205.237.88.140 - - [10/Mar/2014:01:32:48 -0700] "GET / HTTP/1.0" 403 1343 "-" "=Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16"
Grand Web Solutions 205.237.88.0 - 205.237.95.255 205.237.88.0/21
keyplyr
9:20 am on Mar 10, 2014 (gmt 0)
Portlane, Sweden 80.67.0.0 - 80.67.31.255 80.67.0.0/19
Sigmatic, Finland 80.69.172.0 - 80.69.175.255 80.69.160.0/20
Angonasec
12:12 pm on Mar 10, 2014 (gmt 0)
Scandinavia does seem to be losing its pristine snow-like reputation.
Iceland is particularly worrying too. HQ of arch-nasty Opera. And radical plans to become the copyright infringing Mecca of the Northern hemisphere.
keyplyr
8:45 am on Mar 13, 2014 (gmt 0)
Choopa
68.232.160.0 - 68.232.191.255 68.232.160.0/19
173.199.64.0 - 173.199.127.255 173.199.64.0/18
lucy24
9:08 pm on Mar 23, 2014 (gmt 0)
These folks seem to have been dormant for a while, based on post numbers that come up in search:
82.145.32.0/19 Iomart hosting, UK
I don't normally notice isolated requests for images, but the UA "PHP/5.3.19" kinda sticks out like a sore thumb.
keyplyr
11:30 pm on Mar 23, 2014 (gmt 0)
Thanks lucy24, I didn't have that one.
Iomart block list is now:
82.145.32.0 - 82.145.63.255 82.145.32.0/19
83.142.224.0 - 83.142.231.255 83.142.224.0/21
95.154.217.0 - 95.154.255.255 95.154.192.0/18
109.169.5.128 - 109.169.255.255 109.169.0.0/18
217.147.80.0 - 217.147.92.255 217.147.80.0/20
not2easy
4:15 am on Mar 24, 2014 (gmt 0)
I also have 212.38.176.0 - 212.38.191.255 as "Thrust::VPS LA|TX IOMART" 212.38.160.0/19
not2easy
4:30 am on Mar 24, 2014 (gmt 0)
I picked up all these choopas last December in a previous post here and looked up CIDRs for them, in case someone needs a complete list:
64.237.32.0 - 64.237.63.255 64.237.32.0/19
66.55.128.0 - 66.55.159.255 66.55.128.0/19
68.232.160.0 - 68.232.191.255 68.232.160.0/19
108.61.0.0 - 108.61.255.255 108.61.0.0/16
173.199.64.0 - 173.199.127.255 173.199.64.0/18
208.167.224.0 - 208.167.255.255 208.167.224.0/19
209.222.0.0 - 209.222.31.255 209.222.0.0/19
216.155.128.0 - 216.155.159.255 216.155.128.0/19
keyplyr
7:26 am on Mar 24, 2014 (gmt 0)
I also have 212.38.176.0 - 212.38.191.255 as "Thrust::VPS LA|TX IOMART" 212.38.160.0/19
@not2easy - Fist off, thanks for the additional range.
However 212.38.160.0/19 = 212.38.160.0 - 212.38.191.255 but I know what you meant:)
not2easy
7:05 pm on Mar 24, 2014 (gmt 0)
You're right keyplyr, I had two ranges there, one inside the other and the CIDR is for the containing range. I was in the middle of something else - Thanks for spotting it!
keyplyr
7:18 am on Mar 25, 2014 (gmt 0)
Incero
23.29.112.0 - 23.29.127.255 23.29.112.0/20
23.227.160.0 - 23.227.191.255 23.227.160.0/19
107.155.64.0 - 107.155.127.255 107.155.64.0/18
keyplyr
7:29 am on Mar 25, 2014 (gmt 0)
New (for me) HostWinds range:
23.238.0.0 - 23.238.127.255 23.238.0.0/17
Which brings my HostWinds block list to:
23.238.0.0 - 23.238.127.255 23.238.0.0/17
23.254.128.0 - 23.254.255.255 23.254.128.0/17
108.174.192.0 - 108.174.207.255 108.174.192.0/20
142.11.192.0 - 142.11.255.255 142.11.192.0/18
192.119.64.0 - 192.119.127.255 192.119.64.0/18
192.236.128.0 - 192.236.255.255 192.236.128.0/17
198.84.64.0 - 198.84.127.255 198.84.64.0/18
198.143.96.0 - 198.143.127.255 198.143.96.0/19
199.59.56.0 - 199.59.63.255 199.59.56.0/21
lucy24
9:41 pm on Mar 25, 2014 (gmt 0)
Scandinavia does seem to be losing its pristine snow-like reputation.
OBEnetworks and assorted other names. When I went to look them up, I got no further than
Obenetwork · Start · Internet · Hosting · Konsult · Om oss · Kontakt. Dedikerad Server från Obenetwork. QuadCore Xeon, 8 GB RAM, SAS RAID1. Från 990kr/ mån.
(990 skr/mo? Holy ### that's expensive.* If they can afford that, can't they afford a more modern UA?)
Iceland is particularly worrying too. HQ of arch-nasty Opera.
Does Norway know this?
* Further lookup tells me the swedish krona is not what it used to be, but it still works out to over $100 US. And that's their "starting from" level.
keyplyr
11:01 pm on Mar 25, 2014 (gmt 0)
IMO $100 US a month is pretty reasonable for a VPS and way cheap for a dedicated box (which is what they are boasting.)
Special dispensation for 80.73.8 or can we proceed directly to /20 ?
Edit: Same question applies to 109.86.3.
keyplyr
9:47 pm on Mar 27, 2014 (gmt 0)
Dunno - I use a tool that gives me the CIDR. That's what the tool generated, so I assume the interim gaps aren't registered. Of course the danger is they will be picked up by an ISP, whatever the odds of that are.
keyplyr
11:07 pm on Mar 27, 2014 (gmt 0)
RE: Tov Bank-inform So for those brave:
80.73.0.0 - 80.73.15.255 80.73.0.0/20
109.86.0.0 - 109.87.255.255 109.86.0.0/15
159.224.0.0 - 159.224.255.255 159.224.0.0/16
178.150.0.0 - 178.151.255.255 178.150.0.0/15
not2easy
5:40 am on Mar 28, 2014 (gmt 0)
New in L.A. 03/04/14 POWERUPHOSTING: 162.244.8.0 - 162.244.15.255 162.244.8.0/21
not2easy
12:48 am on Mar 29, 2014 (gmt 0)
New crawler for me: ZemlyaCrawl out of CLOUD-SOUTH 198.101.8.0 - 198.101.15.255 198.101.8.0/21 UA: "ZemlyaCrawl/1.0 (+http://zemlyaozer.com/bot)" Right between OVH and Rackspace
lucy24
12:57 am on Mar 29, 2014 (gmt 0)
Right between OVH and Rackspace
I was going to say "How thoughtful of them!" thinking it meant one tidy /19. But I've got OVH at 198.100.144.0/20 and Rackspace at 198.101.128.0/17 so I suppose that's what you meant :(
Uncharacteristically, I have already met and blocked ZemlyaCrawl.
not2easy
2:28 am on Mar 29, 2014 (gmt 0)
And another BuyURL (unless I missed it here) from IDEALHOSTING at 213.238.175.0 - 213.238.175.255 213.238.168.0/21 on a normal looking if old UA: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:22.0) Gecko/20100101 Firefox/22.0" caught it by double checking some non-human looking browsing.
not2easy
4:22 am on Mar 29, 2014 (gmt 0)
And another new Datashack: DataShack 192.187.96.0 - 192.187.127.255 it has urhostscom 192.187.114.48 - 192.187.114.55 in there too.
not2easy
6:45 am on Mar 29, 2014 (gmt 0)
More FIBERGRID WEBEXXPURTS 91.108.180.0 - 91.108.180.255 91.108.180.0/24
ECATEL - I picked this one up last July: 89.248.170.0/23 89.248.170.8 - 89.248.171.127 but have not seen it on any sites except the one that is parked, so it had been sort of ignored. Now I find a close relative: 89.248.169.0 - 89.248.169.105 89.248.169.0/24 but it looks like there must be some broader range that covers the whole thing or is this a mixed use server/ISP outfit? Or did they just get the two little broom closets?
keyplyr
8:45 am on Mar 29, 2014 (gmt 0)
As far as the Webexpurts range, it is actually: 91.108.180.0 - 91.108.183.255 91.108.180.0/22
not2easy
4:27 pm on Mar 29, 2014 (gmt 0)
Thank you keyplyr, I updated my record. I have been getting some strange results from RIPE queries recently. For one query on 178.11.136.0 - 178.11.255.255 it returned a CIDR of: 178.0.0.0/12 which does not seem to be reliable.
keyplyr
6:02 pm on Mar 29, 2014 (gmt 0)
178.11.136.0 - 178.11.255.255 is Vodafone, a European ISP. 178.0.0.0/12 is the route, or net block range that the ISP is on.
I only block individual IP addresses with ISPs. Probably just one person running a bot, or browser-side downloader, or a script-kiddie. These are pests and I usually block for a couple weeks, then remove.
not2easy - RIPE is more fragmented than (eg) Arin - you have to be careful reading it. In this case 178.0.0.0/12 is correct (belongs to arcor, although I have it as vodafone, which it was in 2011 when I registered the range in my db).
When reading any RIPE DNS response, always scroll down to the end, where the wider range (if relevant) is shown along with the actual "owner". There are often clues on the way in the form of email and web addresses.
bhukkel
9:07 pm on Mar 29, 2014 (gmt 0)
151.237.184.0/22 is also a webexxpurts range. This range is in the spamhaus drop list today.
