IP: 8.28.16.254 United States Location: Ashburn, Virginia, United States
City:
Ashburn
Region:
Virginia
Country:
United States
Postal Code:
20149
Latitude:
39.0481
Longitude:
-77.4728
NetRange: 8.8.9.0 - 8.127.255.255
CIDR: 8.8.32.0/19, 8.8.128.0/17, 8.32.0.0/11, 8.16.0.0/12, 8.8.64.0/18, 8.8.10.0/23, 8.9.0.0/16, 8.8.16.0/20, 8.10.0.0/15, 8.12.0.0/14, 8.8.9.0/24, 8.8.12.0/22, 8.64.0.0/10
NetName: LVLT-ORG-8-8
NetHandle: NET-8-8-9-0-3
Parent: NET8 (NET-8-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Level 3 Parent, LLC (LPL-141)
RegDate: 1992-12-01
Updated: 2023-12-28
Ref: https://rdap.arin.net/registry/ip/8.8.9.0

OrgName: Level 3 Parent, LLC
OrgId: LPL-141
Address: 100 CenturyLink Drive
City: Monroe
StateProv: LA
PostalCode: 71203
Country: US
RegDate: 2018-02-06
Updated: 2023-08-10
Comment: USAGE OF IP SPACE MUST COMPLY WITH OUR ACCEPTABLE USE POLICY:
Comment: https://www.lumen.com/en-us/about/legal/acceptable-use-policy.html
Comment:
Comment: ADDRESSES COVERED BY THIS ORG-ID ARE NON-PORTABLE ANY ISP ANNOUNCING OR TRANSITING PORTIONS WITHIN OUR RANGES SHOULD NOT RELY ON PRESENTED LOA'S OR OLD WHOIS UNLESS THOSE RANGES ARE ALSO ACTIVELY DIRECTLY ANNOUNCED TO A LUMEN ASN. WITH ALL LOA'S THESE CONDITIONS APPLY:
Comment:
Comment: 1. You are permitted to route the Lumen IP prefixes listed via Public BGP to your alternate ISP from the designated ASN. Any other ASN originating the prefix listed is forbidden.
Comment: 2. The Lumen IP prefixes listed can be routed via Public BGP to your alternate ISP as long as you remain an active customer with Lumen and continue to route the prefixes over at least one Lumen Internet circuit without significant traffic engineering.
Comment: 3. Should your Internet services with Lumen be discontinued, Lumen reserves the right to have your alternate ISP terminate the routing of the Lumen IP prefixes without advanced notification, should you fail to do so.
Comment: 4. All IP Addresses assigned or allocated by Lumen to an end-user (customer or ISP) shall be considered non-portable and will be reclaimed by Lumen upon service termination.
Comment: 5. Lumen reserves the right to conduct audits to ensure the LOA conditions are being met.
Comment: 6. Usage of IP space must comply with our AUP https://www.lumen.com/en-us/about/legal/acceptable-use-policy.html
Comment:
Comment: Our looking glass is located at: https://lookingglass.centurylink.com/
Comment:
Comment: For subpoena or court order please fax 844.254.5800 or refer to our Trust & Safety page:
Comment: https://www.lumen.com/en-us/about/legal/trust-center/trust-and-safety.html
Comment:
Comment: For abuse issues, please email abuse@aup.lumen.com
Comment: All abuse reports MUST include:
Comment: * src IP
Comment: * dest IP (your IP)
Comment: * dest port
Comment: * Accurate date/timestamp and timezone of activity
Comment: * Intensity/frequency (short log extracts)
Comment: * Your contact details (phone and email)
Comment: Without these we will be unable to identify the correct owner of the IP address at that point in time.
Ref: https://rdap.arin.net/registry/entity/LPL-141

OrgTechHandle: APL7-ARIN
OrgTechName: ADMIN POC LVLT
OrgTechPhone: +1-877-453-8353
OrgTechEmail: ipadmin@lumen.com
OrgTechRef: https://rdap.arin.net/registry/entity/APL7-ARIN

OrgAbuseHandle: LAC56-ARIN
OrgAbuseName: L3 Abuse Contact
OrgAbusePhone: +1-877-453-8353
OrgAbuseEmail: abuse@level3.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/LAC56-ARIN
DNS BlackList results:
Most recent complaints on 8.28.16.254
Complaint by ixasilent :

This is one of BlueCoat's proxy IP's. It is notorious for interception of SSL traffic and caching. Block it when you can.

Reported on: 16th, Dec. 2011
Complaint by ragoley :

This seems to be used in proxy filtering solutions of bluehost. It only shows up in logs for unencrypted traffic that I have been able to tell so far. Traffic going thru the filter will see a hit on the exact url from this out of browser chain IP before the browsers actual request hits the web server. This IP gets logged by Apache before this client actually trying to connect. I believe this is similar to a RBL check. The proxy contacts bluecoat then bluecoat contacts the url server to prefilter content before allowing the actual browser request to go thru. Does not seem to affect browser request if IP is blocked by the web server of the url.

Reported on: 16th, Dec. 2011
Complaint by Steven Gejerati :

I was attacked multiple times by this IP: 8.28.16.254. Server logs provided the following system information for it: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729).

Reported on: 22nd, Feb. 2015
Complaint by Jim Seaman :

This IP 8.28.16.254 in concert with 10.6.138.144 was hitting the same urls within a second or two of each other. Long term, the 8.28.16.254 only showed up in about 1 out of 3 urls being hit. Hits were too fast to be a human's actions.

Reported on: 24th, Feb. 2015
Complaint by EP :

Multiple hacking attempts...attempted to upload infected file(s)

Reported on: 26th, Feb. 2015
Complaint by User :

Somebody contacted me on Craigslsit and is pretending to be a legitimate person (I tracked their IP - I"m a technical guy)

Reported on: 27th, Feb. 2015
Complaint by Brian Allbee :

Repeated hits from this IP-address of a suspicious nature. Working to get it blocked across the board.

Reported on: 16th, Apr. 2015
Complaint by Cancun :

This seems to be connected with email blasts from Constant Contact.

Reported on: 13th, May. 2015
Complaint by Arnie Cilliers :

Multiple attempts from 8.28.16.254 to access FTP server. Blocking the IP now.

Reported on: 5th, Feb. 2016
Complaint by C.B.C. :

this IP 8.28.16.254 has been continually clicking 2 times per day on our Adwords ads, costing us many hundreds of dollars of wasted advertising, per month. they have been doing this for months, and may be years, ..and we only noticed now. I think its called click fraud. The IP belongs to a client of Level 3 communications. I called them, but, of course they will not reveal their clients name. I would love to sue the client for their click fraud actions. I am blocking them from displaying my adwords ads, via the IP exclusion. click fraud is rampant out there, and Google does very little about it, because it translates to cash in their pocket.

Reported on: 14th, Jul. 2016

Please help us keep Internet safer and cleaner by leaving a descriptive comment about 8.28.16.254 IP address


DNSBL* - is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time. DNSBLs are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists.

WHOIS** - is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. WHOIS lookups were traditionally performed with a command line interface application, and network administrators predominantly still use this method, but many simplified web-based tools exist. WHOIS services are typically communicated using the Transmission Control Protocol (TCP). Servers listen to requests on the well-known port number 43.

** Approximate Geographic Location - This is NOT the exact geographical location of the person/organization with the given IP address. However, this should still give you a good idea about the area/region where this person/orgranization is located.