Msg#: 4498647 posted 2:34 pm on Oct 25, 2012 (gmt 0)
# WowRack/Swift Communications/AllHostShop/Revelation Hostile Networks - AS23033/AS33569 deny from 126.96.36.199/24 deny from 188.8.131.52/23 deny from 184.108.40.206/24 deny from 220.127.116.11/24 deny from 18.104.22.168/24 deny from 22.214.171.124/24 deny from 126.96.36.199/24 deny from 188.8.131.52/24 deny from 184.108.40.206/24 deny from 220.127.116.11/24 deny from 18.104.22.168/24 deny from 22.214.171.124/24 deny from 126.96.36.199/24 deny from 188.8.131.52/24 deny from 184.108.40.206/23 deny from 220.127.116.11/23 deny from 18.104.22.168/21 deny from 22.214.171.124/24 deny from 126.96.36.199/23 deny from 188.8.131.52/24 deny from 184.108.40.206/22 deny from 220.127.116.11/24 deny from 18.104.22.168/24 deny from 22.214.171.124/22 deny from 126.96.36.199/22 deny from 188.8.131.52/21 deny from 184.108.40.206/20 deny from 220.127.116.11/22 deny from 18.104.22.168/19 deny from 22.214.171.124/19 deny from 126.96.36.199/24 deny from 188.8.131.52/19 deny from 184.108.40.206/20 deny from 220.127.116.11/20 deny from 18.104.22.168/22 deny from 22.214.171.124/19
That is one ### of a lot of /24s for the US. It's what you'd expect to see from RIPE. Detour to WhoIs results in:
126.96.36.199/19 188.8.131.52/19 (best guess here because WhoIs got snarky) 184.108.40.206/19 (ditto) 220.127.116.11/19 18.104.22.168/22 (really, darn it) 22.214.171.124/21 (looks like that's really all there is-- I randomly checked .182.)
There's a 126.96.36.199/18 umbrella but it's not clear if all the occupants are servers.
188.8.131.52/21 and 184.108.40.206/24 (really: .169. is someone else)
... and at this point whois started getting grumpy and acting as if it was considering throwing a captcha at me. But I'd be suspicious of anything in ARIN that comes through as smaller than /21. Maybe /22 at the outside. You're generally looking at subletting. Some of those sublessors may be perfectly harmless schools or small towns, but in that case they're probably not buying your expensive custom-made widgets anyway so it's no risk.