Allow listing of ranges by Whois match

[splitice]

If we ever wanted to support having ip ranges in our database we should (at-least) support an expression format to reduce drift.

When querying an example of a VPN address that is difficult to include:

# whois 91.217.249.138
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See https://docs.db.ripe.net/terms-conditions.html

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '91.217.249.0 - 91.217.249.255'

% Abuse contact for '91.217.249.0 - 91.217.249.255' is 'abuse-reports@vpnconsumer.com'

inetnum:        91.217.249.0 - 91.217.249.255
netname:        FRANKFURT-AM-MAIN-DE-91-217-249-0
country:        DE
geoloc:         50.1230871 8.6363284
geofeed:        https://www.prefixbroker.com/prefixbroker-geofeed.csv
org:            ORG-VCFG2-RIPE
admin-c:        VCAR3-RIPE
tech-c:         VCAR3-RIPE
status:         ASSIGNED PA
mnt-by:         PREFIXBROKER-MNT
created:        2023-09-25T08:06:59Z
last-modified:  2024-05-22T04:22:23Z
source:         RIPE

organisation:   ORG-VCFG2-RIPE
org-name:       VPN Consumer Frankfurt, Germany
org-type:       OTHER
address:        Frankfurt, Germany
country:        DE
abuse-c:        VCAR3-RIPE
mnt-ref:        PREFIXBROKER-MNT
mnt-by:         PREFIXBROKER-MNT
created:        2023-12-11T12:09:16Z
last-modified:  2024-01-03T08:25:12Z
source:         RIPE # Filtered

role:           VPN Consumer Abuse Role
address:        AZ Business Center
address:        Avenida Perez Chitre
address:        Panama, 00395
address:        Republica de Panama
nic-hdl:        VCAR3-RIPE
abuse-mailbox:  abuse-reports@vpnconsumer.com
mnt-by:         PREFIXBROKER-MNT
created:        2023-11-22T08:33:27Z
last-modified:  2023-11-22T08:33:27Z
source:         RIPE # Filtered

% Information related to '91.217.249.0/24AS206092'

route:          91.217.249.0/24
origin:         AS206092
mnt-by:         PREFIXBROKER-MNT
created:        2024-03-08T05:43:29Z
last-modified:  2024-03-08T05:43:29Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.114 (BUSA)

Note how there is an abuse mailbox for the VPN provider? This is probably one of the better fields to match on.

An expression like whois_ripe 91.217.249.0/24 abuse-mailbox abuse-reports@vpnconsumer.com could serve as the entry within our database. When specifying a range the first element of the range should be queried (e.g .0 in this case)

We don't need to hit whois servers necessarily. There are processable databases available for RIPE and APNIC that I am aware of:

• https://ftp.ripe.net/ripe/dbase/
• https://ftp.apnic.net/apnic/whois/
• ARIN: does not provide

This is probably not essential at this stage.

We would need to use a storage mechanism (artifact, cache or release) to store data relating to the last time this was checked. There is serious rate limits on whois.

Likely this job should run on a schedule instead of on a commit and re-check everything once per month. Limiting itself to say 50 queries in sequence to prevent peaks. When complete if anything has changed it can then make a commit to input/vpn/ips/whois.txt if there are any changes.

[splitice]

Free VPNS that use servers not contained in this list (as per #64):

• TunnelBear
• FreeVPN by [FreeVPN.org] (some servers) (IOS)
• X-VPN by Free Connected Limited (IOS)
• VPN 360: Fast & Private Proxy by Pango GmbH (IOS)
• VPN Master - Unlimited VPN by All Connected Co.,Ltd (IOS)
• VPN Hotspot Shield: Fast Proxy by AnchorFree Inc. (IOS)

Also missing:

• Expressvpn