Is there a way to know if an IP or series of them belong to a government agency?

Post your general questions about IP address here.
ForTheTimeBeing
Junior Member
Posts: 9
Joined: Wed Sep 06, 2017 5:36 am

Is there a way to know if an IP or series of them belong to a government agency?

Post by ForTheTimeBeing » Wed Sep 06, 2017 6:10 am

Greetings,

Our web site is plagued by mysterious 'visitors' who consistently get no further than the home page. All of these 'visitors' have IP addresses beginning with 138.197 via Digital Ocean. The remaining IP numerals vary, all of the 'visitors' are shown as coming from Wilmington, Delaware, with no referrer. The browsers and operating systems vary. No, I am unaware of any 'cult' following, least of all in Wilmington, DE. I am aware that the FBI has a branch there. Is there any way to know whether this is some bizarre government snooping? There's absolutely nothing of interest to them on the site, least of all on the home page, so I cannot guess why they would be bothering themselves 5-7 times a week making pointless visits using different computers.

Any guess what may be going on here?

Thanks.

User avatar
Chrispcritters
Forum Administrator
Posts: 2273
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: Is there a way to know if an IP or series of them belong to a government agency?

Post by Chrispcritters » Wed Sep 06, 2017 7:27 am

Digital Ocean provides host/cloud services so it could be some form of crawler, CDN, malware, scraper, or something like that.

Are you willing to provide at least one complete IP address?
Founder and Chief Marketing Technologist of WhatIsMyIPAddress.com.
You can follow me on Facebook and Twitter for some behind the scenes info.

ForTheTimeBeing
Junior Member
Posts: 9
Joined: Wed Sep 06, 2017 5:36 am

Re: Is there a way to know if an IP or series of them belong to a government agency?

Post by ForTheTimeBeing » Wed Sep 06, 2017 7:49 am

Sure, no reason to keep them secret at all:

138.197.11.136
138.197.111.36
138.197.111.102
138.197.111.122
138.197.111.50
138.197.6.74
138.197.111.84
138.197.71.243
138.197.96.249
138.197.111.31

That's just going back about a month. Many of these make multiple 'visits' in a day or a given week. I'd be happy to make whoever is behind these pseudo visits stop. Is there a way of blocking a string of IP's?

Thanks.

lisati
Active Member
Posts: 1100
Joined: Fri Apr 15, 2011 2:25 pm
Location: Porirua, New Zealand

Re: Is there a way to know if an IP or series of them belong to a government agency?

Post by lisati » Wed Sep 06, 2017 2:27 pm

There seems to have been a botnet or similar using one or more of the IP addresses. For example, see https://www.spamhaus.org/sbl/query/SBL369160

sanjmeh
New Member
Posts: 2
Joined: Thu Sep 07, 2017 12:03 am

Re: Is there a way to know if an IP or series of them belong to a government agency?

Post by sanjmeh » Thu Sep 07, 2017 12:17 am

I have a similar question. Since I risk a duplicate question I raise it here first, to see if lisati is able to point me to the right direction.

My database server gets hundreds of hits from a few specific IP addresses usually in China or Tapei. These are all hacking attempts as they try to login using a root password, which of course my system rejects.

Is there a way to report and get these IP addresses blacklisted?

ForTheTimeBeing
Junior Member
Posts: 9
Joined: Wed Sep 06, 2017 5:36 am

Re: Is there a way to know if an IP or series of them belong to a government agency?

Post by ForTheTimeBeing » Thu Sep 07, 2017 5:42 am

Why does such a 'botnet' exist? What is its purpose? Why does this one persistently and relentlessly target my humble web site under so many different addresses? Who would bother, and why?

Is there a way to block them from visiting? I know I can block them from appearing in my stats, but that's not the same thing.

What on earth do they want?

ForTheTimeBeing
Junior Member
Posts: 9
Joined: Wed Sep 06, 2017 5:36 am

Re: Is there a way to know if an IP or series of them belong to a government agency?

Post by ForTheTimeBeing » Thu Sep 07, 2017 6:46 pm

I just read up on 'botnets' at http://searchsecurity.techtarget.com/definition/botnet

There does not seem to be enough traffic coming to my site to warrant that description of what is going on. At most there are four or five in a day, usually only one. This is no 'denial of service' attack by any stretch. Further, I don't know how they can 'infect' a website itself to participate in a 'botnet'—is such a thing possible? I'm afraid this still makes no sense to me.

Any other explanations or ideas?

lisati
Active Member
Posts: 1100
Joined: Fri Apr 15, 2011 2:25 pm
Location: Porirua, New Zealand

Re: Is there a way to know if an IP or series of them belong to a government agency?

Post by lisati » Thu Sep 07, 2017 7:09 pm

A botnet is something nasty, and is described here: https://en.wikipedia.org/wiki/Botnet

It's possible that it's not your fault. Some user of Digital Ocean's services (possibly your site, possibly someone else's site) might have caught something nasty from somewhere, and tarnished the reputation of the IP addresses you have been using.

ForTheTimeBeing
Junior Member
Posts: 9
Joined: Wed Sep 06, 2017 5:36 am

Re: Is there a way to know if an IP or series of them belong to a government agency?

Post by ForTheTimeBeing » Fri Sep 08, 2017 3:28 am

lisati, are you joking? Website 'picked up something'?? ' and '...tarnished the reputation of the IP addresses' —I— have been using????

What on earth are you talking about?

Is there any serious help on this forum?

lisati
Active Member
Posts: 1100
Joined: Fri Apr 15, 2011 2:25 pm
Location: Porirua, New Zealand

Re: Is there a way to know if an IP or series of them belong to a government agency?

Post by lisati » Fri Sep 08, 2017 11:19 am

Like I said, it might not be your fault. The link I provided refers to ranges of IP addresses. What you are seeing is likely the result of other users of your provider.

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests