dstiles - 7:28 pm on May 29, 2013 (gmt 0)
Difficult to assess absolutely but a random scan of several IPs in the range showed a predominance of open ports such as...
22/tcp filtered ssh
25/tcp filtered smtp
1080/tcp open socks
1085/tcp filtered unknown
2222/tcp filtered unknown
2525/tcp filtered unknown
8080/tcp open http-proxy
8085/tcp filtered unknown
Either this is a server farm, a business range (with a lot of open computers within it) or a very badly infected set of broadband machines. I'd opt for the former.
DNS does not give an email address (eg abuse@) that might suggest a domain name and I found no other domain name associated with it. Suspicious.
A blog at bannasties(.)com includes the following...
"... a bunch in 184.108.40.206/24, 220.127.116.11/24 and 18.104.22.168/24 They committed sins like using spammer tools, being obvious spambots ..."
For myself, I have 7 sub-ranges listed at 91.210/16, all RU or UA except this one. I wonder if it's hiding behind the GB location (the range name does include the term UA). The actual address in DNS is Wales but the phone is not a UK number. A quick check at blacklistalert shows no bad marks against the range in general and nothing shown for uce-protect (which often shows known nasties).