Currently Suspected NEW IP Ranges

ranges.txt

range - IP Range Owner

46.148.30.0/23 - Infium LLC
62.109.0.0/19 - TheFirst-RU clients
62.122.72.0/23 - Leksim Ltd.
78.24.216.0/21 - TheFirst-RU clients
82.146.40.0/21 - Infium LLC
82.146.56.0/21 - TheFirst-RU clients
91.197.131.0/24 - Virtual Data Computing LLC
91.207.60.0/23 - PE Ivanov Vitaliy Sergeevich
91.207.116.0/23 - Rise-v Ltd
91.213.72.0/24 - PE Zavalnuk Vladislav Mihailovich
91.213.93.0/24 - PE Mykola Vitalievich Tabakov
91.216.3.0/24 - PP Trusov Ilya Igorevych
91.217.90.0/23 - PE Ivanov Vitaliy Sergeevich
91.217.162.0/24 - Voejkova Nadezhda
91.222.64.0/24 - Virtual Data Computing LLC
91.223.28.0/24
91.226.72.0/24
91.229.76.0/22 - DeltaHost
91.229.248.0/24 - EPIOHOST
91.233.89.0/24 - PE Ivanova Yuliya Geraldovna
92.63.96.0/21 - TheFirst-RU clients
92.63.104.0/22 - TheFirst-RU clients
95.215.140.0/22 - Lekus
176.103.248.0/21
188.120.224.0/20 - TheFirst-RU clients
188.120.240.0/21 - TheFirst-RU clients
188.190.124.0/22 - Infium LLC
193.0.146.0/23 - Freestyle Ltd
193.28.144.0/24 - Adroit
193.104.110.0/24 - Software Service Prague s.r.o.
193.106.31.0/24 - Infium LLC
193.203.48.0/22 - PE Ivanov Vitaliy Sergeevich
194.1.184.0/24 - DreamHosting
194.29.185.0/24 - V.A.N. Kereskedelmi es Szolgaltato Beteti Tarsasag
194.126.251.0/24 - PE Plehanov Sergey Sergeevich
194.242.2.0/23 - Stilcom Ltd
195.34.78.0/23
195.39.252.0/23 - RIPE Allocated
195.74.88.0/23
195.78.108.0/23 - Global Routing
195.88.190.0/23 - Bigness group Ltd
195.226.220.0/24

hm, I happen to have a list of proxies that you can list on here, I made it so i can test my own IRC network against botnets, but if you want it just poke me somehow... lol (also, i'm wolfmitchell on freenode)

These were all the uninvited guests from my channel for the past few months: http://bpaste.net/show/bSl1kx7jSqgv9Kf1skXi/

I have no idea who they are, but as you see they joined once then left a few minutes later.

<ecks> * [madwar] (~madwar@62.109.29.80): madwar

PORT     STATE SERVICE    VERSION
1080/tcp open  socks5     Socks4A (Username/password authentication required)
8080/tcp open  http-proxy 3Proxy http proxy

62.109.28.0/22 TheFirst-RU clients (WebDC Msk)

---

On a side note, a numeric sort on the above list would be handy as it grows.

---

On another side note, this converts amstan's log into a list of IP addresses:

wget -qO - 'http://bpaste.net/raw/bSl1kx7jSqgv9Kf1skXi/' | sed 's/^.*@\([^>]*\).*/\1/' | sort | uniq

@tomreyn Sorted and added 62.109.28.0/22.

Also added the new ones from amstan's recent joins.

After a quick Google search (akh.par site:domaintools.net), I also found 92.63.96.0/21, if my calculations are correct.

I've observed a few (I didn't look at many) of the Russian spybots from "TheFirst-RU" have a PTR record of akh.par, hence why I did this.

WillPittenger just saw [palatnikov] (~palatniko@193.104.110.24): palatnikov in his channel (##baseball).

The IP has 3proxy running on the usual ports 1080 and 8080.

193.104.110.0/24: Software Service Prague s.r.o.

What's unusual about this is the fact that they've started to use Czech IPs. They appear to be growing.

Added those ranges, and some others @auscompgeek

Probably want to add 91.220.202.0/24 (Oliver Grup LLC) to the list as well.

20:39:24 --> | syntec (~syntec@91.220.202.159) has joined ##ncss_challenge                 
20:49:27 <-- | syntec (~syntec@91.220.202.159) has quit (Remote host closed the connection)
21:31:33 --> | cybertom (~cybertom@91.220.202.126) has joined #firefox
21:32:19 --> | cybertom (~cybertom@91.220.202.126) has joined ##ncss_challenge
21:33:59  -- | [cybertom] (~cybertom@91.220.202.126): cybertom
21:37:53  -- | [syntec] (~syntec@91.220.202.159) was syntec
21:54:14 <-- | cybertom (~cybertom@91.220.202.126) has quit (Remote host closed the connection)

cybertom didn't respond to CTCP PING.