homepage Welcome to WebmasterWorld Guest from 54.205.144.231
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

This 193 message thread spans 7 pages: < < 193 ( 1 2 3 [4] 5 6 7 > >     
Server Farms - April 2014
Tracking and Reporting Data Center IP Ranges
incrediBILL




msg:4660480
 6:51 pm on Apr 4, 2014 (gmt 0)

Continuation of the Server Farm threads.

This is where we report data center IP ranges as they are discovered or change in the rapidly evolving assigned IP landscape.

Past server farm threads:


 

keyplyr




msg:4677369
 10:01 am on Jun 4, 2014 (gmt 0)



@blend

Yup, I've had 69.12.64.0/19 and all other Quadranet ranges blocked for a while now.

RE: DigitalFyre 23.95.92.0/22 is inside ColoCrossing:
23.94.0.0 - 23.95.255.255
23.94.0.0/15

keyplyr




msg:4678073
 7:32 pm on Jun 6, 2014 (gmt 0)



Never seen this company before. Anyone have any more?

VPSLand
64.186.128.0 - 64.186.159.255
64.186.128.0/19

dstiles




msg:4678354
 8:20 pm on Jun 8, 2014 (gmt 0)

Been blocking that range since at least 2010, he said smugly. :)

All I have are:

64.186.128.0 - 64.186.159.255
65.75.240.0 - 65.75.255.255

keyplyr




msg:4678368
 10:53 pm on Jun 8, 2014 (gmt 0)



Thanks dstiles

lucy24




msg:4678837
 7:12 pm on Jun 10, 2014 (gmt 0)

New one on me:

199.33.120.0/21 Rebel Hosting

(location: Folsom CA, which will provoke merriment in some quarters)

lucy24




msg:4679419
 5:44 pm on Jun 12, 2014 (gmt 0)

Found while looking up a botnet at 107.181.155.77:

107.181.128.0/19
Free lookup doesn't take me beyond "something hinky", with various references to Netherlands, Choopa, Vivid et cetera ad lib. Can anyone shed further light?

not2easy




msg:4679439
 6:28 pm on Jun 12, 2014 (gmt 0)

I see:
RIJX NET-107-181-152-0-1 (NET-107-181-152-0-1) 107.181.152.0 - 107.181.155.255

in Vivid LLC VIVID-4 (NET-107-181-128-0-1) 107.181.128.0 - 107.181.159.255

keyplyr




msg:4679442
 6:43 pm on Jun 12, 2014 (gmt 0)

Found while looking up a botnet at 107.181.155.77:

107.181.128.0/19
Free lookup doesn't take me beyond "something hinky", with various references to Netherlands, Choopa, Vivid et cetera ad lib. Can anyone shed further light?

belongs to: kgovps.com

They say... "We do Virtual Servers, in the following locations
New Zealand, Australia, Italy, United Kingdom, Las Vegas, Atlanta, Los Angeles"

...so there almost certainly will be more ranges :)

[added] This seems to be connected to another company: iniz.com which offers the usual biz datacenter services. Their ranges are (as of yet) unknown. Anyone?

[more added] iniz.com seems to be leasing ranges from CloudFlareNet:
108.162.192.0 - 108.162.255.255
108.162.192.0/18

dstiles




msg:4679480
 9:23 pm on Jun 12, 2014 (gmt 0)

I have several ranges for Vivid Hosting. I wonder if these are connected?

keyplyr




msg:4679581
 7:38 am on Jun 13, 2014 (gmt 0)


Couple new ones for me:

fubra.com
87.124.0.0 - 87.125.255.255
87.124.0.0/15

istanbuldc.com
31.210.127.0 - 31.210.127.255
31.210.127.0/24

dstiles




msg:4679762
 8:13 pm on Jun 13, 2014 (gmt 0)

31.210.127.0/24 is part of RADORE at 31.210.64.0 - 31.210.127.255 but I actually block right down to 31.210.32.0.

keyplyr




msg:4679775
 9:09 pm on Jun 13, 2014 (gmt 0)

but I actually block right down to 31.210.32.0.

Good, that also takes care of:

MarsGloball
31.210.63.0 - 31.210.63.25
31.210.63.0/24

And other spots in the remaining range I have noted as "pests"

keyplyr




msg:4679794
 10:32 pm on Jun 13, 2014 (gmt 0)

Hmmm... right in the middle of updating post and it timed out. Was going to add the other MarsGloball ranges. No need I guess.

keyplyr




msg:4680894
 6:54 pm on Jun 18, 2014 (gmt 0)



New one for me:

Crystone
83.168.192.0 - 83.168.255.255
83.168.192.0/18

Tried to crawl all (2k) HTML files on my server, changing UA each time. No commonalities besides IP address.

lucy24




msg:4681299
 8:17 pm on Jun 19, 2014 (gmt 0)

Free lookup says February but I can't find any earlier posts:

107.183
Enzu
(botnet at 107.183.69.130)

Hobbs




msg:4681302
 9:04 pm on Jun 19, 2014 (gmt 0)

103.246.88.0/22 pacificlinktel .com
109.71.40.0/21 ptisp .pt
111.67.0.0/19 web24 .com.au
141.138.192.0/20 xl-is .net
146.185.160.0/21 digitalocean .com
174.140.192.0/18 colocation america
178.170.164.0/23 dom-tel .ru
188.227.176.0/21 redstation .com
190.228.29.0/24 elserver .com
192.254.64.0/20 dacentec .com
193.9.250.0/23 ohoster hosting
194.247.28.0/23 romanelliproject .com
195.78.32.0/23 posluh .hr
197.221.48.0/22 hetzner .co.za
2.232.0.0/13 fastweb .it
212.7.216.0/21 dediserv .eu
212.92.23.0/24 ahrt .hu
212.94.96.0/19 webstream
31.7.184.0/21 core-backbone .com
37.157.192.0/21 wedos .com
41.204.205.0/24 hetzner .co.za
5.250.176.0/20 rainhost .gr
62.197.128.0/19 sitebytes .nl
67.23.224.0/19 hostdime .com
75.98.160.0/20 a2hosting .com
76.72.240.0/20 neptunonetworks .com
77.245.64.0/20 redstation .com
79.99.164.0/22 planet-work .com
82.220.0.0/16 hosttech .eu
91.149.157.0/24 hoster .by
91.200.40.0/22 hvosting .ua
93.190.88.0/21 servado .de
94.142.216.0/22 erdenreich .net
95.85.56.0/21 digitalocean .com

just the few I had time to google check for not being listed here
keyplyr




msg:4681372
 1:42 am on Jun 20, 2014 (gmt 0)

Good stuff, thanks Hobbs

keyplyr




msg:4681403
 5:04 am on Jun 20, 2014 (gmt 0)

@Hobbs,

That hetzner 41.204.205.0/24 is inside of:
41.204.192.0 - 41.204.223.255
41.204.192.0/19

That digitalocean 146.185.160.0/21 is inside of:
146.185.128.0 - 146.185.191.255
146.185.128.0/18

That Redstation 188.227.176.0/21 is inside of:
188.227.160.0 - 188.227.191.255
188.227.160.0/19

Lots more like this. If you check both sides of a range, often you'll find they extend farther than the info given in an initial look-up.

lucy24




msg:4681914
 8:45 pm on Jun 22, 2014 (gmt 0)

Another one that doesn't come up in searches:

170.130
ServerHub/Eonix

Free lookup says November; I think the range used to belong to someone else.

199.195.248.0/21
I don't know who or what FranTech is, but they appear to be servers.

And finally (I hope):
23.227.96.0/19
KVC Hosting

It's been a busy few days for the "contact" botnet (pattern: one random page blocked for bogus referer, followed by contact page not subject to same referer blocks).

not2easy




msg:4681917
 9:12 pm on Jun 22, 2014 (gmt 0)

I see that EONIX as 170.130.0.0 - 170.130.255.255 in Dallas
and FranTech as some outfit in Wyoming, but the PONYNET is in CA and it looks like servers, yup.
199.195.248.0 - 199.195.255.255
199.195.248.0/21
This doesn't add anything except the range for those of us who can't see it from the CIDR..

I have some other new stuff to add, but it is scattered right now, hope to get it together by this evening.

keyplyr




msg:4681931
 12:01 am on Jun 23, 2014 (gmt 0)

199.195.248.0/21
I don't know who or what FranTech is, but they appear to be servers.

They're a recent server farm start-up currently operating under the brand: BuyVM
frantech.ca

Thanks... had the others :)

keyplyr




msg:4682084
 7:21 pm on Jun 23, 2014 (gmt 0)



Here's one that's been sending a few pests lately:

Choopa
108.61.0.0 - 108.61.255.255
108.61.0.0/16

wilderness




msg:4683007
 11:47 am on Jun 26, 2014 (gmt 0)

keyplr noted one range on April 8th.

Here are their shown ranges (fairly small):

CONTINA 155.254.192.0 - 155.254.255.255 155.254.192.0/18
CONTINA 107.181.64.0 - 107.181.79.255 107.181.64.0/20
CONTINA 167.160.96.0 - 167.160.127.255 167.160.96.0/19

keyplyr




msg:4683094
 7:11 pm on Jun 26, 2014 (gmt 0)



dcsmanage
205.209.128.0 - 205.209.191.255
205.209.128.0/18

blend27




msg:4683730
 2:40 pm on Jun 29, 2014 (gmt 0)

Newly registered. SQL Injection attempts from 23.227.196.30

NetRange: 23.227.192.0 - 23.227.207.255
CIDR: 23.227.192.0/20
NetName: SWIFTWAY-7

lucy24




msg:4683809
 9:26 pm on Jun 29, 2014 (gmt 0)

If it's got "Datacenter" in the name, can we assume it won't be sending a lot of humans? One-off robot from 80.72.9.5
looks like
80.72.0.0/20
Teknik i Media Datacenter (Sweden)


Now, since I'd previously blocked
80.72.32.0/20
(Polish robots of some description)
this put me in hopes of filling gaps.
80.72.16.0/20
is Russia, undetermined. Free lookup says ambiguously "Address Space For Linkstar Network" which could mean anything. And unfortunately
80.72.48.0/20
is Telecom Liechtenstein, which sounds fairly human.

Darn.

keyplyr




msg:4683811
 9:49 pm on Jun 29, 2014 (gmt 0)



etop.pl is hosting
80.72.32.0 - 80.72.36.255

lucy24




msg:4683816
 10:13 pm on Jun 29, 2014 (gmt 0)

32-36? Odd range. What's the remaining 37-47?

Elsewhere:
162.253.144.0/21
Apparently SoftLayer, or a sublet thereof. Robot that happily was locked out on UA grounds even though I didn't know the IP. Would have slipped by unnoticed if it hadn't asked for errorstyles.css, which is exempt from blocking.

This whole neighborhood is fairly recent assignments-- within the last 6 months, mostly-- so I looked up some others. Tentatively:
162.253.128.0/22
Amanah (Canada)
162.253.132.0/22
CyberLynk
162.253.136.0/21
Allstream (Canada-- I'll assume these to be human unless & until it's proven against them)
..
162.253.152.0/22
Reprise Hosting
162.253.156.0/22
ISPrime
162.253.160.0/21
XHop (ymmv, but for me "Hop" is one of those name elements like "Rack" that inspires distrust in advance)

keyplyr




msg:4683832
 12:59 am on Jun 30, 2014 (gmt 0)



32-36? Odd range. What's the remaining 37-47?


80.72.32.0 - 80.72.47.255 is also etop... thus 80.72.32.0/20 :)

I wasn't disagreeing with you about the /20, only that the 80.72.32.0 - 80.72.36.255 span is hosting. What etop does with the rest is unknown.

keyplyr




msg:4683835
 1:07 am on Jun 30, 2014 (gmt 0)

I have 162.253.144.0/21 as arvixe.com (hosting)


162.253.160.0/21
XHop (ymmv, but for me "Hop" is one of those name elements like "Rack" that inspires distrust in advance)


Not to mention that XHop is based in Henderson, Nevada where server racks adorn the desert landscape!

keyplyr




msg:4683863
 9:04 am on Jun 30, 2014 (gmt 0)



box.com
74.112.184.0 - 74.112.187.255
74.112.184.0/22

uber.com.au
117.104.162.0 - 117.104.162.255
117.104.162.0/24

103.11.79.0 - 103.11.79.255
103.11.79.0/24

This 193 message thread spans 7 pages: < < 193 ( 1 2 3 [4] 5 6 7 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved