Fresh LINODE, this year. Already making rounds.

NetRange: 45.56.64.0 - 45.56.127.255
CIDR: 45.56.64.0/18
NetName: LINODE-US
RegDate: 2015-01-21

In fact I just rechecked, these are the latest for LINODE(I was missing a few):

LINODE-US - 66.175.208.0/20 - 66.175.208.066.175.223.255
LINODE-US - 50.116.0.0/18 - 50.116.0.050.116.63.255
LINODE-US - 74.207.224.0/19 - 74.207.224.074.207.255.255
LINODE-US - 69.164.192.0/19 - 69.164.192.069.164.223.255
LINODE-US - 173.230.128.0/19 - 173.230.128.0173.230.159.255
LINODE-US - 173.255.192.0/18 - 173.255.192.0173.255.255.255
LINODE-US - 23.239.0.0/19 - 23.239.0.023.239.31.255
LINODE-US - 66.228.32.0/19 - 66.228.32.066.228.63.255
LINODE-US - 104.237.128.0/19 - 104.237.128.0104.237.159.255
EU-LINODE-20091105 - 109.74.192.0/20 - 109.74.192.0109.74.207.255
LINODE-US - 139.162.0.0/16 - 139.162.0.0139.162.255.255
LINODE-US - 45.56.64.0/18 - 45.56.64.045.56.127.255
LINODE-US - 104.200.16.0/20 - 104.200.16.0104.200.31.255
EU-LINODE-20120816 - 151.236.216.0/21 - 151.236.216.0151.236.223.255
LINODE-US - 162.216.16.0/22 - 162.216.16.0162.216.19.255
EU-LINODE-20110606 - 176.58.96.0/19 - 176.58.96.0176.58.127.255
EU-LINODE-20100510 - 178.79.128.0/18 - 178.79.128.0178.79.191.255
EU-LINODE-20120920 - 185.3.92.0/22 - 185.3.92.0185.3.95.255
LINODE-US - 192.155.80.0/20 - 192.155.80.0192.155.95.255
LINODE-US - 192.81.128.0/21 - 192.81.128.0192.81.135.255
LINODE-US - 198.58.96.0/19 - 198.58.96.0198.58.127.255
LINODE-US - 198.74.48.0/20 - 198.74.48.0198.74.63.255
EU-LINODE-990630 - 212.111.40.0/22 - 212.111.40.0212.111.43.255
EU-LINODE-20000518 - 212.71.232.0/21 - 212.71.232.0212.71.239.255
EU-LINODE-20001010 - 213.52.128.0/22 - 213.52.128.0213.52.131.255
LINODE-US - 72.14.176.0/20 - 72.14.176.072.14.191.255
EU-LINODE-20010815 - 80.85.84.0/22 - 80.85.84.080.85.87.255
EU-LINODE-20050406 - 85.159.208.0/21 - 85.159.208.085.159.215.255
EU-LINODE-20051130 - 88.80.184.0/21 - 88.80.184.088.80.191.255
LINODE-US - 96.126.96.0/19 - 96.126.96.096.126.127.255
LINODE-US - 97.107.128.0/20 - 97.107.128.097.107.143.255

Sorry wrong formatting and I cant edit the message anymore.

LINODE-US - 66.175.208.0/20 - 66.175.208.0 - 66.175.223.255
LINODE-US - 50.116.0.0/18 - 50.116.0.0 - 50.116.63.255
LINODE-US - 74.207.224.0/19 - 74.207.224.0 - 74.207.255.255
LINODE-US - 69.164.192.0/19 - 69.164.192.0 - 69.164.223.255
LINODE-US - 173.230.128.0/19 - 173.230.128.0 - 173.230.159.255
LINODE-US - 173.255.192.0/18 - 173.255.192.0 - 173.255.255.255
LINODE-US - 23.239.0.0/19 - 23.239.0.0 - 23.239.31.255
LINODE-US - 66.228.32.0/19 - 66.228.32.0 - 66.228.63.255
LINODE-US - 104.237.128.0/19 - 104.237.128.0 - 104.237.159.255
EU-LINODE-20091105 - 109.74.192.0/20 - 109.74.192.0 - 109.74.207.255
LINODE-US - 139.162.0.0/16 - 139.162.0.0 - 139.162.255.255
LINODE-US - 45.56.64.0/18 - 45.56.64.0 - 45.56.127.255
LINODE-US - 104.200.16.0/20 - 104.200.16.0 - 104.200.31.255
EU-LINODE-20120816 - 151.236.216.0/21 - 151.236.216.0 - 151.236.223.255
LINODE-US - 162.216.16.0/22 - 162.216.16.0 - 162.216.19.255
EU-LINODE-20110606 - 176.58.96.0/19 - 176.58.96.0 - 176.58.127.255
EU-LINODE-20100510 - 178.79.128.0/18 - 178.79.128.0 - 178.79.191.255
EU-LINODE-20120920 - 185.3.92.0/22 - 185.3.92.0 - 185.3.95.255
LINODE-US - 192.155.80.0/20 - 192.155.80.0 - 192.155.95.255
LINODE-US - 192.81.128.0/21 - 192.81.128.0 - 192.81.135.255
LINODE-US - 198.58.96.0/19 - 198.58.96.0 - 198.58.127.255
LINODE-US - 198.74.48.0/20 - 198.74.48.0 - 198.74.63.255
EU-LINODE-990630 - 212.111.40.0/22 - 212.111.40.0 - 212.111.43.255
EU-LINODE-20000518 - 212.71.232.0/21 - 212.71.232.0 - 212.71.239.255
EU-LINODE-20001010 - 213.52.128.0/22 - 213.52.128.0 - 213.52.131.255
LINODE-US - 72.14.176.0/20 - 72.14.176.0 - 72.14.191.255
EU-LINODE-20010815 - 80.85.84.0/22 - 80.85.84.0 - 80.85.87.255
EU-LINODE-20050406 - 85.159.208.0/21 - 85.159.208.0 - 85.159.215.255
EU-LINODE-20051130 - 88.80.184.0/21 - 88.80.184.0 - 88.80.191.255
LINODE-US - 96.126.96.0/19 - 96.126.96.0 - 96.126.127.255
LINODE-US - 97.107.128.0/20 - 97.107.128.0 - 97.107.143.255

- 97.107.128.097.107.143.255

:: thinking hard ::

- (\d+)(\.\d+\.\d+\.0)\1(\.\d+\.\d+\.255)
>>
- \1\2 - \1\3

;)

I'm one of those people who doesn't get the "now you have two problems" joke.

Elsewhere...

212.172
Germany tec-topia (hosting)

109.73.96.0/20
Latvia Balticom
I'm not sure about the whole package, but 111 is definitely hosting, and I've never met a human from the area. That is, ahem, from 109.73.etcetera. Don't remember if I've ever met a Latvian in the flesh.

Since I'd previously blocked
109.73.64.0/20
this naturally led to some follow-up checking.
The bad news is that
109.73.80.0/20 (i.e. the bottom half of ..64.0/19)
is humans: Valle Umbra in Italy, for those who keep track.
The good news is that
109.73.112.0/20 (i.e. the bottom half of ..96.0/19)
is also hosting: UK, The Bunker.

---

Edit: Incidentally, does anyone happen to know what-if-anything "license.txt" is? I had two different robots asking for it.

Thanks for the linode ranges blend27, a couple new ones for me :)

Lucy, I have not seen "license.txt." I can only guess it may be something used by eCommerce sites, maybe those created with a CMS. The bot(s) may be config'd to request that file.

I used to get requests for "info.txt." So to get rid of the 404s I created an info.txt file with my company's basic info :)

Singapore Web Hosting usonyx.net
113.11.248.0/21
113.11.248.0 - 113.11.255.255

CLOUD-NET - 82.146.32.0/23
82.146.32.0 - 82.146.39.255

82.146.32.138 looking for /administrator/index.php & /admin.php.

Very nice, I love those!

@blend27, That cloudnet range is one of several inside of a larger host range:

ISPSystem, Russia
82.146.32.0 - 82.146.63.255
82.146.32.0/19

Sundance (www.sundanceint.com)
199.244.88.0 - 199.244.91.255
199.244.88.0/22

ooooo, juicy, thanks

Web.com
209.237.128.0/18
209.237.128.0 - 209.237.191.255

Hosting Ukraine VPS network
185.65.244.0/22
185.65.244.0 - 185.65.245.255

77.222.56.70(vh216.sweb.ru)

Requesting /js/mage/cookies.js (magento files)

So SpaceWeb.ru Hosting Provider

77.222.60.0 - 77.222.63.255 SpaceWeb 77.222.60.0/22
77.222.56.0 - 77.222.59.255 SpaceWeb 77.222.56.0/22
77.222.50.0 - 77.222.51.255 SpaceWeb 77.222.50.0/23
77.222.40.0 - 77.222.43.255 SpaceWeb 77.222.40.0/22


first mentioned within the old pack for RU/LV/UA here: [webmasterworld.com...]

@blend27

I've had those blocked as:
77.222.40.0/21
77.222.48.0/20

Tralala, another one from eastern Europe.

185.8.104.0/22
Baltic Servers, Lithuania
I think half the range is hosting and the other half is VPS, not that it matters.

For people not up on RIPE quotas in IPv4, /22 is as big as it gets in 185.

Thanks keyplyr.

BTW, I don't block by CIDR, I am on IIS(some sites are still on IIS6, shared hosting IIS7+ but no access to ApplicationHost.config).

I keep the ranges in db tables and last 20(ranges) in Application Memory for the recently accessed from, then do a query from memory.

So than last one would be:

select 'x' from application.last20ranges
where 1306409030 -- 77.222.56.70
between ip_start and ip_end -- 1306408960 and 1306409983 in this case.

I keep note of CIDRs though, just as any other good librarian would do ;)

... anyway

185.65.245.134(vps-13303.vps-ukraine.com.ua) - Looking for /administratorindex.php
UA: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)

seems like their Windows 98 system is all up to date with latest version of Internet Explorer available for the OS, especially on their VPS account. :)


185.65.244.0 - 185.65.245.255 HU-VPS3 185.65.244.0/22

185.65.244.0 - 185.65.245.255 HU-VPS3 185.65.244.0/22

244-245 = /23 but I checked. The whole /22 (244-247) is Ukraine Hosting, they're just being coy about it.

244-245 = /23

Thanks. I only use CIDR, so when I investigated and found they were actually /22 I forgot to go back & update the full range in my notes.

New for me:
FastVPS
46.36.216.0/21
46.36.216.0 - 46.36.223.255

infobox.ru
77.221.128.0/19
77.221.128.0 - 77.221.159.255

So just a short while ago it was thrilling (lol) to catch an actual Russian server farm instead of just the usual hijacked accounts. Now it seems they are jumping right out of cyberspace at us; wonder why?

Also, I'm catching quite a few Chinese owners running their bots from Euro/US servers. This has always been the case, just seeing more of it. There's even at least one Chinese university CS lab sneaking around the Great Wall and running their test bots from a Swiss DC.

ActiveHost, RU
178.159.240.0/20
178.159.240.0 - 178.159.255.255

These threads are such useful resources. Just for the fun of it . . even if the data is potentially stale . . can someone pull the IP ranges from all the past threads and make them available somewhere on WebmasterWorld?

In the old days I used to be able to reload a printable "1 page" version of these threads which made it a bit easier to cull and collect the IP ranges.

Please?

Pretty please?

Pretty please with the promise of free beer?

Good luck trying to do what was done in the old days

Today's scrapings:

162.213.40.0/22
That's for the two of you that wouldn't already slam the door in the face of anything calling itself "robospider". Disclaimer: I don't think ECSuite is inherently malign. I just don't think they've got any business running robots on the side.

193.107.16.0/22
Ideal Solution (to what?)

208.88.224.0/22
208.94.232.0/22
Both Webazilla. (I checked the neighborhood. They really are just /22.) I'd forgotten that there was a pretty recent discussion of WebTarantula.

178.62.128.0/17
Digital Ocean ... but wait!
178.62.0.0/17
also Digital Ocean (one's UK, the other Netherlands, I forget which is which). And since
178.63
is Hetzner, that means you may choose to proceed directly to
178.62.0.0/15

Elsewhere:
I've been deriving some amusement from a Ukrainian robot calling itself

Mozilla/5.0 (compatible; bingbot/3.0-alpha; +http://www.bing.com/bingbot.htm)

It crawls from 46.118.various. Lending verisimilitude to the UA, it asks for robots.txt as many as five times on a single visit. In fairness, my robots.txt does not actually say that "/admin/index.php" is off limits, possibly because there's no such file. Do you suppose they'd stop asking if I did include /admin/ in robots.txt?

Both "admin" and "index.php" seem to be targets for a multitude of bad agents. I block requests for both, end of story.

I block requests for both

I block requests for .php, period. (That is, THE_REQUEST as opposed to internal requests where the URL has something else.) My log-wrangling routine flags any 404. So if someone from a not-previously-blocked range asks for /admin/ I'll know about it.

I block requests for .php, period

I don't. I use php all over my sites, love it: contact forms, submit forms, server-side echos, includes, ad serving (where you don't want browser caching JS) and recently mobile-responsive detection & navigation scripting. It was one of the first programming languages I learned, back when it actually used for building a Personal Home Page.

- - -

sitehost.co.nz
120.138.16.0/20
120.138.16.0 - 120.138.31.255

Another expat Sinobot fell into my trap; first new one for a long time. Feeling quite chuffed to have nailed down apparently +all the rest+ :)

23.239.78.xxx NODESDIRECT 23.239.64.0 - 23.239.95.255 23.239.64.0/19 ber...locked!

I use php all over my sites

So do I ... but not in URLs. That's what I meant by "block requests".

RewriteCond %{THE_REQUEST} \.php
RewriteCond %{REQUEST_URI} !(page1|dir/page2)
RewriteRule \.php - [F,NS]

Technically the NS is redundant; it keeps the server from even having to look at Conditions most of the time.