On Thu, Jun 2, 2022 at 12:22 PM John Von Essen <[email protected]> wrote:
> Feel free to contact me off-list if your associated with Google Fi. > > I’m trying to narrow down some IP abuse that I believe is coming from > Google Fi mobile devices. The IPs are all coming up as generic Google LLC > in whois, and they dont have any reverse DNS. I’m trying to see how I can > confirm that these are IPs related to the Google Fi service/network, or > just random Google Clould IPs > > Here are some sample IPs: > > 35.187.133.202 > 35.187.133.204 > 35.187.133.200 > 34.116.22.76 > 34.116.22.74 > 34.116.22.72 > 107.178.194.231 > 107.178.194.233 > 107.178.194.235 > 107.178.193.10 > 107.178.193.12 > > all of these are very clearly marked out in whois as google-cloud ips: NetRange: 35.184.0.0 - 35.191.255.255 CIDR: 35.184.0.0/13 NetName: GOOGLE-CLOUD NetRange: 34.64.0.0 - 34.127.255.255 CIDR: 34.64.0.0/10 NetName: GOOGL-2 NetRange: 107.178.192.0 - 107.178.255.255 CIDR: 107.178.192.0/18 NetName: GOOGLE-CLOUD $ for d in $(cat /tmp/x); do host $d; done Host 202.133.187.35.in-addr.arpa not found: 2(SERVFAIL) Host 204.133.187.35.in-addr.arpa not found: 2(SERVFAIL) Host 200.133.187.35.in-addr.arpa not found: 2(SERVFAIL) Host 76.22.116.34.in-addr.arpa not found: 2(SERVFAIL) Host 74.22.116.34.in-addr.arpa not found: 2(SERVFAIL) Host 72.22.116.34.in-addr.arpa not found: 2(SERVFAIL) 231.194.178.107.in-addr.arpa domain name pointer 231.194.178.107.gae.googleusercontent.com. 233.194.178.107.in-addr.arpa domain name pointer 233.194.178.107.gae.googleusercontent.com. 235.194.178.107.in-addr.arpa domain name pointer 235.194.178.107.gae.googleusercontent.com. 10.193.178.107.in-addr.arpa domain name pointer 10.193.178.107.gae.googleusercontent.com. 12.193.178.107.in-addr.arpa domain name pointer 12.193.178.107.gae.googleusercontent.com. I'll see about fixing the missing ptrs... but... 'it's all cloud man!' > Thanks > John > >
