I'm struggling to determine which CDN owns the servers in CenturyLink prefix 8.240.0.0/12. During the Call of Duty Season 4 update on June 11th from 06:00 UTC until 08:30 UTC, we had 240 Gbps of traffic steaming into our network from CenturyLink prefix 8.240.0.0/12. We originally thought it was Akamai, but they swear up and down that the servers don't belong to them.
Here are some of the HTTP/HTTPS servers in 8.240.0.0/12:
8.253.151.248
8.251.135.126
8.240.167.126
8.240.228.126
8.240.168.126
8.240.126.254
8.240.191.254
* clinton@scripty.com (Clinton Work) [Wed 17 Jun 2020, 17:31 CEST]:
I'm struggling to determine which CDN owns the servers in CenturyLink prefix 8.240.0.0/12. During the Call of Duty Season 4 update on June 11th from 06:00 UTC until 08:30 UTC, we had 240 Gbps of traffic steaming into our network from CenturyLink prefix 8.240.0.0/12. We originally thought it was Akamai, but they swear up and down that the servers don't belong to them.
Here are some of the HTTP/HTTPS servers in 8.240.0.0/12:
8.253.151.248
8.251.135.126
8.240.167.126
8.240.228.126
8.240.168.126
8.240.126.254
8.240.191.254
Using Shodan, we can find other nodes belonging to the same CDN by searching for “FP6.1.1866.55”, which is conveniently present in the “Server” HTTP header.
Skimming through the results, it would appear most of the nodes are on the Level 3 network. Picking one non-Level3 node at random (192.67.191.173) and doing an rDNS lookup reveals the following: