Thanks for the corrections, seriously appreciated! The ARCOR designation was in the Vodaphone record so I thought that Arcor maint. servers is what the wider range covered, and for Vodaphone, Verizon, Roadrunner etc. communications cases I always only block the offending user, then watch for more of the same. I do copy the entire record for all my lookups, helps to see changes next time. :)
I had a similar but different visitor come in with the blocked UA: "curl/7.15.5 (i386-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5" from ADD2NET-DOT-COM184.108.40.206 - 220.127.116.11 I had not seen such a combination before.
Tiscali scraper I had no record for: (FR) IE-POOL-BUSINESS-HOSTING 18.104.22.168 - 22.214.171.124
OK, thanks! It has both names in the record and I have lots of other Tiscali listings so it was put with them, but I'll set it right. It shows: netname: IE-POOL-BUSINESS-HOSTING descr: IP Pool for Iliad-Entreprises Business Hosting Customers country: FR admin-c: IENT-RIPE tech-c: IENT-RIPE status: LIR-PARTITIONED PA mnt-by: MNT-TISCALIFR-B2B