Welcome to WebmasterWorld Guest from 54.146.59.202

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

Server Farms - April 2014

Tracking and Reporting Data Center IP Ranges

     
6:51 pm on Apr 4, 2014 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Continuation of the Server Farm threads.

This is where we report data center IP ranges as they are discovered or change in the rapidly evolving assigned IP landscape.

Past server farm threads:

10:01 am on Jun 4, 2014 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month





@blend

Yup, I've had 69.12.64.0/19 and all other Quadranet ranges blocked for a while now.

RE: DigitalFyre 23.95.92.0/22 is inside ColoCrossing:
23.94.0.0 - 23.95.255.255
23.94.0.0/15
7:32 pm on Jun 6, 2014 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month





Never seen this company before. Anyone have any more?

VPSLand
64.186.128.0 - 64.186.159.255
64.186.128.0/19
8:20 pm on Jun 8, 2014 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Been blocking that range since at least 2010, he said smugly. :)

All I have are:

64.186.128.0 - 64.186.159.255
65.75.240.0 - 65.75.255.255
10:53 pm on Jun 8, 2014 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month





Thanks dstiles
7:12 pm on Jun 10, 2014 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



New one on me:

199.33.120.0/21 Rebel Hosting

(location: Folsom CA, which will provoke merriment in some quarters)
5:44 pm on Jun 12, 2014 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



Found while looking up a botnet at 107.181.155.77:

107.181.128.0/19
Free lookup doesn't take me beyond "something hinky", with various references to Netherlands, Choopa, Vivid et cetera ad lib. Can anyone shed further light?
6:28 pm on Jun 12, 2014 (gmt 0)

WebmasterWorld Administrator 5+ Year Member Top Contributors Of The Month



I see:
RIJX NET-107-181-152-0-1 (NET-107-181-152-0-1) 107.181.152.0 - 107.181.155.255

in Vivid LLC VIVID-4 (NET-107-181-128-0-1) 107.181.128.0 - 107.181.159.255
6:43 pm on Jun 12, 2014 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Found while looking up a botnet at 107.181.155.77:

107.181.128.0/19
Free lookup doesn't take me beyond "something hinky", with various references to Netherlands, Choopa, Vivid et cetera ad lib. Can anyone shed further light?

belongs to: kgovps.com

They say... "We do Virtual Servers, in the following locations
New Zealand, Australia, Italy, United Kingdom, Las Vegas, Atlanta, Los Angeles"

...so there almost certainly will be more ranges :)

[added] This seems to be connected to another company: iniz.com which offers the usual biz datacenter services. Their ranges are (as of yet) unknown. Anyone?

[more added] iniz.com seems to be leasing ranges from CloudFlareNet:
108.162.192.0 - 108.162.255.255
108.162.192.0/18
9:23 pm on Jun 12, 2014 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



I have several ranges for Vivid Hosting. I wonder if these are connected?
7:38 am on Jun 13, 2014 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month




Couple new ones for me:

fubra.com
87.124.0.0 - 87.125.255.255
87.124.0.0/15

istanbuldc.com
31.210.127.0 - 31.210.127.255
31.210.127.0/24
8:13 pm on Jun 13, 2014 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



31.210.127.0/24 is part of RADORE at 31.210.64.0 - 31.210.127.255 but I actually block right down to 31.210.32.0.
9:09 pm on Jun 13, 2014 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



but I actually block right down to 31.210.32.0.

Good, that also takes care of:

MarsGloball
31.210.63.0 - 31.210.63.25
31.210.63.0/24

And other spots in the remaining range I have noted as "pests"
10:32 pm on Jun 13, 2014 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Hmmm... right in the middle of updating post and it timed out. Was going to add the other MarsGloball ranges. No need I guess.
6:54 pm on Jun 18, 2014 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month





New one for me:

Crystone
83.168.192.0 - 83.168.255.255
83.168.192.0/18

Tried to crawl all (2k) HTML files on my server, changing UA each time. No commonalities besides IP address.
8:17 pm on Jun 19, 2014 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



Free lookup says February but I can't find any earlier posts:

107.183
Enzu
(botnet at 107.183.69.130)
9:04 pm on Jun 19, 2014 (gmt 0)

WebmasterWorld Senior Member hobbs is a WebmasterWorld Top Contributor of All Time 10+ Year Member



103.246.88.0/22 pacificlinktel .com
109.71.40.0/21 ptisp .pt
111.67.0.0/19 web24 .com.au
141.138.192.0/20 xl-is .net
146.185.160.0/21 digitalocean .com
174.140.192.0/18 colocation america
178.170.164.0/23 dom-tel .ru
188.227.176.0/21 redstation .com
190.228.29.0/24 elserver .com
192.254.64.0/20 dacentec .com
193.9.250.0/23 ohoster hosting
194.247.28.0/23 romanelliproject .com
195.78.32.0/23 posluh .hr
197.221.48.0/22 hetzner .co.za
2.232.0.0/13 fastweb .it
212.7.216.0/21 dediserv .eu
212.92.23.0/24 ahrt .hu
212.94.96.0/19 webstream
31.7.184.0/21 core-backbone .com
37.157.192.0/21 wedos .com
41.204.205.0/24 hetzner .co.za
5.250.176.0/20 rainhost .gr
62.197.128.0/19 sitebytes .nl
67.23.224.0/19 hostdime .com
75.98.160.0/20 a2hosting .com
76.72.240.0/20 neptunonetworks .com
77.245.64.0/20 redstation .com
79.99.164.0/22 planet-work .com
82.220.0.0/16 hosttech .eu
91.149.157.0/24 hoster .by
91.200.40.0/22 hvosting .ua
93.190.88.0/21 servado .de
94.142.216.0/22 erdenreich .net
95.85.56.0/21 digitalocean .com

just the few I had time to google check for not being listed here
1:42 am on Jun 20, 2014 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Good stuff, thanks Hobbs
5:04 am on Jun 20, 2014 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



@Hobbs,

That hetzner 41.204.205.0/24 is inside of:
41.204.192.0 - 41.204.223.255
41.204.192.0/19

That digitalocean 146.185.160.0/21 is inside of:
146.185.128.0 - 146.185.191.255
146.185.128.0/18

That Redstation 188.227.176.0/21 is inside of:
188.227.160.0 - 188.227.191.255
188.227.160.0/19

Lots more like this. If you check both sides of a range, often you'll find they extend farther than the info given in an initial look-up.
8:45 pm on Jun 22, 2014 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



Another one that doesn't come up in searches:

170.130
ServerHub/Eonix

Free lookup says November; I think the range used to belong to someone else.

199.195.248.0/21
I don't know who or what FranTech is, but they appear to be servers.

And finally (I hope):
23.227.96.0/19
KVC Hosting

It's been a busy few days for the "contact" botnet (pattern: one random page blocked for bogus referer, followed by contact page not subject to same referer blocks).
9:12 pm on Jun 22, 2014 (gmt 0)

WebmasterWorld Administrator 5+ Year Member Top Contributors Of The Month



I see that EONIX as 170.130.0.0 - 170.130.255.255 in Dallas
and FranTech as some outfit in Wyoming, but the PONYNET is in CA and it looks like servers, yup.
199.195.248.0 - 199.195.255.255
199.195.248.0/21
This doesn't add anything except the range for those of us who can't see it from the CIDR..

I have some other new stuff to add, but it is scattered right now, hope to get it together by this evening.
12:01 am on Jun 23, 2014 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



199.195.248.0/21
I don't know who or what FranTech is, but they appear to be servers.

They're a recent server farm start-up currently operating under the brand: BuyVM
frantech.ca

Thanks... had the others :)
7:21 pm on Jun 23, 2014 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month





Here's one that's been sending a few pests lately:

Choopa
108.61.0.0 - 108.61.255.255
108.61.0.0/16
11:47 am on Jun 26, 2014 (gmt 0)

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



keyplr noted one range on April 8th.

Here are their shown ranges (fairly small):

CONTINA 155.254.192.0 - 155.254.255.255 155.254.192.0/18
CONTINA 107.181.64.0 - 107.181.79.255 107.181.64.0/20
CONTINA 167.160.96.0 - 167.160.127.255 167.160.96.0/19
7:11 pm on Jun 26, 2014 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month





dcsmanage
205.209.128.0 - 205.209.191.255
205.209.128.0/18
2:40 pm on Jun 29, 2014 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Newly registered. SQL Injection attempts from 23.227.196.30

NetRange: 23.227.192.0 - 23.227.207.255
CIDR: 23.227.192.0/20
NetName: SWIFTWAY-7
9:26 pm on Jun 29, 2014 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



If it's got "Datacenter" in the name, can we assume it won't be sending a lot of humans? One-off robot from 80.72.9.5
looks like
80.72.0.0/20
Teknik i Media Datacenter (Sweden)


Now, since I'd previously blocked
80.72.32.0/20
(Polish robots of some description)
this put me in hopes of filling gaps.
80.72.16.0/20
is Russia, undetermined. Free lookup says ambiguously "Address Space For Linkstar Network" which could mean anything. And unfortunately
80.72.48.0/20
is Telecom Liechtenstein, which sounds fairly human.

Darn.
9:49 pm on Jun 29, 2014 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month





etop.pl is hosting
80.72.32.0 - 80.72.36.255
10:13 pm on Jun 29, 2014 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



32-36? Odd range. What's the remaining 37-47?

Elsewhere:
162.253.144.0/21
Apparently SoftLayer, or a sublet thereof. Robot that happily was locked out on UA grounds even though I didn't know the IP. Would have slipped by unnoticed if it hadn't asked for errorstyles.css, which is exempt from blocking.

This whole neighborhood is fairly recent assignments-- within the last 6 months, mostly-- so I looked up some others. Tentatively:
162.253.128.0/22
Amanah (Canada)
162.253.132.0/22
CyberLynk
162.253.136.0/21
Allstream (Canada-- I'll assume these to be human unless & until it's proven against them)
..
162.253.152.0/22
Reprise Hosting
162.253.156.0/22
ISPrime
162.253.160.0/21
XHop (ymmv, but for me "Hop" is one of those name elements like "Rack" that inspires distrust in advance)
12:59 am on Jun 30, 2014 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month





32-36? Odd range. What's the remaining 37-47?


80.72.32.0 - 80.72.47.255 is also etop... thus 80.72.32.0/20 :)

I wasn't disagreeing with you about the /20, only that the 80.72.32.0 - 80.72.36.255 span is hosting. What etop does with the rest is unknown.
1:07 am on Jun 30, 2014 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



I have 162.253.144.0/21 as arvixe.com (hosting)


162.253.160.0/21
XHop (ymmv, but for me "Hop" is one of those name elements like "Rack" that inspires distrust in advance)


Not to mention that XHop is based in Henderson, Nevada where server racks adorn the desert landscape!
This 193 message thread spans 7 pages: 193
 

Featured Threads

Hot Threads This Week

Hot Threads This Month