Mystery CDN
Filip Hruska
fhr at fhrnet.eu
Wed Jun 17 17:54:57 UTC 2020
Using Shodan, we can find other nodes belonging to the same CDN by
searching for "FP6.1.1866.55", which is conveniently present in the
"Server" HTTP header.
Skimming through the results, it would appear most of the nodes are on
the Level 3 network. Picking one non-Level3 node at random
(192.67.191.173) and doing an rDNS lookup reveals the following:
173.191.67.192.in-addr.arpa. 3600 IN PTR
LEVEL3-CDN-192-67-191-173.de.kpn-eurorings.net.
There's your answer. "Level 3 CDN".
Kind Regards,
Filip Hruska
On 6/17/20 6:09 PM, Justin Oeder wrote:
> Former Level3 operates a CDN. Might be worth looking into.
>
> On Wed, Jun 17, 2020, 11:43 AM Stephen Satchell <list at satchell.net
> <mailto:list at satchell.net>> wrote:
>
> On 6/17/20 8:29 AM, Clinton Work wrote:
> > I'm struggling to determine which CDN owns the servers in
> CenturyLink prefix 8.240.0.0/12 <http://8.240.0.0/12>. During
> the Call of Duty Season 4 update on June 11th from 06:00 UTC until
> 08:30 UTC, we had 240 Gbps of traffic steaming into our network
> from CenturyLink prefix 8.240.0.0/12 <http://8.240.0.0/12>. We
> originally thought it was Akamai, but they swear up and down that
> the servers don't belong to them.
> >
> > Here are some of the HTTP/HTTPS servers in 8.240.0.0/12
> <http://8.240.0.0/12>:
> > 8.253.151.248
> > 8.251.135.126
> > 8.240.167.126
> > 8.240.228.126
> > 8.240.168.126
> > 8.240.126.254
> > 8.240.191.254
>
> You might ask Level3.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200617/4bde7a90/attachment.html>
More information about the NANOG
mailing list