1

I found this, but I don't think it answears my question: Is it safe to assume that two hosts on the same /24 network belong to the same AS-number?

I have online shop, on which somone is spamming massievely shopping carts. That IP belongs to a company which I found by using who.is https://who.is/whois-ip/ip-address/38.99.82.254

It states that their IP network is: network:IP-Network:38.99.82.0/24

Is it safe to assume that this network belongs to this company? So if I block by this IP mask I don't block some kind of legit ISP?

If no, then is there a way to determine what IP range should I block from this IP?

Community
  • 1
Gacek
  • 1,181
  • 2
  • 9
  • 10

1 Answers1

2

It all belongs to FieldTech, Inc. Searching for them I found this.

Stackcraft_noob
  • 115
  • 4
edoceo
  • 185
  • 3
  • I more meant how safe from who.is is it to asuume that this network range belongs to them. I know it belongs to Fieldtech Inc since its in who.is. I want to know more about interpreting results of who.is – Gacek Jan 04 '16 at 19:30
  • 1
    @Gacek To get more information than that, you'll need to speak with Fieldtech, the netblock owner. – EEAA Jan 04 '16 at 19:38
  • So it's not part of who.is answear? So what is this `IP-Network` part? what does it say? – Gacek Jan 04 '16 at 19:41
  • 1
    The whois results show that FieldTech owns the entire /24; if it was me I'd block the whole set -- if you assume that the WHOIS data is accurate (I do, mostly). – edoceo Jan 04 '16 at 19:48
  • That's what I wanted to know! :) – Gacek Jan 04 '16 at 19:57