If you don't know who these companies are, they are the ones harvesting IP addresses of people on p2p networks (and elsewhere) and sending C&D letters to their ISPs.

I recently read somewhere that they correspond to the following chunks of the net:

rangerinc.com: 216.122.0.0 - 216.122.255.255
cyveillance.com: 63.64.0.0 - 63.127.255.255, 63.148.99.224 - 63.148.99.255, 65.118.41.192 - 65.118.41.223
mediaforce.com: 65.192.0.0 - 65.223.255.255, 4.43.96.0 - 4.43.96.255

Every since I've been keeping an eye on how they interact with my computers. My Apache web server logs filled with hits from addresses in these ranges connecting to the GWebCache script the Gnucleus uses to find new hosts. So I decided to block and log them at a firewall level and the logs just keep on growing.

Can someone confirm that noone that is not affiliated with these companies is within these ranges? I've noticed that PayPal buttons aren't showing up and I'm not getting as many third party cookies as I did before blocking them, but I'd hate to be shutting out "legit" file sharers.

Thanks for the heads up Mrgone,
I have passed this info along to a buddy of mine who operates a server here locally, we will try to block and log the same ip ranges,
I can't confirm but by what I could find these are used by "commercial" applications, I will attempt to do a dns scan or whois to find out. I don't think any of the major isp's assign these addies
I would be interested in any further info that anyone else can provide on this matter. also for home users it might also be prudent to keep an eye on firewall logs and block accordingly, just a thought.

P.S. I have also passed this along to some "White Hat" friends of mine. They are going to have a field day with these bozo's

Rangerinc specific info: rangercorp.com -- website ip 216.122.215.13 have fun more to follow. :cross

Domain Name: CYVEILLANCE.COM
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: SVL-ANS-01.INET.QWEST.NET
Name Server: DCA-ANS-01.INET.QWEST.NET
Updated Date: 05-dec-2001
These cats are tricky got their name server loc traceroute attempts got squashed had no prob tracing Ranger.

The more I learn about these A$$holes the madder I get they are nothing but Carnivore wannabees and they are masquerading under the banner of "protecting" corperate brand names in my book they should all be shut down the sooner the better.

yes, that information is good news, it was posted earlier
this week or last week on zeropaid about ranger, and i had read about this and already put some of the ip addresses in my hosts file on my firewall. tho i feel that more ip adresses will still be needed to put in this to block those bots.

this is f u c k i n g low

I have been logging any websites that are relevant to the ip ranges that you submitted above so far three websites have been restricted

1www.windows-hq.com interesting!

2 images.paypal.com you were right about that one.

3 www.impressionism.org this one is strange it might be because it is an org designation? no big loss anyway I would rather have security .
that is all that came up after 6 hours on the web I will keep this thread advised of any more webs that come up, just thought you'd like to know.

monster.com as well.. it seems that UUNet owns a large chunk of those IPaddresses and they happen to provide service to alot of servers (not all of which are necessarily evil.)

If someone wants to do some research and narrow down the ip ranges given above (or add more) and post the changes that would be A Good Thing (tm)


BTW, those are not the only companies out there doing this, so info on the others is needed too.

Go ahead and add this range as well 66.28.100.0 - 66.28.151.255, they send fake files that sound like silence, and their results show up on all popular files with all sorts of ip's, but all start with 66.28 blah blah, I know my results are much better now.

You might want to set your firewall to allow this one, it is:

63.120.65.60 www.epic.org

which is the Electronic Privacy Information Center website, kind of thought it is interesting that their ip address is in with these others......................... any one know what wtlive.com is ????

Originally posted by mrgone4662
cyveillance.com: 63.64.0.0 - 63.127.255.255, 63.148.99.224 - 63.148.99.255, 65.118.41.192 - 65.118.41.223


Your a moron. 63.64.0.0 - 63.127.255.255 belongs to UUNET
UUNET is one of the largest ISPs/carriers, by blocking it's IP range you are blocking lots of sharers

UUNET Technologies, Inc. (NETBLK-UUNET63)
3060 Williams Drive, Suite 601
Fairfax, Virginia 22031
US

Netname: UUNET63
Netblock: 63.64.0.0 - 63.127.255.255
Maintainer: UU

Source: www.arin.net

yup, that's me.. the moron

you're a stellar individual yourself.. you know that ip block is primarily used by server racks? hmm.... i wonder what a massive server farm is doing on p2p networks..

though part of the reason this was posted was so anyone who knew of specific chunks that were used by "valid" file-sharers they could post and narrow things down.

worthless prick.

Alright good job guys, we can figure out all the IP addresses so that way P2P apps can start to block the evils that are mediaforce.com and mediadefender and all those other idiots. I say we send a list of this to people like WinMX or Blubster or even KaZaA (Not that they would accept them) and hopefully they will be blocked. The only bad part is we could be blocking legitimate file sharers. Oh well, we'll find out!

This thread is gonna be damn useful to me!! :)

Cyveillance.com should be possible to lock down with just 250 people in a DDOS. (It wouldn't hurt carriers/ISPs on the way either!!) - More info...

Fake Reports & Business Enquiries go to these fine specimens...
hotline@mpaa.org
information@overpeer.com
sales@rangerinc.com
info@cyveillance.com
cdreward@riaa.com
jhlee419@hotmail.com (OverPeer domain/tech admin)
ranger-dns@rangerinc.com (Ranger domain/tech admin)
cy_domain@YAHOO.COM (Cyveillance domain/tech admin)

On the subject of blocking webservers, some info...
rangercorp.com - 21/80/443 - Apache/1.3.1.1 SSL/1.15 PHP/4.0b2
cyveillance.com - Microsoft-IIS 5.0 (Oh dear!!) :)

Mail servers, spam anyone??
(pri=10) smtp.overpeer.com
(pri-10) mail.overpeer.com
cyveillance.com mail is handled (pri=10) by mail1.cyveillance.com
cyveillance.com mail is handled (pri=40) by mail2.cyveillance.com
rangerinc.com mail is handled by rangerinc.com

WEBSERVER FEEDBACK ATTACKS
More fake reports and business enquiries...
(format: form-URL///post-URL)
http://www.rangercorp.com/About/1-4.shtml///prcContactFormSubmit.php
http://www.riaa.org/contact.cfm///Contact_Confirm.cfm

OverPeer's site seems to go to a Sprint connection and I can't scan shit there, but mail.overpeer.com = 65.160.127.162 OverPeer's mail server IP goes to a MS/IIS-5 setup, 250+ connections should severely delay that server too.

OverPeer either has some automatic blocking or there are server faults/attacks in place while I'm posting this, 'coz I can't even access the site now!!

Wow, I'm feelin the love in here, heh I think we should be able to bring to the attention of others worthy news without the name calling, and thanks mrgone4662 and you others for the heads up, btw this list is posted also on UTC about a week ago and all the i.p's were verified. :tilted

I am sure this list will be growing more and more. its a good idea to have this thread updated to inform. however, I do believe, most of the gnutella clients, have updated a section to block unwanted ip adresses.

o yeah this list is going to be usefull to me :)

Originally posted by method
cyveillance.com - Microsoft-IIS 5.0 (Oh dear!!) :)


HE HE HE,,,, and they are probably running their llS server box unpatched as well. : ')

Will they ever learn???

Checked for exploits too, sadly it's a no go. I'll dist. src 4 a DDOS when I'm back from mah Holiday (bout a weeks time)

From what I can see, this whole line of thought is going to get useful ip addresses blocked. There really is a limit to "better safe than sorry". Besides, the only evidence of P2P interference is from BayTSP. Didn't they help kill Napster?:wings

There's more P2P interference.... OverPeer admit to spoof files and Ranger are sending C&D letters to ISPs against users they find on the fasttrack protocol sharing copyrighted shit.

Bitzi.com looks like an interesting project.

:mellow Ok Ranger is sending out C & D letters. What about MediaForce and Cyveillance?

I haven't heard anything about Cyveillance actually doing anything in the P2P space. They seem to be about Intellectual Property and Brand stuff.

What do you think?

It doesn't matter who or what they are going after, it is the same BS all the way around, besides very little of what goes on in government and covert business is reported, so just because you don't hear about it doesn't mean that they aren't out there trying to shut down the exchange of information and entertainment -

I am not a big fan of copyrighting intellectual property