Server Farms 2026

Forum Moderators: open

Server Farms 2026

Continuing discussion of hosting and data center IP ranges

blend27

1:48 am on Jan 20, 2026 (gmt 0)

....Continuing discussion of 13 years of [webmasterworld.com...]

Lets Go!

blend27

2:59 am on Jan 20, 2026 (gmt 0)

So I have been playing with some 1,356,094 IPV4 rows of IPINFO.IO data(last month snapshot), Free addition.

Data is /24 fragmented like there was no NewYears this time around. Mil and a third seems to be accurate as far as I can tell.

With a large list of AS Numbers I have collected over the years that belong to Cloud/Hosting/Colocation that caused troubles in the past I was able to split that large .CSV into 3 "naive" MSSQL Server tables holding data that can be used in SQL Queries once per Session Request at the beginning.

1,356,094 rows sits as a BASE Ranges data, properly indexed-views lockups are less that 0.2s.

Once range is determined that one particular row of IP Data is moved into another sub-main table which get to be question first for the concurrent visitors from the same range.

In other words:

> 
ip lookup >> in sub-main table >>> 
if found = good, use that data.
if not found look up in BASE Ranges data >>> insert row into sub-main table for later use.

I am on a North American continent.. so out of 1,356,094 rows Me Only tenders to certain countries to access the sites I manage. Some sites on a North American continent, some coupled with South American Continent, some coupled with "preferred" EU IP ranges. Some sites run Home brewed Captcha for some Central Asia rangers when it makes sense.

There is also ip2Location and FTP IP data from major sources, that is used as well for compartment.

But above all that are HTTP Headers logic witch pretty much stops 1/3 of unwanted traffic before it even gets to IP Data. Logging Headers data from legitimated devices(i think they are but not sometimes or always) and writing code to confront "maybe not" wanted is a task of its own.

But it is fun...

IIS URLRewrite2 Bonus:


 <rule name="HTTP_USER_AGENT Unwanted Bot Blocking" stopProcessing="true">
 <match url=".*" ignoreCase="true" />
 <conditions logicalGrouping="MatchAll">
 <!-- Google -->
 <add input="{HTTP_USER_AGENT}" negate="true"
 pattern="^.*(GoogleBot/2\.1|AdsBot-Google|Google-Read-Aloud|Googlebot-Image|Google-Site-Verification|Google-Adwords-DisplayAds|Google-AdWords-Express|Google-Adwords-DisplayAds-WebRender).*" />
 <add input="{HTTP_USER_AGENT}" negate="true"
 pattern="^.*(mediapartners-google|googleimageproxy).*"
 />
 <!-- Yahoo Email Fetcher -->
 <add input="{HTTP_USER_AGENT}" negate="true"
 pattern="^.*(YahooMailProxy).*"
 />
 <!-- Bing -->
 <add input="{HTTP_USER_AGENT}" negate="true"
 pattern="^.*(BingBot|msnbot).*"
 />
 <!-- Duck Papa, Duck, we all know..... -->
 <add input="{HTTP_USER_AGENT}" negate="true"
 pattern="^.*(DuckDuckGo).*"
 />
 <!-- applebot -->
 <add input="{HTTP_USER_AGENT}" negate="true"
 pattern="^.*(applebot).*"
 />
 <!-- Other Maybe useful bots -->
 <add input="{HTTP_USER_AGENT}" negate="true"
 pattern="^.*(Facebot|facebookexternalhit|Twitterbot|WhatsApp|TelegramBot).*"
 />
 <add input="{HTTP_USER_AGENT}" negate="true"
 pattern="^.*(Slackbot-LinkExpanding).*"
 />
 <!-- Here comes the fury -->
 <add input="{HTTP_USER_AGENT}" negate="false"
 ignoreCase="true"
 pattern="^.*(Mozlila|seo|Yan|http|\.com|\.net|\.io|test|curl|python|bot|crawl|scanner|spider|java|Bloglines|Researchscan|zoominfo|Survey|Agent|Nimbostratus|coccoc|zgrab|client|Expanse|package|price|ichiro|baidu|yanga|copyright).*"
 />
 </conditions>
 <action type="AbortRequest" /> 
 <!-- <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" /> -->
 <!-- <action type="Rewrite" url="/rewritten?rewrite=bad-bot" appendQueryString="true" /> -->
 </rule>

.. in 2026

blend27

2:20 pm on Jan 27, 2026 (gmt 0)

Seems like several servers are compromised sending out WP- Scan requests out to other sites...

Florian Kolb
datalix.de
AS58087 DE

109.71.252.0/24
109.71.252.0 - 109.71.252.255

176.100.36.0/23
176.100.36.0 - 176.100.37.255

176.100.39.0/24
176.100.39.0 - 176.100.39.255

185.14.92.0/24
185.14.92.0 - 185.14.92.255

194.15.36.0/24
194.15.36.0 - 194.15.36.255

37.114.37.0/24
37.114.37.0 - 37.114.37.255

37.114.46.0/24
37.114.46.0 - 37.114.46.255

37.114.50.0/24
37.114.50.0 - 37.114.50.255

37.114.63.0/24
37.114.63.0 - 37.114.63.255

37.221.93.0/24
37.221.93.0 - 37.221.93.255

45.11.229.0/24
45.11.229.0 - 45.11.229.255

45.13.225.0/24
45.13.225.0 - 45.13.225.255

45.131.64.0/24
45.131.64.0 - 45.131.64.255

45.133.74.0/24
45.133.74.0 - 45.133.74.255

45.86.155.0/24
45.86.155.0 - 45.86.155.255

45.90.98.0/23
45.90.98.0 - 45.90.99.255

46.247.108.0/23
46.247.108.0 - 46.247.109.255

5.253.247.0/24
5.253.247.0 - 5.253.247.255

89.144.37.0/24
89.144.37.0 - 89.144.37.255

92.118.206.0/24
92.118.206.0 - 92.118.206.255

blend27

8:11 pm on Feb 15, 2026 (gmt 0)

Fresh on 2026!

Omegatech LTD -- AS202412 -- omegatech.sc

45.74.40.0/24 -- AL
94.26.38.0/24 -- BG
91.92.240.0/24 -- DE
158.94.208.0/24 -- DE
178.16.52.0/24 -- DE
178.16.53.0/24 -- NL
178.16.54.0/23 -- NL
158.94.209.0/24 -- NL (files are here --;)---)
158.94.210.0/23 -- NL
91.92.241.0/24 -- NL
91.92.242.0/23 -- NL
45.132.180.0/24 -- NL
94.154.35.0/24 -- NL
146.19.125.0/24 -- TR

blend27

1:54 pm on Feb 21, 2026 (gmt 0)

InsideNetwork ( LT - AS215476 )
77.90.185.0 - 77.90.185.255
77.90.185.0/24

Several scrape attempts from 3 IPs over past month using self-referrer.

not2easy

3:27 pm on Feb 21, 2026 (gmt 0)

Small DE range looking for WP stuff on html site, netname: DE-3XKTECHGMBH-20170616
65.111.0.0 - 65.111.31.255
65.111.11.0/24