I have the IP range 91.121/16 blocked at the server interface (in IIS) so would not even see that. I found some very persistent bot hits from the range a while back.
Staffa
10:34 pm on Oct 8, 2011 (gmt 0)
ks386262.kimsufi.com = 176.31.244.198 = OHV server farm.
just dropped by with UA : Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0
Kimsufi is a hosting company so we could get more bots with unidentifiable UAs. I have seen several requests originating from there on one site and blocked both ranges.
keyplyr
4:06 am on Oct 9, 2011 (gmt 0)
My older notes say that a vulnerability scan came from 91.121.181.60. (I didn't record the UA)
ks386262.kimsufi.com = 176.31.244.198 = OHV server farm
You mean "OVH" :)
Pfui
5:14 am on Oct 9, 2011 (gmt 0)
kimsufi.com and ovh.net have long been sources of trouble. I've denied both by Host for ages.
