Class D is irrelevant.
I've 2008 &09 references to ScanSafe in which they were using the Mzima Networks.
69.174.58.zzz - - [10/Apr/2012:20:02:08 +0100] "GET /MyFoldert/MySub/MyPage.html HTTP/1.1" 200 49634 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
PacketExchange, Inc NETBLK-PACKETEXCHANGE-V4-07 18.104.22.168 - 22.214.171.124
ScanSafe Inc. MZIMA08-CUST-SCANSAFE04 126.96.36.199 - 188.8.131.52
The images were grabbed on an entirely different and unrelated URL (likely an open proxy).
This page gets regular activity from ranges looking for a way to circumvent other denied ranges.
I'm certainly not allowing access to an PacektExchange.
Although it goes on behind the scenes, this is an open challenge.