Make that 176.53.0.0/17
Turkey (TR)
Radore Hosting Telekomunikasyon Hizmetleri San. ve Tic. Ltd. Sti.

Thanks dstiles. Do you happen to have that range in long form?

All I could find for Radore Hosting is:

176.53.0.0 - 176.53.0.255
176.53.0.0/24

/17 is half /16 where /16 is nnn.nnn.0.0 - nnn.nnn.255.255 so /17 is either nnn.nnn.0.0 - nnn.nnn.127.255 or nnn.nnn.128.0 - nnn.nnn.255.255.

And so it goes on, halving each time - /18 /19 /20 etc. The linux Internet Protocol Calculator is useful here.

Radore is one of those annoying companies that only register in DNS in /24 units. I often get impatient with these and dunp them whether or not they really are servers/nasties (also companies that register in DNS with gmail or hotmail addresses!). In the case of Radore, the full /17 belongs to them: you have to check each /24 (or skip a few, anyway) to find the full range. Usually a check at 0.0, 31.0, 32.0, 63.0, 64.0 etc (ie every /19) is sufficient.

Although some records give the "owner" as SAYFA, robtex says the full /17 is Radore.

I use linux Network Tools (the Whois tab) for most of the work but occasionally use robtex for deeper digging. On Windows I used to use a downloaded version of Sam Spade but I'm fairly sure the Whois on that is now well out of date. I usually use robtex in its cnet mode - paste in all but the last IP digit (eg nnn.nnn.nnn.) and it will return a) a sample of IPs within that /24 unit; b) the range(s) that it thinks are related (eg /17 plus /16 plus /15) (although not for Radore); c) the range's "owner".

I also use spamhaus and blacklistalert.org sometimes to find out more about an IP's reputation. These are geared towards mail but can sometimes be interpreted for servers. Spamhaus also has a server-useable blacklist.

If there is an ambiguity about a range of IPs (ie is it a server farm or a broadband network) I sometimes hit a couple or so sample IPs with linux Umit to check for open ports etc.

Very useful, thanks dstiles