For those not familiar with Spanish ISPs, RedIRIS is Spain's National Research and Education Network . They are part of Consorci de Serveis Universitaris de Catalunya and Forum of Incident Response and Security Teams . Essentially its an organization devoted to university networking projects and advanced R&D. They get their own nice big netblock to mess around with (in this case 193.144.0.0/14) . Similar projects in the US would be CalREN, Internet2 and LambdaRail. I'm seeing what looks like malicious scanning from the RedIRIS netblock, like this: ** ** - - [08/Sep/2014:18:54:34 -0400] "GET /muieblackcat HTTP/1.1" 404 15 "-" "-" ** ** - - [08/Sep/2014:18:54:34 -0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 15 "-" "-" ** ** - - [08/Sep/2014:18:54:34 -0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 15 "-" "-" ** ** - - [08/Sep/2014:18:54:35 -0400] "G