In a recent post, Brian Krebs discussed a technique for interrupting 8chan, a controversial message board. Ron Guilmette, a security researcher, stated that NT Technology, the hosting company of the current operator of 8chan, no longer has the right to do business because it is in an “Administrative Hold” state. ARIN, the Internet Registration NT technology from which the IP address assignment was obtained, has the right to reclaim the IP address space.
Ron Guilmette is an expert on this type of analysis. Last year he discovered $ 50 million worth of IP address theft in AFRINIC’s service region.
However, removing 8chan is unlikely to be as easy as asking for ARIN to release its IP address space. Once released, the IP addresses may still be advertised as fullbogons – netblocks that are used on the Internet even though they have not been assigned to an end user. While some ISPs block fullbogons, this is by no means universal.
In addition, 8chan’s main domain name, 8kun.top, is not currently hosted on NT Technology’s infrastructure, so ARIN does not affect the sharing of NT Technology’s address space. It is currently resolved to 220.127.116.11, which belongs to a network block delegated to VanwaTech. VanwaTech, also known as OrcaTech, is a hosting company owned by Nick Lim and based in Vancouver, Washington. Nick Lim previously briefly served as CTO of Epik, a hosting company that briefly hosted 8chan after Cloudflare terminated its contract with 8chan.
8chan’s hosting infrastructure diagram
VanwaTech’s netblock also contains:
VanwaTech operates its own autonomous system (AS398088) whose only upstream provider is Spartan Host Ltd (AS201106), a Northern Ireland registered hosting company originating in Minecraft server hosting.
The measurement of the round trip time from a RIPE Atlas probe known to be in Sabey’s intergate. 8chan’s seat center to 8chan’s IP shows that 8chan is hosted just 0.501 milliseconds away – less than 31 miles at the typical speed of light in an optical fiber, probably much closer considering packet switching delays.
The card with the IP address of the 8chan region is inside
One of Spartan Host’s colocation providers is Wowrack, which is also based in Sabey’s Seattle data center. In combination with the short round-trip flight time, VanwaTech and therefore 8chan is probably also located in Sabey’s data center.
While Spartan Host has multiple transit providers, it currently only advertises VanwaTech’s route to DDoS-Guard (AS57724), a Russian denial-of-service protection company that also provides services for the Club2CRD and Joker’s Stash card sites. Spartan Host began routing VanwaTech traffic via DDoS Guard after CNServers ended its relationship with Spartan Host after discovering its connections with 8chan.
VanwaTech founder Nick Lim believes that controversial websites like 8chan should not be removed on the basis of freedom of expression. Similarly, Spartan Host founder Ryan McCully confirmed in an interview with Brian Krebs that he did not intend to end his relationship with VanwaTech. Given the reported connections between Russia and QAnon, it is unlikely that DDoS-Guard will come under pressure within Russia to provide transit to 8chan.
However, it is likely that Spartan Host is violating Wowrack’s Acceptable Use Policy, which states that the “Transfer […] of content or technology that is illegal, harmful, offensive, defamatory or abusive is prohibited. “It’s not clear if Wowrack and Sabey know Spartan Host’s relationship with 8chan.
Netcraft’s Site Report service can be used to track the hosting location of all sites as they move, not just 8chan.