Class D is irrelevant.
I've 2008 &09 references to ScanSafe in which they were using the Mzima Networks.
69.174.58.zzz - - [10/Apr/2012:20:02:08 +0100] "GET /MyFoldert/MySub/MyPage.html HTTP/1.1" 200 49634 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
PacketExchange, Inc NETBLK-PACKETEXCHANGE-V4-07 220.127.116.11 - 18.104.22.168
ScanSafe Inc. MZIMA08-CUST-SCANSAFE04 22.214.171.124 - 126.96.36.199
The images were grabbed on an entirely different and unrelated URL (likely an open proxy).
This page gets regular activity from ranges looking for a way to circumvent other denied ranges.
I'm certainly not allowing access to an PacektExchange.
Although it goes on behind the scenes, this is an open challenge.