melbourne.co.uk
178.250.48.0/21
178.250.48.0 - 178.250.55.255

Two new ranges for OVH, become active this week.

51.254.0.0/15
158.69.0.0/16

bhukkel - Thanks for the first range, but 158.69.0.0/16 is allocated to an engineering firm at parsons.com?

@dstiles
look here at ripe [apps.db.ripe.net...]

route: 158.69.0.0/16
descr: OVH
origin: AS16276
mnt-by: OVH-MNT
created: 2015-05-28T18:02:29Z
last-modified: 2015-05-28T18:02:29Z
source: RIPE # Filtered

But perhaps whois data is not updated, these ranges where tweeted by the CTO of OVH as new ranges.

158.69.0.0/16 is allocated to an engineering firm at parsons.com?

That's also what my source says, although that's a pretty big range for a construction company.

This is the problem getting information from second (or third ) parties.

Found this:
xecu.net
216.127.128.0/19
216.127.128.0 - 216.127.159.255

Already had this:
MultaCom
216.127.160.0/19
216.127.160.0 - 216.127.191.255

This gets 'em both:
216.127.128.0/18

158.69.0.0/16
RIPE says...

NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
IPv4 address block not managed by the RIPE NCC

ARIN says it's Parsons. Someone is lying! :)

My guess is that RIPE failed to change a record when it was re-allocated, but it's only a guess.

I've had no baddies from it, anyway, so I'll leave it for now. :)

FWIW, Parsons is a very large world-wide company.
There's a Wiki page on them.

May 30 on Twitter, Octave Klaba / Oles (@olesovhcom) founder, owner, chairman & cto of OVH (ovh.com) says:

new IPv4 158.69.0.0/16

new IPv4 51.254.0.0/15

If you're blocking:
servercentral.com
75.102.0.0/19
75.102.0.0 - 75.102.31.255

You may want to consider poking a hole for:
All Points Broadband
75.102.44.0/23
75.102.44.0 - 75.102.45.255

I noticed a couple humans getting blocked. I opened access and now get more :)

On a similar note - IMO the age of mobile has changed blocking strategies considerably. No longer is a range assigned to servers a safe bet to block. Mobile has created a new market for these server farms, cloud services. I'm getting a couple dozen daily iPad, iPhone, Android & Nokia users coming through Amazon and other server farm ranges. I've poked at least 50 holes in the last couple weeks (all conditional of course.)

Poking holes for mobiles within cloud is never-ending. I've added a by-pass for companies like amazon based on the UA and a reasonable mobile-like behaviour. Not ideal but my customers complain if their customers get blocked. They can be so unreasonable! :(

Thanks for the all-points hole. :)

KDDI is hosting based in Japan, however they also describe themselves as Japan Network Information Center, which IMO is vague. Their "about" page says:

We have provided this hosting service to more than 40,000 corporate clients to date

As always the challenge is to determine which ranges port as outgoing servers. So far this is what I've been able to find:

106.128.0.0/10
106.128.0.0 - 106.191.255.255

121.104.0.0/13
121.104.0.0 - 121.111.255.255

158.199.128.0/17
158.199.128.0 - 158.199.255.255

Anyone else have more?

106.128.0.0/10 - I've had this in my database since November 2012 as DSL (broadband). To date I've had one "bad" access in Feb this year. That is verging on sainthood! :)

121.104.0.0/13 - two bad hits on this one, 3 and 5 years ago.

158.199.128.0/17 - never been hit from here so no record in my database.

Japan Network Information Center is (I think) roughly the national version of apnic - it allocates ranges throughout Japan.

KDDI - I have about 80 bad hits over the past 5 years - not at all bad. Ranges I have for them (see notes above)...

27.34.128.0 - 27.34.159.255
27.80.0.0 - 27.95.255.255
49.132.0.0 - 49.135.255.255
59.128.0.0 - 59.143.255.255
106.128.0.0 - 106.191.255.255
106.187.0.0 - 106.187.63.255
111.86.0.0 - 111.87.255.255
111.96.0.0 - 111.111.255.255
113.144.0.0 - 113.159.255.255
114.16.0.0 - 114.22.255.255
115.146.0.0 - 115.146.63.255
118.82.64.0 - 118.82.127.255
118.152.0.0 - 118.159.255.255
119.104.0.0 - 119.107.255.255
121.104.0 - 121.111.255.255
124.109.128.0 - 124.109.255.255
124.208.0.0 - 124.215.255.255
125.28.0.0 - 125.29.255.255
125.48.0.0 - 125.55.255.255
175.128.0.0 - 175.135.255.255
180.235.224.0 - 180.235.255.255
182.248.0.0 - 182.251.255.255
202.74.16.0 - 202.74.31.255
209.137.128.0 - 209.137.159.255
210.169.0.0 - 210.169.127.255
210.196.0.0 - 210.196.255.255
210.198.128.0 - 210.198.255.255
210.199.128.0 - 210.199.255.255
210.230.0.0 - 210.230.255.255
210.233.0.0 - 210.233.63.255
210.238.64.126 - 210.238.127.255
222.0.0.0 - 222.15.255.255
222.226.0.0 - 222.227.255.255

I found I had eight of those ranges blocked - I have now opened them in the light of above. Thanks for prompting me on this one. :)

I found I had eight of those ranges blocked - I have now opened them in the light of above.

dstiles are you saying that despite their statement about hosting, you allow these ranges access to your server?

Here's another, called KDDI America (kddia.com) datacenters & colo:

67.214.144.0/20
67.214.144.0 - 67.214.159.255

[edited by: keyplyr at 8:25 am (utc) on Jun 4, 2015]

These two were new:

aitcom.net
66.219.96.0/20
6.219.96.0 - 66.219.111.255

riffle.be
89.106.240.0/21
89.106.240.0 - 89.106.247.255

keyplyr - I allow access based on the fact that I BELIEVE Japan KDDI is broadband.

Without looking too far into it, it appears that KDDI (Japan) and KDDIA (America) are different companies. But again, I have no record of badness from KDDIA either.

Yes, AFAIK a small part of these KDDI ranges are BB, their websites say that. But from the descriptions of their services, most customers as biz hosting & datacenter services like colo... no home user BB.

As far as "baddies" I get threats from these ranges at least 3 or 4 times a week, every week and for quite a long time now.

Just a heads-up:

Yahoo's HostingProd
98.136.0.0/14
98.136.0.0 - 98.139.255.255

Parts of this range might now be used to crawl:

98.138.142.8 - - [06/Jun/2015:01:57:56 -0700] "GET /robots.txt HTTP/1.1" 304 165 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; [help.yahoo.com...]
98.138.142.8 - - [06/Jun/2015:01:57:56 -0700] "GET /example.html HTTP/1.1" 403 1510 "-" "Mozilla/5.0 (compatible; Yahoo Link Preview; [help.yahoo.com...]

Host: n01.crawl.yahoo.net.

I poked a conditional hole :)

Does yahoo crawl legitmately now? I blocked slurp a year or so back when MS began providing copy for them. They still come around but do not get anything.

In case it hasn't come up yet:
91.218.228.0/22
Russia
Internet-Hosting Ltd.

With a name like that, it seemed safe to skip env=bad_russia and proceed directly to Deny from ... even if free lookup hadn't helpfully told me that “2,517 websites use this address.”

Does yahoo crawl legitmately now? I blocked slurp a year or so back when MS began providing copy for them. They still come around but do not get anything.

Absolutely - Yahoo has been crawling legitimately all along. Bing just took over their vertical search for N. America and W, Europe.

If you've been blocking Slurp and other Yahoo bots from legit crawl ranges then you've been blocking Yahoo from including your resources in numerous venues.


@Lucy24 - Thanks, also right above ihc.ru is:

Depo Data Center
91.218.120.0/22
91.218.120.0 - 91.218.123.255

BullCat Webhosting
91.218.204.0/22
91.218.204.0 - 91.218.207.255

OVH (ovh.com) says:
new IPv4 51.254.0.0/15

Holy ###. I know there was a quite recent thread somewhere hereabouts that said one UK government department is dumping its /8 ... but I honestly thought they were kidding.

Anyone know anything about these guys? I've had them blocked for quite a while (same name) but didn't write notes so now I've forgotten the story on them. They got my attention again today when a possible human (with SE referrer & favicon request) was blocked:

bigtip.com
192.126.128.0/17
192.126.128.0 - 192.126.255.255

Allowable time to edit post has past.

Yeah, yeah, yeah...

All I could find is "BigTip, Inc. offers online marketing services." but nothing about their /17 range allotment. What do they do with all those IPs? Wonder if there are some VPNs or proxies in there?

Garrison Network Solutions LLC

162.253.64.0 - 162.253.67.255 GNS-1 162.253.64.0/22
104.192.100.0 - 104.192.103.255 GNS-2 104.192.100.0/22
104.255.224.0 - 104.255.231.255 GNS-3 104.255.224.0/21
66.11.112.0 - 66.11.127.255 GNS-4 66.11.112.0/20
45.43.0.0 - 45.43.31.255 GNS-5 45.43.0.0/19

Just a heads-up for anyone blocking:
nLayer
204.93.32.0/19
204.93.32.0 - 204.93.63.255

I discovered an IP transit & bandwidth provider for ISPs inside that range:
giglinx.com
204.93.58.0/23
204.93.58.0 - 204.93.59.255

Another giglinx.com
8.15.230.0/23
8.15.230.0 - 8.15.231.255

keyplr:
> Yahoo has been crawling legitimately all along.

Thanks. I was convince it was just playing at being a search engine nowadays and letting bing do all the work. I've re-enabled to see what happens.

> bigtip.com 192.126.128.0/17

I've had them blocked since Apr 2014 but nothing to indicate why in my notes. Sorry.

Thanks for garrison - only had one.

giglinx - think I'll leave it blocked:
"Giglinx - Wholesale Bandwidth, MPLS & Colocation"

giglinx - think I'll leave it blocked:

Read the tab "Carriers" you see they provide bandwidth for ATT, Abovenet, Verizon, T-Mobile Europe, Sprint and other human traffic corridors. A few humans hit my site from these ranges. Just say'n :)

New Range for LINODE
109.237.24.0/22
109.237.24.0 - 109.237.27.255

already hitting the sites from:

109.237.26.139
li1093-139.members.linode.com
UA: Internet-wide-scan-to-be-removed-from-this-list-email-info-at-binaryedge.io