[INFO] Ultrasurf IP Address List

sangkelana · September 7, 2012, 10:48am

Hi,

I finally succeeded to list some IP Address which is contacted by ultrasurf software. I got it after done some testing and simulation for half an hour using my routerboard.
Here is the list:
63.245.217.112
63.245.217.161
64.4.11.25
63.245.217.37
207.195.235.152
76.191.99.92
207.195.235.162
111.254.205.136
118.166.224.99
125.230.0.195
69.20.119.135
207.171.189.80
118.168.92.5
1.174.135.239
111.254.154.34
111.254.122.239
1.173.219.72
118.165.66.29
114.47.89.45
112.104.99.148
125.224.161.252
1.173.3.237
114.36.167.214
36.229.194.194
118.165.75.100
219.85.34.116
114.43.181.94
111.254.157.46
118.165.74.154
118.165.71.50
175.181.106.69
63.223.100.206
149.5.113.172
63.223.124.73
111.252.3.236
111.250.20.189
124.12.51.44
111.240.157.29
118.168.106.31
211.74.83.70
112.104.70.131
63.223.87.64
69.61.15.39
207.195.235.105
175.180.84.20
59.104.176.152
61.227.167.45
111.241.26.170
111.242.22.25
111.250.22.135
174.143.189.27
207.195.235.20
63.223.124.167
63.223.124.125
218.187.134.202
111.243.129.111
207.171.187.117
211.74.191.101
118.170.165.35
124.9.134.75
1.160.223.128
114.25.25.109
111.252.22.126
114.40.38.253
63.223.124.118
207.195.235.134
69.61.28.23
1.172.3.12
114.26.200.240
1.170.224.138
1.172.10.90
118.165.171.123
114.47.88.130
93.186.169.111
63.223.124.48
93.186.169.80
118.160.222.20
125.230.10.153
111.251.215.121

Feel free to use it if you need it. And please give me feed back about your experience.
Regards

rajibhasan01 · August 16, 2016, 11:54am

Hi,

I have configured MikroTik router RB450G for blocking UltraSurf according to your post. Ar first, I have created the address list “UltraSurfServers” as follows in Firewall.

63.245.217.112
63.245.217.161
64.4.11.25
63.245.217.37
207.195.235.152
76.191.99.92
207.195.235.162
111.254.205.136
118.166.224.99
125.230.0.195
69.20.119.135
207.171.189.80
118.168.92.5
1.174.135.239
111.254.154.34
111.254.122.239
1.173.219.72
118.165.66.29
114.47.89.45
112.104.99.148
125.224.161.252
1.173.3.237
114.36.167.214
36.229.194.194
118.165.75.100
219.85.34.116
114.43.181.94
111.254.157.46
118.165.74.154
118.165.71.50
175.181.106.69
63.223.100.206
149.5.113.172
63.223.124.73
111.252.3.236
111.250.20.189
124.12.51.44
111.240.157.29
118.168.106.31
211.74.83.70
112.104.70.131
63.223.87.64
69.61.15.39
207.195.235.105
175.180.84.20
59.104.176.152
61.227.167.45
111.241.26.170
111.242.22.25
111.250.22.135
174.143.189.27
207.195.235.20
63.223.124.167
63.223.124.125
218.187.134.202
111.243.129.111
207.171.187.117
211.74.191.101
118.170.165.35
124.9.134.75
1.160.223.128
114.25.25.109
111.252.22.126
114.40.38.253
63.223.124.118
207.195.235.134
69.61.28.23
1.172.3.12
114.26.200.240
1.170.224.138
1.172.10.90
118.165.171.123
114.47.88.130
93.186.169.111
63.223.124.48
93.186.169.80
118.160.222.20
125.230.10.153
111.251.215.121

Then I have configured the mangle rule:

ip firewall mangle
add action=add-src-to-address-list address-list=UltraSurfUsers
address-list-timeout=5m chain=prerouting comment=UltraSurfUsers disabled=
no dst-address-list=UltraSurfServers dst-port=443 protocol=tcp

ip firewall filter
add action=drop chain=forward comment=“Block UltraSurf” disabled=no dst-port=
443 protocol=tcp src-address-list=UltraSurfUsers

But I see the ultrasurf proxy tunnel connects to the remote servers after applying the above firewall rules.

If you have any other solution or correction, please share with me. Your cooperation will be highly appreciated.

Regards,
Rajib.

ZeroByte · August 16, 2016, 1:34pm

Almost certainly this IP address list is horribly out of date by now. The original post was in 2012.

HuyTX · September 29, 2016, 2:03am

Do you have any idea for blocking this, ZeroByte? I believe that everyone need 1 automatically recognization & add Ultrasurf IP address into address-list

ZeroByte · September 29, 2016, 8:25pm

I’ve never even heard of Ultrasurf before. Being lazy, I’m not going to Google about it or how it works or whether they (or anyone else) publish(es) a current list of their IP addresses.

It may be possible to block them using DNS entries if the client software uses DNS to discover the list of addresses. If so, then you can add whatever hostname(s) Ultrasurf uses into an address-list and that list will automatically resolve whatever IP address(es) are used to reach that service, and block those IP addresses. This will be the most effective if the clients are also forced to use the Mikrotik as a DNS proxy, as load balancing / global anycasted DNS / etc might return different IP addresses to client requests than the ones the Mikrotik itself receives… YMMV.

HuyTX · September 30, 2016, 3:02am

Thank you for your suggestion
It’s same to my mind, as just the way we could prevent youtube, facebook or something related to encryted connection. However, in case of client software Ultrasurf connect directly to pubic server’s IPs which were imported, instead of domain dns, the workaround may be not useful
Anw, I will try dumping packet and monitoring the behavior of client which is installed this tool.

savage · September 30, 2016, 7:33am

Just another Proxy/VPN provider… One of many.

ZeroByte · September 30, 2016, 3:40pm

That’s what I figured.

Yeah - if the client comes hard-wired with a list of known addresses to connect to for discovering the current peer list, etc… then the only thing you can do is learn those addresses and make an address-list out of them. Sometimes, the seed is a list of domain names so that the servers can be moved around more easily if they get blocked by IP address. When analyzing the client, look to see if there are any DNS requests which give the IP address that the client connects to first… Otherwise, a list of know IPs is the only solution.