(WWW = here?)

I watched Bergdorf Group machines/IPs ramp-up even after 403s, ditto 200s to bot-bait. After multiple blocked URI=REF hits from five of their IPs, I finally killfiled 91.224.160.0/24 on July 3.

JULY 3
91.224.160.132
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; KKman2.0)
91.224.160.129
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)
91.224.160.90
Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)

JUNE 13
91.224.160.91
Opera/8.00 (Windows NT 5.1; U; en)

JUNE 11
91.224.160.90
Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)

So many faked UAs, so little time... [projecthoneypot.org...]

(WWW = here?)

No, here would be WW. By WWW I'm referring to World Wide Web :) In other words searching for that IP range returns many account of SPAM bot activity, with various UAs (as you've attested.)

Indeed... Checked my logs, has the signature of a blog / forum spammer. Thanks for the heads-up.

Blocked the /23 back on April Fools day. Seems appropriate. :)

And this is pretty timely, via the Sans Incident Handlers: a new Mac OSX Lion trojan is being distributed through the Bergdorf network. [isc.sans.edu...]

This is a DNS changer type malware that modifies the hosts file to redirect
google sites to 91.224.160.26. Which appears to be in the British Virgin Islands.

Wow. And talk about small world.

Also interesting is F-Secure's article detailing the degrees to which the Bad Guys go to fake people out. [f-secure.com...]

NOTE: The trojan is a fake FlashPlayer.pkg installer for Mac; it has zero connection to Lion per se, or Apple, etc. Lion doesn't include a Flash package.