basis, where the third spam will cause the supporter to be added to the list. - block.dnsbl.sorbs.net
List of hosts demanding that they never be tested by SORBS. - zombie.dnsbl.sorbs.net
List of networks hijacked from their original owners, some of which have been used for spamming. - dul.dnsbl.sorbs.net
Dynamic IP Address ranges (NOT a Dial Up list!) - badconf.rhsbl.sorbs.net
List of domain names where the A or MX records point to bad address space. - nomail.rhsbl.sorbs.net
List of domain names where the owners have indicated no email should ever originate from these domains.
- http.dnsbl.sorbs.net
- SpamCop Blocking List - SCBL - bl.spamcop.net
SCBL lists IP addresses that were used to spam. - Barracuda Reputation Block List - BRBL - b.barracudacentral.org
Lists IP addresses which are sending spam or viruses - Tor.dan.me.uk - dan.me.uk - A list of IP addresses used currently by the Tor Network.
If the IPv4 address entered is listed on tor.dan.me.uk some information regarding its Tor Network characteristics ( the node name, the port used by Tor, and whether it is: Fast,Guard,Named,Running,Stable, or Valid ). - Team Cymru Full Bogons List - Team Cymru
This List contains IP addresses that are not assigned to an ISP or other end-user and they should not be seen in the Internet. - IPduh Black List - An IP black List, not a DNSBL.
Contains IP addresses used by abusive or compromised systems. - IPduh Tor Exit List - A list of IP addresses that have been Tor Exits, not a DNSBL.
This list is maintained by IPduh and it is composed mainly by the Tor Project data .
If the IPv4 address entered is listed on the IPduh Tor Exit List the first and the last times it was seen used as a Tor Exit are displayed.
Examples of using ip/dnsbl
ip/srv Tools Menu
Check which of the most common services are running on the host(s) using a remote IP address.
input:
a public IPv4 address
output:
- The TCP ports that accepted connection within 300ms.
- Limited software recognition for the daemons found listening and some of the headers.
- Limited OS recognition, Uptime guess, Link Type Guess, and TOS.
- Guess the number of systems using the IP address.
List of the TCP ports probed by ip/srv and their common use
- 21 - FTP - File Transfer Protocol
- 22 - SSH Secure SHell
- 23 - Telnet
- 25 - SMTP - Simple Mail Protocol
- 465 - SMTP SSL/TLS - Simple Mail Transfer Protocol over SSL/TLS (encrypted)
- 53 - DNS - Domain Name System
- 80 - HTTP - HyperText Transfer Protocol
- 110 - POP3 - Post Office Protocol version 3
- 123 - NTP - Network Time Protocol
- 143 - IMAP - Internet Message Access protocol
- 993 - IMAP over SSL/TLS (encrypted)
- 389 - LDAP - Lightweitght Directory Access Protocol
- 443 - HTTPS - HyperText Transfer Protocol Secure (encrypted)
ip/srv also attempts to print the certificate details. - 587 - MSA - Message Submission Agent
- 1352 - Lotus Notes
- 1433 - Microsoft SQL server
- 3306 - MySQL Server
- 3389 - Windows Remote Desktop Connection Service
IPduh.com/ip/srv bot
ip/srv bot is called the piece of software that does the scans or looks up the cashed scans. The scans are cashed for no fixed periods of time. The ip/srv bot always attempts to pass the asker's IP address to the web server listening on the scanned IP when it attempts a new (non-cached) scan. The ip/srv bot always acts at someone's request and never picks arbitrary hosts to lookup.
If you are a server administrator who does not want his server's IP to be scanned by ip/srv please tell IPduh so. If you are a server administrator that wants to know who requested an ip/srv scan, search your web server's logs for IPduhSrvBot.
The ip/srv agent signature on http daemons listening on port 80 or port 443 looks like:
"Mozilla/5.0 (compatible; IPduhSrvBot/VERSION; for/192.0.2.222; +http://ipduh.com/about/#ip-srv-bot)"
where: 192.0.2.222 is the IP address of the IPduh user who requested the first ip/srv scan, and VERSION is [0.0.1 - 0.9.9].
dns/whois Tools Menu
Domain Name whois lookup
input:
a registered DNS domain name
output:
- The domain name whois information or a URI to the whois information.
Examples of using dns-whois
Caveat
In an effort to not be a nuisance to the whois servers dns/whois caches whois queries for at least 15 days.
dns/bl Tools Menu
Domain name URIBL and IP BLack List lookup
input:
a DNS domain name
output:
- The URI Black Lists' answers, and the answers of the major IP (DNS) Black Lists for all the IP addresses DNS related to the domain name.
The URI Black Lists
- Google Safe Browsing - Google Safe Browsing FAQ
This is a list of sites involved in phising or sites dedicated to the spread of malware. - URIBL - uribl.com
URIBL lists domain names found in URIs in the body of spam messages. These domain names may be used in one or more of the following categories of web sites: spamadvertized sites that are trying to sell something, phising sites, sites that host malware or used by malware, sites that infect visitors with malware.
The IP Black Lists
The IP Black Lists queried for every DNS related IP address are the same with the ones queried by ip/dnbl.
Examples of using dns-bl
For each of the DNS related IP addresses of the domain name dns/bl does not print IP Black Lists that answered "not listed".
You could use dns/bl/verbose if you want to see everything printed.
The domain names listed in the URI Black Lists are: dedicated to the propagation of malware, used for phising, used for spamming, or advertized though spamming.
IPduh suggests to not use your browser to visit any of the domain names listed on the URI Black Lists.
phishing site: Forgery or imitation of another website, designed to trick users into sharing personal or financial information. Entering any personal information on such site may result in identity theft or other abuse of the information entered.
malware site: A site that contains malicious software that could be downloaded to a user's computer without the user's content. A site used in controlling infected computers and coordinate malicious attacks or attempts to spread software viruses and other malicious software.
It is possible for the lists used by dns/bl to contain outdated or false information. It is possible that the lists compiled by IPduh to contain errors. The IPduh experience shows that the external lists chosen and the lists compiled by IPduh have a low false/positive ratio.
dns Tools Menu
Lookup the A, MX, NS, SOA DNS records, relevant IP addresses, and servers' locations.
input:
a DNS name
output:
- The purpose and the country (if any) of the Top Level Domain TLD.
- The Address ( A ) records and the locations of these IP addresses.
The A records usually point to webservers. - The A record of www --The www subdomain usually points to webservers.
- The CNAME record
- The DNAME record
- The AAAA record(s)
IPv6 address records. - The TXT record
- The Mail Exchange ( MX ) records, their priority and their location.
The MX records point to Mail Transfer Agents - mailservers. The number in front of the MX records specifies the preference value for the mailserver or the array of mailservers the record points to. - The Name Server ( NS ) records and the nameservers' locations.
- The Start Of Authority ( SOA ) record, which includes:
- SERIAL - the domain serial number.
This is an unsigned 32 bit integer that must be incremented on the primary server every time a change is made. [RFC1912 2.2] recommends the YYYYMMDDnn syntax where YYYY=year,MM=month,DD=day,nn=revision number. - MNAME - the primary name server.
- RNAME - the email of the domain name administrator.
RNAME must follow the hostmaster.example.tld format meaning hostmaster@example.tld. - REFRESH -the refresh timer.
A signed 32 bit integer that specifies the number of seconds between the time that a secondary name server checks if the zone was changed on the primary nameserver. - RETRY - the retry timer.
A signed 32 bit integer that specifies the number of seconds that the secondary name server(s) have to wait if a REFRESH fails. - TTL - the Time To Live timer.
TTL is an unsigned 32 bit integer that defines the number of seconds that a record may be cached.
- SERIAL - the domain serial number.
Examples of using dns with GET requests
- http://ipduh.com/dns/?example.net
- http://ipduh.com/dns/?bing.com
- http://ipduh.com/dns/?live.com
- http://ipduh.com/dns/?bing.fr
- http://ipduh.com/dns/?yahoo.com
Note
For better results use the registered domain name example.com and do not use subdomains like www.example.com
There are cases that subdomain zones are delegated to name servers different than the domain authoritative name servers, and the subdomain has a different set of DNS records.
To see the root nameservers for a Top Level Domain use "TLD." and not just "TLD"
For International Domain Names, just use their UTF8 encoded form
ip/traceroute Tools Menu
IP traceroute
Trace packets on their route from an Internet host in AS2490 along their route to another IPv4 Internet host.
input <
An Internet IPv4 address
output >
If the IP address entered is a routable Internet IP address, the intermediate routers along the IP path from IPduh to the IP address entered. For each of the routers in the path ip/traceroute attempts to output their reverse records, their IP addresses, the Autonomous Systems in which they belong, and the time it took them to respond to the traceroute probes.
anonymity-check Tools Menu
The anonymity-check shows what a web server can see or deduce about a web user. The web user information leaked to the WWW servers varies and depends on the web user's system, browser, settings, and local or proxy network. Even though the anonymity-check was intended to be used as a tool to demonstrate ways used by many sites to track web users, to check the anonymity of a connection through an HTTP proxy , check the integrity of an HTTP conversation, and test a Tor setup , it is more commonly used to find out the browser and network settings when troubleshooting. The anonymity checker is also a good way to find out if your privacy plugin conceals or ruins your Privacy.
Anonymity-check performs a plethora of tests and it is enhanced with new tests at a regular basis.
For the most part it reports only its finds.
Some of the Anonymity-check checks:
- Searching the HTTP headers for proxy traces.
Some common HTTP headers used by web proxy servers are the following.- HTTP_FORWARDED
- HTTP_X_FORWARDED_FOR
- HTTP_VIA
- HTTP_PROXY_CONNECTION
- HTTP_PROXY_ID
- HTTP_XROXY_CONNECTION
- HTTP_PROXY_CONNECTION
- HTTP_CLIENT_IP
- If cookies are accepted,anonymity-check processes the *leg cookies which hold information about the client's earlier visits and the previous IP address.
- The anonymity checker attempts to virtually ( it does not really store any of your inforamtion to the IPduh systems ) track you through an ETag.
- If Java is enabled, anonymity-check attempts to figure out your private IP address along with your computer's host name. None of this information is sent back to IPduh.
- Anonymity-check looks at the IP packets coming from your system or proxy system. This way it attempts to find out the MTU and advertised MSS along with information about your OS, your uptime, whether you are behind a NAT router or a firewall, your link type, and the number of the intermediate routers.
- Anonymity-check attempts to print the referral URI and the visiting system's host name as seen in the HTTP headers.
- Anonymity-check shows a report about your public IP addess. This report contains the same information with ip.
- Anonymity-check prints your user agent information as seen in the HTTP headers.
- Anonymity-check attemps to figure out the language(s) set to default on your web browser.
- If javascript is enabled on your browser, anonymity-check
- prints the cookies set by IPduh
- the visiting system's screen dimensions
- the character string identifying your WWW user agent.
- the plugins installed on the web browser, if any
- the operating system and the operating system vendor if available
- Attempts to store information about your visit on your system.
- If the Flash plugin is installed and enabled the anonymity checker attempts to store information about your visit on the Flash Local Share Object.
- Attempts to find previously stored information about your visits on your system.
- The Anonymity checker attempts to find the cashing name servers used by your system and print links to more information about them.
- The Anonymity checker attempts to detect anomalies such as missing or extra headers and HTML injections in the HTTP conversations between you system and IPduh.
Note
To see all the anonymity-check finds visit it two times in a browsing session, then do what you usually do when you want to clean up your browsing history and visit the Anonymity Checker again.
To encrypt your communication with the anonymity checker use https://ipduh.com/anonymity-check.
To use TLS - SSL encryption in between your browser and IPduh you may need to trust the IPduh Certificate Authortity - install the IPduh CA public certificate.
To automate your public IP address lookup you could use http://ipduh.com/my/ip.
Most privacy and anti-tracking Firefox plugins tested against the anonymity-check, so far ( 1330538493 ), failed to deliver what they promise. Actually, 90% of them are completely useless or do Privacy Concealing like it is 1996.
my/geoloc Tools Menu
geographical location
Yet another HTML5 Location Aware Browsing Demo. Let Google Location Services to estimate your geographical location and draw it on a map.
Before using my/geoloc your browser should ask you if you would like to share the geographical estimation of your system and your IP address with the browser's location service provider --Usually Google Location Services. Your IP address, your GPS reading (if any), and a unique ID identifying your web browser are sent to the location service provider. In case of Google Location Services a cookie with the name PREF is stored in your browser's cookie jar.
demux Tools Menu
Submit a string of characters to an appropriate IPduh tool
input:
A string of characters:
[ IP address | IP CIDR block | IPv6 address | IPv6 CIDR block | Autonomous System Number | DNS name | URI ]
output:
The string of characters submitted to Demux is submitted to an appropriate IPduh tool.
[ ip | ip/cidr | ipv6 | ipv6/cidr | ip/whois/as | dns | url/decode]
Examples of using demux
- http://ipduh.com/demux/?ameblo.jp
- http://ipduh.com/demux/?XN--DEBA0AD
- http://ipduh.com/demux/?テスト
- http://ipduh.com/demux/?128.64.32.16
- http://ipduh.com/demux/?ASN6461
- http://ipduh.com/demux/?10.0.0.0/8
- http://ipduh.com/demux/?2610:a1:1014:0:0:0:0:1
- http://ipduh.com/demux/?2610:0000::/23
- http://ipduh.com/demux/?google.se
- http://ipduh.com/demux/?google.com.ph
- http://ipduh.com/demux/?2914
demux/class Tools Menu
Classify a string of characters and see the appropriate IPduh links
input:
A string of characters:
[ IP address | IP CIDR block | IPv6 address | IPv6 CIDR block | Autonomous System Number | DNS name | URI ]
output:
A classification and appropriate IPduh links to further information about the string of characters submitted given.
Examples of using demux/class
- http://ipduh.com/demux/class/?instagr.am
- http://ipduh.com/demux/class/?68.71.220.3
- http://ipduh.com/demux/class/?69.53.236.17/32
- http://ipduh.com/demux/class/?2001:4b0:1668:2211:2:0:0:1
- http://ipduh.com/demux/class/?64.12.79.57
- http://ipduh.com/demux/class/?17.254.13.0/24
- http://ipduh.com/demux/class/?714
- http://ipduh.com/demux/class/?espn.go.com
- http://ipduh.com/demux/class/?69.175.87.109
- http://ipduh.com/demux/class/?2001:0400::/23
- http://ipduh.com/demux/class/?4399.com
- http://ipduh.com/demux/class/?http://ipduh.com/dns/?eff.org
demux/list Tools Menu
Create a List of IP numbers, DNS names, and URIs
input:
listed items:
[ IPv4 address | IPv6 address | IPv4 CIDR block | IPv6 CIDR block | Autonomous System Number | DNS names | URI ]
ipduh-list built-in variables and punctuation marks:
&list= --- , &title= ;
comments:
All strings of characters not Identified by demux/list as IP numbers, DNS names, or URIs are printed without IPduh links.
A ; stops list processing and hides all characters following it.
output:
A bookmarkable list of DNS names, IP numbers, URIs and your comments along with links to the appropriate IPduh tools.
Examples of using demux/list
- http://ipduh.com/demux/list/?&title=an%20example%20demux%20list%0A&list=%0A144.63.250.10,%0Ablocket.se,%0A164.10.0.0/16,%0A2a00:1a28:1151:0:7397:be48:6c38:a6b7,%0A194.71.107.15,%0A2A00:0000::/12,%0A217.151.205.230/32
- Genesis
- Public Name Servers
Note
-- is not a valid delimeter anymore. Use , or --- instead. Lists using -- may be compiled by http://ipduh.com/demux/list/old.
There is a 3KB limit on the size of the demux lists.
Through Bouncer URLs are printed only for HTTP , HTTPS , and FTP URIs.
apropos Tools Menu apropos guides add apropos to your browser
Apropos will submit any string of characters to the appropriate IPduh tool.
Apropos may be used as an Internet Forensics Search Engine or a General Purpose Search Engine. Apropos is a good place to start your research and the most commonly used Tool of IPduh.
input:
Any string of characters
output:
The string of characters submitted to apropos will be submitted to the appropriate IPduh tool.
[ ip | ip/cidr | ipv6 | ipv6/cidr | ip/whois/as | dns | url/decode | torrent search | search ]
Examples of using apropos
- http://ipduh.com/apropos/?leboncoin.fr
- http://ipduh.com/apropos/?travelagency.travel
- http://ipduh.com/apropos/?44.55.66.77
- http://ipduh.com/apropos/?13020
- http://ipduh.com/apropos/?0.0.0.0/0
- http://ipduh.com/apropos/?2610:a1:1014:0:0:0:0:1
- http://ipduh.com/apropos/?::/0
- http://ipduh.com/apropos/?yahoo.no
- http://ipduh.com/apropos/?meaning
- http://ipduh.com/apropos/?pizza
- http://ipduh.com/apropos/?http://ipduh.com/ip/?2.4.8.16
- http://ipduh.com/apropos/?AS3333
- http://ipduh.com/apropos/?!t gimp
- http://ipduh.com/apropos/?!d yahoo.be
- http://ipduh.com/apropos/?http://ipduh.com/demux/list/?&list=192.149.252.58---192.149.252.0/24---example.org
Note: apropos does not handle IPduh lists ( ip/list , dns/list , demux/list )
apropos guides
- Apropos ' job is to guide your query to the appropriate IPduh tool. However, there are some "guide operators" that overwrite the apropos default behavior.
- !d is used to force use of dns.The !d guide is useful when apropos is used as the default search engine on the browser's location bar and you want to lookup a domain name instead of visiting it.
eg: http://ipduh.com/apropos/?!d bing.cn - !t is used to force use of Torrent Search. Actually the !t guide is the only way you can get to Torrent Search through apropos.
eg: http://ipduh.com/apropos/?!t official demo - !u is used to force use of url/decode. The !u guide is useful when apropos is used as the default search engine on the browser's location bar and the user wants to analyze a URI instead of visiting it.
eg: http://ipduh.com/apropos/?!u http://www.bing.com/search?q=what+is+bing&qs=n&form=ATOZ&pq=what+is+bing&sc=12-19&sp=1&sk=blah
Add Apropos to your Browser:
You can add apropos to your browser search engines or set it as your default search engine.
Add Apropos to Mozilla Firefox and Mozilla based browsers
Add Apropos to Chrome
Add Apropos to Internet Explorer
Add Apropos to Opera
To add Apropos to your Mozilla Firefox Search Engines:
Add the Firefox IPduh Apropos add-on from https://addons.mozilla.org/addon/ipduh-apropos/
OR
Click on this
OR
- visit IPduh
- click on the down arrow used to select search engine
- click on Add IPduh Apropos.
To set Apropos as the default search engine used for invalid URLs on Firefox and Mozilla Based Browsers ( Iceweasel , Seamonkey , etc ):
- Enter about:config in the browser location bar.
- Promise, you 'll be carefull.
- Enter keyword.URL in the Filter: under the location bar.
- Double-click on the keyword.URL result.
- Enter http://ipduh.com/apropos/? in the text box that pops up
- OK and close the about:config tab.
To add IPduh Apropos to your Search Engines on Chrome Based Browsers:
Click on this
To set IPduh Apropos as your default search engine on Chrome Based Browsers:
- visit IPduh
- Click the Wrench
- Click Settings
- Choose IPduh Apropos from the drop down list in the Search section under "Set which search engine is used when searching from the omnibox"
In Chrome's omnibox and when Apropos is set as the search engine used on the location bar, you can differentiate domain names you want to lookup from domain names you want to visit by prepending !d to your query eg: http://ipduh.com/apropos/?!d bing.no. You can also differentiate URIs you want to visit from URIs you want to decode and analyse by prepending !u to the ones you want to analyze, and jump to a Torrent Search by prepending !t to your query.
To add IPduh Apropos to your Internet Explorer Search Engines:
Click on this
OR
- visit IPduh
- click on the down arrow used to select search engine
- click on Add Search Providers.
- click on IPduh Apropos.
To add IPduh Apropos to your Opera Search Engines:
- visit IPduh
- click on the down arrow used to select search engine
- click on Manage Search Engines.
- click the Add... Button.
- set the Name -- Apropos.
- set the Keyword -- a.
- set the address to http://ipduh.com/apropos/?%s
- The check boxes following are optional.
- Hit OK
You can add Apropos over an encrypted connection to your Browser search engines.
Add Apropos over HTTPS to Mozilla Firefox and Mozilla based browsers
Add Apropos over HTTPS to Chrome
Add Apropos over HTTPS to Internet Explorer
Add Apropos over HTTPS to Opera
To add Apropos over HTTPS ( an encrypted connection ) to the Mozilla Firefox Search Engines:
add the Firefox IPduh Apropos SSL add-on from https://addons.mozilla.org/en-US/firefox/addon/apropos-ssl/
OR
- visit IPduh Privacy
- click on the down arrow used to select search engine
- click on Add IPduh Apropos SSL.
To set Apropos over SSL as the default search engine used for invalid URLs on Firefox and Mozilla Based Browsers ( Iceweasel , Seamonkey , etc ):
- Enter about:config in the browser location bar.
- Promise, you 'll be carefull.
- Enter keyword.URL in the Filter: under the location bar.
- Double-click on the keyword.URL result.
- Enter https://ipduh.com/apropos/? in the text box that pops up
- OK and close the about:config tab.
To set IPduh Apropos over SSL as your default search engine on Chrome Based Browsers:
- visit the IPduh privacy page.
- Click the Wrench
- Click Settings
- Choose IPduh Apropos SSL from the drop down list in the Search section under "Set which search engine is used when searching from the omnibox"
In Chrome's omnibox and when Apropos is set as the search engine used on the location bar, you can differentiate domain names you want to lookup from domain names you want to visit by prepending !d to your query eg: http://ipduh.com/apropos/?!d bing.no. If you want to decode and analyze a URI instead of visiting it you can prepend !u to your query, and jump to a Torrent Search by prepending !t to your query.
To add IPduh Apropos over HTTPS to your Internet Explorer Search Engines:
- visit the IPduh privacy page.
- click on the down arrow used to select search engine
- click on Add Search Providers.
- click on IPduh Apropos SSL.
To add IPduh Apropos over HTTPS to your Opera Search Engines:
- visit the IPduh privacy page.
- click on the down arrow used to select search engine
- click on Manage Search Engines.
- click the Add... Button.
- set the Name -- Apropos.
- set the Keyword -- a.
- set the address to https://ipduh.com/apropos/?%s
- The check boxes following are optional.
- Hit OK
Torrent Search Tools Menu
Search Torrents across all the major Torrent Trackers, Torrent Directories, and Torrent Search Engines.
Add the Torrent Search to your Browser Search Engines.
Add Torrent Search to Mozilla Firefox and Mozilla based browsers
Add Torrent Search to Internet Explorer
Add Torrent Search to Opera
To add Torrent Search to your Firefox Search Engines:
Add the Firefox Torrent add-on from https://addons.mozilla.org/en-US/firefox/addon/torrent/
OR
- visit the Torrent Search
- click on the down arrow used to select search engine
- click on Add Torrent Search.
To add Torrent Search to your Internet Explorer Search Engines:
- visit the Torrent Search
- click on the down arrow used to select search engine
- click on Add Search Providers.
- click on Torrent Search.
To add Torrent Search to your Opera Search Engines:
- visit the Torrent Search
- click on the down arrow used to select search engine
- click on Manage Search Engines.
- click the Add... Button.
- set the Name -- Torrent Search.
- set the Keyword -- t.
- set the address to http://ipduh.com/search/torrent/?q=%s
- The check boxes following are optional.
- Hit OK
The Torrent Search is available through apropos with the !t guide.
Add the Torrent Search over HTTPS --an encrypted Connection-- to your Browser Search Engines.
Add Torrent Search over HTTPS to Mozilla Firefox and Mozilla based browsers
Add Torrent Search over HTTPS to Internet Explorer
Add Torrent Search over HTTPS to Opera
To add Torrent Search over HTTPS to your Mozilla Firefox Search Engines:
Add the Firefox Torrent SSL add-on.
OR
- visit IPduh Privacy
- click on the down arrow used to select search engine
- click on Add Torrent Search SSL.
To add Torrent Search over HTTPS to your Internet Explorer Search Engines:
- visit the IPduh privacy page.
- click on the down arrow used to select search engine
- click on Add Search Providers.
- click on Torrent Search SSL.
To add Torrent Search SSL to your Opera Search Engines:
- visit the IPduh privacy page.
- click on the down arrow used to select search engine
- click on Manage Search Engines.
- click the Add... Button.
- set the Name -- Torrent Search SSL.
- set the Keyword -- t or whatever else you think appropriate.
- set the address to https://ipduh.com/search/torrent/?q=%s
- The check boxes following are optional.
- Hit OK
gmap Tools Menu
Display a set of coordinates ( latitude , longitude ) on a google map.
input:
Decimal latitude φ, longitude λ in the uri parameters
output:
A google map with a marker on the set of coordinates passed.
Examples of using gmap.
- http://ipduh.com/gmap/?lat=0.0&lon=0.0
- http://ipduh.com/gmap/?lat37.97150410463882&lon=23.726579546928406
- http://ipduh.com/gmap/?lat=32.59346754270018&lon=-117.12919235229492
gmap/tolatlon Tools Menu
Display and Find coordinates ( latitude , longitude ) on a google map.
input:
Markers with Right Click and decimal latitude and longitude in the uri parameters
output:
A google map with a marker on the set of coordinates passed.
You may right click on the map to enter markers and get the coordinates of points.
Examples of using gmap/tolatlon.
- http://ipduh.com/gmap/tolatlon/?lat=0.0&lon=0.0
- http://ipduh.com/gmap/tolatlon/?lat37.97150410463882&lon=23.726579546928406
- http://ipduh.com/gmap/tolatlon/?lat=32.59346754270018&lon=-117.12919235229492
ip ip/whois ip/dnsbl ip/cidr ip/ptr ip/ptr/24 ip/dnstrace ip/srv ip/traceroute ip/tor-exit ip/list
ip/whois/as pdb/as as/prefix apropos demux demux/class demux/list
ipv6 ipv6/whois ipv6/ptr ipv6/dnstrace ipv6/cidr ipv6/traceroute
dns dns/whois dns/trace dns/bl dns/list idn idn/ace idn/unicode
anonymity check url/decode url/encode url/bouncer my/geoloc epoch
© 1372644985 IPduh Search Contact Privacy
0 comments:
Posting Komentar