Bulk IP-Address / Reverse DNS Lookup Tool

I’ve created this simple little Google Sheet for conducting reverse DNS / IP address lookup via Google Sheets.

I primarily use this tool for auditing the top IP addresses connecting to my site. If you use this API for your own products, please include your website/contact in the URL.

The sheet works off of an API hosted by me so if you have any requests or if you just enjoy using the free tool, please leave me a comment below.

Open Broken Link Document NoSuchBucket

Why is this happening?

Amazon is moving away from storing files at s3.amazonaws.com/bucketName/file to bucketName.s3.amazonaws.com/file

How to get access to the document?

Easy, Enter your URL here:



 

<error>
<code>NoSuchBucket</code>
<message>The specified bucket does not exist</message>
<bucketname>oasdf</bucketname>
<requestid>A4EA86FD5249D765</requestid>
<hostid>
i58y3EbUeVOUvpGRxSW6raoyn/lQ/WjSa3i3+OyQNcHOH+H/UJR62+FKylNxh84oWCPtNYENmRg=
</hostid>
</error>

VolkFi Volk One Specs

These are the theoretical specs of the yet un-released Volk One peer-to-peer smartphone network.

Get a referral code for Volk Fi here.

Estimated shipping date is December 2019.

Display

Size: 6.2 inches
Resolution: (1080 x 2280 pixels) 402ppi
Aspect Ratio: 19:9

Sensors

Fingerprint, Hall, Accelerometer, Gyroscope, Proximity,
RGB Ambient Light Sensor, Electronic Compass, Sensor Hub

Ports

USB C, Support USB Audio
nano-SIM slot

Battery

3700 mAh (non-removable)

Audio

Bottom-facing speaker
3-microphone with noise cancellation
Support AANC
Dirac HD Sound®
Dirac Power Sound®

Vibration

OHaptic vibration motor

Connectivity

WiFi, Bluetooth, NFC

Volk Fi: 915Mhz (6.4km text, 3.2km voice, 1.3km video), 2.4Ghz, 5Ghz

GSM: 850Mhz, 900Mhz, 1800Mhz, 1900MHz

FDD-LTE: 1/2/3/4/5/7/8/12/13/17/18/19/20/25/26/28/29/32/66/71

TD-LTE: 38/39/40/41/42

CDMA: BC0/BC1

Dimensions

155.2 x 76.1 x 7.7 mm

Weight

179g

Color

Midnight Black / Snow White

Anodized Aluminum & Glass

Operating System

Android

CPU

Snapdragon 845 (Octa-core, up to 2.5GHz)

GPU

Adreno 630

RAM

4GB LPDDR4X

Storage

64GB or 256GB UFS 2.1 2-LANE

Camera

Dual 16 x 16 MP
Auto-HDR
4K resolution video at 30fps
1080P resolution video at 60fps
LED Flash
Aperture: f/1.7

FAQ:

Estimated shipping date is December 2019.
Internet access is available in North America, South America, Australia, and Pacific Islands. Voice & SMS to other networks is available in USA, Canada, and Mexico. We will be adding more countries to this list in the future.
Yes! Your Volk One has a phone number, and can make and receive calls and SMS to old, legacy phones. Even landlines!
We currently support porting US telephone numbers. To port numbers in UK, Australia, New Zealand, or Canada, please email us at [email protected].
Volk Fi network doesn’t require SIM cards, but you may use one on supported carriers
Volk Fi counts data usage and bytes shared via WiFi. Every user gets the amount they share, unlimited. If a Volk user consumes more data than they share in a month, there is a 5GB data cap. After that, the user can pay the super cheap price of $1/GB for additional data.
Volk One has new, long-range radio hardware. This means devices can be very far apart, and the network needs many fewer devices for great coverage.

 

Volk One Pre-Order Terms and Conditions

 

FryEye – Eye Condition

According to Zenni Optical:

FryEye happens when we’re exposed to too much blue light from digital screens and artificial light, as well as sunlight and UV rays.

Order Glasses from Zenni Optical
Although FryEye, isn’t a medical condition or term, there is a blue-light related condition known as computer vision syndrome. Despite this condition existing, current academic consensus suggests there are no known health effects of day-to-day exposure to blue light and it is not regarded as a cause of eye disease. Opticians in the United Kingdom have been fined for misleading customers about their blue-light filtering lenses.

Although research on the physical effects of blue-light on the eyes and body is limited, I find myself sensitive to blue light. I typically opt for blue-light filtering lenses on top of my use of blue-light limiting apps such as f.lux.

Google-Certificates-Bridge User Agent .well-known/acme-challenge Requests

I recently have been having many requests coming from Google IPv4 and IPv6 addresses with the user agent “Google-Certificates-Bridge” accessing unique files within /.well-known/acme-challenge/XXXX.
A snippet from my Apache Log
64.233.172.141 - - [25/Dec/2018:23:30:30 +0000] "GET /.well-known/acme-challenge/LjaR-XXXXXXXXXXXXX-lgf6-QW8 HTTP/1.1" 404 - "-" "Google-Certificates-Bridge"
64.233.172.145 - - [25/Dec/2018:23:30:40 +0000] "GET /.well-known/acme-challenge/LjaR-XXXXXXXXXXXXX-lgf6-QW8 HTTP/1.1" 404 - "-" "Google-Certificates-Bridge"
64.233.172.143 - - [25/Dec/2018:23:30:50 +0000] "GET /.well-known/acme-challenge/LjaR-XXXXXXXXXXXXX-lgf6-QW8 HTTP/1.1" 404 - "-" "Google-Certificates-Bridge"
64.233.172.146 - - [25/Dec/2018:23:31:00 +0000] "GET /.well-known/acme-challenge/LjaR-XXXXXXXXXXXXX-lgf6-QW8 HTTP/1.1" 404 - "-" "Google-Certificates-Bridge"
2001:4860:4801:400a::35 - - [25/Dec/2018:23:31:10 +0000] "GET /.well-known/acme-challenge/LjaR-XXXXXXXXXXXXX-lgf6-QW8 HTTP/1.1" 404 - "-" "Google-Certificates-Bridge"
64.233.172.144 - - [25/Dec/2018:23:31:20 +0000] "GET /.well-known/acme-challenge/LjaR-XXXXXXXXXXXXX-lgf6-QW8 HTTP/1.1" 404 - "-" "Google-Certificates-Bridge"
2001:4860:4801:400a::19 - - [25/Dec/2018:23:31:30 +0000] "GET /.well-known/acme-challenge/LjaR-XXXXXXXXXXXXX-lgf6-QW8 HTTP/1.1" 404 - "-" "Google-Certificates-Bridge"
66.102.8.40 - - [25/Dec/2018:23:31:39 +0000] "GET /.well-known/acme-challenge/XXXXXXXXXXXXX-XXXXXXXXXXXXX HTTP/1.1" 404 - "-" "Google-Certificates-Bridge"
64.233.172.143 - - [25/Dec/2018:23:31:40 +0000] "GET /.well-known/acme-challenge/LjaR-XXXXXXXXXXXXX-lgf6-QW8 HTTP/1.1" 404 - "-" "Google-Certificates-Bridge"

These requests are used by Cpanel, Google and some other services for the purpose of verifying SSL certificates issued to the domain. No need to worry, as long as the requests are coming from a familiar IP, this is not likely attack traffic.

Scan of SpaceX Starlink Network (AS14593)

Traceroute from Google Cloud West to Starlink (AS14593)
traceroute to 192.31.243.1 (192.31.243.1), 30 hops max, 60 byte packets
1 * 66.249.94.93 (66.249.94.93) 7.475 ms 74.125.37.205 (74.125.37.205) 7.409 ms
2 72.14.236.185 (72.14.236.185) 8.201 ms 64.233.175.1 (64.233.175.1) 9.707 ms ae27.cs1.sea1.us.eth.zayo.com (64.125.29.0) 7.703 ms
3 108.170.245.117 (108.170.245.117) 7.411 ms 108.170.245.101 (108.170.245.101) 7.736 ms 74.125.243.199 (74.125.243.199) 7.591 ms
4 * * *
5 host.starlinkisp.net (192.31.243.1) 8.195 ms ae27.cs1.sea1.us.eth.zayo.com (64.125.29.0) 7.379 ms 7.472 ms

This gives us a small tidbit of info, the network currently resolves to host.starlinkisp.net. We can expect this to be the future domain for StarLink. For now, it 301 redirects to the SpaceX homepage, but I’m monitoring the domain for updates.

Full Network Scan:


sudo nmap -O -sV --version-intensity 5 192.31.243.0/24
Starting Nmap 6.40 ( http://nmap.org ) at 2019-02-21 18:56 UTC
Nmap scan report for host.starlinkisp.net (192.31.243.1)
Host is up (0.0100s latency).
Not shown: 996 closed ports
PORT STATE SERVICE VERSION
22/tcp filtered ssh
25/tcp filtered smtp
111/tcp open rpcbind 2-4 (RPC #100000)
179/tcp open bgp?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port179-TCP:V=6.40%I=5%D=2/21%Time=5C6EF46D%P=x86_64-redhat-linux-gnu%r
SF:(NULL,32,"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\
SF:xff\0\x1d\x01\x049\x01\0Z\n\xce\n\x02\0\xff\xff\xff\xff\xff\xff\xff\xff
SF:\xff\xff\xff\xff\xff\xff\xff\xff\0\x15\x03\x06\x05")%r(GenericLines,32,
SF:"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x1d
SF:\x01\x049\x01\0Z\n\xce\n\x02\0\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\
SF:xff\xff\xff\xff\xff\xff\0\x15\x03\x06\x05")%r(GetRequest,32,"\xff\xff\x
SF:ff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x1d\x01\x049\x
SF:01\0Z\n\xce\n\x02\0\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff
SF:\xff\xff\xff\0\x15\x03\x06\x05")%r(HTTPOptions,32,"\xff\xff\xff\xff\xff
SF:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x1d\x01\x049\x01\0Z\n\xc
SF:e\n\x02\0\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x
SF:ff\0\x15\x03\x06\x05")%r(RTSPRequest,32,"\xff\xff\xff\xff\xff\xff\xff\x
SF:ff\xff\xff\xff\xff\xff\xff\xff\xff\0\x1d\x01\x049\x01\0Z\n\xce\n\x02\0\
SF:xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x15\x
SF:03\x06\x05")%r(RPCCheck,32,"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf
SF:f\xff\xff\xff\xff\xff\0\x1d\x01\x049\x01\0Z\n\xce\n\x02\0\xff\xff\xff\x
SF:ff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x15\x03\x06\x05")%
SF:r(DNSVersionBindReq,32,"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf
SF:f\xff\xff\xff\xff\0\x1d\x01\x049\x01\0Z\n\xce\n\x02\0\xff\xff\xff\xff\x
SF:ff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x15\x03\x06\x05")%r(He
SF:lp,32,"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff
SF:\0\x1d\x01\x049\x01\0Z\n\xce\n\x02\0\xff\xff\xff\xff\xff\xff\xff\xff\xf
SF:f\xff\xff\xff\xff\xff\xff\xff\0\x15\x03\x06\x05")%r(SSLSessionReq,32,"\
SF:xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x1d\x
SF:01\x049\x01\0Z\n\xce\n\x02\0\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf
SF:f\xff\xff\xff\xff\xff\0\x15\x03\x06\x05")%r(Kerberos,32,"\xff\xff\xff\x
SF:ff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x1d\x01\x049\x01\0
SF:Z\n\xce\n\x02\0\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff
SF:\xff\xff\0\x15\x03\x06\x05");
Device type: router|switch|firewall|storage-misc|general purpose|printer
Running (JUST GUESSING): Juniper embedded (95%), Juniper JUNOS 8.X|9.X|10.X|11.X (95%), Acme Packet embedded (92%), FreeBSD 6.X (92%), Epson embedded (90%)
OS CPE: cpe:/h:juniper:m7i cpe:/o:juniper:junos:8 cpe:/o:juniper:junos:9 cpe:/o:juniper:junos:10 cpe:/o:juniper:junos:11 cpe:/o:freebsd:freebsd:6 cpe:/h:epson:stylus_pro_400
Aggressive OS guesses: Juniper M7i router (95%), Juniper Networks J2320 or MX5-T router; or EX2200, EX3200, EX4200, or EX8200 switch (JUNOS 8.5 - 11.2) (95%), Juniper Networks JUNOS 8.5B2.5 (95%), Juniper JUNOS 9.4R2.9 (93%), Acme Packet Net-Net 4250 VoIP session border controller (92%), FreeNAS 0.69RC2 (FreeBSD 6.4-RELEASE) (92%), FreeBSD 6.2-STABLE - 6.4-STABLE (92%), FreeBSD 6.3-RELEASE-p1 (92%), FreeNAS 0.69RC2 (FreeBSD 6.4-RELEASE-p3) (91%), FreeBSD 6.3-STABLE (91%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 7 hops

From this info, we can gather Starlink is likely using a Juniper powered router for this single IP. Unfortunately, connections to port 25 and 22 timeout so no further information could be gathered from that end.

The remaining hosts replied in the following way:

Nmap scan report for host.starlinkisp.net (192.31.243.2)
Host is up.
All 1000 scanned ports on host.starlinkisp.net (192.31.243.2) are filtered
Too many fingerprints match this host to give specific OS details
...
Nmap scan report for host.starlinkisp.net (192.31.243.254)
Host is up.
All 1000 scanned ports on host.starlinkisp.net (192.31.243.2) are filtered
Too many fingerprints match this host to give specific OS details

 

 

Latest Scan from 2018-04-16:

 

sudo nmap -O -sV --version-intensity 5 192.31.243.0/24

Starting Nmap 6.40 ( http://nmap.org ) at 2019-04-16 16:22 UTC
Nmap scan report for sea-fw-0.starlinkisp.net (192.31.243.1)
Host is up (0.0078s latency).
All 1000 scanned ports on sea-fw-0.starlinkisp.net (192.31.243.1) are filtered
Too many fingerprints match this host to give specific OS details

Nmap scan report for host.starlinkisp.net (192.31.243.9)
Host is up (0.0078s latency).
All 1000 scanned ports on host.starlinkisp.net (192.31.243.9) are filtered
Too many fingerprints match this host to give specific OS details

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 256 IP addresses (2 hosts up) scanned in 48.30 seconds

Adsense: Is this your site? We’ve detected your ad code on the site below…

Is this your site? We’ve detected your ad code on the site below. If it’s your site, click Yes to add it to your Sites.
Web caches, proxies, and translation services often appear as sites where Google Adsense has detected your ad code. Here is a list of services I’ve seen on my account:
  • translatoruser-int.com [Translate]
  • translate.google.com [Translate]
  • translate.google.ru [Translate]
  • translate.google.com.br [Translate]
  • translatoruser.net [Translate]
  • www.microsofttranslator.com [Translate]
  • web.archive.org [Cache/Archive]
  • www.translate.ru [Translate]
  • www.proxyit.cc [Proxy]
  • www.s-translation.jp [Translate]
  • cloudflare.works [Admin Configuration of Apps on Cloudflare]
  • yandex.ru [Translate and Cache]
  • dakwak.com [Translate]
  • Web caches and other [Google “Cache:”, other]

For my properties, I primarily receive this message from the Adsense console due to translation services accessing the site and pulling my Adsense code through to their front-end.  Generally, it is not a good idea to add translation services, caches, and proxies to your Adsense account. Although depending on the number of readers you have translating your site, you could gain a few extra percent of ad revenue. This does, however, come with some major risks which may outweigh the small percentage of revenue gain you could see from these new domains.

Within the Adsense Sites configuration [Adsense > Sites > Overview] you can control the list of sites your code appears on. 

This feature was added as a way to protect your account from “malicious use of your ad code by others”. The sites in your sites list are the only sites that are permitted to use your ad code. If a site displaying your ad code is not on your list of sites, then no ads will show on that site.

Malicious use of your ad code could include generating false clicks on your site for the purpose of harming your Adsense account, revenue, and reputation. A malicious actor might include a competitor or someone else looking to harm your site for their own financial gain.

By enabling translation sites, caches,  and proxies to display your ad code, you open your account be displayed alongside content you might not control. Malicious actors could serve up your ad code alongside restricted content creating negative marks on your Adsense account.  Because Proxies are known to be couriers of less desirable internet content (and thus are disallowed by Adsense ToS), I would never risk adding a proxy domain to my AdSense account. Auto-translating sites are a risk as well due to the poor quality of the translations. In most cases, auto-translated content is considered low-quality by Adsesnse. Because caches are often a direct mirror of your content they carry a smaller risk of being low-quality or malicious, but for most, the risk likely doesn’t outweigh the payoff.