Is this one new?

Hardly.
I've a reference back to 2008.

Another OVH France...

5.196.0.0 - 5.196.255.255

Hobbs referenced one of their IP's in April [webmasterworld.com]

Alentus Corporation
ALENT-NBLK-4 204.19.238.0 - 204.19.239.255 204.19.238.0/23
ALENT-NBLK-5 208.123.208.0 - 208.123.223.255 208.123.208.0/20
ALENT-NBLK-3 216.177.128.0 - 216.177.143.255 216.177.128.0/20
ALENT-NBLK-1 216.185.32.0 - 216.185.63.255 216.185.32.0/19
ALENT-NBLK-2 64.40.144.0 - 64.40.159.255 64.40.144.0/20
ALENTUS-IPV6 2604:1880:: - 2604:1880:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

Thanks for the Alentus, those filled a few holes.

Had the OVH, that range has been there a while. Here's my current OVH list:

5.39.0.0/17 #OVH 5.39.0.0 - 5.39.127.255
5.135.0.0/16 #OVH 5.135.0.0 - 5.135.255.255
5.196.0.0/16 #OVH 5.196.0.0 - 5.196.255.255

(these are part of Level3 (8.0.0.0 - 8.255.255.255 8.0.0.0/8))
8.7.244.0/24 #OVH 8.7.244.0 - 8.7.244.255
8.18.122.0/24 #OVH 8.18.122.0 - 8.18.122.255
8.18.128.0/24 #OVH 8.18.128.0 - 8.18.128.255
8.18.136.0/21 #OVH 8.18.136.0 - 8.18.143.255
8.18.172.0/24 #OVH 8.18.172.0 - 8.18.172.255
8.20.110.0/24 #OVH 8.20.110.0 - 8.20.110.255
8.21.41.0/24 #OVH 8.21.41.0 - 8.21.41.255
8.24.8.0/21 #OVH 8.24.8.0 - 8.24.15.255
8.26.94.0/24 #OVH 8.26.94.0 - 8.26.94.255
8.29.224.0/24 #OVH 8.29.224.0 - 8.29.224.255
8.30.144.0/24 #OVH 8.30.144.0 - 8.30.144.255
8.30.145.0/24 #OVH 8.30.145.0 - 8.30.145.255
8.30.146.0/23 #OVH 8.30.146.0 - 8.30.147.255
8.30.208.0/21 #OVH 8.30.208.0 - 8.30.215.255
8.33.96.0/21 #OVH 8.33.96.0 - 8.33.103.255
8.33.128.0/21 #OVH 8.33.128.0 - 8.33.135.255
8.33.136.0/24 #OVH 8.33.136.0 - 8.33.136.255
8.33.137.0/24 #OVH 8.33.137.0 - 8.33.137.255

37.59.0.0/16 #OVH 37.59.0.0 - 37.59.255.255
37.60.48.0/20 #OVH 37.60.48.0 - 37.60.63.255
37.187.0.0/16 #OVH 37.187.0.0 - 37.187.255.255
46.105.0.0/16 #OVH 46.105.0.0 - 46.105.255.255
77.111.192.0/18 #OVH 77.111.192.0 - 77.111.255.255
87.98.128.0/17 #OVH 87.98.128.0 - 87.98.255.255
91.121.0.0/16 #OVH 91.121.0.0 - 91.121.255.255
92.222.0.0/16 #OVH 92.222.0.0 - 92.222.255.255
94.23.0.0/16 #OVH 94.23.0.0 - 94.23.255.255
109.190.0.0/16 #OVH 109.190.0.0 - 109.190.255.255
142.4.192.0/19 #OVH 142.4.192.0 - 142.4.223.255
167.114.31.64/26 #OVH 167.114.31.64 - 167.114.31.127
176.31.0.0/16 #OVH 176.31.0.0 - 176.31.255.255
178.32.0.0/15 #OVH 178.32.0.0 - 178.33.255.255
178.236.224.0/20 #OVH 178.236.224.0 - 178.236.239.255
188.165.0.0/16 #OVH 188.165.0.0 - 188.165.255.255
192.95.0.0/18 #OVH 192.95.0.0 - 192.95.63.255
192.99.0.0/16 #OVH 192.99.0.0 - 192.99.255.255
193.104.19.0/24 #OVH 193.104.19.0 - 193.104.19.255
198.27.64.0/18 #OVH 198.27.64.0 - 198.27.127.255
198.50.128.0/17 #OVH 198.50.128.0 - 198.50.255.255
198.100.144.0/20 #OVH 198.100.144.0 - 198.100.159.255
198.245.48.0/20 #OVH 198.245.48.0 - 198.245.63.255
213.186.32.0/19 #OVH 213.186.32.0 - 213.186.63.255
213.251.128.0/18 #OVH 213.251.128.0 - 213.251.191.255

This is just what I have from one server cluster I work with. I may have more OVH in my notes from other accounts. Too much work to check and compare, so if others have additional ranges not listed here, please do post.

BTW - several successive ranges in the above list can be merged to form larger, more inclusive ranges. I list these only for information.

Also I referenced the Level3 range only for information and not to imply this entire /8 should be blocked. There are some huge ISPs in there and personally I do not block all of it.

Another hetzner range, this time in South Africa...

197.189.192.0 - 197.189.255.255

The OVH 167 range is: 167.114.0.0 - 167.114.255.255

NetRange: 104.131.0.0 - 104.131.255.255
CIDR: 104.131.0.0/16
digitalocean.com

There are multiple references in the archives, however none to this forum and/or thread.

pair Networks
PAIRNET-BLK-2 209.197.64.0 - 209.197.127.255 209.197.64.0/18
PAIRNET 209.68.0.0 - 209.68.63.255 209.68.0.0/18
PAIRNET-BLK-3 216.92.0.0 - 216.92.255.255 216.92.0.0/16
PAIRNET-BLK-5 216.146.192.0 - 216.146.223.255 216.146.192.0/19
PAIRNET-BLK-8 64.130.0.0 - 64.130.63.255 64.130.0.0/18
PAIRNET-BLK-6 65.181.128.0 - 65.181.191.255 65.181.128.0/18
PAIRNET-BLK-4 66.39.0.0 - 66.39.159.255 66.39.128.0/19 66.39.0.0/17
PAIRNET-BLK-9 76.75.192.0 - 76.75.223.255 76.75.192.0/19
PAIRNET-V6-1 2607:F440:: - 2607:F441:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

HOSTUS
216.189.144.0 - 216.189.159.255 HOSTUS-IPV4-3 216.189.144.0/20
162.245.216.0 - 162.245.223.255 HOSTUS-IPV4-1 162.245.216.0/21
104.128.224.0 - 104.128.239.255 HOSTUS-IPV4-2 104.128.224.0/20

Hostus Pty Ltd
203.128.232.0 - 203.128.235.255 Hostus Pty Ltd 203.128.232.0/24

Centarra Networks Inc

CENTARRA-NETWORKS 192.119.144.0 - 192.119.159.255 192.119.144.0/20
CENTARRA-NETWORKS 192.161.192.0 - 192.161.255.255 192.161.192.0/18
CENTARRA-NETWORKS 192.241.8.0 - 192.241.15.255 192.241.8.0/21
CENTARRA-NETWORKS 198.52.128.0 - 198.52.255.255 198.52.128.0/17
CENTARRA-NETWORKS 199.195.156.0 - 199.195.159.255 199.195.156.0/22
CENTARRA-NETWORKS 66.248.192.0 - 66.248.223.255 66.248.192.0/19

Global Frag Networks

GLOBAL-FRAG-SERVERS 104.148.0.0 - 104.148.127.255 104.148.0.0/17
GLOBAL-FRAG-NETWORKS 104.223.128.0 - 104.223.255.255 104.223.128.0/17
GLOBAL-FRAG-SERVERS 107.179.0.0 - 107.179.127.255 107.179.0.0/17
GLOBAL-FRAG-SERVERS 192.200.192.0 - 192.200.223.255 192.200.192.0/19
GLOBAL-FRAG-SERVERS 23.228.64.0 - 23.228.127.255 23.228.64.0/18
GLOBAL-FRAG-SERVERS 23.247.0.0 - 23.247.127.255 23.247.0.0/17
GLOBAL-FRAG-SERVERS 2604:D180:: - 2604:D180:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

I had all those Centarra tagged as Avante. Guess they were acquired, or just changed their name. Thanks for the Global-Frag, they filled some holes.

I had all those Centarra tagged as Avante.

I'll be damned. I just swung by here to ask the identical question. Centarra is US, right? I looked up one random range and free lookup said Dallas. Avante was Canadian.

A cursory g### search turns up lots of places with "Centarra" and "Avante" in the same sentence. Most illuminating form: "Centarra is what we* did with Avante's assets". Guess that means a buyout.

:: dragging myself away from other forum because I don't feel like taking the time for a second shower today ::


* The next person who does the same search will probably come away with the impression that Nameless Other Forum swiped this quotation from WebmasterWorld. Don't know if that's good or bad in the present case.

Sinobot rattling in the barrel:
Highwinds Network Group, Inc. 205.185.192.0-205.185.223.255 205.185.192.0/22 ber...locked!
Mudhook Marketing 205.185.198.192-205.185.198.255

Prepare for the Tornados and Typhoons:
Q/
The funding positioned Highwinds for massive growth of its global CDN.
/Q
*sigh*

205.185.192.0 - 205.185.223.255 is actually 205.185.192.0/19 (not /22) and I'd need to be convinced this entire range is a threat before I block it. So far much of what I see in there is benign.

From a wiki...

"... offers IP services including CDN, cloud storage, IP transit, transport and colocation."

I have no blocked entries for highwinds, which indicates they are probably reputable and hold a tight control, but it still requires blocking in my book.

Hosting / facilitating Sinobots convinced me +immediately+: Others may dither :)

Angonasec: I would need evidence of the sinobot assertion. :)

You'll get per...lenty of evidence when you set a Sino-specific trap for them to fall into, as we have. There's no need to take my word for it: Test and see.

Sinobot rattling in the barrel

you set a Sino-specific trap for them to fall into

What's the full UA being used for these hits?

Nothing unusual. I don't use the UA or the IP to ID Sinobots, and (again) I'm not going to divulge how we are certain they are Chinese bots :)

Hint: It's not complicated, and not language based.

Another Sinobot this one is on:

ENZUINC Cloud 104.151.231.122 104.151.0.0/16 ber...locked!

Mostly US based cloud servers, with several more ranges.

Once again, what's the full UA being used for sinbot hits?

See previous answers KeyP :)

KeyP: I hope you've realised that Sinobot is merely generic term I have coined for any Chinese bot.

And we are asking: how do you know/define sinobot?

My own experience indicates that at least as many "attacks" on my sites come from "genuinely" USA bots as "chinese" bots.

See my previous answers Mr. Stiles :)

A couple of Sinobots caught fishing today:
50.31.108.135 Steadfast Networks 50.31.0.0/17 ber...locked!
107.190.172.7 OPPOBOX Sg 107.190.160.0/20 ber...locked!

With my current preoccupation hacking down Sinobots, I let this Bronx Johnny through my net!

PULSEPOINT Inc "ContextAd Bot 1.0" 74.214.192.0 - 74.214.199.255 74.214.192.0/21 ber...locked

Doubtless log-heads have it strapped down already.