which is what led me to block all other IPs - it's not the hardest thing to just make an openssl req and get the common names of the certificate returned
especially if you know the hosting provider, which narrows down the ip space significantly