205.237.88.140 - - [10/Mar/2014:01:32:48 -0700] "GET / HTTP/1.0" 403 1343 "-" "=Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16"

Grand Web Solutions
205.237.88.0 - 205.237.95.255
205.237.88.0/21

Portlane, Sweden
80.67.0.0 - 80.67.31.255
80.67.0.0/19

Sigmatic, Finland
80.69.172.0 - 80.69.175.255
80.69.160.0/20

Scandinavia does seem to be losing its pristine snow-like reputation.

Iceland is particularly worrying too. HQ of arch-nasty Opera.
And radical plans to become the copyright infringing Mecca of the Northern hemisphere.

Choopa

68.232.160.0 - 68.232.191.255
68.232.160.0/19

173.199.64.0 - 173.199.127.255
173.199.64.0/18

These folks seem to have been dormant for a while, based on post numbers that come up in search:

82.145.32.0/19
Iomart hosting, UK

I don't normally notice isolated requests for images, but the UA "PHP/5.3.19" kinda sticks out like a sore thumb.

Thanks lucy24, I didn't have that one.

Iomart block list is now:

82.145.32.0 - 82.145.63.255
82.145.32.0/19

83.142.224.0 - 83.142.231.255
83.142.224.0/21

95.154.217.0 - 95.154.255.255
95.154.192.0/18

109.169.5.128 - 109.169.255.255
109.169.0.0/18

217.147.80.0 - 217.147.92.255
217.147.80.0/20

I also have 212.38.176.0 - 212.38.191.255 as "Thrust::VPS LA|TX IOMART" 212.38.160.0/19

I picked up all these choopas last December in a previous post here and looked up CIDRs for them, in case someone needs a complete list:

64.237.32.0 - 64.237.63.255
64.237.32.0/19

66.55.128.0 - 66.55.159.255
66.55.128.0/19

68.232.160.0 - 68.232.191.255
68.232.160.0/19

108.61.0.0 - 108.61.255.255
108.61.0.0/16

173.199.64.0 - 173.199.127.255
173.199.64.0/18

208.167.224.0 - 208.167.255.255
208.167.224.0/19

209.222.0.0 - 209.222.31.255
209.222.0.0/19

216.155.128.0 - 216.155.159.255
216.155.128.0/19

I also have 212.38.176.0 - 212.38.191.255 as "Thrust::VPS LA|TX IOMART" 212.38.160.0/19

@not2easy - Fist off, thanks for the additional range.

However 212.38.160.0/19 = 212.38.160.0 - 212.38.191.255
but I know what you meant:)

You're right keyplyr, I had two ranges there, one inside the other and the CIDR is for the containing range. I was in the middle of something else - Thanks for spotting it!

Incero

23.29.112.0 - 23.29.127.255
23.29.112.0/20

23.227.160.0 - 23.227.191.255
23.227.160.0/19

107.155.64.0 - 107.155.127.255
107.155.64.0/18

New (for me) HostWinds range:

23.238.0.0 - 23.238.127.255
23.238.0.0/17

Which brings my HostWinds block list to:

23.238.0.0 - 23.238.127.255
23.238.0.0/17

23.254.128.0 - 23.254.255.255
23.254.128.0/17

108.174.192.0 - 108.174.207.255
108.174.192.0/20

142.11.192.0 - 142.11.255.255
142.11.192.0/18

192.119.64.0 - 192.119.127.255
192.119.64.0/18

192.236.128.0 - 192.236.255.255
192.236.128.0/17

198.84.64.0 - 198.84.127.255
198.84.64.0/18

198.143.96.0 - 198.143.127.255
198.143.96.0/19

199.59.56.0 - 199.59.63.255
199.59.56.0/21

Scandinavia does seem to be losing its pristine snow-like reputation.

Funny you should say that.

5.133.219.68 - - [25/Mar/2014:05:04:14 -0700] "GET / HTTP/1.0" 200 2521 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/10.0.2" 
5.133.201.79 - - [25/Mar/2014:05:04:15 -0700] "GET / HTTP/1.0" 200 2521 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/10.0.2" 

5.133.192.0/19

OBEnetworks and assorted other names. When I went to look them up, I got no further than

Obenetwork · Start · Internet · Hosting · Konsult · Om oss · Kontakt. Dedikerad
Server från Obenetwork. QuadCore Xeon, 8 GB RAM, SAS RAID1. Från 990kr/
mån.

(990 skr/mo? Holy ### that's expensive.* If they can afford that, can't they afford a more modern UA?)

Iceland is particularly worrying too. HQ of arch-nasty Opera.

Does Norway know this?


* Further lookup tells me the swedish krona is not what it used to be, but it still works out to over $100 US. And that's their "starting from" level.

IMO $100 US a month is pretty reasonable for a VPS and way cheap for a dedicated box (which is what they are boasting.)

inetnum: 46.22.166.0 - 46.22.166.255
inetnum: 46.22.164.0 - 46.22.165.255
inetnum: 46.22.173.0 - 46.22.173.255
netname: E-RING-NETWORK
descr: E-RING KRAKOW DATA CENTER
country: PL

Tov Bank-inform, Ukraine
These are servers hosting websites.
Lots of compromised machines being used for refer spam and possibly bot-nets:

37.57.0.0 - 37.57.255.255
37.57.0.0/16

80.73.0.0 - 80.73.7.255
80.73.0.0/21

80.73.9.0 - 80.73.15.255
80.73.9.0/24

80.73.9.0 - 80.73.15.255
80.73.10.0/23
80.73.12.0/22

109.86.0.0 - 109.86.2.255
109.86.0.0/23
109.86.2.0/24

109.86.4.0 - 109.87.255.255
109.86.4.0/22
109.86.8.0/21
109.86.16.0/20
109.86.32.0/19
109.86.64.0/18
109.86.128.0/17
109.87.0.0/16

159.224.0.0 - 159.224.255.255
159.224.0.0/16

178.150.0.0 - 178.151.255.255
178.150.0.0/15

80.73.0.0 - 80.73.7.255
80.73.0.0/21

80.73.9.0 - 80.73.15.255
80.73.9.0/24

80.73.9.0 - 80.73.15.255
80.73.10.0/23
80.73.12.0/22

Special dispensation for 80.73.8 or can we proceed directly to /20 ?

Edit: Same question applies to 109.86.3.

Dunno - I use a tool that gives me the CIDR. That's what the tool generated, so I assume the interim gaps aren't registered. Of course the danger is they will be picked up by an ISP, whatever the odds of that are.

RE: Tov Bank-inform
So for those brave:

80.73.0.0 - 80.73.15.255
80.73.0.0/20

109.86.0.0 - 109.87.255.255
109.86.0.0/15

159.224.0.0 - 159.224.255.255
159.224.0.0/16

178.150.0.0 - 178.151.255.255
178.150.0.0/15

New in L.A. 03/04/14 POWERUPHOSTING:
162.244.8.0 - 162.244.15.255
162.244.8.0/21

New crawler for me: ZemlyaCrawl out of CLOUD-SOUTH
198.101.8.0 - 198.101.15.255
198.101.8.0/21
UA: "ZemlyaCrawl/1.0 (+http://zemlyaozer.com/bot)"
Right between OVH and Rackspace

Right between OVH and Rackspace

I was going to say "How thoughtful of them!" thinking it meant one tidy /19. But I've got OVH at 198.100.144.0/20 and Rackspace at 198.101.128.0/17 so I suppose that's what you meant :(

Uncharacteristically, I have already met and blocked ZemlyaCrawl.

And another BuyURL (unless I missed it here) from IDEALHOSTING at
213.238.175.0 - 213.238.175.255
213.238.168.0/21
on a normal looking if old UA:
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:22.0) Gecko/20100101 Firefox/22.0"
caught it by double checking some non-human looking browsing.

And another new Datashack:
DataShack
192.187.96.0 - 192.187.127.255
it has urhostscom
192.187.114.48 - 192.187.114.55
in there too.

More FIBERGRID WEBEXXPURTS
91.108.180.0 - 91.108.180.255
91.108.180.0/24

ECATEL - I picked this one up last July:
89.248.170.0/23
89.248.170.8 - 89.248.171.127
but have not seen it on any sites except the one that is parked, so it had been sort of ignored. Now I find a close relative:
89.248.169.0 - 89.248.169.105
89.248.169.0/24
but it looks like there must be some broader range that covers the whole thing or is this a mixed use server/ISP outfit?
Or did they just get the two little broom closets?

As far as the Webexpurts range, it is actually:
91.108.180.0 - 91.108.183.255
91.108.180.0/22

Thank you keyplyr, I updated my record. I have been getting some strange results from RIPE queries recently. For one query on
178.11.136.0 - 178.11.255.255
it returned a CIDR of:
178.0.0.0/12
which does not seem to be reliable.

178.11.136.0 - 178.11.255.255 is Vodafone, a European ISP.
178.0.0.0/12 is the route, or net block range that the ISP is on.

I only block individual IP addresses with ISPs. Probably just one person running a bot, or browser-side downloader, or a script-kiddie. These are pests and I usually block for a couple weeks, then remove.

WEBEXXPURTS - actually 91.108.176.0 - 91.108.183.255 (/21)

ECATEL - actually 89.248.160.089.248.175.255 (/20)

not2easy - RIPE is more fragmented than (eg) Arin - you have to be careful reading it. In this case 178.0.0.0/12 is correct (belongs to arcor, although I have it as vodafone, which it was in 2011 when I registered the range in my db).

When reading any RIPE DNS response, always scroll down to the end, where the wider range (if relevant) is shown along with the actual "owner". There are often clues on the way in the form of email and web addresses.

151.237.184.0/22 is also a webexxpurts range. This range is in the spamhaus drop list today.