Websense, Inc. is one of the busiest net abusers. Their stealth scanning never stops.
208.80.193.26 … "GET / HTTP/1.0" 403 4232 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; 3304; SV1; .NET CLR 1.1.4322)" "-"
208.80.193.37 … "GET /blog/music/ HTTP/1.0" 403 4232 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Dealio Toolbar 3.1.1; Zango 10.0.370.0)" "-"
Primarily, the abuse is coming from 208.80.193.0/24.
$ nice gunzip -c | egrep '^208.80.19' | awk '{print($1)}' | sort | uniq -c | sort -r -n
35 208.80.193.31
34 208.80.193.44
33 208.80.193.33
30 208.80.193.27
25 208.80.193.37
25 208.80.193.32
22 208.80.193.46
22 208.80.193.30
21 208.80.193.35
20 208.80.193.42
19 208.80.193.45
18 208.80.193.29
16 208.80.193.39
15 208.80.193.40
14 208.80.193.48
14 208.80.193.34
12 208.80.193.47
11 208.80.193.36
6 208.80.193.41
6 208.80.193.38
5 208.80.193.26
4 208.80.193.59
4 208.80.193.50
2 208.80.193.54
1 208.80.193.43
Here are Websense’s netblocks. Block all of them.
* 66.194.6.0/24
* 208.80.192.0/21
* 204.15.64.0/21