https://live.paloaltonetworks.com/t5/general-topics/malicious-requests-from-65-154-226-xxx-to-our-service/m-p/562390#M113912 <P>Is there any defined IP subnet by palo alto for web crawling , if so sharing the same would really help alot.</P> Thu, 19 Oct 2023 10:44:37 GMT Samson_Colaco 2023-10-19T10:44:37Z https://live.paloaltonetworks.com/t5/general-topics/malicious-requests-from-65-154-226-xxx-to-our-service/m-p/307790#M79919 <P>Hello,</P><P>&nbsp;</P><P>We are hosting a cloud solution and we have identified a increased amount of malicious requests all originating from&nbsp;<SPAN>65.154.226.XXX IP ranges. Most of them coming from&nbsp;65.154.226.126, 65.154.226.220 and 65.154.226.100. It turns out these IPs originate from&nbsp;paloaltonetworks.com, that is why I am posting it here.</SPAN></P><P>&nbsp;</P><P><SPAN>According to AbuseIPDB these IPs are being reported by users for abuse (see&nbsp;<A href="https://www.abuseipdb.com/check/65.154.226.100" target="_blank">https://www.abuseipdb.com/check/65.154.226.100</A>), but AbuseIPDB itself is stating the IPs are whitelisted as being&nbsp;typically owned by trusted entities, such as Google or Microsoft who may use them for search engine spiders. However, these same entities sometimes also provide cloud servers and mail services which are easily abused. Pay special attention when trusting or distrusting these IPs.</SPAN></P><P>&nbsp;</P><P><SPAN>Should we block all requests to our cloud service from the 65.154.226.XXX range?</SPAN></P><P>&nbsp;</P><P><SPAN>Thanks.</SPAN></P><P>&nbsp;</P><P><SPAN>SA</SPAN></P> Fri, 24 Jan 2020 09:19:55 GMT https://live.paloaltonetworks.com/t5/general-topics/malicious-requests-from-65-154-226-xxx-to-our-service/m-p/307790#M79919 SaSupNL 2020-01-24T09:19:55Z https://live.paloaltonetworks.com/t5/general-topics/malicious-requests-from-65-154-226-xxx-to-our-service/m-p/307953#M79935 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/7608">@reaper</a>&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/11943">@kiwi</a>&nbsp;,</P><P>Would this the PANURL scanning for updates?</P><P>&nbsp;</P><P>Thoughts?</P> Fri, 24 Jan 2020 21:36:00 GMT https://live.paloaltonetworks.com/t5/general-topics/malicious-requests-from-65-154-226-xxx-to-our-service/m-p/307953#M79935 OtakarKlier 2020-01-24T21:36:00Z https://live.paloaltonetworks.com/t5/general-topics/malicious-requests-from-65-154-226-xxx-to-our-service/m-p/308589#M80045 <P>Those are the PAN-DB webcrawlers. I opened a case about this about a month ago.</P> Wed, 29 Jan 2020 20:50:34 GMT https://live.paloaltonetworks.com/t5/general-topics/malicious-requests-from-65-154-226-xxx-to-our-service/m-p/308589#M80045 DPoppleton 2020-01-29T20:50:34Z https://live.paloaltonetworks.com/t5/general-topics/malicious-requests-from-65-154-226-xxx-to-our-service/m-p/562383#M113907 <P>Any update on this?</P> Thu, 19 Oct 2023 09:50:28 GMT https://live.paloaltonetworks.com/t5/general-topics/malicious-requests-from-65-154-226-xxx-to-our-service/m-p/562383#M113907 Samson_Colaco 2023-10-19T09:50:28Z https://live.paloaltonetworks.com/t5/general-topics/malicious-requests-from-65-154-226-xxx-to-our-service/m-p/562389#M113911 <P>&nbsp;</P> <P><SPAN>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/323798">@Samson_Colaco</a>&nbsp;,</SPAN></P> <P>&nbsp;</P> <P><SPAN>As mentioned earlier these are webcrawlers.</SPAN></P> <P>&nbsp;</P> <P><SPAN>PAN-DB, uses automated systems to identify and categorize content on the internet. It has been observed that certain suspicious activity in some customer networks has caused the URL Filtering systems to look up IP addresses that are not recognized. To better understand these websites, automated programs, called crawlers are sent to visit the systems with those IP addresses.</SPAN></P> <P><BR /><SPAN>This scanning is harmless and does not pose any risk to the organization, this scanning is part of PANs normal operations and is done to ensure the security and effectiveness of our URL Filtering service.</SPAN></P> <P>&nbsp;</P> <P>Kind regards,</P> <P>-Kim.</P> Thu, 19 Oct 2023 10:40:51 GMT https://live.paloaltonetworks.com/t5/general-topics/malicious-requests-from-65-154-226-xxx-to-our-service/m-p/562389#M113911 kiwi 2023-10-19T10:40:51Z https://live.paloaltonetworks.com/t5/general-topics/malicious-requests-from-65-154-226-xxx-to-our-service/m-p/562390#M113912 <P>Is there any defined IP subnet by palo alto for web crawling , if so sharing the same would really help alot.</P> Thu, 19 Oct 2023 10:44:37 GMT https://live.paloaltonetworks.com/t5/general-topics/malicious-requests-from-65-154-226-xxx-to-our-service/m-p/562390#M113912 Samson_Colaco 2023-10-19T10:44:37Z https://live.paloaltonetworks.com/t5/general-topics/malicious-requests-from-65-154-226-xxx-to-our-service/m-p/562407#M113917 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/323798">@Samson_Colaco</a>&nbsp;,</P> <P>&nbsp;</P> <P>I'm not aware of the specific IPs for webcrawling but the entire /24 seems to be assigned to PAN:</P> <P>&nbsp;</P> <PRE id="registryData" class="df-raw"> NetRange: 65.154.226.0 - 65.154.226.255 CIDR: 65.154.226.0/24 NetName: Q0123-65-154-226-0 NetHandle: NET-65-154-226-0-1 Parent: CENTURYLINK-LEGACY-QWEST-INET-18 (NET-65-128-0-0-1) NetType: Reassigned OriginAS: AS209 Organization: PALO ALTO NETWORKS (PALOA) RegDate: 2020-01-23 Updated: 2020-01-23 Ref: https://rdap.arin.net/registry/ip/65.154.226.0 </PRE> <P>&nbsp;</P> <P>Kind regards,</P> <P>-Kim.&nbsp;</P> Thu, 19 Oct 2023 12:45:50 GMT https://live.paloaltonetworks.com/t5/general-topics/malicious-requests-from-65-154-226-xxx-to-our-service/m-p/562407#M113917 kiwi 2023-10-19T12:45:50Z