Create Task
Maniphest T103

Update source database files and build new installer
Closed, ResolvedPublic
Actions

Description

Dennis wrote:

I use Karen’s WHOIS program to see what “Malewarebytes” is telling me are trojans, PUPs, etc. but the definitions are not up to date as can be seen by inputting the IP address:

WhoIs Lookup performed by Karen's WhoIs
http://www.karenware.com/

No Default Regional Internet Registry was found for IP Address.

This may mean the IP Address has not yet been allocated to any RIR, and should not be used on the Internet.

If this address has been used on the public Internet, it may mean this program's 'C:\ProgramData\Karen's Power Tools\WhoIs\RirInfo2.dat' file is out
of-date.  You are using version 2008/08/29 17:45:15
  1. WhoIs.txt has been updated already and is available at http://webupdate.karenware.com/whois/whois.txt
  2. RirInfo2.txt needs to be fixed. ARIN doesn't seem to have an original file matching the format.

It might be possible to use recursive queries of whois.arin.net to do this.

For instance, if I search whois.arin.net instead of Default RIR Server I find that whois.ripe.net is the authority, then I search it:

WhoIs Lookup performed by Karen's WhoIs
http://www.karenware.com/

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/whois_reporting/index.html
#
# Copyright 1997-2018, American Registry for Internet Numbers, Ltd.
#


NetRange:       185.0.0.0 - 185.255.255.255
CIDR:           185.0.0.0/8
NetName:        RIPE-185
NetHandle:      NET-185-0-0-0-1
Parent:          ()
NetType:        Allocated to RIPE NCC
OriginAS:       
Organization:   RIPE Network Coordination Centre (RIPE)
RegDate:        2011-01-04
Updated:        2011-02-08
Comment:        These addresses have been further assigned to users in
Comment:        the RIPE NCC region. Contact information can be found in
Comment:        the RIPE database at http://www.ripe.net/whois
Ref:            https://rdap.arin.net/registry/ip/185.0.0.0

ResourceLink:  https://apps.db.ripe.net/search/query.html
ResourceLink:  whois.ripe.net


OrgName:        RIPE Network Coordination Centre
OrgId:          RIPE
Address:        P.O. Box 10096
City:           Amsterdam
StateProv:      
PostalCode:     1001EB
Country:        NL
RegDate:        
Updated:        2013-07-29
Ref:            https://rdap.arin.net/registry/entity/RIPE

ReferralServer:  whois://whois.ripe.net
ResourceLink:  https://apps.db.ripe.net/search/query.html

OrgAbuseHandle: ABUSE3850-ARIN
OrgAbuseName:   Abuse Contact
OrgAbusePhone:  +31205354444 
OrgAbuseEmail:  abuse@ripe.net
OrgAbuseRef:    https://rdap.arin.net/registry/entity/ABUSE3850-ARIN

OrgTechHandle: RNO29-ARIN
OrgTechName:   RIPE NCC Operations
OrgTechPhone:  +31 20 535 4444 
OrgTechEmail:  hostmaster@ripe.net
OrgTechRef:    https://rdap.arin.net/registry/entity/RNO29-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/whois_reporting/index.html
#
# Copyright 1997-2018, American Registry for Internet Numbers, Ltd.
#
WhoIs Lookup performed by Karen's WhoIs
http://www.karenware.com/

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '185.244.25.128 - 185.244.25.255'

% Abuse contact for '185.244.25.128 - 185.244.25.255' is 'abuse@kvsolutions.nl'

inetnum:        185.244.25.128 - 185.244.25.255
netname:        VPS_Customers_KV_Solutions
descr:          Virtual Private Servers Customers - KV Solutions B.V.
country:        NL
admin-c:        AK18811-RIPE
tech-c:         AK18811-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-KVSOLUTIONS
created:        2018-03-28T16:24:45Z
last-modified:  2018-03-28T16:26:34Z
source:         RIPE

person:         Angelo Kreikamp
address:        Parelplein 31
address:        4337 MT
address:        Middelburg
address:        NETHERLANDS
phone:          +310118370473
nic-hdl:        AK18811-RIPE
mnt-by:         nl-kvsolutions-nl-1-mnt
created:        2018-01-30T13:35:20Z
last-modified:  2018-01-30T13:35:21Z
source:         RIPE

% Information related to '185.244.25.0/24AS60355'

route:          185.244.25.0/24
origin:         AS60355
mnt-by:         MNT-KVSOLUTIONS
created:        2018-07-16T20:29:44Z
last-modified:  2018-07-16T20:29:44Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.92.6 (HEREFORD)

Related Objects
Search...

Joe created this task.Nov 17 2018, 12:23 PM
Joe created this object in space S5 Public.
Joe triaged this task as High priority.
Joe created this object with visibility "Public (No Login Required)".
Joe updated the task description. (Show Details)
Joe updated the task description. (Show Details)
Joe added a comment.Tue, Dec 4, 3:34 PM

Forced use of first whois server on IP Address lookups.

Joe closed this task as Resolved.Wed, Dec 5, 8:29 PM

Did not actually rebuild the RIR database because Karen's original source from MIT isn't still available. I could rebuild the file from less convenient sources, but enabling recursive queries through whois.arin.net fixed the operational situation.

Joe moved this task from Backlog to v2.7 Released 2018-12-05 on the WhoIs board.Wed, Dec 5, 8:31 PM
Joe edited projects, added WhoIs (v2.7 Released 2018-12-05); removed WhoIs.
www.KarenWare.com · Phabricator was built by Phacility