Special dispensation for 80.73.8 or can we proceed directly to /20 ?
Edit: Same question applies to 109.86.3.
9:47 pm on Mar 27, 2014 (gmt 0)
Dunno - I use a tool that gives me the CIDR. That's what the tool generated, so I assume the interim gaps aren't registered. Of course the danger is they will be picked up by an ISP, whatever the odds of that are.
11:07 pm on Mar 27, 2014 (gmt 0)
RE: Tov Bank-inform So for those brave:
18.104.22.168 - 22.214.171.124 126.96.36.199/20
188.8.131.52 - 184.108.40.206 220.127.116.11/15
18.104.22.168 - 22.214.171.124 126.96.36.199/16
188.8.131.52 - 184.108.40.206 220.127.116.11/15
5:40 am on Mar 28, 2014 (gmt 0)
New in L.A. 03/04/14 POWERUPHOSTING: 18.104.22.168 - 22.214.171.124 126.96.36.199/21
12:48 am on Mar 29, 2014 (gmt 0)
New crawler for me: ZemlyaCrawl out of CLOUD-SOUTH 188.8.131.52 - 184.108.40.206 220.127.116.11/21 UA: "ZemlyaCrawl/1.0 (+http://zemlyaozer.com/bot)" Right between OVH and Rackspace
12:57 am on Mar 29, 2014 (gmt 0)
Right between OVH and Rackspace
I was going to say "How thoughtful of them!" thinking it meant one tidy /19. But I've got OVH at 18.104.22.168/20 and Rackspace at 22.214.171.124/17 so I suppose that's what you meant :(
Uncharacteristically, I have already met and blocked ZemlyaCrawl.
2:28 am on Mar 29, 2014 (gmt 0)
And another BuyURL (unless I missed it here) from IDEALHOSTING at 126.96.36.199 - 188.8.131.52 184.108.40.206/21 on a normal looking if old UA: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:22.0) Gecko/20100101 Firefox/22.0" caught it by double checking some non-human looking browsing.
4:22 am on Mar 29, 2014 (gmt 0)
And another new Datashack: DataShack 220.127.116.11 - 18.104.22.168 it has urhostscom 22.214.171.124 - 126.96.36.199 in there too.
6:45 am on Mar 29, 2014 (gmt 0)
More FIBERGRID WEBEXXPURTS 188.8.131.52 - 184.108.40.206 220.127.116.11/24
ECATEL - I picked this one up last July: 18.104.22.168/23 22.214.171.124 - 126.96.36.199 but have not seen it on any sites except the one that is parked, so it had been sort of ignored. Now I find a close relative: 188.8.131.52 - 184.108.40.206 220.127.116.11/24 but it looks like there must be some broader range that covers the whole thing or is this a mixed use server/ISP outfit? Or did they just get the two little broom closets?
8:45 am on Mar 29, 2014 (gmt 0)
As far as the Webexpurts range, it is actually: 18.104.22.168 - 22.214.171.124 126.96.36.199/22
4:27 pm on Mar 29, 2014 (gmt 0)
Thank you keyplyr, I updated my record. I have been getting some strange results from RIPE queries recently. For one query on 188.8.131.52 - 184.108.40.206 it returned a CIDR of: 220.127.116.11/12 which does not seem to be reliable.
6:02 pm on Mar 29, 2014 (gmt 0)
18.104.22.168 - 22.214.171.124 is Vodafone, a European ISP. 126.96.36.199/12 is the route, or net block range that the ISP is on.
I only block individual IP addresses with ISPs. Probably just one person running a bot, or browser-side downloader, or a script-kiddie. These are pests and I usually block for a couple weeks, then remove.
not2easy - RIPE is more fragmented than (eg) Arin - you have to be careful reading it. In this case 188.8.131.52/12 is correct (belongs to arcor, although I have it as vodafone, which it was in 2011 when I registered the range in my db).
When reading any RIPE DNS response, always scroll down to the end, where the wider range (if relevant) is shown along with the actual "owner". There are often clues on the way in the form of email and web addresses.
9:07 pm on Mar 29, 2014 (gmt 0)
184.108.40.206/22 is also a webexxpurts range. This range is in the spamhaus drop list today.