keyplyr
msg:4531533 | 7:39 pm on Dec 27, 2012 (gmt 0) |
...and just when ya think you've got 'em all :)
|
wilderness
msg:4531634 | 6:11 am on Dec 28, 2012 (gmt 0) |
Techie Hosting
TECHIEMEDIA 199.80.56.0 - 199.80.63.255 199.80.56.0/21
TECHIEMEDIA 208.71.128.0 - 208.71.131.255 208.71.128.0/22
TECHIEMEDIA 208.90.152.0 - 208.90.155.255 208.90.152.0/22
TECHIEMEDIA 173.0.176.0 - 173.0.191.255 173.0.176.0/20
TECHIEMEDIA 108.60.64.0 - 108.60.95.255 108.60.64.0/19
|
blend27
msg:4532585 | 6:59 pm on Jan 2, 2013 (gmt 0) |
TULSACONNECT2 67.214.96.0 - 67.214.111.255 67.214.96.0/20
First Hosting Range added in 2013 for me!
67.214.103.109 UA: Opera/9.80 (Windows NT 6.1; U; ru) Presto/2.8.131 Version/11.10
Requesting:
/wp-login.php
/administrator/index.php
/admin.php
... Kind of makes it less fun catching them, cause I don't have any PHP on this site. So it's 99.99% either a scraper of a hack attempt. Too easy...
|
wilderness
msg:4532592 | 7:28 pm on Jan 2, 2013 (gmt 0) |
Thank blend.
TULSACONNECT 65.38.0.0 - 65.38.31.255
TULSACONNECT2 67.214.96.0 - 67.214.111.255
Savis 208.132.128.0 - 208.138.15.255
Tulsaconnect
CW-208-136-160-B 208.136.160.0 - 208.136.175.255
CW-208-165-96-B 208.165.96.0 - 208.165.111.255
CW-208-137-184-C 208.137.184.0 - 208.137.187.255
CW-208-152-96-C 208.152.96.0 - 208.152.103.255
CW-208-135-238-B (208.135.238.0 - 208.135.239.255
|
blend27
msg:4533306 | 6:05 pm on Jan 4, 2013 (gmt 0) |
199.59.60.212 Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02
This one has been bugging out since late August. Even passing out cookies on the subsequent requests.
Anyway,
HOSTWINDS, LLC.
199.59.56.0 - 199.59.63.255 HOSTWINDS-21-1 199.59.56.0/21
198.84.64.0 - 198.84.127.255 HOSTWINDS-18-2 198.84.64.0/18
198.143.96.0 - 198.143.127.255 HOSTWINDS-19-1 198.143.96.0/19
192.119.64.0 - 192.119.127.255 HOSTWINDS-18-3 192.119.64.0/18
142.11.192.0 - 142.11.255.255 HOSTWINDS-18-1 142.11.192.0/18
108.174.192.0 - 108.174.207.255 HOSTWINDS-20-1 108.174.192.0/20
|
wilderness
msg:4534156 | 1:01 am on Jan 8, 2013 (gmt 0) |
OVH Hosting
OVH-142.4.192.0 - 142.4.223.255 142.4.192.0/19
OVH-192.95.0.0 - 192.95.63.255 192.95.0.0/18
OVH-198.27.64.0 - 198.27.127.255 198.27.64.0/18
OVH-198.100.144.0 - 198.100.159.255 198.100.144.0/20
OVH-198.245.48.0 - 198.245.63.255 198.245.48.0/20
|
blend27
msg:4534159 | 1:18 am on Jan 8, 2013 (gmt 0) |
Don, I think OVH list is at least twice that. I'll dig in, see what I could find, but here is a snapshot:
[bgp.he.net...]
OVH has one of the most blocked IP numbers on the block. They are on the same level of Planet and such...
|
wilderness
msg:4534163 | 1:47 am on Jan 8, 2013 (gmt 0) |
blend,
The ARIN output was massive and required condensing.
ARIN doen't include RIPE ranges.
|
blend27
msg:4534167 | 2:49 am on Jan 8, 2013 (gmt 0) |
OVH is mostly RIPE, not to get into it.. I got FR(worst), NL, PL, GB, CA... In my book anything OVH is 403(well, record and learn), just an opinion.. including 'Ovh Systems'.
|
not2easy
msg:4534182 | 4:54 am on Jan 8, 2013 (gmt 0) |
I have these in addition for OVH (FR):
37.59.0.0 - 37.59.63.255
37.59.0.0/16 OVH France
46.105.158.240 - 46.105.158.247
46.105.0.0/16 OVH France
213.251.184.0 - 213.251.187.255
213.251.128.0/18 OVH France
Edited because my tabs disappeared
|
blend27
msg:4534400 | 6:44 pm on Jan 8, 2013 (gmt 0) |
94.229.78.61 with UA: Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0
Multiple attempts Requesting:
/
/register/
/login.php
/signup.php
94.229.64.0 - 94.229.79.255 UK-UKSERVERS-20081112 94.229.64.0/20
78.157.192.0 - 78.157.223.255 UK-UKSERVERS-20070831 78.157.192.0/19
78.110.160.0 - 78.110.175.255 UK-UKSERVERS-20070814 78.110.160.0/20
77.75.120.0 - 77.75.127.255 UK-UKSERVERS-20070510 77.75.120.0/22
77.74.192.0 - 77.74.199.255 UK-UKSERVERS-20070424 77.74.192.0/21
|
dstiles
msg:4534439 | 8:50 pm on Jan 8, 2013 (gmt 0) |
From my own database, including FR, CA and other countries, for OVH:
5.39.0.0 - 5.39.127.255
5.135.0.0 - 5.135.255.255
37.59.0.0 - 37.59.255.255
46.105.0.0 - 46.105.255.255
77.111.192.0 - 77.111.255.255
87.98.128.0 - 87.98.255.255
91.121.0.0 - 91.121.255.255
94.23.0.0 - 94.23.255.255
109.190.0.0 - 109.190.255.255
142.4.192.0 - 142.4.223.255
176.31.0.0 - 176.31.255.255
178.32.0.0 - 178.33.255.255
178.236.224.0 - 178.236.239.255
188.165.0.0 - 188.165.255.255
192.95.0.0 - 192.95.63.255
198.27.64.0 - 198.27.127.255
198.100.144.0 - 198.100.159.255
198.245.48.0 - 198.245.63.255
213.186.32.0 - 213.186.63.255
213.251.128.0 - 213.251.191.255
Including one re-assignment (2-year-old original) and one new one from blend27's list, for UK Dedicated Servers:
77.74.192.0 - 77.74.199.255
77.75.120.0 - 77.75.127.254
78.110.160.0 - 78.110.175.255
78.157.192.0 - 78.157.223.255
81.19.176.0 - 81.19.191.255
94.229.64.0 - 94.229.79.255
|
wilderness
msg:4535001 | 1:39 pm on Jan 10, 2013 (gmt 0) |
Interserver, Inc
INTERSERVER 173.214.160.0 - 173.214.175.255 173.214.160.0/20
INTERSERVER 192.64.80.0 - 192.64.87.255 192.64.80.0/21
INTERSERVER 199.231.184.0 - 199.231.191.255 199.231.184.0/21
INTERSERVER 206.72.192.0 - 206.72.207.255 206.72.192.0/20
INTERSERVER 209.159.144.0 - 209.159.159.255 209.159.144.0/20
INTERSERVER 64.20.32.0 - 64.20.63.255 64.20.32.0/19
INTERSERVER 66.23.224.0 - 66.23.239.255 66.23.224.0/20
INTERSERVER 66.45.224.0 - 66.45.255.255 66.45.224.0/19
INTERSERVER 68.168.208.0 - 68.168.223.255 68.168.208.0/20
INTERSERVER 69.10.32.0 - 69.10.63.255 69.10.32.0/19
INTERSERVER 2604:A00:: - 2604:A00:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
|
blend27
msg:4535072 | 5:54 pm on Jan 10, 2013 (gmt 0) |
66.154.100.75 - UA: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:16.0) Gecko/20100101 Firefox/16.0
Requested supporting files from the page. Reverse points to "Canadian farma" site, oops...403 :).
Belongs to: ASSERTIVENETWORKS
66.154.96.0 - 66.154.127.255 ASSERTIVENETWORKS 66.154.96.0/19
|
keyplyr
msg:4535655 | 12:31 pm on Jan 13, 2013 (gmt 0) |
weebly cloud hosting
199.34.228.0 - 199.34.231.255
199.34.228.0/22
hostopia & aplus hosting > InternetNamesForBusiness.com
64.29.144.0 - 64.29.159.255
64.29.144.0/20
Both of these are geared toward amateur site builders so probably not a malicious bot threat... more of a FYI.
|
wilderness
msg:4535665 | 2:38 pm on Jan 13, 2013 (gmt 0) |
InternetNamesForBusiness
MEGA-13 206.225.88.0 - 206.225.91.255 206.225.88.0/22
MEGA-6 209.235.128.0 - 209.235.159.255 209.235.128.0/19
MEGA-7 216.55.132.0 - 216.55.135.255 216.55.132.0/22
MEGA-8 (216.55.144.0 - 216.55.159.255 216.55.144.0/20
MEGA-9 216.55.172.0 - 216.55.175.255 216.55.172.0/22
MEGA-10 216.55.188.0 - 216.55.191.255 216.55.188.0/22
MEGA-1 216.251.32.0 - 216.251.47.255 216.251.32.0/20
EXP-INFB-109-24 216.82.109.0 - 216.82.109.255 216.82.109.0/24
MEGA-2 64.29.144.0 - 64.29.159.255 64.29.144.0/20
MEGA-3 69.49.96.0 - 69.49.127.255 69.49.96.0/19
MEGA-11 66.226.64.0 - 66.226.71.255 66.226.64.0/21
MEGA-12 66.226.80.0 - 66.226.95.255 66.226.80.0/20
MEGA-4 2001:1810:: - 2001:1810:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
|
wilderness
msg:4535668 | 2:46 pm on Jan 13, 2013 (gmt 0) |
weebly cloud hosting
199.34.228.0 - 199.34.231.255
199.34.228.0/22 |
|
WEEBLYNET2 74.115.48.0 - 74.115.51.255 74.115.48.0/22
|
dstiles
msg:4535746 | 8:24 pm on Jan 13, 2013 (gmt 0) |
Some of the InternetNamesForBusiness ranges are sub-ranges of larger Codero ranges, which should also be blocked (eg all 216.55 can be combined).
|
keyplyr
msg:4535756 | 9:27 pm on Jan 13, 2013 (gmt 0) |
Thanks dstiles, good catch.
|
keyplyr
msg:4535876 | 10:43 am on Jan 14, 2013 (gmt 0) |
In-Solve Hosting, Russia
81.177.166.0 - 81.177.167.255
81.177.166.0/23
|
dstiles
msg:4535992 | 8:40 pm on Jan 14, 2013 (gmt 0) |
I actually block 81.176.0.0/15 - RTCOMM-RU
|
keyplyr
msg:4536000 | 9:17 pm on Jan 14, 2013 (gmt 0) |
Isn't Sochitelecom (81.176.0.0 - 81.176.2.255) a Cable ISP?
|
wilderness
msg:4536018 | 9:49 pm on Jan 14, 2013 (gmt 0) |
| Some of the InternetNamesForBusiness ranges are sub-ranges of larger Codero ranges, which should also be blocked (eg all 216.55 can be combined). |
|
dstiles,
I've had 216.55.128-191 denied since 2004 under the former name of Abacus America Inc.
Today that same company operates under the name of aplusnet, however the 216.55. IP's have been reassigned.
There is a small community college in the 216.55.
216.55.112.0 - 216.55.127.255
My nephew attends and the college was involved in an extensive widget project.
They offer wifi on-campus for students.
|
not2easy
msg:4536103 | 6:32 am on Jan 15, 2013 (gmt 0) |
A few more XEEX showed up
113.212.64.0 - 113.212.95.255 - XEEX India
113.212.64.0/19
216.151.128.0 - 216.151.159.255 - XEEX-COMMUNICATIONS
216.151.128.0/19
|
dstiles
msg:4536283 | 8:15 pm on Jan 15, 2013 (gmt 0) |
Wilderness - A DNS check shows 216.55.128.0/18 is still codero, which is always blocked. Some of the sub-ranges are assigned to InternetNames. I have nothing blocked in the range 216.55.112.0/20.
Keyplr - it may be but it's part of an annoying /15 and Russian and belonging to rtcomm.
|
blend27
msg:4538467 | 11:11 pm on Jan 22, 2013 (gmt 0) |
PEG TECH INC
199.188.104.0 - 199.188.111.255 199.188.104.0/21
199.180.100.0 - 199.180.103.255 199.180.100.0/22
192.74.224.0 - 192.74.255.255 192.74.224.0/19
142.4.96.0 - 142.4.127.255 142.4.96.0/19
142.0.128.0 - 142.0.143.255 142.0.128.0/20
OK Now!, several requests from each range with the past 2 month. Every IP is in projectHoneyPot(API) as a "comments spammer".
|
blend27
msg:4538477 | 11:50 pm on Jan 22, 2013 (gmt 0) |
add these to XEEX:
69.26.160.0 - 69.26.191.255
69.26.160.0/19
209.159.140.0 - 209.159.141.255 (via Trit Networks)
|
dstiles
msg:4538753 | 8:30 pm on Jan 23, 2013 (gmt 0) |
I have a note on the range 142.0.128.0/20 that part of the range is leased to China.
|
blend27
msg:4538817 | 2:15 am on Jan 24, 2013 (gmt 0) |
With some heavy duty adult content hosted there as well.
|
keyplyr
msg:4538829 | 2:59 am on Jan 24, 2013 (gmt 0) |
| With some heavy duty adult content hosted there as well. |
|
Commonly referred to as hobby sites :)
|
wilderness
msg:4538860 | 7:31 am on Jan 24, 2013 (gmt 0) |
Versaweb (old thread [webmasterworld.com])
76.164.196.194 - - [Thu Jan 24 06:22:51 2013] "GET / HTTP/1.1" 403 0 "-" "-"
VWEB-208-64-24 208.64.24.0 - 208.64.31.255 208.64.24.0/21
VWEB-208-66-72 208.66.72.0 - 208.66.79.255 208.66.72.0/21
VWEB-72-46-128 72.46.128.0 - 72.46.159.255 72.46.128.0/19
VWEB-76-164-192 76.164.192.0 - 76.164.239.255 76.164.224.0/20 76.164.192.0/19
|
| This 169 message thread spans 6 pages: < < 169 ( 1 2 3 [4] 5 6 ) > > |
|
|
