The dates are when the messages were posted. Each post (on the given date) was merely the hex code. A hacker doing a sequential scan of IPs, probing for some vulnerability (or previous infection) will most likely find it on computers that are always connected to the internet (like a brodband connection). When one or more "targets" are found, it is reported to the bad guy, but the test needs to be reran to verify the IPs. They must be verified since most broadband connections are using dynamic IPs as opposed to static ones, you are going to come across ranges where one or more infected or vulnerable machines are connected, but over time the IP(s) will change. Hence, if you want to post to a group of partners the computer(s) you found, you can't post an IP for each one but the IP range.
Good point, but in that case why don't the ranges correspond to proper network masks? Most ISP's will allocate IP addresses from within an entire network mask rather than from some of the rather odd ranges that don't seem to correspond with any mask numbers.
You can certainly set up a specific DHCP server to return addresses within any range, even those that doesn't correspond with a network mask, but in general a hacker won't know what the specific DHCP ranges are for any particular ISP's servers. However the IP numbers will be allocated to the ISP in network mask ranges, the hacker can't in general know whether or if the ISP's DHCP servers match the network mask.