# ColoCrossing, Quick to Get Large IP Blocks Issued and Faster to Soil Them



## drmike (Feb 26, 2014)

Back in December ColoCrossing was issued by ARIN a /14 of IP space:

http://www.spamhaus.org/sbl/query/SBL214220


NetRange: 107.172.0.0 - 107.175.255.255
CIDR: 107.172.0.0/14
OriginAS: AS36352
NetName: CC-17
NetHandle: NET-107-172-0-0-1
Parent: NET-107-0-0-0-0
NetType: Direct Allocation
RegDate: 2013-12-27
Updated: 2013-12-27

SpamHaus, just yesterday lopped off a /16 of the range for  bad behavior / use of IPs for "Snowshoe spam operation"


```
SBL214220 107.172.0.0/16 velocity-servers.net

25-Feb-2014 10:39 GMT snowshoe range
```


----------



## Nett (Feb 26, 2014)

Yo.


----------



## telephone (Feb 26, 2014)

@drmike you're slowing down. I bet in IRC that you'd cross-post this within 1 hour, not 4 hours


----------



## drmike (Feb 26, 2014)

I've been busy with work @telephone    This was on my list before I went to bed earlier in the day.


----------



## DomainBop (Feb 26, 2014)

telephone said:


> @drmike you're slowing down. I bet in IRC that you'd cross-post this within 1 hour, not 4 hours


The news was in my VPSB signature at least 6 hours before it was on LET.


----------



## MannDude (Feb 26, 2014)

And to be fair, I was told around 4PM 

[3:52:51 PM] :: http://www.spamhaus.org/sbl/query/SBL214220

Though I'm not surprised. A ton of their blocks are listed. Lots of spam, DDoS, housing illegal Iranian clients, and just general shit on their network.


----------



## mtwiscool (Feb 26, 2014)

MannDude said:


> And to be fair, I was told around 4PM
> 
> [3:52:51 PM] :: http://www.spamhaus.org/sbl/query/SBL214220
> 
> Though I'm not surprised. A ton of their blocks are listed. Lots of spam, DDoS, housing illegal Iranian clients, and just general shit on their network.



i hate spamhaus.

they have been know for blackmailing.

what is counted as spam is vary complex.

i know in the UK it's not illegal to host people from iran and i think it's the same in the US.

i have had honest emails blocked by Hotmail because of they fuckers if one person spams on the ip block the whole block gets black listed for 3 weeks.

spamhaus in breach of laws as they are affecting honest bunniss.

they think they do not need to follow trade laws.

rant over.


----------



## MartinD (Feb 26, 2014)

mtwiscool said:


> spamhaus in breach of laws as they are affecting honest bunniss.
> 
> they think they do not need to follow trade laws.
> 
> rant over.



Please share with us what law, exactly, and in what country(ies) said law is applicable and being broken?

Also, what is a bunniss?


----------



## peterw (Feb 26, 2014)

mtwiscool said:


> i have had honest emails blocked by Hotmail because of they fuckers if one person spams on the ip block the whole block gets black listed for 3 weeks.


Everyone will ignore them if they do not put this pressure on the ip owners.


----------



## Navyn (Feb 26, 2014)

The most important thing is when one or two ip involved in spamhouse it listed whole subnet as spam sending and try to put pressure on ip owner to justify the reason of spam which is not possible in every situation.


----------



## mtwiscool (Feb 26, 2014)

Navyn said:


> The most important thing is when one or two ip involved in spamhouse it listed whole subnet as spam sending and try to put pressure on ip owner to justify the reason of spam which is not possible in every situation.



because hosts need to investigate.

spamhaus act like judges and think everything is one sided.


----------



## mojeda (Feb 26, 2014)

mtwiscool said:


> because hosts need to investigate.
> 
> spamhaus act like judges and think everything is one sided.


Then maybe ColoCrossing needs to do a better job of dealing with customers abusing IPs, but then again I don't think they really care with as many IPs they have...


----------



## DomainBop (Feb 26, 2014)

Navyn said:


> The most important thing is when one or two ip involved in spamhouse it listed whole subnet as spam sending and try to put pressure on ip owner to justify the reason of spam which is not possible in every situation.



If it's an IP owner like ColoCrossing that A. is spammer friendly and B. has invalid SWIP info (see below) on many of its IPs then Spamhaus should ban all of their IPs permanently.

SBL on a /27 received yesterday: http://www.spamhaus.org/sbl/query/SBL214228

SWIP info for that /27:

OrgName:        Warfront Cafe LLC


OrgId:          WCL-94


Address:        23 Walnut St


City:           Wilkes-Barre


StateProv:      PA


PostalCode:     18702


Country:        US


RegDate:        2012-12-10


Updated:        2012-12-10


Ref:            http://whois.arin.net/rest/org/WCL-94

All of these ColoCrossing IP ranges also have invalid SWIP info that incorrectly lists Warfront Cafe LLC as the contact and Alex Vial has been aware for a few months that the contact info is incorrect since it was pointed out to him on the LET UGVPS/Crystal thread and he has stupidly chosen to do nothing about the incorrect info .

CC-198-46-153-0-26 (NET-198-46-153-0-1)     198.46.153.0 - 198.46.153.63


CC-198-23-153-0-25 (NET-198-23-153-0-1)     198.23.153.0 - 198.23.153.127


CC-198-46-158-0-25 (NET-198-46-158-0-1)     198.46.158.0 - 198.46.158.127


CC-198-46-136-128-25 (NET-198-46-136-128-1)     198.46.136.128 - 198.46.136.255


CC-198-46-132-128-25 (NET-198-46-132-128-1)     198.46.132.128 - 198.46.132.255


CC-198-23-156-144-29 (NET-198-23-156-144-1)     198.23.156.144 - 198.23.156.151


CC-198-23-228-0-25 (NET-198-23-228-0-1)     198.23.228.0 - 198.23.228.127


CC-198-23-167-128-25 (NET-198-23-167-128-1)     198.23.167.128 - 198.23.167.255


CC-198-144-186-64-26 (NET-198-144-186-64-1)     198.144.186.64 - 198.144.186.127


CC-198-23-250-0-25 (NET-198-23-250-0-1)     198.23.250.0 - 198.23.250.127


CC-198-23-154-192-26 (NET-198-23-154-192-1)     198.23.154.192 - 198.23.154.255


CC-198-23-228-128-25 (NET-198-23-228-128-1)     198.23.228.128 - 198.23.228.255


CC-172-245-33-128-25 (NET-172-245-33-128-1)     172.245.33.128 - 172.245.33.255


CC-192-210-149-0-25 (NET-192-210-149-0-1)     192.210.149.0 - 192.210.149.127


CC-198-23-247-192-26 (NET-198-23-247-192-1)     198.23.247.192 - 198.23.247.255


CC-192-210-216-0-25 (NET-192-210-216-0-1)     192.210.216.0 - 192.210.216.127


CC-198-46-144-0-25 (NET-198-46-144-0-1)     198.46.144.0 - 198.46.144.127


CC-198-46-154-128-26 (NET-198-46-154-128-1)     198.46.154.128 - 198.46.154.191


CC-172-245-7-0-24 (NET-172-245-7-0-1)     172.245.7.0 - 172.245.7.255


CC-198-46-151-64-26 (NET-198-46-151-64-1)     198.46.151.64 - 198.46.151.127


CC-198-46-132-0-25 (NET-198-46-132-0-1)     198.46.132.0 - 198.46.132.127


CC-172-245-222-64-26 (NET-172-245-222-64-1)     172.245.222.64 - 172.245.222.127


CC-198-46-150-64-26 (NET-198-46-150-64-1)     198.46.150.64 - 198.46.150.127


CC-198-46-157-128-25 (NET-198-46-157-128-1)     198.46.157.128 - 198.46.157.255


CC-198-46-138-0-26 (NET-198-46-138-0-1)     198.46.138.0 - 198.46.138.63


CC-198-46-153-64-26 (NET-198-46-153-64-1)     198.46.153.64 - 198.46.153.127


CC-198-46-147-0-25 (NET-198-46-147-0-1)     198.46.147.0 - 198.46.147.127


CC-192-210-194-128-25 (NET-192-210-194-128-1)     192.210.194.128 - 192.210.194.255


CC-192-210-238-128-25 (NET-192-210-238-128-1)     192.210.238.128 - 192.210.238.255


CC-198-46-151-0-26 (NET-198-46-151-0-1)     198.46.151.0 - 198.46.151.63


CC-172-245-35-192-26 (NET-172-245-35-192-1)     172.245.35.192 - 172.245.35.255


CC-172-245-6-0-24 (NET-172-245-6-0-1)     172.245.6.0 - 172.245.6.255


CC-172-245-39-0-24 (NET-172-245-39-0-1)     172.245.39.0 - 172.245.39.255


CC-198-144-187-128-27 (NET-198-144-187-128-1)     198.144.187.128 - 198.144.187.159


CC-192-3-154-32-27 (NET-192-3-154-32-1)     192.3.154.32 - 192.3.154.63


CC-96-8-112-96-27 (NET-96-8-112-96-1)     96.8.112.96 - 96.8.112.127


CC-172-245-223-0-24 (NET-172-245-223-0-1)     172.245.223.0 - 172.245.223.255


CC-192-3-19-0-24 (NET-192-3-19-0-1)     192.3.19.0 - 192.3.19.255


CC-75-102-10-96-27 (NET-75-102-10-96-1)     75.102.10.96 - 75.102.10.127


CC-192-3-115-0-25 (NET-192-3-115-0-1)     192.3.115.0 - 192.3.115.127


CC-192-3-26-128-25 (NET-192-3-26-128-1)     192.3.26.128 - 192.3.26.255


CC-192-3-117-128-25 (NET-192-3-117-128-1)     192.3.117.128 - 192.3.117.255


CC-172-245-19-0-24 (NET-172-245-19-0-1)     172.245.19.0 - 172.245.19.255


----------



## HaitiBrother (Feb 26, 2014)

Well, SPAM is easy to send today, with all these "low end" vpses costing less than like $5 per month, it's just easy to use clean ips to spam.

Plus, spamhaus is more for publicity, personally I don't give a shit about spamhaus, if I want to send spam all it will cost me is $5 basically for a server somewhere, 5 minutes to upload files, 30 seconds to hit the send button to this 30M email list sitting here, spam isn't complex, it's just mass mail, but they put this SPAM label on it, trying to make it seem bad, but for example, if ColoCrossing did a mass email saying to their customers they were going to close (_if only this was true_), that would be considered spam also, yet it's for a legitimate reason.


----------



## DomainBop (Feb 26, 2014)

> spam isn't complex, it's just mass mail, but they put this SPAM label on it, trying to make it seem bad,


It is bad because if you're a business the loss of time and productivity from having to deal with incoming spam (plus the cost of any SPAM prevention measures you implement) adds up to some serious $$$ per year even for small businesses.

http://www.cudamail.com/spam-cost-calculator/default.aspx



> if ColoCrossing did a mass email saying to their customers they were going to close (_if only this was true_), that would be considered spam


Emailing service change notices to customers isn't SPAM.


----------



## staticsafe (Feb 26, 2014)

HaitiBrother said:


> Well, SPAM is easy to send today, with all these "low end" vpses costing less than like $5 per month, it's just easy to use clean ips to spam.
> 
> Plus, spamhaus is more for publicity, personally I don't give a shit about spamhaus, if I want to send spam all it will cost me is $5 basically for a server somewhere, 5 minutes to upload files, 30 seconds to hit the send button to this 30M email list sitting here, spam isn't complex, it's just mass mail, but they put this SPAM label on it, trying to make it seem bad, but for example, if ColoCrossing did a mass email saying to their customers they were going to close (_if only this was true_), that would be considered spam also, yet it's for a legitimate reason.





> An electronic message is "spam" if (A) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients; AND (B) *the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent.*


-- http://www.spamhaus.org/consumer/definition/

Bolded the key part of the definition. The spam apologists in here are amusing.


----------



## kaniini (Feb 26, 2014)

mtwiscool said:


> because hosts need to investigate.
> 
> spamhaus act like judges and think everything is one sided.


Well, people aren't required to use Spamhaus, so maybe you should complain to the people who do.  Publishing lists of IPs associated with possible spam operations is protected speech.


----------



## Francisco (Feb 26, 2014)

For what it's worth spamhaus doesn't just ban a huge range like that on a hunch.

They ban it because they either have an informant or because they have enough proof to justify it (be it actual spam or obvious RDNS patterns).

CC has a bad policy when it comes to spammers and SWIP entries. They're now getting punished with minimum /24 bans because they've constantly had *large* subnets listed for spam. RDNS scans show that the whole subnet was used for such.

I'm talking full, massive, /20's at a time all with the same RDNS pattern and *zero* SWIP/RWHOIS.

We've had minimal issues with spamhaus. Whenever we've had complaints they inform us, Aldryic unzips, and the problem is resolved (with delisting) within a matter of a couple hours. They've been very reasonable with us and I honestly have zero complaints about them.

Francisco


----------



## Deleted (Feb 26, 2014)

It wasn't like this when I was an employee with them.


----------



## GVH-Jon (Feb 26, 2014)

We're pushing for ColoCrossing to get this resolved ASAP .. it's affecting one of our customers as well and we aren't even spammer-friendly.


----------



## HaitiBrother (Feb 26, 2014)

GVH-Jon said:


> We're pushing for ColoCrossing to get this resolved ASAP .. it's affecting one of our customers as well and we aren't even spammer-friendly.


_*laughs*_


----------



## VPSCorey (Feb 27, 2014)

They were one of the top 10 recipients of IP addresses last year which is amazing considering their company was Amazon, AT&T, Comcast, Verizon, Verizon Wireless, MicroSoft, Google, Facebook.  Telling me they're as big as these companies?


----------



## peterw (Feb 27, 2014)

FRCorey said:


> They were one of the top 10 recipients of IP addresses last year which is amazing considering their company was Amazon, AT&T, Comcast, Verizon, Verizon Wireless, MicroSoft, Google, Facebook.  Telling me they're as big as these companies?


They're not as big but do cheat more about justification.


----------



## DomainBop (Feb 27, 2014)

If you or anyone you know get sick, please call Dr. Jessie Feng, MD  

new /24 ROKSO today, IP range SWIPed to the pride of Kohl's


----------



## lbft (Mar 1, 2014)

http://www.spamhaus.org/sbl/query/SBL214220

So much for GVH-Jon's pleas, they doubled it in size to a /15.


----------



## Kris (Mar 1, 2014)

Ouch. 

15 open incidents and 1 known ROSKO.  They seem more angry about the lack of SWIP on blocks larger than /29 though. 

From this morning's listings in the comments: 

_No SWIP for this range which is larger than /29 and required by ARIN.

*Due to no SWIPs, the minimum size SBL listings for ColoCrossing from now on will be /24 or larger.*

If you are their customer and are being blocked due to this, ask them to add SWIPs._


----------



## drmike (Mar 1, 2014)

It's clear what the business model at CC is and in this IP accumulation game:

CC gets these big IP blocks to sell to spammers as virgin unsoiled IP space.  They charge the spammers per IP beyond what legit folks pay.  So they are getting oh, $5+ an IP from the spammers.  

Spam churns IPs with lists like this.  So that $5 is multiplied by IPs issued and multiplied by how many times they need new IPs a month.

/29 = 6 IPs = $30+  every time the spammer has to bounce to a new range.  This *could* be a daily or multiple time per day incident.

Long term, yeah they are banking on the IPs in mass being valuable, but until then they are profiting grossly for enabling SHIT behavior.


----------



## DomainBop (Mar 1, 2014)

Spamhaus comment on an IP that is swipped to CVPS (the majority of the new SBL's with SWIPs are either CVPS or 123sys):



> Snowshoe spam operation hitting spamtraps from random IPs at *cheap VPS servers*. Domain shadesleader4.com is registered with Whoisguard Whois cloaking service, so is not legitimate mailserver domain. These IPs should send no email at all to public Internet email addresses..


The cheap VPS servers comment is humorous, but the comment that domains with private WHOIS aren't "legitimate mail server domains" and shouldn't be used to send email should be a warning to any business that is using private WHOIS.


----------



## staticsafe (Mar 1, 2014)

DomainBop said:


> Spamhaus comment on an IP that is swipped to CVPS (the majority of the new SBL's with SWIPs are either CVPS or 123sys):
> 
> The cheap VPS servers comment is humorous, but the comment that domains with private WHOIS aren't "legitimate mail server domains" and shouldn't be used to send email should be a warning to any business that is using private WHOIS.


It is a matter of opinion, but legitimate businesses that send e-mails shouldn't be using WHOIS privacy services, at least on domains that send e-mails. That behaviour just looks suspicious to any mail administrator looking at traffic.


----------



## wlanboy (Mar 1, 2014)

staticsafe said:


> It is a matter of opinion, but legitimate businesses that send e-mails shouldn't be using WHOIS privacy services, at least on domains that send e-mails. That behaviour just looks suspicious to any mail administrator looking at traffic.


Yuo - a legal business does have to publish a lot of information so why should someone use private WHOIS on a domain when everything that is hidden is written on the homepage?


----------



## DomainBop (Mar 1, 2014)

wlanboy said:


> Yuo - a legal business does have to publish a lot of information so why should someone use private WHOIS on a domain when everything that is hidden is written on the homepage?


The US and EU differ on corporate information disclosure. In some US states it is possible for a business, and the people behind it to remain virtually anonymous: a lookup on a state corporate search in some states like Wyoming will give you the name of the business and the name/address of the registered agent service they're using but no info on the company directors or even the street address of the business.  There are no requirements for US businesses to publish their address on their websites like there are in the UK, Germany, etc.


----------



## Francisco (Mar 2, 2014)

@GVH-Jon have you had much luck yet?

They've not said anything in that LET thread about this very subject, but maybe they're in constant contact in tickets?

I know you're swapping IP's soon, not sure if this blacklist kinda sealed that deal or what.

Francisco


----------



## GVH-Jon (Mar 2, 2014)

Francisco said:


> @GVH-Jon have you had much luck yet?
> 
> 
> They've not said anything in that LET thread about this very subject, but maybe they're in constant contact in tickets?
> ...


The blacklist of ColoCrossing's /15 did not affect us as far as I am aware of. Check your PM.


----------



## Francisco (Mar 2, 2014)

GVH-Jon said:


> The blacklist of ColoCrossing's /15 did not affect us as far as I am aware of. Check your PM.


Oh? K, because at some point you said that but I figure you didn't check the exact IP's and just assumed it hit all of CC or something.

Soon

Francisco


----------



## GVH-Jon (Mar 2, 2014)

Francisco said:


> Oh? K, because at some point you said that but I figure you didn't check the exact IP's and just assumed it hit all of CC or something.
> 
> 
> Soon
> ...


It affected *one* of our customers who looks suspiciously like a spammer so his block would have been blacklisted either way. I was still pretty upset though at the blacklisting.


----------



## Nett (Mar 2, 2014)

Do you charge blacklisting removal fees?


----------



## GVH-Jon (Mar 2, 2014)

Nett said:


> Do you charge blacklisting removal fees?


We charge a $200 spam cleanup administrative fee if found intentionally guilty of spamming. If we're convinced it's a resold service we waive the fee.


----------



## MannDude (Mar 2, 2014)

GVH-Jon said:


> We charge a $200 spam cleanup administrative fee if found intentionally guilty of spamming. If we're convinced it's a resold service we waive the fee.


And what percentage of customers just up and leave without paying that?


----------



## raindog308 (Mar 2, 2014)

staticsafe said:


> It is a matter of opinion, but legitimate businesses that send e-mails shouldn't be using WHOIS privacy services, at least on domains that send e-mails. That behaviour just looks suspicious to any mail administrator looking at traffic.


But not all domains that send emails are businesses. Lotsa individuals have vanity domains - expecting them to put their full contact info in whois is not reasonable.


----------



## Nett (Mar 2, 2014)

MannDude said:


> And what percentage of customers just up and leave without paying that?


The percentage same as uptime guarantee.


----------



## staticsafe (Mar 2, 2014)

raindog308 said:


> But not all domains that send emails are businesses. Lotsa individuals have vanity domains - expecting them to put their full contact info in whois is not reasonable.


I specifically said *businesses*.


----------



## DomainBop (Mar 4, 2014)

ColoCrossing apparently doesn't want consumers to know that over 25% of their IP addresses are soiled. 

The moderators at LowEndBox are actively doing their part to intentionally mislead consumers by trying to keep the fact that many of the IPs are on blacklists hidden from the potential buyers of the ColoCrossing clients that Maarten Kossen is pushing on LEB (ColoCrossing LEB offers are posted by Maarten now, non-ColoCrossing offers are posted by the other writers). 

I posted a comment on the FTPIT (ftpit.com) LEB offer this morning  pointing out that their Buffalo test IP was on two blacklists. My comment also asked if they were an incorporated business and the state of incorporation...and I mentioned that 131K of CC's 480K IPs were blacklisted by Spamhaus (I was nice and didn't mention in my comment that FTPIT is banned at WHT or that FTPIT rents its equipment from ChicagoVPS which is a mecca for spammers).  My comment was quickly deleted (twice) so a brief summary is below:

MXToolbox shows that FTPIT's Buffalo test IP 172.245.209.182 is on the following blacklists:

SORBS DUHL: blocks email from more than 12 million host servers known to disseminate spam, phishing attacks and other forms of malicious email. The list typically includes email servers suspected of sending or relaying spam, servers that have been hacked and hijacked, and those with Trojan infestations. In an attempt to provide preemptive protection, SORBS also lists servers with dynamically allocated IP addresses.

SEM BLACK: If you are on the Spam Eating Monkey Blacklist, there could be any number of issues that need to be addressed in your network: virus-generated spam, dynamic IP Addresses previously used by spammers or bulk mail sending that does not comply with the CAN-SPAM Act.

Sorbs.net shows that the entire /22 range that the FTPIT test IP is located on is blacklisted by Sorbs.

_edit: about 15 minutes after posting here the comments were magically restored to LEB with the bullshit excuse that they got caught in the spam filters (which is not true because both comments were visible for several minutes after being posted and then removed/hidden by one of the LEB moderators)_


----------



## mikho (Mar 4, 2014)

Fyi:


Ftpit was assigned to me but I had to reassign it to Maarten since I was needed elsewhere and didn't have time to write it.


----------



## DomainBop (Mar 4, 2014)

mikho said:


> Fyi:
> 
> 
> Ftpit was assigned to me but I had to reassign it to Maarten since I was needed elsewhere and didn't have time to write it.


For what it's worth, I think A.V. was responsible for hiding the comments this morning and Maarten probably didn't know anything about it.

CC really needs to work on cleaning up their IP space because it is having a negative impact on many hosts.  The Spamhaus listings are relatively easy to clean up but CC IPs are also now starting to be blacklisted by some of the big corporate spam databases (for example, a 123systems test IP from their recent offer is on Barracuda).  The corporate lists and blacklists maintained by ISPs like ATT, etc. are a pain in the ass to try to get an IP removed from.


----------



## hellogoodbye (Mar 4, 2014)

I remember seeing your comment on that post, it was the second one or something. I checked offers on another post and when I went back, your comment was already gone. It was definitely posted, though.

Speaking of soiled IPs, is the onus on the individual to get their own IP(s) removed from blacklists or do they have to notify the provider who assigned it to them?


----------



## Aldryic C'boas (Mar 4, 2014)

If said individual is the cause of the listing, then it's their responsibility.  Otherwise, the provider is at fault for selling them a dirty IP to begin with.

That's for moral responsibility, however.  As far as practical - if you are a client of a provider shady enough to receive such listings, you will have little to no luck in getting the listing removed.  Especially as it'll likely be for an entire block, out of which you may only have a few IPs.  The chaps I typically deal with at Spamhaus have inferred that the poor saps caught on blacklists due to CC's lack of ethics _"should've gone with a legitimate provider"._


----------



## wlanboy (Mar 4, 2014)

DomainBop said:


> CC really needs to work on cleaning up their IP space because it is having a negative impact on many hosts.  The Spamhaus listings are relatively easy to clean up but CC IPs are also now starting to be blacklisted by some of the big corporate spam databases (for example, a 123systems test IP from their recent offer is on Barracuda).  The corporate lists and blacklists maintained by ISPs like ATT, etc. are a pain in the ass to try to get an IP removed from.


I think they would act if enough hosts would complain about this.

But it looks like CC and the hosts do not care.


----------



## Virtovo (Mar 5, 2014)

hellogoodbye said:


> I remember seeing your comment on that post, it was the second one or something. I checked offers on another post and when I went back, your comment was already gone. It was definitely posted, though.
> 
> Speaking of soiled IPs, is the onus on the individual to get their own IP(s) removed from blacklists or do they have to notify the provider who assigned it to them?


Most blacklists will not deal with individuals and it will be the IP space owner who will need to contact for removal.


----------



## DomainBop (Mar 6, 2014)

Predicting that ColoCrossing is going to get another Spamhaus SBL listing in the very near future (and a forwarded complaint from Spamcop).


Received-SPF: neutral (google.com: 192.3.20.254 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=192.3.20.254;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 192.3.20.254 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Content-Type: text/html;
charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <[email protected]>
To: xxxxx
X-Mailer: sparrow 1.6.4 (build 1178)
Subject: RE: First place position for xxxxx on Google
From: [email protected]
Date: Thu, 06 Mar 2014 08:36:52 -0500
Received: from deltalen.com [192.3.20.254] by 8cri.deltalen.com with SMTP; Thu, 06 Mar 2014 08:36:52 -0500<html>

<head>

</head>

<body>

<p><font face="Arial" style="font-size: 11pt">Hi,</font></p>

<p align="left"><font face="Arial" style="font-size: 11pt">Would you like 
xxxxx to be seen first on Google before every other website for your business 
categories? <br>
Our clients range from small companies to large that rely on our services to be 
on top.</font></p>
<p align="left"><font face="Arial" style="font-size: 11pt">For more info on how 
your website can be seen at the top spot fast<b>
<a href="http://nivexel.com/new-services.html">please click here</a></b></font></p>
<p align="left"></p>
<p align="left"></p>
The spammer who is sending those emails is obviously hopping IP ranges at ColoCrossing because there was a CC SBL for that same spammer/message content earlier this week on a different IP range.


----------



## AuroraZero (Mar 6, 2014)

I can usually clean the IP up myself. I do not need the provider's help. Even Spamhaus will remove them for me once I explain the situation and assure them that there will be no more spam from the address as long as I am administrator of it.

I have had to do this for several clients as they did not know what was going on at the time. I have even had Microsoft, AT&T, etc.... remove them for me. Just have to talk to them as human beings and let them know what is going on. I find most people are like that if you treat them right they tend to treat you right. There are of course exceptions to every rule though.


----------



## D. Strout (Mar 6, 2014)

Today's LEB offer from VPSAce (with CC, as I'm sure most know) includes 25 cent IPs. I was tempted to pick one up to see if they were giving the IPs away because they were dirty (though the test IPs weren't), but I don't want to have anything to do with CC.


----------



## DomainBop (Mar 6, 2014)

DomainBop said:


> Predicting that ColoCrossing is going to get another Spamhaus SBL listing in the very near future (and a forwarded complaint from Spamcop)...


...and that prediction came true 6 hours later.  /30 blacklisted.    http://www.spamhaus.org/sbl/query/SBL215018.

Spamhaus's comment on the SBL: *"Told completely false story about spammer shut down. Very, very ugly."*


----------



## drmike (Mar 6, 2014)

DomainBop said:


> I posted a comment on the FTPIT (ftpit.com) LEB offer this morning  pointing out that their Buffalo test IP was on two blacklists. My comment also asked if they were an incorporated business and the state of incorporation...and I mentioned that 131K of CC's 480K IPs were blacklisted by Spamhaus (I was nice and didn't mention in my comment that FTPIT is banned at WHT or that FTPIT rents its equipment from ChicagoVPS which is a mecca for spammers).  My comment was quickly deleted (twice) so a brief summary is below:


But, but, but... you were nicer yet... You didn't mention that ChicagoVPS their upstream is ALSO BANNED from WHT.


----------



## drmike (Mar 6, 2014)

DomainBop said:


> ColoCrossing apparently doesn't want consumers to know that over 25% of their IP addresses are soiled.


The solution to that?  Get another big allocation.

I won't even touch moderation over there on those sites.   Calling folks running things there corrupt would be a nice label.


----------



## drmike (Mar 7, 2014)

Colocrossing aka Velocity Servers is doing real good today.

12 new Spamhaus entries today alone...  Bunch of them are straight from IPs under ChicagoVPS' control.   You would think by now these folks would have proper monitoring and throttle email...  I know I am expecting too much, as that would cut off that cash money yo!  Cash for spam...  lucrative.


```
SBL215302	
23.94.104.160/31	velocity-servers.net
07-Mar-2014 18:47 GMT	
Spam source greenoppg.com	


SBL215301	
23.94.104.158/31	velocity-servers.net
07-Mar-2014 18:47 GMT	
Spam source greenoppg.com	


SBL215300	
23.94.104.157/32	velocity-servers.net
07-Mar-2014 18:46 GMT	
Spam source greenoppg.com	


SBL215299	
23.94.104.164/31	velocity-servers.net
07-Mar-2014 18:45 GMT	
Spam source karaokeparty.org	


SBL215298	
23.94.104.162/31	velocity-servers.net
07-Mar-2014 18:44 GMT	
Spam source karaokeparty.org	


SBL215274	
192.3.137.64/28	velocity-servers.net
07-Mar-2014 16:55 GMT	
Yair Shalev / Kobeni Solutions
Snowshoe netblock	


SBL215253	
192.3.137.48/28	velocity-servers.net
07-Mar-2014 14:50 GMT	
Yair Shalev / Kobeni Solutions
Snowshoe netblock	


SBL215241	
198.23.203.176/29	velocity-servers.net
07-Mar-2014 14:08 GMT	
Snowshoe spammer hosting (DNS)	


SBL215232	
192.3.154.176/28	velocity-servers.net
07-Mar-2014 12:07 GMT	
Snowshoe spammer hosting (DNS and SMTP)	


SBL215231	
192.227.227.176/28	velocity-servers.net
07-Mar-2014 12:07 GMT	
Snowshoe netblock	


SBL215230	
198.23.160.110/32	velocity-servers.net
07-Mar-2014 12:05 GMT	
Snowshoe spam source	


SBL215229	
198.12.78.117/32	velocity-servers.net
07-Mar-2014 12:03 GMT	
Snowshoe spam source
```


----------



## DomainBop (Mar 7, 2014)

> You would think by now these folks would have proper monitoring


They do have proper monitoring.  They monitor the SBL listings and when one of their big spam clients gets an SBL they assign them a new IP range.    Best example: 2 new ROKSO listings from Yair Shalev today, 1 earlier this week which was already removed, and over 40 CC/Yair Shalev ROKSO listings in the past 12 months.

Sometimes they don't bother with a new IP and just lie to Spamhaus about terminating the spammer.  That strategy didn't work this week because Spamhaus caught them 



> Bunch of them are straight from IPs under ChicagoVPS' control.


Almost all of the repeat spammers seem to rotate between IPs SWIPed to CVPS/HVH/123sys/BlueVM (or CC direct unswiped IPs).  They get an SBL on CC provider A and a few days later will pop up on CC provider B.

edited to add: after Spamhaus started imposing a manadatory /24 block on unswiped CC SBL listings last week a lot of the SBL action shifted to CVPS (and its friends) SWIPed IPs which aren't subject to the mandatory /24 block.


----------



## yolo (Mar 7, 2014)

@drmike you will love this

http://www.senderbase.org/static/spam/

Click on "Top Senders by Network Owner"

Look who is #6


----------



## drmike (Mar 7, 2014)

#yolo rocks... FRIENDED!

 # Results from SenderBase -- IP addresses used to send emails in ColoCrossing


```
# Exported March 07, 2014 
# File format: "IP Address #	Hostname	Fwd/Rev DNS Match	Daily Volume	Monthly Volume	Blacklists	Email Reputation"
192.210.199.60  #	disloyal.resultleads.com		5.02	4.89		Poor
192.210.199.59  #	fulminous.skywayservices.net		4.51	4.89		Poor
192.210.199.62  #	forceless.northshorepartner.com		4.77	4.88		Poor
192.3.47.232    #	captor.9yt.com.br	1	2.56	4.88		Neutral
192.3.47.157    #	bought.6yt.com.br	1	2.86	4.87		Good
192.3.47.183    #	bugler.7yt.com.br	1	2.56	4.87		Neutral
192.3.47.8      #	absurd.1yt.com.br	1	2.56	4.87		Good
192.3.47.112    #	beacon.4yt.com.br	1	2.56	4.86		Good
192.3.47.56     #	arcing.2yt.com.br	1	4.98	4.86		Good
192.3.47.89     #	baited.4yt.com.br	1	0.00	4.86		Neutral
192.3.47.106    #	bashed.4yt.com.br	1	3.64	4.85		Neutral
192.3.47.80     #	avowed.3yt.com.br	1	2.56	4.85		Good
23.94.32.88     #	intconf.org	1	4.65	4.84		Good
192.3.47.23     #	advert.1yt.com.br	1	2.56	4.83		Good
192.3.172.28    #	scirp.info	1	4.73	4.83		Neutral
192.3.171.101   #	hongzheng.info	1	4.71	4.83		Good
192.3.47.161    #	bowfin.6yt.com.br	1	2.56	4.83		Neutral
192.3.47.21     #	advent.1yt.com.br	1	2.56	4.83		Good
192.3.47.124    #	biform.5yt.com.br	1	0.00	4.83		Good
192.3.47.111    #	beachy.4yt.com.br	1	4.24	4.82		Good
23.94.15.143    #			3.68	4.82		Poor
192.3.47.242    #	cashed.9yt.com.br	1	2.86	4.82		Good
192.210.199.61  #	circumciser.oakwoodpartner.com		4.72	4.82		Poor
192.3.47.4      #	abduct.1yt.com.br	1	4.82	4.82		Neutral
192.3.47.84     #	badger.3yt.com.br	1	0.00	4.81		Good
23.94.32.112    #	fengjingjing.info	1	4.67	4.81		Good
192.3.47.149    #	bodily.6yt.com.br	1	0.00	4.81		Neutral
192.3.47.218    #	calked.8yt.com.br	1	4.82	4.81		Neutral
192.3.47.192    #	burgle.7yt.com.br	1	2.56	4.81		Neutral
192.3.47.29     #	aguish.1yt.com.br	1	4.20	4.80		Good
192.3.47.162    #	bowing.6yt.com.br	1	3.60	4.80		Neutral
192.3.47.9      #	abused.1yt.com.br	1	3.68	4.79		Good
192.3.47.45     #	anemic.2yt.com.br	1	3.56	4.79		Good
192.227.252.156 #			4.71	4.79		Neutral
192.3.47.22     #	adverb.1yt.com.br	1	2.56	4.79		Good
192.3.47.202    #	busily.8yt.com.br	1	2.86	4.79		Neutral
192.3.47.49     #	anthem.2yt.com.br	1	0.00	4.78		Good
192.3.47.70     #	aspect.3yt.com.br	1	3.47	4.78		Neutral
192.3.47.197    #	burned.7yt.com.br	1	0.00	4.77		Good
192.3.134.115   #	antitragus.cheapluxuryshades.com		3.77	4.77		Poor
192.3.47.169    #	branch.6yt.com.br	1	0.00	4.77		Neutral
192.3.47.78     #	autism.3yt.com.br	1	0.00	4.77		Neutral
192.3.47.17     #	adieux.1yt.com.br	1	3.56	4.77		Good
192.3.47.130    #	birled.5yt.com.br	1	2.86	4.77		Good
192.3.47.85     #	badmen.3yt.com.br	1	2.86	4.77		Good
192.3.47.180    #	brunch.7yt.com.br	1	0.00	4.77		Good
192.3.47.156    #	botfly.6yt.com.br	1	2.56	4.77		Good
192.3.47.59     #	3yt.com.br	1	2.86	4.77		Neutral
192.3.47.87     #	4yt.com.br	1	3.60	4.77		Neutral
192.3.47.160    #	boused.6yt.com.br	1	2.56	4.77		Neutral
192.227.252.132 #	pothering.bunmore.com	1	4.85	4.76		Neutral
192.3.47.154    #	botany.6yt.com.br	1	0.00	4.76		Good
192.3.47.15     #	acumen.1yt.com.br	1	4.02	4.76		Good
192.3.47.99     #	baring.4yt.com.br	1	2.86	4.76		Good
192.227.252.130 #	uinta.bunmore.com	1	4.81	4.76		Neutral
192.3.47.193    #	burial.7yt.com.br	1	3.79	4.76		Good
192.3.47.243    #	casque.9yt.com.br	1	0.00	4.76		Good
192.3.161.247   #	planting.bunmore.com	1	4.88	4.76		Neutral
192.3.47.219    #	calkin.8yt.com.br	1	0.00	4.76		Good
192.227.252.131 #	natch.bunmore.com	1	4.82	4.75		Neutral
192.3.47.139    #	blimey.5yt.com.br	1	3.60	4.75		Neutral
192.3.47.182    #	bugled.7yt.com.br	1	3.74	4.75		Good
192.3.47.236    #	carpet.9yt.com.br	1	3.52	4.75		Neutral
192.3.47.213    #	cagier.8yt.com.br	1	2.56	4.74		Neutral
192.3.164.123   #			0.00	4.74		Good
192.3.161.101   #			4.65	4.74		Neutral
192.3.47.148    #	bodice.6yt.com.br	1	3.74	4.74		Good
192.3.47.146    #	boated.6yt.com.br	1	0.00	4.74		Good
192.3.47.175    #	bright.7yt.com.br	1	0.00	4.74		Neutral
192.3.47.204    #	busted.8yt.com.br	1	3.04	4.73		Good
192.3.47.35     #	algoid.2yt.com.br	1	3.64	4.73		Neutral
192.3.47.191    #	burden.7yt.com.br	1	2.56	4.73		Good
192.3.47.93     #	banger.4yt.com.br	1	3.41	4.73		Neutral
192.3.47.215    #	cajole.8yt.com.br	1	0.00	4.73		Good
192.3.47.201    #	busier.8yt.com.br	1	2.86	4.73		Neutral
192.3.47.120    #	bewail.5yt.com.br	1	2.56	4.73		Good
192.3.47.131    #	bishop.5yt.com.br	1	3.68	4.73		Neutral
192.3.47.216    #	caking.8yt.com.br	1	3.92	4.72		Good
192.3.47.54     #	aplomb.2yt.com.br	1	0.00	4.72		Good
192.3.47.151    #	bonked.6yt.com.br	1	3.52	4.72		Good
192.3.47.158    #	bounce.6yt.com.br	1	3.71	4.72		Neutral
192.3.47.61     #	argyle.3yt.com.br	1	2.56	4.72		Good
192.3.47.113    #	becalm.4yt.com.br	1	2.56	4.72		Neutral
107.161.156.169 #	jona23.servidorcriarsiteweb.info	1	0.00	4.72		Poor
192.3.47.100    #	barite.4yt.com.br	1	2.56	4.72		Neutral
192.3.47.178    #	bromic.7yt.com.br	1	2.56	4.72		Neutral
192.3.47.206    #	bustle.8yt.com.br	1	2.56	4.71		Neutral
192.3.47.10     #	abuser.1yt.com.br	1	3.60	4.71		Good
192.3.47.233    #	carked.9yt.com.br	1	0.00	4.71		Good
198.23.158.176  #	vps.serverbear.me		3.92	4.71		Poor
192.3.47.50     #	anther.2yt.com.br	1	2.56	4.71		Neutral
192.3.47.101    #	barmen.4yt.com.br	1	2.56	4.71		Good
192.3.47.168    #	boxier.6yt.com.br	1	0.00	4.71		Good
192.3.47.38     #	almost.2yt.com.br	1	2.56	4.71		Good
192.3.47.247    #	clique.9yt.com.br	1	2.56	4.71		Neutral
192.3.47.254    #	clumsy.9yt.com.br	1	0.00	4.70		Good
192.3.47.159    #	bourse.6yt.com.br	1	2.86	4.70		Good
192.3.47.143    #	6yt.com.br	1	2.86	4.70		Neutral
192.3.47.77     #	author.3yt.com.br	1	2.56	4.70		Neutral
192.3.47.150    #	bolide.6yt.com.br	1	3.04	4.69		Neutral
192.3.47.234    #	carped.9yt.com.br	1	0.00	4.69		Good
192.3.47.142    #	blotch.5yt.com.br	1	0.00	4.69		Good
192.3.47.141    #	blonde.5yt.com.br	1	0.00	4.69		Good
192.3.47.188    #	bunked.7yt.com.br	1	3.34	4.69		Neutral
192.3.47.82     #	awhile.3yt.com.br	1	4.11	4.69		Good
198.23.143.224  #	royaserver.com		0.00	4.69	1	Poor
192.3.47.13     #	acuity.1yt.com.br	1	2.56	4.69		Good
192.3.47.217    #	caliph.8yt.com.br	1	0.00	4.69		Good
192.3.47.122    #	bicker.5yt.com.br	1	3.82	4.68		Good
192.3.47.212    #	cadent.8yt.com.br	1	3.64	4.68		Good
192.3.47.177    #	broach.7yt.com.br	1	0.00	4.68		Neutral
192.3.47.229    #	canter.9yt.com.br	1	3.04	4.68		Good
192.210.141.74  #	enmities.bonxm.com		0.00	4.68		Poor
192.3.47.194    #	buried.7yt.com.br	1	0.00	4.68		Neutral
192.3.47.249    #	closer.9yt.com.br	1	0.00	4.68		Good
192.3.47.11     #	acetyl.1yt.com.br	1	3.56	4.68		Neutral
192.3.47.39     #	ambush.2yt.com.br	1	3.04	4.68		Good
192.3.47.203    #	busing.8yt.com.br	1	2.56	4.67		Neutral
192.3.47.73     #	atopic.3yt.com.br	1	2.56	4.67		Good
192.3.47.95     #	banker.4yt.com.br	1	2.86	4.67		Neutral
192.210.141.78  #	informs.bonxm.com		0.00	4.67		Poor
108.174.57.216  #	host.colocrossing.com		0.00	4.67		Poor
192.3.47.16     #	acuter.1yt.com.br	1	2.56	4.67		Good
192.3.47.239    #	carved.9yt.com.br	1	2.56	4.67		Neutral
198.23.167.152  #	netcomweb.info	1	4.70	4.67	1	Poor
192.3.161.87    #	pic87game.pictureshat.com	1	0.00	4.67		Neutral
198.12.127.45   #	host.colocrossing.com		0.00	4.67		Poor
192.3.47.40     #	amebic.2yt.com.br	1	2.86	4.67		Good
192.3.47.187    #	bungle.7yt.com.br	1	3.64	4.67		Good
192.3.47.94     #	bangle.4yt.com.br	1	0.00	4.67		Good
192.3.161.88    #	pic88game.pictureshat.com	1	0.00	4.67		Neutral
192.3.47.108    #	bating.4yt.com.br	1	2.56	4.67		Good
192.3.161.86    #	pic86game.pictureshat.com	1	0.00	4.67		Neutral
192.3.161.85    #	pic85game.pictureshat.com	1	0.00	4.67		Neutral
192.3.47.33     #	alcove.2yt.com.br	1	2.56	4.67		Good
192.3.161.84    #	pic84game.pictureshat.com	1	0.00	4.67		Neutral
192.3.47.246    #	catkin.9yt.com.br	1	0.00	4.66		Good
192.3.161.90    #	pic90game.pictureshat.com	1	0.00	4.66		Neutral
192.3.47.6      #	ablest.1yt.com.br	1	3.56	4.66		Neutral
192.3.161.83    #	pic83game.pictureshat.com	1	0.00	4.66		Neutral
192.3.47.53     #	aplite.2yt.com.br	1	0.00	4.66		Neutral
192.3.161.150   #	pic50game.pictureshat.com	1	0.00	4.66		Neutral
192.3.161.89    #	pic89game.pictureshat.com	1	0.00	4.66		Neutral
192.3.47.20     #	adjust.1yt.com.br	1	2.56	4.66		Good
192.3.47.145    #	bluish.6yt.com.br	1	2.56	4.66		Neutral
192.3.47.83     #	backed.3yt.com.br	1	0.00	4.66		Good
192.3.47.36     #	alined.2yt.com.br	1	2.86	4.66		Neutral
198.23.129.23   #	host.colocrossing.com		5.14	4.66		Neutral
192.3.47.220    #	calmed.8yt.com.br	1	2.86	4.66		Good
192.3.47.195    #	burled.7yt.com.br	1	3.04	4.66		Good
192.3.47.137    #	bleary.5yt.com.br	1	2.56	4.66		Neutral
192.3.47.211    #	cabmen.8yt.com.br	1	0.00	4.66		Good
192.3.47.88     #	bailed.4yt.com.br	1	2.86	4.66		Neutral
192.3.47.128    #	binged.5yt.com.br	1	0.00	4.65		Neutral
192.3.47.18     #	adjoin.1yt.com.br	1	0.00	4.65		Good
172.245.56.150  #	dispersability.netvase.com	1	4.67	4.65		Neutral
192.3.47.205    #	buster.8yt.com.br	1	2.56	4.65		Neutral
192.3.47.251    #	clothe.9yt.com.br	1	2.56	4.65		Neutral
192.3.47.79     #	avouch.3yt.com.br	1	2.56	4.65		Good
192.3.47.237    #	cartel.9yt.com.br	1	2.56	4.65		Neutral
172.245.56.151  #	meliorism.netvase.com	1	4.71	4.65		Neutral
192.3.47.176    #	briony.7yt.com.br	1	0.00	4.65		Good
192.3.47.248    #	cloned.9yt.com.br	1	3.16	4.65		Good
192.3.47.185    #	bumped.7yt.com.br	1	2.56	4.65		Neutral
172.245.56.153  #	encephalograph.netvase.com	1	4.74	4.65		Neutral
172.245.56.152  #	guillaume.netvase.com	1	4.65	4.65		Neutral
192.3.47.184    #	bulged.7yt.com.br	1	2.56	4.64		Good
172.245.56.154  #	unsighted.netvase.com	1	4.71	4.64		Neutral
192.3.47.240    #	casein.9yt.com.br	1	2.56	4.64		Good
192.3.47.223    #	camped.8yt.com.br	1	0.00	4.64		Neutral
192.3.47.163    #	bowled.6yt.com.br	1	2.56	4.64		Neutral
192.3.47.86     #	bagmen.3yt.com.br	1	5.04	4.64		Good
192.3.134.62    #	stumer.letter-to-santa.org		4.05	4.63		Poor
192.3.47.46     #	anodic.2yt.com.br	1	0.00	4.63		Good
192.3.47.221    #	calmer.8yt.com.br	1	2.56	4.63		Neutral
192.3.47.117    #	beluga.5yt.com.br	1	0.00	4.63		Neutral
192.3.47.19     #	adjure.1yt.com.br	1	2.86	4.63		Good
192.3.47.102    #	barong.4yt.com.br	1	2.86	4.63		Neutral
192.3.47.224    #	camper.8yt.com.br	1	3.04	4.63		Good
192.3.47.119    #	bestir.5yt.com.br	1	2.56	4.63		Good
192.3.47.173    #	breach.7yt.com.br	1	2.56	4.63		Good
192.3.47.181    #	brunet.7yt.com.br	1	0.00	4.63		Neutral
192.3.47.253    #	clover.9yt.com.br	1	0.00	4.63		Neutral
192.3.47.42     #	ampule.2yt.com.br	1	0.00	4.62		Good
192.3.47.147    #	boater.6yt.com.br	1	0.00	4.62		Good
192.3.47.81     #	aweigh.3yt.com.br	1	2.86	4.62		Neutral
192.3.47.186    #	bumper.7yt.com.br	1	3.04	4.62		Neutral
192.3.47.28     #	agonic.1yt.com.br	1	0.00	4.62		Poor
192.3.47.144    #	bluing.6yt.com.br	1	0.00	4.62		Good
206.123.95.92   #	host.colocrossing.com		4.81	4.62		Poor
192.3.47.57     #	ardent.2yt.com.br	1	3.98	4.62		Neutral
192.3.47.3      #	1yt.com.br	1	0.00	4.62		Good
192.210.215.202 #	businessmailer.biz		4.82	4.61		Neutral
192.3.47.171    #	7yt.com.br	1	3.04	4.61		Good
192.3.19.103    #	host.colocrossing.com		4.54	4.61		Neutral
192.3.47.96     #	banter.4yt.com.br	1	2.56	4.61		Neutral
192.3.47.48     #	anomic.2yt.com.br		3.60	4.61		Neutral
192.3.47.58     #	argent.2yt.com.br	1	3.16	4.60		Neutral
192.3.201.229   #	unspectrelikes.freshoffers.us		3.64	4.60		Poor
23.94.5.208     #	host.colocrossing.com		0.00	4.60		Poor
192.210.238.150 #	smtp19.realnewoffers.com		0.00	4.60		Good
192.3.47.126    #	bilked.5yt.com.br	1	0.00	4.60		Good
192.3.47.14     #	aculei.1yt.com.br	1	2.56	4.60		Neutral
192.3.47.5      #	abjure.1yt.com.br	1	0.00	4.59		Neutral
192.3.47.37     #	almond.2yt.com.br	1	0.00	4.59		Good
192.3.47.12     #	acquit.1yt.com.br	1	2.56	4.59		Neutral
192.227.136.198 #	mail4.hostbr.biz	1	4.78	4.59		Poor
192.3.47.41     #	amidst.2yt.com.br	1	0.00	4.59		Neutral
172.245.220.227 #			0.00	4.59		Good
192.3.47.98     #	barged.4yt.com.br	1	3.74	4.59		Good
192.3.47.200    #	busied.8yt.com.br	1	3.04	4.59		Neutral
192.3.47.72     #	atonic.3yt.com.br	1	2.56	4.59		Neutral
192.3.47.190    #	buoyed.7yt.com.br	1	0.00	4.59		Good
192.3.47.129    #	biopsy.5yt.com.br	1	3.41	4.58		Neutral
192.3.47.125    #	bijoux.5yt.com.br	1	2.86	4.58		Neutral
172.245.220.215 #			0.00	4.58		Good
192.3.47.136    #	blared.5yt.com.br	1	0.00	4.58		Good
192.3.47.210    #	byzant.8yt.com.br	1	0.00	4.58		Neutral
172.245.61.131  #			4.80	4.58	1	Poor
192.3.47.104    #	barque.4yt.com.br	1	2.86	4.58		Good
192.3.47.155    #	botchy.6yt.com.br	1	2.56	4.58		Neutral
192.227.136.197 #	mail3.hostbr.biz	1	4.66	4.58		Poor
192.3.151.141   #			0.00	4.58		Neutral
192.3.47.26     #	afield.1yt.com.br	1	2.56	4.58		Neutral
192.3.47.60     #	argufy.3yt.com.br	1	0.00	4.58		Neutral
192.3.171.12    #	host.colocrossing.com		0.00	4.58		Neutral
192.3.47.222    #	camber.8yt.com.br	1	2.86	4.57		Good
206.123.95.90   #	host.colocrossing.com		4.92	4.57		Poor
192.3.158.95    #	mail8.hostbr.biz	1	4.90	4.57		Poor
192.3.47.55     #	arched.2yt.com.br	1	2.56	4.57		Good
192.3.47.199    #	8yt.com.br	1	2.56	4.57		Good
192.3.173.92    #			0.00	4.57		Good
23.94.104.163   #	bellwood.karaokeparty.org		4.60	4.57	2	Poor
192.3.47.207    #	buying.8yt.com.br	1	2.56	4.57		Good
192.3.47.44     #	amused.2yt.com.br	1	0.00	4.57		Neutral
192.3.47.27     #	agnize.1yt.com.br	1	2.86	4.57		Good
172.245.220.223 #			0.00	4.57		Good
23.94.104.162   #	succour.karaokeparty.org		5.01	4.57	2	Poor
172.245.220.228 #			0.00	4.57		Good
192.227.160.50  #			0.00	4.56	1	Poor
192.3.47.214    #	cagily.8yt.com.br	1	3.71	4.56		Neutral
23.94.104.165   #	creophagous.karaokeparty.org		5.00	4.56	2	Poor
172.245.61.13   #			5.11	4.56	1	Poor
192.3.47.51     #	anyhow.2yt.com.br	1	0.00	4.56		Neutral
192.3.47.64     #	armlet.3yt.com.br	1	3.04	4.56		Neutral
192.3.158.79    #	mail5.hostbr.biz	1	4.74	4.56		Poor
192.3.47.138    #	blight.5yt.com.br	1	0.00	4.56		Neutral
192.3.47.34     #	alexin.2yt.com.br	1	0.00	4.56		Neutral
192.3.47.134    #	bistre.5yt.com.br	1	2.86	4.56		Good
192.3.158.83    #	mail7.hostbr.biz	1	4.68	4.55		Poor
23.94.104.164   #	floodwall.karaokeparty.org		4.58	4.55	2	Poor
192.210.215.189 #	commercialmailing.biz		0.00	4.55		Good
192.3.47.208    #	byline.8yt.com.br	1	0.00	4.55		Neutral
192.3.173.95    #			0.00	4.55		Neutral
206.123.95.94   #	host.colocrossing.com		4.88	4.55		Poor
192.3.47.43     #	amulet.2yt.com.br	1	2.56	4.55		Neutral
192.3.47.230    #	cantle.9yt.com.br	1	2.86	4.55		Good
198.12.127.43   #	host.colocrossing.com		0.00	4.54		Poor
192.3.47.244    #	caster.9yt.com.br	1	0.00	4.54		Good
192.227.136.196 #	mail2.hostbr.biz	1	4.87	4.54		Poor
192.3.47.250    #	closet.9yt.com.br	1	2.56	4.54		Good
192.3.158.96    #	mail9.hostbr.biz	1	4.88	4.54		Poor
192.3.47.47     #	anomic.2yt.com.br	1	2.56	4.54		Neutral
192.3.47.245    #	cation.9yt.com.br	1	3.04	4.54		Neutral
192.3.47.165    #	bowman.6yt.com.br	1	0.00	4.54		Neutral
192.3.158.97    #	mail10.hostbr.biz	1	4.86	4.54		Poor
192.3.47.31     #	2yt.com.br	1	2.86	4.54		Good
192.3.47.110    #	bawdry.4yt.com.br	1	0.00	4.53		Good
192.227.235.155 #			0.00	4.53		Poor
192.3.47.123    #	bifold.5yt.com.br	1	2.56	4.53		Neutral
206.123.95.93   #	host.colocrossing.com		5.02	4.53		Poor
192.3.47.189    #	bunker.7yt.com.br	1	2.56	4.53		Good
192.3.173.90    #			0.00	4.53		Good
192.3.47.74     #	audile.3yt.com.br	1	3.16	4.53		Good
192.3.47.209    #	bypath.8yt.com.br	1	2.56	4.53		Neutral
192.227.252.115 #			0.00	4.53	1	Poor
192.3.47.109    #	batmen.4yt.com.br	1	0.00	4.53		Good
192.3.47.241    #	casern.9yt.com.br	1	2.56	4.53		Neutral
192.3.47.121    #	bezoar.5yt.com.br	1	2.56	4.53		Neutral
192.3.47.132    #	bisque.5yt.com.br	1	0.00	4.52		Good
192.3.47.238    #	carton.9yt.com.br	1	2.86	4.52		Neutral
192.3.47.179    #	bronze.7yt.com.br	1	2.56	4.52		Good
192.3.47.30     #	akimbo.1yt.com.br	1	2.86	4.52		Good
172.245.220.226 #			0.00	4.52		Good
192.3.116.89    #	host.colocrossing.com		0.00	4.52		Good
192.3.158.80    #	mail6.hostbr.biz	1	4.86	4.52		Poor
198.46.153.15   #	host.colocrossing.com		4.58	4.52		Neutral
192.3.138.102   #	host.colocrossing.com		3.34	4.51		Poor
198.12.127.46   #	host.colocrossing.com		4.23	4.51		Poor
192.210.137.173 #	host.colocrossing.com		4.25	4.51		Neutral
192.3.47.103    #	barony.4yt.com.br	1	2.56	4.51		Good
192.227.164.195 #			4.27	4.51	1	Poor
192.3.47.91     #	balked.4yt.com.br	1	3.34	4.51		Neutral
206.123.95.91   #	host.colocrossing.com		4.57	4.50		Poor
172.245.7.160   #	host.colocrossing.com		4.62	4.50		Neutral
192.3.47.127    #	binder.5yt.com.br	1	2.56	4.50		Neutral
192.3.19.116    #	host.colocrossing.com		4.04	4.50		Neutral
192.227.166.25  #			4.16	4.50		Neutral
192.3.47.140    #	blocky.5yt.com.br	1	2.86	4.49		Neutral
107.161.157.83  #	rdnscsw1.servidorcriarsiteweb.info	1	0.00	4.49		Poor
192.3.164.10    #			0.00	4.49		Neutral
198.23.188.141  #	priorityroleplay.com		0.00	4.49		Poor
198.12.80.18    #	server.hostingpari.com		4.65	4.49		Good
198.23.250.6    #	host.colocrossing.com		4.25	4.48		Neutral
192.227.239.123 #			4.13	4.48	1	Poor
192.3.47.71     #	aspire.3yt.com.br	1	0.00	4.48		Neutral
107.161.157.84  #	rdnscsw2.servidorcriarsiteweb.info	1	0.00	4.48		Poor
198.23.165.162  #	serv2.inflector--global.org	1	0.00	4.48		Good
198.23.245.113  #	host1.nossospassivos.com	1	0.00	4.47		Neutral
172.245.58.21   #	tech1.techhubs.biz		0.00	4.47		Good
198.46.136.152  #	host.colocrossing.com		4.40	4.47		Neutral
192.3.138.110   #	host.colocrossing.com		5.11	4.47		Neutral
198.23.167.195  #	infoportinfo.info		0.00	4.47		Neutral
192.210.238.192 #	infowebselect.info		2.56	4.47		Neutral
192.3.47.107    #	basted.4yt.com.br	1	2.86	4.46		Neutral
192.3.31.152    #	unset.digthemine.com		0.00	4.46		Good
23.94.3.67      #	tech3.techhubs.biz		0.00	4.46		Good
198.46.157.41   #	host.colocrossing.com		0.00	4.46	1	Poor
198.12.127.44   #	host.colocrossing.com		2.56	4.46		Poor
172.245.222.28  #	host.colocrossing.com		0.00	4.46		Good
198.23.248.54   #			0.00	4.46		Poor
192.210.238.132 #	smtp1.realnewoffers.com		4.02	4.46		Neutral
192.3.31.148    #	unset.digthemine.com		0.00	4.46		Good
23.94.38.145    #	host.colocrossing.com		4.39	4.45		Poor
192.3.47.166    #	boxcar.6yt.com.br	1	4.80	4.45		Neutral
172.245.58.33   #	tech.techhubs.biz		0.00	4.45		Good
198.23.250.13   #	host.colocrossing.com		0.00	4.45		Good
198.23.248.77   #			0.00	4.45		Poor
23.94.3.68      #	tech4.techhubs.biz		0.00	4.45		Good
198.23.248.78   #			0.00	4.45		Poor
23.94.3.66      #	tech2.techhubs.biz		0.00	4.45		Good
192.3.19.114    #	txtmailz.com		2.56	4.45		Good
172.245.61.4    #			0.00	4.44		Poor
172.245.61.2    #			0.00	4.44		Poor
66.225.195.2    #	cvunit.us		3.41	4.44		Neutral
172.245.7.12    #	host.colocrossing.com		4.30	4.44		Neutral
192.227.139.168 #			0.00	4.43		Good
172.245.61.133  #			4.60	4.43		Poor
23.94.36.41     #	host.colocrossing.com		2.56	4.43		Good
192.3.160.137   #			4.65	4.43		Poor
192.3.138.120   #	host.colocrossing.com		0.00	4.43		Neutral
198.144.186.147 #	grabonedeals.com	1	4.40	4.43		Neutral
192.210.134.153 #			4.34	4.43		Poor
192.227.167.209 #			0.00	4.43		Poor
23.94.36.43     #	host.colocrossing.com		0.00	4.42		Good
192.3.31.147    #	unset.digthemine.com		0.00	4.42		Good
198.12.127.42   #	host.colocrossing.com		0.00	4.42		Poor
192.3.164.12    #			4.80	4.42		Poor
198.23.195.36   #	alined.vailife.com	1	3.41	4.41		Neutral
192.210.195.117 #	cloud.psynix.us		4.44	4.41		Poor
192.227.137.105 #	verywise-nutrition.com		4.47	4.41		Neutral
192.210.134.149 #			4.44	4.41		Poor
192.3.158.109   #	host.colocrossing.com		4.29	4.41		Neutral
23.94.3.118     #	intnetweb.info		0.00	4.41		Neutral
198.23.245.10   #			3.47	4.41		Poor
192.3.109.23    #			0.00	4.41	1	Poor
192.227.168.34  #			4.93	4.41	2	Poor
192.227.252.90  #			3.26	4.40	1	Poor
198.46.145.64   #	mst2.mailsystem.biz		4.63	4.40	1	Poor
172.245.21.185  #	server1.sdzo.org	1	4.62	4.40		Poor
192.3.47.97     #	bardic.4yt.com.br	1	2.56	4.40		Good
192.3.134.189   #			5.16	4.39	1	Poor
172.245.44.122  #	host.colocrossing.com		5.12	4.39	2	Poor
172.245.45.108  #	server1.rbsio.org	1	4.45	4.39		Poor
192.210.143.121 #	host.colocrossing.com		4.18	4.39		Poor
192.3.31.146    #	unset.digthemine.com		0.00	4.39		Good
172.245.60.135  #	deo3.deospray.biz		0.00	4.38		Neutral
172.245.60.133  #	deo1.deospray.biz		0.00	4.38		Neutral
172.245.60.238  #	deo4.deospray.biz		0.00	4.38		Neutral
192.3.47.172    #	brazil.7yt.com.br	1	0.00	4.38		Neutral
192.3.108.96    #			0.00	4.38		Good
23.94.15.36     #			0.00	4.37		Neutral
172.245.62.248  #	mail2.oianet.in	1	4.04	4.37		Poor
172.245.60.235  #	deo.deospray.biz		0.00	4.37		Neutral
172.245.60.134  #	deo2.deospray.biz		0.00	4.37		Neutral
198.23.188.145  #			0.00	4.37		Poor
192.3.12.151    #			4.60	4.37		Neutral
23.94.36.55     #	host.colocrossing.com		2.56	4.37		Good
192.210.134.152 #			4.54	4.36		Poor
198.23.157.50   #	jointress.pielens.com		0.00	4.36		Good
192.210.148.44  #	host.colocrossing.com		4.23	4.36		Neutral
192.227.233.122 #			4.84	4.36	2	Poor
192.3.47.75     #	auklet.3yt.com.br	1	0.00	4.36		Neutral
192.3.31.149    #	unset.digthemine.com		0.00	4.36		Good
206.217.129.14  #	imap.cuatex.com		0.00	4.36		Neutral
198.23.157.60   #	chaplinesque.pielens.com		0.00	4.36		Good
192.3.46.200    #	mydns.nprpv.biz		0.00	4.36		Poor
23.94.36.62     #	host.colocrossing.com		0.00	4.36		Good
198.12.70.144   #	mail3.actualenglish.info	1	4.28	4.36		Poor
172.245.60.254  #	host.colocrossing.com		0.00	4.36		Poor
192.3.108.252   #	mail2.leeadsone.info	1	4.72	4.35		Poor
192.3.19.13     #	host.colocrossing.com		3.04	4.35		Good
23.94.36.49     #	host.colocrossing.com		2.86	4.35		Poor
192.210.134.150 #			4.33	4.35		Poor
23.94.42.115    #	host.colocrossing.com		2.56	4.35		Poor
192.210.134.151 #			4.47	4.35		Poor
198.23.157.42   #	host.colocrossing.com		0.00	4.35		Neutral
172.245.62.250  #	mail3.oianet.in	1	3.88	4.35		Poor
192.210.217.97  #	v3.onepagerweb.com	1	4.29	4.35		Neutral
23.94.36.60     #	host.colocrossing.com		0.00	4.35		Good
192.3.134.181   #	deplorable.beatsdre.us		3.16	4.35		Poor
216.246.109.74  #	findmejob.us		3.47	4.35		Neutral
198.12.70.139   #	mail1.actualenglish.info	1	4.32	4.35		Poor
192.210.238.152 #	infonetbit.info		0.00	4.34		Good
192.3.31.151    #	unset.digthemine.com		0.00	4.34		Good
192.3.31.131    #	unset.digthemine.com		0.00	4.34		Good
172.245.24.81   #	host.colocrossing.com		0.00	4.34		Good
198.12.70.140   #	mail2.actualenglish.info	1	4.31	4.34		Poor
192.210.199.86  #	mydns.nprpv.biz		0.00	4.34		Neutral
172.245.60.253  #	host.colocrossing.com		0.00	4.34		Poor
107.161.156.137 #	731.651.161.701.valuedmailer.biz	1	0.00	4.34		Poor
198.12.70.145   #	mail4.actualenglish.info	1	4.35	4.34		Poor
192.227.137.48  #	mail8.actualenglish.info	1	4.30	4.34		Poor
23.94.36.38     #	host.colocrossing.com		0.00	4.34		Good
192.3.108.251   #	mail1.leeadsone.info	1	4.74	4.34		Poor
198.12.70.149   #	mail6.actualenglish.info	1	4.36	4.34		Poor
172.245.60.156  #	host.colocrossing.com		0.00	4.33		Poor
23.94.42.128    #	host.colocrossing.com		0.00	4.33		Poor
23.94.43.233    #	shadowcolours.org	1	3.99	4.33		Neutral
198.23.166.122  #	122.166.23.198.hypernia.com		3.98	4.33		Poor
107.161.156.139 #	931.651.161.701.valuedmailer.biz	1	0.00	4.33		Poor
23.94.36.47     #	host.colocrossing.com		3.04	4.33		Neutral
198.12.70.146   #	mail5.actualenglish.info	1	4.29	4.33		Poor
23.94.67.115    #	befoul.careerglit.com	1	0.00	4.33		Neutral
192.3.31.138    #	unset.digthemine.com		0.00	4.32		Good
172.245.60.252  #	host.colocrossing.com		0.00	4.32		Neutral
192.227.137.25  #	mail7.actualenglish.info	1	4.29	4.32		Poor
198.46.156.230  #	host.colocrossing.com		0.00	4.32		Good
192.210.199.88  #	mydns.nprpv.biz		0.00	4.32		Neutral
192.3.31.135    #	unset.digthemine.com		0.00	4.32		Good
192.3.138.107   #	host.colocrossing.com		5.07	4.32		Neutral
198.23.198.104  #	barony.ostisniar.com		0.00	4.32		Poor
192.210.199.92  #	mydns.nprpv.biz		0.00	4.31		Neutral
192.3.172.105   #			4.53	4.31	2	Poor
192.3.31.136    #	unset.digthemine.com		0.00	4.31		Good
192.3.108.253   #	mail3.leeadsone.info	1	4.77	4.31		Poor
192.3.31.144    #	unset.digthemine.com		0.00	4.31		Good
199.188.100.70  #	100blue.lankadatacenter.com	1	4.05	4.31		Neutral
192.210.199.85  #	mydns.nprpv.biz		0.00	4.31		Neutral
205.234.203.235 #	chi0061.defconservers.com		4.37	4.31	1	Poor
192.3.31.140    #	unset.digthemine.com		0.00	4.30		Good
198.23.129.69   #	host.colocrossing.com		3.94	4.30		Neutral
23.94.36.34     #	host.colocrossing.com		2.56	4.30		Neutral
192.210.199.93  #	mydns.nprpv.biz		0.00	4.30		Neutral
198.23.157.46   #	host.colocrossing.com		0.00	4.30		Good
198.46.145.83   #	couponheros.pw		0.00	4.30		Neutral
198.23.195.179  #	bronze.fooneze.com	1	2.86	4.30		Poor
192.3.31.150    #	unset.digthemine.com		0.00	4.30		Good
198.23.196.8    #	mesocratic.hasgreen.com	1	3.56	4.29		Neutral
198.23.196.9    #	instituting.hasgreen.com	1	3.34	4.29		Neutral
192.3.92.19     #	host.colocrossing.com		0.00	4.29		Poor
198.23.196.6    #	thermally.hasgreen.com	1	3.56	4.29		Neutral
192.3.46.197    #	mydns.nprpv.biz		4.21	4.29		Poor
192.3.138.104   #	host.colocrossing.com		3.16	4.29		Neutral
198.23.133.2    #			0.00	4.28		Poor
192.3.161.252   #	hokt01.mbpe9a.com	1	4.75	4.28		Poor
23.94.36.59     #	host.colocrossing.com		3.04	4.28		Good
192.3.134.45    #	indigent.newoofers.us		0.00	4.28		Poor
198.23.196.11   #	ravener.hasgreen.com	1	3.34	4.28		Neutral
192.3.31.132    #	unset.digthemine.com		0.00	4.28		Good
192.3.161.203   #	ha203game.hastowel.com	1	3.04	4.28		Neutral
198.23.196.4    #	homburg.hasgreen.com	1	3.64	4.28		Neutral
198.23.196.3    #	indomethacin.hasgreen.com	1	3.60	4.28		Neutral
192.210.203.191 #	vor.freeamericalaptop.com		2.56	4.28		Poor
172.245.60.177  #	host.colocrossing.com		4.61	4.28		Poor
198.23.196.7    #	controllees.hasgreen.com	1	3.60	4.28		Neutral
192.3.161.209   #	ha209game.hastowel.com	1	2.56	4.28		Neutral
107.161.156.134 #	431.651.161.701.valuedmailer.biz	1	0.00	4.28		Poor
107.161.146.205 #	sandro1.servidorcriarsiteweb.info	1	4.64	4.27		Poor
192.210.199.87  #	mydns.nprpv.biz		0.00	4.27		Neutral
192.227.252.95  #			3.90	4.27	1	Poor
172.245.60.172  #	mail3.arcbureau.info		3.71	4.27		Poor
108.174.61.166  #			0.00	4.27		Good
198.23.196.5    #	mussily.hasgreen.com	1	3.71	4.27		Neutral
23.94.36.58     #	host.colocrossing.com		0.00	4.27		Good
23.94.36.40     #	host.colocrossing.com		0.00	4.27		Neutral
192.3.161.204   #	ha204game.hastowel.com	1	3.04	4.27		Neutral
205.234.203.236 #	chi0061.defconservers.com		0.00	4.26		Poor
192.3.28.174    #			0.00	4.26	1	Poor
23.94.36.50     #	host.colocrossing.com		0.00	4.26		Good
192.3.161.207   #	ha207game.hastowel.com	1	0.00	4.26		Neutral
192.3.161.208   #	ha208game.hastowel.com	1	0.00	4.26		Neutral
192.3.161.205   #	ha205game.hastowel.com	1	2.86	4.26		Neutral
192.3.149.75    #	host.colocrossing.com		4.36	4.26	1	Poor
66.225.231.2    #	power.devildogshosting.com	1	4.33	4.26	1	Poor
192.3.161.206   #	ha206game.hastowel.com	1	0.00	4.26		Neutral
96.8.112.75     #	notifymail.alsoenergy.com	1	2.56	4.26		Good
192.3.46.198    #	mydns.nprpv.biz		0.00	4.25		Poor
192.3.161.210   #	ha210game.hastowel.com		2.56	4.25		Neutral
192.3.31.139    #	unset.digthemine.com		0.00	4.25		Good
23.94.15.51     #			0.00	4.25		Poor
192.3.138.100   #	host.colocrossing.com		3.04	4.25		Good
23.94.38.170    #	host.colocrossing.com		0.00	4.25		Poor
192.3.161.211   #	ha211game.hastowel.com		2.56	4.25		Neutral
206.217.129.15  #	host.colocrossing.com		2.56	4.25		Neutral
23.94.36.61     #	host.colocrossing.com		3.04	4.25		Good
107.161.145.6   #	6.541.161.701.valuedmailer.biz	1	0.00	4.24		Poor
23.94.36.37     #	host.colocrossing.com		0.00	4.24		Good
192.3.31.134    #	unset.digthemine.com		0.00	4.24		Good
192.227.252.89  #			0.00	4.24	1	Poor
172.245.62.148  #	corp01-www.hostingforhumans.com		0.00	4.24		Poor
198.23.199.21   #			5.10	4.24	1	Poor
198.23.133.135  #	seoexpertzone.biz	1	3.96	4.24		Neutral
192.227.141.128 #	mail10.hds-db.com	1	4.23	4.24	1	Poor
192.3.149.106   #	host.colocrossing.com		0.00	4.24		Good
192.3.138.117   #	host.colocrossing.com		0.00	4.24		Good
23.94.36.52     #	host.colocrossing.com		0.00	4.23		Good
23.94.31.2      #			0.00	4.23		Good
198.46.156.56   #	host.colocrossing.com		4.15	4.23		Poor
198.23.195.164  #	bowler.fooneze.com	1	2.86	4.23		Poor
23.94.13.13     #	host.colocrossing.com		0.00	4.23		Good
192.210.132.226 #	ms1.phnxconsulting.com		0.00	4.23		Neutral
192.210.235.162 #			3.84	4.23		Good
192.210.133.79  #	vinfratech.net		0.00	4.23		Good
192.210.195.15  #	host.colocrossing.com		4.28	4.23		Poor
172.245.60.227  #	host.colocrossing.com		0.00	4.23		Neutral
192.210.203.154 #	mail4.activebr.tk		0.00	4.22		Neutral
198.12.69.114   #	server.myflp.net	1	3.60	4.22		Poor
192.3.31.133    #	unset.digthemine.com		0.00	4.22		Good
23.94.36.80     #	server.googlesranking.com	1	4.23	4.22	1	Poor
172.245.25.44   #	44-25-245-172-static.reverse.queryfoundry.net		4.34	4.22		Neutral
205.234.203.234 #	chi0061.defconservers.com		4.84	4.22	1	Poor
192.210.132.225 #	hosted-by.ipxcore.com		0.00	4.22		Neutral
192.3.206.14    #			0.00	4.22		Neutral
192.3.31.142    #	unset.digthemine.com		0.00	4.22		Good
172.245.60.171  #	mail2.arcbureau.info		3.84	4.21		Poor
23.94.36.45     #	host.colocrossing.com		0.00	4.21		Good
198.46.158.100  #	uniquewebdesigning.info	1	4.50	4.21		Neutral
172.245.60.174  #	mail5.arcbureau.info		3.77	4.21		Poor
192.210.132.222 #	hosted-by.ipxcore.com		0.00	4.21		Neutral
192.210.132.224 #	hosted-by.ipxcore.com		0.00	4.21		Neutral
107.161.145.58  #	85.541.161.701.valuedmailer.biz	1	0.00	4.21		Poor
172.245.7.149   #	host.colocrossing.com		3.16	4.21		Neutral
192.3.138.118   #	host.colocrossing.com		0.00	4.21		Good
23.94.33.136    #	marketingmitra.biz	1	3.90	4.21		Poor
192.3.149.72    #	cmsdevelopment.info	1	4.42	4.21		Neutral
192.227.136.210 #	mail5.meucarroonline.info		3.92	4.20		Poor
192.3.138.101   #	host.colocrossing.com		0.00	4.20		Good
198.23.133.13   #	mail4.suhu99-77az1a.tk		0.00	4.20		Poor
192.3.207.243   #	host.colocrossing.com		0.00	4.20		Poor
172.245.24.82   #	alginic.pielens.com		0.00	4.20		Good
192.3.31.158    #	unset.digthemine.com		0.00	4.20		Good
192.210.203.74  #			0.00	4.20		Neutral
192.3.108.249   #			4.77	4.20	1	Poor
199.21.114.232  #	serv3.dealsinsa.com	1	4.19	4.20		Neutral
198.23.133.10   #	mail1.suhu99-77az1a.tk	1	0.00	4.20		Poor
198.12.70.244   #	rdns-2.exitmail.com.br	1	4.87	4.19		Poor
23.94.32.253    #			4.58	4.19	1	Poor
192.3.104.176   #			4.15	4.19		Poor
23.94.13.99     #	host4.suamidiadigital101.info	1	0.00	4.19		Good
23.94.36.39     #	host.colocrossing.com		5.18	4.19	1	Poor
192.227.137.207 #	server.qwerty2.info	1	4.15	4.19		Poor
192.3.110.142   #			4.29	4.19		Poor
198.12.70.240   #	rdns-7.exitmail.com.br	1	4.87	4.19		Poor
192.210.132.240 #	hosted-by.ipxcore.com		4.05	4.19		Neutral
192.3.206.12    #			0.00	4.19		Poor
192.3.206.13    #			0.00	4.19		Neutral
198.12.70.239   #	rdns-6.exitmail.com.br	1	4.85	4.19		Poor
192.210.132.241 #	hosted-by.ipxcore.com		4.12	4.19		Neutral
192.3.92.2      #			0.00	4.19	1	Poor
107.161.145.56  #	65.541.161.701.valuedmailer.biz	1	0.00	4.19		Poor
172.245.24.71   #	host.colocrossing.com		0.00	4.19		Good
192.3.161.92    #	adenitis.cardmove.com	1	0.00	4.19		Poor
192.210.214.218 #			4.88	4.18		Poor
198.12.70.235   #	rdns-1.exitmail.com.br	1	4.82	4.18		Poor
172.245.60.173  #	mail4.arcbureau.info		3.90	4.18		Poor
23.94.67.27     #	agnize.allotinfos.com	1	0.00	4.18		Neutral
172.245.60.170  #	mail1.arcbureau.info		3.86	4.18		Poor
192.3.161.227   #	likasi.cardmove.com	1	0.00	4.18		Poor
172.245.136.177 #			0.00	4.18		Poor
172.245.7.142   #	host.colocrossing.com		2.56	4.18		Neutral
192.227.137.203 #	server7.qwerty2.info	1	4.23	4.18		Poor
198.12.70.238   #	rdns-5.exitmail.com.br	1	4.85	4.18		Poor
198.12.70.242   #	rdns-9.exitmail.com.br	1	4.81	4.18		Poor
198.12.70.241   #	rdns-8.exitmail.com.br	1	4.87	4.18		Poor
192.210.199.91  #	mydns.nprpv.biz		0.00	4.18		Neutral
192.3.161.95    #	arkansan.cardride.com	1	0.00	4.18		Poor
172.245.7.204   #	host.colocrossing.com		0.00	4.18		Good
66.225.198.2    #	helium.our-hometown.com	1	4.22	4.18		Good
192.3.47.228    #	canted.9yt.com.br	1	2.56	4.18		Neutral
192.227.137.94  #	host.colocrossing.com		0.00	4.18		Good
192.3.23.10     #	websitedevelopment4u.info	1	4.52	4.18		Neutral
192.3.161.91    #	victoria.cardmove.com	1	0.00	4.18		Poor
23.94.101.140   #	host.colocrossing.com		3.04	4.18		Poor
23.94.27.216    #			0.00	4.18		Poor
198.46.146.108  #	mail.save123.info	1	4.16	4.17		Poor
198.12.70.237   #	rdns-4.exitmail.com.br	1	4.88	4.17		Poor
192.3.207.244   #	host.colocrossing.com		0.00	4.17		Neutral
23.94.35.168    #	bone2.zeehostbox.com	1	3.34	4.17		Good
192.3.161.98    #	inhibiting.cardride.com	1	0.00	4.17		Poor
23.94.101.136   #	host.colocrossing.com		0.00	4.17		Poor
198.23.133.3    #	server1.xc889jail1.tk		4.09	4.17		Poor
192.227.137.205 #	server3.qwerty2.info	1	4.15	4.17		Poor
192.210.132.242 #	hosted-by.ipxcore.com		4.11	4.17		Neutral
23.94.36.51     #	host.colocrossing.com		0.00	4.17		Good
23.94.36.36     #	host.colocrossing.com		2.86	4.17		Good
23.94.15.41     #	mail.buysellstuff.info		0.00	4.17		Poor
172.245.60.249  #	host.colocrossing.com		0.00	4.17		Neutral
192.3.46.201    #	mydns.nprpv.biz		0.00	4.17		Poor
192.3.138.112   #	host.colocrossing.com		2.56	4.17		Neutral
192.210.202.41  #			0.00	4.17		Poor
192.3.92.26     #	CVUnit.biz		0.00	4.17		Neutral
23.94.13.78     #	host2.suamidiadigital101.info	1	0.00	4.17		Good
192.3.138.125   #	host.colocrossing.com		0.00	4.17		Good
23.94.101.138   #	host.colocrossing.com		3.16	4.17		Poor
192.227.137.200 #	server10.qwerty2.info	1	4.21	4.17		Poor
23.94.13.98     #	host3.suamidiadigital101.info	1	0.00	4.17		Good
107.161.156.138 #	831.651.161.701.valuedmailer.biz	1	0.00	4.17		Poor
192.210.202.43  #			0.00	4.17		Neutral
192.227.136.200 #	mail1.meucarroonline.info		3.88	4.16		Poor
192.210.132.243 #	hosted-by.ipxcore.com		3.94	4.16		Neutral
23.94.36.54     #	host.colocrossing.com		0.00	4.16		Good
23.94.101.137   #	host.colocrossing.com		2.86	4.16		Poor
192.227.242.9   #			0.00	4.16		Good
192.227.137.206 #	server1.qwerty2.info	1	4.22	4.16		Poor
192.3.161.93    #	cumae.cardmove.com	1	0.00	4.16		Poor
192.3.172.225   #			4.42	4.16		Neutral
192.227.137.202 #	server8.qwerty2.info	1	4.25	4.16		Poor
198.12.104.85   #			3.04	4.16		Poor
192.3.161.94    #	warren.cardmove.com	1	0.00	4.16		Poor
23.94.101.141   #	host.colocrossing.com		0.00	4.16		Poor
192.210.199.89  #	mydns.nprpv.biz		0.00	4.16		Poor
198.12.70.236   #	rdns-3.exitmail.com.br	1	4.83	4.16		Poor
192.227.137.199 #	server2.qwerty2.info	1	3.98	4.16		Poor
23.94.13.9      #	host1.suamidiadigital101.info	1	0.00	4.16		Good
192.3.138.121   #	host.colocrossing.com		2.86	4.16		Good
23.94.36.57     #	host.colocrossing.com		5.11	4.16	1	Neutral
198.23.158.175  #			2.86	4.15		Good
192.227.137.194 #	server5.qwerty2.info	1	4.13	4.15		Poor
198.23.207.48   #	news6.firstgleammarketing.com		5.22	4.15		Poor
192.3.92.5      #			0.00	4.15	1	Poor
192.227.137.95  #	host.colocrossing.com		0.00	4.15		Good
23.94.101.139   #	host.colocrossing.com		3.34	4.15		Poor
192.3.138.123   #	host.colocrossing.com		0.00	4.15		Good
192.227.137.84  #	daeiexk.haxen.biz		0.00	4.15		Good
192.3.151.136   #	webdesignpoint.info	1	4.51	4.15		Neutral
206.217.135.252 #	mail2.multnetwork.info		4.72	4.15		Poor
198.23.133.104  #	server.xc889jail1.tk	1	3.98	4.15		Poor
192.3.117.241   #	host.colocrossing.com		4.58	4.15		Neutral
192.227.137.201 #	server9.qwerty2.info	1	4.26	4.14		Poor
198.46.146.92   #	mail.WEBOFFERS-USA.COM	1	4.23	4.14		Poor
192.3.138.116   #	host.colocrossing.com		0.00	4.14		Good
192.3.161.96    #	indene.cardride.com	1	0.00	4.14		Poor
198.46.146.109  #	mail.WEBDEALS-USA.COM	1	4.35	4.14	1	Poor
192.210.199.83  #	mydns.nprpv.biz		0.00	4.14		Neutral
23.94.15.42     #			2.56	4.14		Poor
192.210.203.29  #	host12.2202simtut24.tk		0.00	4.14		Neutral
198.46.153.28   #	nettechbit.info	1	4.15	4.14		Poor
198.23.245.165  #			4.20	4.14	1	Poor
23.94.15.45     #	vrsdigitalmarketing.biz	1	0.00	4.14		Poor
23.94.27.76     #			0.00	4.14		Poor
198.12.70.135   #	host1.paydaytips.info		0.00	4.14		Good
198.23.133.5    #	server3.xc889jail1.tk	1	3.99	4.14		Poor
192.227.137.204 #	server4.qwerty2.info	1	4.25	4.14		Poor
75.127.3.204    #	buf-cv.movemymail.net	1	0.00	4.14		Poor
192.3.161.97    #	rioters.cardride.com	1	0.00	4.14		Poor
192.3.138.119   #	host.colocrossing.com		2.56	4.14		Good
107.161.145.59  #	95.541.161.701.valuedmailer.biz	1	0.00	4.14		Poor
198.23.133.4    #	server2.xc889jail1.tk	1	4.04	4.14		Poor
192.3.206.11    #			0.00	4.14		Poor
75.127.10.62    #	host.colocrossing.com		3.88	4.14		Poor
192.227.137.208 #	server6.qwerty2.info	1	4.23	4.14		Poor
192.210.199.94  #	mydns.nprpv.biz		0.00	4.14		Neutral
23.94.47.136    #	webseomarketing.org	1	0.00	4.13		Good
198.23.207.49   #	news7.firstgleammarketing.com		5.01	4.13		Poor
198.23.165.122  #	host.colocrossing.com		0.00	4.13		Good
192.210.138.129 #	mail7.datarigor.com	1	3.74	4.13		Poor
198.23.207.53   #	news11.firstgleammarketing.com		5.04	4.13		Poor
172.245.58.202  #	einstein.junkemailfilter.com	1	4.01	4.13		Good
198.12.104.77   #			0.00	4.13		Poor
198.23.133.7    #	server5.xc889jail1.tk		4.04	4.13		Poor
192.227.137.93  #	host.colocrossing.com		0.00	4.13		Good
192.3.138.109   #	host.colocrossing.com		0.00	4.13		Good
198.23.207.46   #	news4.firstgleammarketing.com		5.05	4.13		Poor
198.23.199.14   #			0.00	4.13		Poor
192.227.136.207 #	mail2.meucarroonline.info		3.92	4.13		Poor
198.23.199.15   #			0.00	4.13		Poor
198.23.133.6    #	server4.xc889jail1.tk		3.92	4.13		Poor
172.245.137.153 #	serv1.viablemarketing.biz	1	0.00	4.13		Neutral
192.3.118.3     #	s8.il.bluevm.com	1	3.94	4.12		Neutral
198.12.78.42    #			0.00	4.12		Poor
198.23.245.205  #			0.00	4.12		Poor
192.3.117.137   #	host.colocrossing.com		4.09	4.12		Poor
172.245.14.36   #			3.16	4.12		Poor
192.210.202.56  #			0.00	4.12		Neutral
198.12.70.243   #	rdns-10.exitmail.com.br	1	4.77	4.12		Poor
192.3.47.25     #	advise.1yt.com.br	1	2.56	4.12		Neutral
198.23.207.47   #	news5.firstgleammarketing.com		5.00	4.12		Poor
192.3.206.10    #			0.00	4.12		Poor
192.210.137.156 #	server4.vuvunews.com	1	4.09	4.12		Poor
198.23.199.24   #			0.00	4.12		Poor
23.94.100.204   #	host.colocrossing.com		2.86	4.11		Poor
172.245.18.112  #	techwhitepaperemail65.net		0.00	4.11		Neutral
198.23.207.52   #	news10.firstgleammarketing.com		5.07	4.11		Poor
192.210.203.30  #	host13.2202simtut24.tk		0.00	4.11		Neutral
192.210.203.62  #			0.00	4.11		Good
192.3.138.115   #	host.colocrossing.com		0.00	4.11		Good
192.3.138.113   #	host.colocrossing.com		3.16	4.11		Neutral
192.3.31.153    #	unset.digthemine.com		0.00	4.11		Good
192.227.128.77  #	server1.postupstand.com	1	3.04	4.11		Good
192.210.203.94  #			0.00	4.11		Poor
198.23.207.51   #	news9.firstgleammarketing.com		4.83	4.11		Poor
192.210.203.234 #	vp2-3.email-master.net		0.00	4.11		Poor
107.161.156.147 #	jefersonvpn.publicidadegoogle.info	1	0.00	4.11		Neutral
192.3.31.157    #	unset.digthemine.com		0.00	4.11		Good
23.94.32.237    #			4.05	4.11		Good
192.3.31.145    #	unset.digthemine.com		0.00	4.11		Good
23.94.36.46     #	host.colocrossing.com		0.00	4.11		Good
192.3.31.154    #	unset.digthemine.com		0.00	4.11		Good
192.210.203.118 #			0.00	4.10		Poor
192.210.203.241 #			0.00	4.10		Poor
192.3.90.32     #			0.00	4.10		Good
198.23.199.7    #			4.97	4.10	1	Poor
192.3.181.12    #			0.00	4.10	1	Poor
192.227.136.208 #	mail3.meucarroonline.info		3.96	4.10		Poor
192.227.242.76  #			0.00	4.10		Good
192.227.139.160 #	websitespeaks.com	1	3.99	4.10		Poor
198.23.199.17   #			0.00	4.10		Poor
192.210.202.37  #			0.00	4.10		Poor
206.217.135.251 #	mail.multnetwork.info		4.76	4.10		Poor
192.210.203.102 #			0.00	4.10		Good
192.3.31.155    #	unset.digthemine.com		0.00	4.10		Good
192.3.47.252    #	cloven.9yt.com.br	1	3.74	4.10		Good
172.245.56.143  #	shemite.brainyes.com	1	2.56	4.10		Poor
198.23.207.50   #	news8.firstgleammarketing.com		4.84	4.10		Poor
172.245.62.243  #	mail3.zeldaengenharia.us		0.00	4.10		Neutral
23.94.5.146     #	host.colocrossing.com		0.00	4.09		Poor
107.161.145.57  #	75.541.161.701.valuedmailer.biz	1	0.00	4.09		Poor
192.210.199.84  #	mydns.nprpv.biz		0.00	4.09		Neutral
172.245.56.145  #	inquired.brainyes.com	1	2.56	4.09		Neutral
198.23.199.23   #			0.00	4.09		Poor
192.227.252.219 #			0.00	4.09		Neutral
192.3.158.73    #	webbuilder9.biz	1	4.02	4.09		Neutral
23.94.36.56     #	host.colocrossing.com		2.86	4.09		Poor
172.245.13.78   #			4.29	4.09		Poor
172.245.56.144  #	voluntarist.brainyes.com	1	0.00	4.09		Neutral
198.23.164.11   #	node.cloudshards.com		0.00	4.09		Poor
192.227.136.211 #	mail6.meucarroonline.info		4.05	4.09		Poor
192.227.139.131 #			4.08	4.09		Neutral
206.217.132.75  #	host.colocrossing.com		0.00	4.08	1	Poor
198.23.251.69   #	host.colocrossing.com		4.32	4.08		Neutral
192.210.199.90  #	mydns.nprpv.biz		0.00	4.08		Neutral
108.174.54.96   #	dltdesigns.biz	1	4.39	4.08		Poor
198.12.104.79   #			0.00	4.08		Poor
205.234.203.178 #			0.00	4.08		Poor
198.23.133.56   #	nspecifed.rays2014.us		0.00	4.08		Poor
198.12.104.69   #			3.41	4.08		Poor
192.227.136.209 #	mail4.meucarroonline.info		3.96	4.08		Poor
192.210.202.35  #			0.00	4.08		Poor
23.94.100.216   #	host.colocrossing.com		0.00	4.08		Poor
198.23.133.52   #	whisking.rays2014.us		0.00	4.08		Poor
192.227.163.98  #	serv1.fueldieseltrack.biz	1	4.45	4.08		Neutral
23.94.36.35     #	host.colocrossing.com		0.00	4.08		Good
172.245.208.237 #			0.00	4.08	1	Poor
192.227.252.44  #			0.00	4.08		Neutral
172.245.208.235 #			0.00	4.08	1	Poor
172.245.56.142  #	croupy.brainyes.com	1	0.00	4.08		Neutral
198.23.199.22   #			0.00	4.08		Poor
192.210.202.52  #			0.00	4.08		Poor
198.23.133.50   #	immethodically.rays2014.us		0.00	4.08		Poor
198.12.104.75   #			3.04	4.08		Poor
192.3.1.254     #			0.00	4.08		Good
192.3.206.50    #			3.74	4.08		Poor
192.3.46.234    #			0.00	4.08		Poor
198.23.133.54   #	rhinestones.rays2014.us		0.00	4.08		Poor
192.3.158.30    #	medianettelcom.info		0.00	4.08		Neutral
192.227.252.218 #			0.00	4.07		Neutral
192.227.242.77  #			0.00	4.07		Good
108.174.54.93   #	webdesign-creation.info	1	4.39	4.07		Neutral
198.23.133.59   #	overcoming.rays2014.us		0.00	4.07		Poor
198.23.133.53   #	rhinestones.rays2014.us		0.00	4.07		Poor
162.221.176.62  #			0.00	4.07		Good
192.3.158.14    #	host.colocrossing.com		2.86	4.07		Poor
205.234.203.181 #			3.16	4.07		Poor
192.3.203.219   #	host.colocrossing.com		0.00	4.07	1	Poor
192.227.242.6   #			0.00	4.06		Good
192.227.252.216 #			0.00	4.06		Neutral
206.217.139.232 #	host.colocrossing.com		3.79	4.06		Poor
23.94.33.5      #	server.style-mails.com		4.23	4.06		Poor
192.3.161.118   #			4.08	4.06		Poor
172.245.62.160  #	host.colocrossing.com		0.00	4.06		Poor
192.227.252.208 #	gts.getsit.co.in	1	0.00	4.06		Poor
192.227.252.217 #			0.00	4.06		Neutral
198.23.133.58   #	unspecifed.rays2014.us		0.00	4.05		Poor
23.94.15.81     #	technologyandengineering.net	1	0.00	4.05		Neutral
162.218.89.179  #			0.00	4.05		Good
198.23.199.29   #			5.02	4.05		Poor
23.94.9.54      #	smtp.ws-desk.net	1	0.00	4.05		Good
23.94.100.210   #	host.colocrossing.com		5.19	4.05	1	Poor
23.249.161.146  #	641.161.942.32.callputbaba.com		3.64	4.05		Neutral
192.3.138.114   #	host.colocrossing.com		3.41	4.05		Good
108.174.58.170  #	170.58.174.108.host.nwnx.net		4.35	4.05		Neutral
198.23.199.25   #			4.55	4.05	1	Poor
192.227.242.47  #			0.00	4.05		Good
198.23.199.30   #			0.00	4.05		Poor
192.3.207.245   #	host.colocrossing.com		0.00	4.05		Poor
172.245.13.71   #			4.40	4.05	1	Poor
23.94.38.178    #	host.colocrossing.com		4.57	4.05	1	Poor
172.245.13.76   #			4.33	4.04	1	Poor
162.218.89.79   #	koskapu.tk	1	0.00	4.04		Poor
192.3.161.58    #	yourack58.rackyork.com		0.00	4.04		Neutral
192.3.161.59    #	yourack59.rackyork.com		0.00	4.04		Neutral
23.249.161.147  #			3.74	4.04		Neutral
192.3.92.22     #	host.colocrossing.com		0.00	4.04		Poor
192.3.117.105   #	mail8.ibmails.co	1	0.00	4.04		Good
198.12.78.26    #			4.41	4.04		Poor
192.3.161.60    #	yourack60.rackyork.com		0.00	4.04		Neutral
192.3.161.56    #	yourack56.rackyork.com		0.00	4.04		Neutral
198.12.104.86   #			5.12	4.04	1	Poor
198.23.250.126  #	host.colocrossing.com		0.00	4.04		Neutral
198.12.104.89   #			2.56	4.04		Poor
192.3.161.55    #	yourack55.rackyork.com		0.00	4.04		Neutral
172.245.56.167  #	inductees.ballmike.com	1	4.73	4.03		Neutral
192.3.161.57    #	yourack57.rackyork.com		0.00	4.03		Neutral
198.12.104.72   #			5.12	4.03	1	Poor
198.23.247.213  #	medianetintra.info	1	0.00	4.03		Good
192.3.161.53    #	yourack53.rackyork.com		2.56	4.03		Neutral
192.3.31.137    #	unset.digthemine.com		0.00	4.03		Good
172.245.56.169  #	philanthropy.ballmike.com	1	4.68	4.03		Neutral
192.3.31.141    #	unset.digthemine.com		0.00	4.03		Good
205.234.203.180 #			0.00	4.03		Poor
198.23.167.210  #	host.colocrossing.com		4.25	4.03		Poor
192.3.31.156    #	unset.digthemine.com		0.00	4.03		Good
206.217.139.235 #	host.colocrossing.com		2.56	4.03		Poor
192.210.203.19  #	host8.2202simtut24.tk		0.00	4.03		Good
192.3.111.54    #			0.00	4.03		Poor
192.3.161.54    #	yourack54.rackyork.com		0.00	4.03		Neutral
192.3.161.135   #	yourack135.rackyork.com		0.00	4.03		Neutral
205.234.203.182 #			4.85	4.03	1	Poor
172.245.56.166  #	taisho.ballmike.com	1	4.71	4.03		Neutral
198.46.153.33   #	netwebintra.info	1	4.77	4.02	1	Poor
172.245.56.168  #	definitize.ballmike.com	1	4.67	4.02		Neutral
192.227.242.55  #			0.00	4.02		Good
172.245.56.165  #	shade.ballmike.com	1	4.69	4.02		Neutral
23.249.161.178  #	871.161.942.32.callputbaba.com		3.82	4.02		Neutral
23.94.9.23      #	server1.rmno.org	1	4.54	4.02		Poor
198.12.104.84   #			2.86	4.02		Poor
172.245.62.245  #	mail5.zeldaengenharia.us		0.00	4.02		Good
198.12.104.67   #			0.00	4.02		Poor
192.3.138.122   #	host.colocrossing.com		0.00	4.02		Good
198.23.177.25   #	rdns-1.vendasnarede.tk	1	3.99	4.02	1	Poor
192.210.203.181 #	mx1.mxsvr.net		0.00	4.02		Neutral
192.3.20.252    #			2.56	4.02	2	Poor
198.23.195.186  #	bumper.fooneze.com	1	4.90	4.02		Poor
198.23.195.140  #	blocky.fooneze.com	1	3.16	4.02		Poor
192.3.137.69    #	host.colocrossing.com		5.46	4.02	1	Poor
198.23.245.118  #			0.00	4.02		Neutral
192.3.138.99    #	host.colocrossing.com		0.00	4.02		Good
198.23.199.11   #			2.56	4.02		Poor
107.161.146.139 #	serv3.fueldieseltrack.biz	1	4.20	4.02		Poor
172.245.26.21   #	wipeoutlead2.webcomand.com		0.00	4.02		Good
198.23.177.27   #	rdns-3.vendasnarede.tk	1	4.11	4.02	1	Poor
23.249.161.148  #	841.161.942.32.callputbaba.com		3.88	4.02		Neutral
198.23.177.26   #	rdns-2.vendasnarede.tk	1	3.96	4.02	1	Poor
23.94.36.111    #	ssl1.grensin.info	1	4.64	4.02		Poor
192.3.46.210    #	mydns.nprpv.biz		0.00	4.02		Poor
172.245.62.246  #	mail6.zeldaengenharia.us		0.00	4.02		Neutral
198.23.161.21   #	mail.often3z.info		3.96	4.01		Poor
192.210.202.38  #			0.00	4.01		Neutral
192.3.31.143    #	unset.digthemine.com		0.00	4.01		Good
192.3.30.145    #	server.bulkelfarouk.info		4.35	4.01		Poor
205.234.203.179 #			0.00	4.01		Poor
23.94.101.17    #	mediainfotel.info	1	0.00	4.01		Poor
23.94.100.217   #	host.colocrossing.com		0.00	4.01		Poor
192.3.111.37    #			5.00	4.01	1	Poor
23.94.104.188   #			3.16	4.01		Poor
23.94.100.206   #	host.colocrossing.com		5.30	4.01	1	Poor
198.23.129.72   #	host.colocrossing.com		0.00	4.01		Neutral
23.94.47.225    #	host.colocrossing.com		3.52	4.01		Poor
192.227.136.214 #	mail4.hulkengenharia.us	1	3.74	4.01		Poor
198.23.199.20   #			0.00	4.01		Poor
198.12.104.66   #			0.00	4.01		Poor
192.227.136.213 #	mail3.hulkengenharia.us	1	3.92	4.01		Poor
23.94.100.205   #	host.colocrossing.com		0.00	4.01		Poor
192.210.230.41  #	server.hinaroudani.com		0.00	4.01		Good
206.217.135.241 #	host.colocrossing.com		4.57	4.01	1	Poor
192.227.242.68  #			0.00	4.00		Good
192.3.117.84    #	host.colocrossing.com		4.54	4.00	1	Poor
23.94.36.112    #	ns1.irudext.info	1	0.00	4.00		Neutral
192.3.111.50    #			0.00	4.00		Poor
192.3.138.124   #	host.colocrossing.com		0.00	4.00		Good
172.245.13.73   #			4.27	4.00	1	Poor
192.3.204.197   #	backups.dnsland.net		0.00	4.00		Good
192.3.138.111   #	host.colocrossing.com		0.00	4.00		Good
198.23.129.59   #	host.colocrossing.com		4.07	4.00		Neutral
192.3.138.35    #	host.colocrossing.com		3.98	4.00		Poor
198.23.177.28   #	rdns-4.vendasnarede.tk	1	4.02	4.00	1	Poor
198.23.250.5    #	host.colocrossing.com		0.00	4.00		Neutral
23.249.161.177  #			3.64	3.99		Neutral
23.94.3.73      #	mail4.obscurablog.info	1	4.09	3.99		Poor
172.245.62.242  #	mail2.zeldaengenharia.us		0.00	3.99		Neutral
192.3.24.138    #	host.colocrossing.com		4.24	3.99	1	Poor
198.12.104.92   #			0.00	3.99		Poor
23.94.67.221    #	calmer.alphatechnicalcolleg.com	1	0.00	3.99		Neutral
198.12.104.68   #			2.56	3.99		Poor
192.210.238.142 #	portinfointra.info	1	4.69	3.99	1	Poor
198.23.199.9    #			5.00	3.99	1	Poor
206.217.139.227 #	host.colocrossing.com		3.79	3.99		Good
198.23.199.16   #			0.00	3.99		Poor
192.3.111.59    #			0.00	3.99		Poor
192.3.7.183     #	host.colocrossing.com		0.00	3.99		Good
198.23.199.3    #			0.00	3.99		Poor
198.23.199.28   #			0.00	3.99		Poor
23.94.100.202   #	host.colocrossing.com		0.00	3.99		Poor
192.3.156.108   #			0.00	3.99		Good
198.46.136.194  #	briskmailer.biz		0.00	3.99		Good
198.23.129.66   #	host.colocrossing.com		4.02	3.99		Neutral
192.3.204.194   #	host.colocrossing.com		0.00	3.99		Good
198.12.104.73   #			3.04	3.99		Poor
192.3.137.67    #	host.colocrossing.com		3.98	3.99	2	Poor
172.245.62.140  #	mail2.aramisengenharia.info		0.00	3.99		Poor
192.227.252.96  #			0.00	3.98	1	Poor
192.3.111.43    #			0.00	3.98		Poor
192.3.116.126   #	iklseyg.nicolus.org	1	0.00	3.98		Neutral
198.12.104.82   #			5.06	3.98	1	Poor
75.127.14.188   #	server.style-09.info	1	3.04	3.98		Poor
198.23.133.107  #	mediacomtel.info		0.00	3.98		Poor
172.245.62.241  #	mail1.zeldaengenharia.us		0.00	3.98		Neutral
172.245.62.244  #	mail4.zeldaengenharia.us		0.00	3.98		Neutral
192.3.46.238    #			0.00	3.98		Poor
198.23.199.26   #			0.00	3.98		Poor
192.3.46.231    #			0.00	3.98		Poor
206.217.139.236 #	host.colocrossing.com		2.86	3.98		Poor
192.210.203.28  #	host11.2202simtut24.tk		0.00	3.98		Neutral
199.21.112.211  #	host.colocrossing.com		0.00	3.98		Poor
23.94.27.158    #	serv1.almatsmarketing.biz	1	0.00	3.98		Good
192.210.238.149 #	mediatelnetcom.info	1	0.00	3.98		Good
192.3.158.136   #	server2.dtomtech.net	1	3.84	3.98		Good
192.210.200.50  #	huntington-mail.com	1	0.00	3.98		Neutral
23.94.100.197   #	host.colocrossing.com		0.00	3.98		Poor
192.3.111.56    #			3.92	3.98		Poor
162.218.88.185  #			0.00	3.98		Good
23.94.3.80      #	mail4.japanesefoodgoumert.info		3.92	3.98		Poor
198.23.129.6    #	host.colocrossing.com		4.18	3.98		Neutral
192.3.161.244   #	ids.indiaserver.biz	1	3.98	3.98		Poor
192.3.137.68    #	host.colocrossing.com		5.42	3.98	2	Poor
192.3.134.25    #			4.66	3.98		Poor
198.23.199.5    #			5.11	3.98	1	Poor
192.227.242.56  #			0.00	3.98		Good
192.3.11.184    #	host.colocrossing.com		0.00	3.98		Good
172.245.137.181 #	cdnkar4.piagee.com		4.36	3.98	1	Poor
198.23.177.24   #	rdns-0.vendasnarede.tk	1	4.09	3.97		Poor
192.227.242.45  #			0.00	3.97		Good
198.12.104.90   #			5.05	3.97	1	Poor
172.245.137.179 #	cdnkar2.piagee.com		4.26	3.97	1	Poor
192.3.161.246   #	ids2.indiaserver.biz	1	3.77	3.97		Poor
198.23.201.171  #	julia1.hifx.com.br	1	3.86	3.97		Poor
23.94.15.82     #	festitech.net	1	0.00	3.97		Neutral
192.3.165.43    #	yvcx03.ukwp5j.com	1	4.67	3.97	1	Poor
172.245.13.77   #			0.00	3.97		Neutral
198.23.201.181  #	julia11.hifx.com.br	1	3.77	3.97		Poor
192.210.238.194 #	intrainfomedia.info		0.00	3.97		Neutral
198.23.201.210  #	julia40.hifx.com.br	1	3.84	3.97		Poor
198.23.201.184  #	julia14.hifx.com.br	1	3.79	3.97		Poor
198.23.201.173  #	julia3.hifx.com.br	1	3.92	3.97		Poor
198.23.199.12   #			0.00	3.97		Poor
198.23.201.175  #	julia5.hifx.com.br	1	3.92	3.97		Poor
192.227.242.44  #			0.00	3.97		Good
192.227.252.91  #			0.00	3.97	1	Poor
198.23.201.180  #	julia10.hifx.com.br	1	3.90	3.97		Poor
199.21.112.221  #	host.colocrossing.com		0.00	3.97		Poor
198.23.201.38   #	klm38.xptoplus.com.br	1	4.04	3.97		Poor
172.245.57.238  #	server.emarketingserver.com		3.04	3.97	1	Poor
192.3.138.103   #	host.colocrossing.com		0.00	3.97		Good
192.210.217.98  #	v4.bhagalpur.info		3.98	3.97		Good
192.210.203.157 #	mail5.activebr.tk		0.00	3.97		Poor
198.23.201.204  #	julia34.hifx.com.br	1	3.94	3.96		Poor
23.94.101.65    #	host.colocrossing.com		4.08	3.96		Poor
172.245.136.178 #			0.00	3.96		Poor
198.23.199.2    #			0.00	3.96		Poor
172.245.13.69   #			4.45	3.96	1	Poor
23.94.32.230    #			2.86	3.96		Poor
206.217.139.228 #	host.colocrossing.com		3.86	3.96		Good
198.23.201.182  #	julia12.hifx.com.br	1	3.77	3.96		Poor
192.3.104.139   #	mdk.softms.biz	1	4.55	3.96		Poor
192.3.204.196   #	node1.lambdns.com		0.00	3.96		Good
192.3.27.148    #			0.00	3.96		Neutral
198.23.199.19   #			0.00	3.96		Poor
198.12.104.87   #			2.86	3.96		Poor
172.245.13.75   #			4.29	3.96		Poor
172.245.222.125 #	host.colocrossing.com		4.29	3.96		Poor
162.218.88.198  #			0.00	3.96		Neutral
198.23.201.183  #	julia13.hifx.com.br	1	3.86	3.96		Poor
198.23.201.176  #	julia6.hifx.com.br	1	3.92	3.96		Poor
23.94.100.215   #	host.colocrossing.com		0.00	3.96		Poor
172.245.136.170 #			0.00	3.96		Poor
192.3.111.57    #			5.10	3.96	1	Poor
198.23.245.11   #			0.00	3.96		Neutral
107.161.156.135 #	531.651.161.701.valuedmailer.biz	1	0.00	3.96		Poor
198.23.201.174  #	julia4.hifx.com.br	1	3.88	3.96		Poor
198.23.201.177  #	julia7.hifx.com.br	1	3.82	3.96		Poor
192.3.138.37    #	host.colocrossing.com		5.40	3.96	1	Poor
198.23.201.203  #	julia33.hifx.com.br	1	3.84	3.95		Poor
23.94.3.71      #	mail2.obscurablog.info	1	4.01	3.95		Poor
172.245.32.55   #	host.colocrossing.com		0.00	3.95		Good
192.3.161.245   #	ids1.indiaserver.biz	1	3.86	3.95		Neutral
198.23.201.123  #	kmi40.nsesportes.com.br	1	4.35	3.95		Poor
198.23.161.137  #	mail.look78h.info	1	4.02	3.95		Poor
192.3.46.233    #			0.00	3.95		Poor
172.245.137.189 #	cdnkar5.piagee.com		4.35	3.95	1	Poor
```


----------



## drmike (Mar 7, 2014)

And what is disturbing about the Cisco data is that who else appears up in the top 100 Spam Senders  by Network for past day?

#10 is ENZU....

If I recall properly they were on the list that good professor from Carnegie Mellon put out of the top IPv4 free pool recipients during the past year... 

ENZU must be using all those IPs for spamming too... Imagine that.


----------



## apt (Mar 7, 2014)

Burst is also pretty high up there (as Network Operations Center).


----------



## DomainBop (Mar 8, 2014)

> ENZU must be using all those IPs for spamming too... Imagine that.


ENZU isn't SPAM friendly.  Their network staff is just incompetent.   I wouldn't be surprised if a lot of those ENZU SPAM sending IPs weren't hijacked IPs and ENZU's staff was completely oblivious to them being hijacked, and even if they knew they were hijacked their late night network staff is too incompetent to know how to recover the hijacked IP (this statement is based on my experience last year when BudgetVM provisioned my VPS with an IP that had been hijacked by some Russian torrent site).

Back to CC, here is a 3 year old thread that proves the allegations that ColoCrossing is a spam friendly host didn't just start when the tinfoil hat wearers at VPSB started posting about the problem (tl;dr ROKSO spammer with 551 ColoCrossing IPs, abuse dep't at CC lies to person who filed complaint about removing spammer....sound familiar) http://forum.spamcop.net/forums/index.php?showtopic=12054


----------



## joepie91 (Mar 8, 2014)

yolo said:


> @drmike you will love this
> 
> http://www.senderbase.org/static/spam/
> 
> ...


#1 non-residential, actually.


----------



## DomainBop (Mar 8, 2014)

Laughing my motherf'in ass off 

Spamhaus has designated NewWave NetConnect as a spam gang 

http://www.spamhaus.org/sbl/query/SBL215448



> New Wave NetConnect, LLC spammers
> 
> Finally, a name for this gang of continually morphing spammers: New Wave NetConnect, LLC



Congratulations Fabozo!


----------



## Aldryic C'boas (Mar 8, 2014)

DomainBop said:


> Laughing my motherf'in ass off


Ditto :3


----------



## kaniini (Mar 9, 2014)

DomainBop said:


> ENZU isn't SPAM friendly.


Oh, hell yes they are spam friendly.

It just depends on how you are doing business with them.  If you're some random BudgetVM customer they will smack you, but if you go a different route, they will happily rotate your blocks around, up to several times a day.


----------



## MartinD (Mar 9, 2014)

Is it really necessary to paste huge amounts of text like that?


----------



## DomainBop (Mar 11, 2014)

ColoCrossing now with 21 SBLs (including yet another ROKSO today for their friend Yair), and BlueVM and ChicagoVPS get slapped by Spamhaus (this coming after Spamhaus called NewWave Netconnect a spam gang a few days ago)



> BlueVM Communications LLC repeatedly providing resource to snowshoe spammers.
> 
> Given the constant stream of spam coming from this entity, we strongly invite Spamhaus users to reject any kind of SMTP communication coming from this network, and are therefore applying an SBL advisory on it.


http://www.spamhaus.org/sbl/query/SBL215652 (/24)



> ChicagoVPS repeatedly providing resource to snowshoe spammers.
> 
> Given the constant stream of spam coming from this entity, we strongly invite Spamhaus users to reject any kind of SMTP communication coming from this network, and are therefore applying an SBL advisory on it.


http://www.spamhaus.org/sbl/query/SBL215651 (/24)

http://www.spamhaus.org/sbl/query/SBL215649 (/25)

tl;dr #1: Spamhaus has a honeypot with CC's name on it

tl;dr #2: SPAM is the only reason 2GB/$30 annually is sustainable


----------



## Aldryic C'boas (Mar 11, 2014)

I wonder how long CC's... clients will feel that the low costs is worth the repeated listings before more start bailing out.


----------



## peterw (Mar 11, 2014)

DomainBop said:


> BlueVM Communications LLC repeatedly providing resource to snowshoe spammers.
> http://www.spamhaus.org/sbl/query/SBL215652 (/24)


Ref: SBL215652
198.12.78.0/24 is listed on the Spamhaus Block List - SBL
2014-03-11 10:33:06 GMT | velocity-servers.net
What?


----------



## Aldryic C'boas (Mar 11, 2014)

peterw said:


> Ref: SBL215652
> 198.12.78.0/24 is listed on the Spamhaus Block List - SBL
> 2014-03-11 10:33:06 GMT | velocity-servers.net
> What?



Justin Johnson (BlueVM) is the POC for that IP range.



Spoiler



-06:51:33- Wren:~ :: aldryic % whois 198.12.78.15


#


# ARIN WHOIS data and services are subject to the Terms of Use


# available at: https://www.arin.net/whois_tou.html


#


#


# The following results may also be obtained via:


# http://whois.arin.net/rest/nets;q=198.12.78.15?showDetails=true&showARIN=false&ext=netref2


#


# start


NetRange:       198.12.64.0 - 198.12.127.255


CIDR:           198.12.64.0/18


OriginAS:       AS36352


NetName:        CC-09


NetHandle:      NET-198-12-64-0-1


Parent:         NET-198-0-0-0-0


NetType:        Direct Allocation


RegDate:        2012-07-10


Updated:        2012-07-10


Ref:            http://whois.arin.net/rest/net/NET-198-12-64-0-1


OrgName:        ColoCrossing


OrgId:          VGS-9


Address:        8469 Sheridan Drive


Address:        ATTN: ARIN


City:           Williamsville


StateProv:      NY


PostalCode:     14221


Country:        US


RegDate:        2005-06-20


Updated:        2012-01-10


Ref:            http://whois.arin.net/rest/org/VGS-9


OrgAbuseHandle: ABUSE3246-ARIN


OrgAbuseName:   Abuse


OrgAbusePhone:  +1-800-518-9716


OrgAbuseEmail:  [email protected]


OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE3246-ARIN


OrgNOCHandle: VIALA-ARIN


OrgNOCName:   Vial, Alex


OrgNOCPhone:  +1-800-518-9716


OrgNOCEmail:  [email protected]


OrgNOCRef:    http://whois.arin.net/rest/poc/VIALA-ARIN


OrgTechHandle: NETWO882-ARIN


OrgTechName:   Network Operations


OrgTechPhone:  +1-800-518-9716


OrgTechEmail:  [email protected]


OrgTechRef:    http://whois.arin.net/rest/poc/NETWO882-ARIN


# end


# start


NetRange:       198.12.78.0 - 198.12.78.255


CIDR:           198.12.78.0/24


OriginAS:       AS36352


NetName:        CC-198-12-78-0-24


NetHandle:      NET-198-12-78-0-1


Parent:         NET-198-12-64-0-1


NetType:        Reallocated


RegDate:        2014-02-21


Updated:        2014-02-21


Ref:            http://whois.arin.net/rest/net/NET-198-12-78-0-1


OrgName:        BlueVM Communications LLC


OrgId:          BCL-142


Address:        4945 Mark Dabling Blvd #16


City:           Colorado Springs


StateProv:      CO


PostalCode:     80918


Country:        US


RegDate:        2013-12-02


Updated:        2013-12-02


Ref:            http://whois.arin.net/rest/org/BCL-142


OrgAbuseHandle: JOHNS658-ARIN


OrgAbuseName:   Johnston, Justin


OrgAbusePhone:  +1-850-400-9594


OrgAbuseEmail:  [email protected]BlueVM.com


OrgAbuseRef:    http://whois.arin.net/rest/poc/JOHNS658-ARIN


OrgNOCHandle: JOHNS658-ARIN


OrgNOCName:   Johnston, Justin


OrgNOCPhone:  +1-850-400-9594


OrgNOCEmail:  [email protected]BlueVM.com


OrgNOCRef:    http://whois.arin.net/rest/poc/JOHNS658-ARIN


OrgTechHandle: JOHNS658-ARIN


OrgTechName:   Johnston, Justin


OrgTechPhone:  +1-850-400-9594


OrgTechEmail:  [email protected]BlueVM.com


OrgTechRef:    http://whois.arin.net/rest/poc/JOHNS658-ARIN


# end


#


# ARIN WHOIS data and services are subject to the Terms of Use


# available at: https://www.arin.net/whois_tou.html


#


----------



## Magiobiwan (Mar 11, 2014)

Have I mentioned I dislike spam? As soon as I get a refill on my flamethrower, SPAMMERS WILL BURN.


----------



## drmike (Mar 11, 2014)

CC keeps cleaning their mess, down to 20 Spamhaus listings 

Funny, Amazon as big as they are, has 3 Spamhaus listings
Quadranet has a mere 3.
DigitalOcean has 11.

To get on the top 10 spam network list currently you need 40-odd active listings.   Here's to encouraging CC to lead the industry!


----------



## drmike (Mar 11, 2014)

This made me laugh....

APNIC, organization in charge of IP issuance in Asian-Pacific region has 56 member countries and well over 2k members. See this for listing of member organizations - includes some biggies ---> http://en.wikipedia.org/wiki/Asia-Pacific_Network_Information_Centre

*APNIC members include the two largest populations of humans anywhere:*

*China + India.*

APNIC has 43 /8's under their control = 

16,777,214 IPs x 43 = 721,420,202 IPs

Their total Spamhaus entries are currently 72. 

72 problems out of 721 million IPs.  Or one bad IP per every 10 million IPs.

Compared to CC who has 492,288 IPs and 20 current Spamhaus listings.

20 problems out of 492,288 IPs....  Or one bad IP per every 24,614 IPs.

Go ahead, tell me CC isn't in the business of selling to spammers again.


----------



## drmike (Mar 11, 2014)

and... look what your friendly IP sniffer just found...

http://www.spamhaus.org/sbl/listings/chicagovps.net

*Found 8 SBL listings for IPs under the responsibility of chicagovps.net*

Those listings are all on CC IPs... and should be listed under CC.... ho hum....


----------



## Francisco (Mar 11, 2014)

Something about the *region* listings.

Spamhaus only marks things to ARIN/RIPE/APNIC/LANIC, etc, when the problem is *so extreme*

that they refuse to work with the actual contact and are pushing for IP's to be revoked.

It's common to see zombie ranges, hijacked ranges, etc, to be listed in there.

Francisco


----------



## DomainBop (Mar 12, 2014)

*SBL215802*


*192.227.165.126/32*

*velocity-servers.net*


12-Mar-2014 09:11 GMT


Snowshoe spam source - 123Systems Solutions 

 

*SBL215797*


*192.210.211.68/32*

*velocity-servers.net*


12-Mar-2014 08:45 GMT


Snowshoe spam source - BlueVM Communications 

 



*SBL215795*


*172.245.30.76/32*

*velocity-servers.net*


12-Mar-2014 08:43 GMT


Snowshoe spam source - ChicagoVPS 




Spamhaus seems to have caught on to the fact that spammers are being offered a package deal by the children at the daycare.  Same replica handbag spammer for all 3 SBLs.


----------



## peterw (Mar 12, 2014)

Aldryic C said:


> Justin Johnson (BlueVM) is the POC for that IP range.


I forgot that they do not own their ips.


----------



## AlexBarakov (Mar 12, 2014)

I sincerely hope that my ranges with them would not get affected by those things. I do not tollerate SPAM myself and we block excesive SMTP connections by default, unless the mailing usage is legit. However I can't say that I like Spamhaus either and to be honest, pretty much all of the reasonable bigger providers that I've worked with are with the same opinion as me (not refering to CC)


----------



## MannDude (Mar 13, 2014)

Alex_LiquidHost said:


> I sincerely hope that my ranges with them would not get affected by those things. I do not tollerate SPAM myself and we block excesive SMTP connections by default, unless the mailing usage is legit. However I can't say that I like Spamhaus either and to be honest, pretty much all of the reasonable bigger providers that I've worked with are with the same opinion as me (not refering to CC)


I think they're a necessary evil, though in cases like this it's clear that this isn't Spamhaus stepping out of line and being a bully in any way.


----------



## mtwiscool (Mar 13, 2014)

MannDude said:


> I think they're a necessary evil, though in cases like this it's clear that this isn't Spamhaus stepping out of line and being a bully in any way.


really so if one person spams the other users can not send emails?

how is this fair?

i had spamhus block my email servers for 2 months because another user in that ip block spammed.

so is this fair?


----------



## mtwiscool (Mar 13, 2014)

someone should spam on the same block as vpsboard to show the admins how it feels to be blacklisted when another user spams?


----------



## peterw (Mar 13, 2014)

mtwiscool said:


> someone should spam on the same block as vpsboard to show the admins how it feels to be blacklisted when another user spams?


No customer will do this because they all fear Aldryic.


----------



## staticsafe (Mar 13, 2014)

mtwiscool said:


> really so if one person spams the other users can not send emails?
> 
> how is this fair?
> 
> ...



Spamhaus blocking whole IP CIDR blocks is an escalation procedure when a provider is not taking care of spam in that netblock. It is an incentive to tell your provider to clean up their network or find another provider if the existing one doesn't give a shit.



mtwiscool said:


> someone should spam on the same block as vpsboard to show the admins how it feels to be blacklisted when another user spams?


vpsboard is using Mandrill  to send outbound and blacklisting is unlikely as Mandrill takes care of spam on their network.


----------



## MannDude (Mar 13, 2014)

mtwiscool said:


> really so if one person spams the other users can not send emails?
> 
> how is this fair?
> 
> ...


Why would you wait 2 months for it to be resolved? What provider were you using?



mtwiscool said:


> someone should spam on the same block as vpsboard to show the admins how it feels to be blacklisted when another user spams?


Emails are dispatched via Mandrill anyway, but I'm sure the IPs I am assigned from most my providers (RamNode, BuyVM, AnyNode, Hostigation, DigitalOcean, RocketVPS, WiredTree, SecureDragon, etc) would be clean or cleaned quickly in the event of a blacklisting. I choose providers who I feel are capable and competent.


----------



## DomainBop (Mar 13, 2014)

mtwiscool said:


> someone should spam on the same block as vpsboard to show the admins how it feels to be blacklisted when another user spams?


MX Tooolbox is showing the MX record for VPSB is hosted at Digital Ocean.  Digital Ocean's business plan doesn't include renting entire blocks to spammers (or rotating spammers through their blocks, subsidiaries, etc) so when Spamhaus blacklists a Digital Ocean IP the SBL is almost always only for a /32 (unlike SBL's for spam friendly providers like CC/CVPS/BlueVM/123Sys/HVH where entire /24, /25, /15's get placed on the SBL). 

tl;dr if someone on the same IP block as VPSB's MX record spammed it would in all likelihood have no effect on VPSB (plus VPSB uses Mandrill for most of their mailings...).



> i had spamhus block my email servers for 2 months because another user in that ip block spammed.
> 
> *so is this fair?*



My company gets hit with anywhere from 2K-15K spam emails a day.  The costs of dealing with all of that spam over the course of a year adds up to $7K-$9K (lost productivity, time spent fighting spam, etc., etc). How is it fair to companies like mine that  that spam friendly piece of shit  providers like CC/CVPS are allowed to profit from the sending of SPAM and cost other businesses money?  I would love to see Spamhaus crack down even harder on providers like CC/Ubiquity/Ecatel, etc who have a proven track record of being spam friendly and permanently ban all of their IPs.  I would also like to see the government start handing out very large fines to spam friendly providers.


----------



## Aldryic C'boas (Mar 13, 2014)

mtwiscool said:


> really so if one person spams the other users can not send emails?
> 
> how is this fair?
> 
> ...


That's your provider's fault, not Spamhaus.  Try hosting with legitimate companies that actually handle abuse reports instead of CC/HF 'providers'.



mtwiscool said:


> someone should spam on the same block as vpsboard to show the admins how it feels to be blacklisted when another user spams?


Spamhaus doesn't do /24 listings on us, just the offending IPs. They know me on a first name basis, and know that I handle any SBLs within hours - hell, half the time we don't even get listed, they just email me with the logs.


----------



## DomainBop (Mar 13, 2014)

This is an interesting comparison of 12 hosts (CleanTalk runs a blacklist for spam bot comment spam)

LiquidWeb IPs 4.92% spam rate https://cleantalk.org/blacklists?record=AS32244

Softlayer IPs 7.47% spam rate https://cleantalk.org/blacklists?record=AS36351

ServInt IPs 10.53% spam rate https://cleantalk.org/blacklists?record=AS25847

Amazon IPs 17.94% spam rate https://cleantalk.org/blacklists?record=as16509

Hetzner IPs 20.17% spam rate https://cleantalk.org/blacklists?record=AS24940

Choopa IPs 24.77% spam rate https://cleantalk.org/blacklists?record=AS20473

Burst.net 27.72% spam rate https://cleantalk.org/blacklists?record=AS21788

Ubiquity IPs 28.21% spam rate https://cleantalk.org/blacklists?record=AS15003

VolumeDrive IPs 28.87% spam rate https://cleantalk.org/blacklists?record=AS46664

Psychz Networks IPs 29.43% spam rate https://cleantalk.org/blacklists?record=AS40676

OVH IPs 59.9% spam rate https://cleantalk.org/blacklists?record=AS16276

ColoCrossing IPs 78.66% spam rate https://cleantalk.org/blacklists/AS36352


----------



## mtwiscool (Mar 13, 2014)

Aldryic C said:


> That's your provider's fault, not Spamhaus.  Try hosting with legitimate companies that actually handle abuse reports instead of CC/HF 'providers'.
> 
> 
> Spamhaus doesn't do /24 listings on us, just the offending IPs. They know me on a first name basis, and know that I handle any SBLs within hours - hell, half the time we don't even get listed, they just email me with the logs.


My provider had a /26 with the compney it was a /22 blacklisted.

my host is honest and lives in the UK.

heres they dmca policy:

http://www.jdrhost.com/en/dmca-policy/


----------



## hellogoodbye (Mar 13, 2014)

Getting blacklisted for spam has nothing to do with DMCA notices though, or am I missing something here?

(I also did a quick Google search on JDR Hosting and I really wouldn't call them honest if they're so active in blackhat forums/groups with many complaints to their name.)


----------



## wlanboy (Mar 13, 2014)

DomainBop said:


> This is an interesting comparison of 12 hosts (CleanTalk runs a blacklist for spam bot comment spam)
> 
> LiquidWeb IPs 4.92% spam rate https://cleantalk.org/blacklists?record=AS32244
> 
> ...


Another reason to avoid Psychz Network, VolumeDrive and Ubiquity.



hellogoodbye said:


> Getting blacklisted for spam has nothing to do with DMCA notices though, or am I missing something here?
> 
> (I also did a quick Google search on JDR Hosting and I really wouldn't call them honest if they're so active in blackhat forums/groups with many complaints to their name.)


Nope - nothing at all.

Any yes - JDR is a no-go to for their activities.


----------



## D. Strout (Mar 13, 2014)

D. Strout said:


> Today's LEB offer from VPSAce (with CC, as I'm sure most know) includes 25 cent IPs. I was tempted to pick one up to see if they were giving the IPs away because they were dirty (though the test IPs weren't), but I don't want to have anything to do with CC.


Just remembered that I did order with false info and no intention of paying, and their WHMCS mail hit my spam box - SpamHaus recorded the IP as dirty. Oh CC/CVPS, as if we didn't have enough reason to hate you.


----------



## mtwiscool (Mar 13, 2014)

D. Strout said:


> Just remembered that I did order with false info and no intention of paying, and their WHMCS mail hit my spam box - SpamHaus recorded the IP as dirty. Oh CC/CVPS, as if we didn't have enough reason to hate you.


its not vpsace fault.


----------



## Aldryic C'boas (Mar 13, 2014)

If I chose to use a screwdriver to drive a nail, especially when efficient and affordable hammers are easy to come by, then it is indeed my own fault.


----------



## Francisco (Mar 13, 2014)

mtwiscool said:


> its not vpsace fault.


[sarcasm]You're right, they're saints.[/sarcasm]

Francisco


----------



## MartinD (Mar 13, 2014)

This...is retarded.


----------



## AlexBarakov (Mar 13, 2014)

If spamhaus lists an entire /15 of any of the providers in the list above, the percentage would be much, much different  

Not to be the devil's advocate in here, as I am not yet affected by any of this, however the whole spamhaus thing in relation to CC looks like some personal vendeta against them. I do not approve many of their actions, that's something I am not hiding, however this thing over here is just... Yeah, nevermind


----------



## Aldryic C'boas (Mar 13, 2014)

Alex_LiquidHost said:


> [...] the whole spamhaus thing in relation to CC looks like some personal vendeta against them [..]


Considering that Spamhaus is an _anti-spam_ organization, and ColoCrossing is not only known for willingly selling to spammers, but outright _lies_ to Spamhaus about dealing with them.. well, sure, of course Spamhaus is going to treat them more harshly.  And I don't fault them in the slightest for it.


----------



## D. Strout (Mar 13, 2014)

Aldryic C said:


> Considering that Spamhaus is an _anti-spam_ organization, and ColoCrossing is not only known for willingly selling to spammers, but outright _lies_ to Spamhaus about dealing with them.. well, sure, of course Spamhaus is going to treat them more harshly.  And I don't fault them in the slightest for it.


That's why we need spam databases not run by robots - real humans can use "justified prejudice" against a provider who is known to be spammer-friendly, as opposed to robots just automatically banning IPs.

800th post, woot woot!


----------



## AleksandrRazoR (Mar 14, 2014)

DomainBop said:


> This is an interesting comparison of 12 hosts (CleanTalk runs a blacklist for spam bot comment spam)
> 
> LiquidWeb IPs 4.92% spam rate https://cleantalk.org/blacklists?record=AS32244
> 
> ...


CleanTalk this cloud service protection from spam bots. It provides 100% protection from spam bots, without CAPTCHA is invisible protection for visitors.


----------



## mtwiscool (Mar 14, 2014)

if vpsboard's ip addess got blacklisted because of another person will they keep on saying spamhaus are doig they job?

we know this is a no.


----------



## Virtovo (Mar 14, 2014)

mtwiscool said:


> if vpsboard's ip addess got blacklisted because of another person will they keep on saying spamhaus are doig they job?
> 
> we know this is a no.


I think you are missing the point.  The issue is not about other people causing issues, that will always be the case.  The issue is how the host/provider responds to that issue.  Do they do it in a timely, effective and honest manner or not?


----------



## Aldryic C'boas (Mar 14, 2014)

Going back to my _easily obtainable hammer_ example:  all of our automated and mass email SMTP is pushed through AmazonSES.  We're talking upwards of a hundred-thousand emails a month, for just a couple bucks a month.

There is _*no excuse*_ for "being stuck with dirty IPs" when solutions such as SES exist so cheaply.  And even if your IPs are clean - why would you want the hassle of validating your own MX when that couple bucks to Amazon gets you guaranteed whitelisting?


----------



## mtwiscool (Mar 14, 2014)

Virtovo said:


> I think you are missing the point.  The issue is not about other people causing issues, that will always be the case.  The issue is how the host/provider responds to that issue.  Do they do it in a timely, effective and honest manner or not?


The host is not the user.

the end user should not punised for a hosts way of doing things.


----------



## mtwiscool (Mar 14, 2014)

Aldryic C said:


> Going back to my _easily obtainable hammer_ example:  all of our automated and mass email SMTP is pushed through AmazonSES.  We're talking upwards of a hundred-thousand emails a month, for just a couple bucks a month.
> 
> There is _*no excuse*_ for "being stuck with dirty IPs" when solutions such as SES exist so cheaply.  And even if your IPs are clean - why would you want the hassle of validating your own MX when that couple bucks to Amazon gets you guaranteed whitelisting?


we are working on doing everthing in-house.

It's only hotmail we have issues with.

we have tried to fill in they form but then got a error saying they was no route for the form to go.

so i need to contact them to get it sorted.


----------



## Aldryic C'boas (Mar 14, 2014)

If keeping all mail services in-house is a perogative, then it behooves you to ensure that either 1) you own (and can therefore clean) the IP block in question, or 2) rent said IP space directly from a responsible provider that owns and cleans the range.

If you're renting IPs from an upstream who is in turn renting said IPs from _their_ upstream, then you are simply asking for trouble.  Spamhaus is not to blame for the lack of integrity of the block's owner.


----------



## mtwiscool (Mar 14, 2014)

Aldryic C said:


> If keeping all mail services in-house is a perogative, then it behooves you to ensure that either 1) you own (and can therefore clean) the IP block in question, or 2) rent said IP space directly from a responsible provider that owns and cleans the range.
> 
> If you're renting IPs from an upstream who is in turn renting said IPs from _their_ upstream, then you are simply asking for trouble.  Spamhaus is not to blame for the lack of integrity of the block's owner.


if spam comes from one ip address you don't block evey ip address in the block 64 ip address. as i get 1 ip per provider.


----------



## fisle (Mar 14, 2014)

mtwiscool said:


> if spam comes from one ip address you don't block evey ip address in the block 64 ip address. as i get 1 ip per provider.



Yes except when it continues A LOT and host clearly isn't doing anything, showing that they indeed love to spam, then you can start blocking more. Don't be so stupid please.


----------



## mtwiscool (Mar 14, 2014)

fisle said:


> Yes except when it continues A LOT and host clearly isn't doing anything, showing that they indeed love to spam, then you can start blocking more. Don't be so stupid please.


I nerver spam so why should i have my ip address blacklisted?


----------



## AlexBarakov (Mar 14, 2014)

mtwiscool said:


> I nerver spam so why should i have my ip address blacklisted?


Cause Spamhaus are teaching someone a lesson


----------



## Aldryic C'boas (Mar 14, 2014)

mtwiscool said:


> I nerver spam so why should i have my ip address blacklisted?


They're not YOUR IPs.  The PROVIDER's IPs are blacklisted - you are merely renting the use of them.  Spamhaus has no clue who you are.


----------



## mtwiscool (Mar 14, 2014)

Aldryic C said:


> They're not YOUR IPs.  The PROVIDER's IPs are blacklisted - you are merely renting the use of them.  Spamhaus has no clue who you are.


so why blacklist ip's ware theys no spam.


----------



## kaniini (Mar 14, 2014)

mtwiscool said:


> if spam comes from one ip address you don't block evey ip address in the block 64 ip address. as i get 1 ip per provider.


Spamhaus does not start off listing 64 IPs, all listings begin as /32 and then escalate to become wider until the provider responsible for the block does take action.

This is what I like to call the "bitching customers" theory.  It's a real theory, and it works.


----------



## Aldryic C'boas (Mar 14, 2014)

You are insufferably thick.  This has been explained to you several times now - as a courtesy, I will attempt once more to simplify things to your level.

You rent IP space owned by a provider.  The IPs are not yours, and whenever someone runs a WHOIS to check the IP they will see the provider listed as owner.  You, and what you do with the IP, are irrelevant.

If said provider hosts a client that sends spam and earns an SBL from Spamhaus, then typically only the spamming IP will be listed for the first offense.

If the provider doesn't bother to remove the spammer, or makes it clear that they are willing to sell to spammers, then the SBL will be extended to encompass entire IP blocks.  From the starting /32 (one IP), to /28s, /26s, /24s, and so on.

You, and what you do with the IP you rent, are irrelevant.  Because the upstream provider is willingly selling to spammers, large amounts of their IP space are marked in the SBL.  You simply happen to be a casualty of collateral.  If this inconveniences you, then you should address the issue with your provider.  Or move to a legitimate host.

Spamhaus doesn't know who you are, and they are not to blame for your problems.  Your provider is to blame, and if you insist on staying with a provider that won't keep their IP space clean, then the blame lays with you for being too stupid to leave.


----------



## BrianHarrison (Mar 14, 2014)

kaniini said:


> Spamhaus does not start off listing 64 IPs, all listings begin as /32 and then escalate to become wider until the provider responsible for the block does take action.
> 
> This is what I like to call the "bitching customers" theory.  It's a real theory, and it works.


Completely true. In my experience with Spamhaus I've found them to be quite reasonable and a whole heck of a lot more responsive than other blacklists.

Seems like not much has changed at B2Net/ServerMania/ColoCrossing -- if you open http://www.senderbase.org/ and zoom in the map to the United States you'll quickly see that one of the largest sources of spam in the country is out of their datacenter.


----------



## Francisco (Mar 14, 2014)

BrianHarrison said:


> Completely true. In my experience with Spamhaus I've found them to be quite reasonable and a whole heck of a lot more responsive than other blacklists.
> 
> Seems like not much has changed at B2Net/ServerMania/ColoCrossing -- if you open http://www.senderbase.org/ and zoom in the map to the United States you'll quickly see that one of the largest sources of spam in the country is out of their datacenter.


Well that's the point some people have been making. The same spammer rotates through each of the brands over there. ServerMania, CVPS, BlueVM, and now 123S has picked up a couple listings (at least 1 /25 I think). Worst part is spamhaus has been straight up lied to and the same subnets have gone back to the *same* spammer.

Francisco


----------



## DomainBop (Mar 14, 2014)

> The same spammer rotates through each of the brands over there



There are several spammers that continuously rotate through their brands.  The most notorious is ROKSO listed Yair (40+ CC ROKSO listings over the past 12 months and 3 current SBLs).  Yair was charged with fraud by the FTC in late January and yet despite government action against him and numerous ROKSO SBL's CC continues to provide him with a rotating supply of "clean" IPs to spam from.

FTC press release: http://www.ftc.gov/news-events/press-releases/2014/01/ftc-charges-email-spammer-tricking-consumers-phony-information

FTC blog article on Yair: http://www.consumer.ftc.gov/blog/ending-spam-scam-about-affordable-care-act

copy of Federal court filing: http://www.ftc.gov/sites/default/files/documents/cases/140123kobenicmpt.pdf (10 page .pdf)


----------



## Magiobiwan (Mar 15, 2014)

Ugh. I keep seeing BlueVM mentioned and would like to point out that we are NOT Spam Friendly. I personally have a vendetta against people who sign up and spam because it means I have to clean up after them. I'll do some digging to see if I find any wonderful citizens of the internet abusing our services.


----------



## D. Strout (Mar 17, 2014)

Aldryic C said:


> Spamhaus doesn't know who you are, and they are not to blame for your problems.  Your provider is to blame, and if you insist on staying with a provider that won't keep their IP space clean, then the blame lays with you for being too stupid to leave.


Curious - some providers will SWIP the IPs they rent to you to your business/personal info. If this happens, does SpamHaus (or any other spam DB organization) recognize this and block just the IPs that are SWIPed to you that are spamming?


----------



## Aldryic C'boas (Mar 17, 2014)

D. Strout said:


> Curious - some providers will SWIP the IPs they rent to you to your business/personal info. If this happens, does SpamHaus (or any other spam DB organization) recognize this and block just the IPs that are SWIPed to you that are spamming?


At first, yes.  They'll only list the company appearing on the SWIP, and not the actual owner.  But when either the owner or the SWIP holder has a history of repeat abuse - then aye, they'll assume the SWIP was done to try and be sneaky, and they'll start issuing larger SBLs.

Gotta feel bad for the legitimate companies stuck at CC, renting IP space from them.  Even if they do try to stay on top of things, any listings are going to be brutal just for being associated.


----------



## SkylarM (Mar 17, 2014)

D. Strout said:


> Curious - some providers will SWIP the IPs they rent to you to your business/personal info. If this happens, does SpamHaus (or any other spam DB organization) recognize this and block just the IPs that are SWIPed to you that are spamming?



Unless you're name is Colo Crossing or any of their affiliated "brands", Spamhaus typically only blocks Ips/ranges that are sending the spam. You literally have to ignore them with repeated violations for them to start blanket blocking huge ranges.

Only time I've seen a /24 or larger of my own ranges blocked was UCEPROTECT related when a customer had ~6 IPs that hit their filters in a very short period of time. UCEPROTECT in particular will do /24's and even larger allocation/ASN based blocks if the spam hits specific thresholds. You have to get pretty crazy to hit an UCEPROTECT /24 or larger list.

Edit:


ColoCrossing has a bunch on UCEPROTECT as well. A few /24's and /23's. UCEPROTECT is a timed-based delist or you can pay some asinine amount of $$$ to get a block de-listed.


----------



## DomainBop (Mar 20, 2014)

Magiobiwan said:


> Ugh. I keep seeing BlueVM mentioned and would like to point out that we are NOT Spam Friendly.


You keep seeing BlueVM mentioned as being spam friendly because there is a constant stream of shit coming from IPs assigned to you (as well as from other "Fabozzi doesn't have any ownership interest in" providers like 123systems).  I mention BlueVM, ChicagoVPS, 123Systems, and HudsonValleyHost because ColoCrossing IPs (with almost all of it from those 4 providers) have been the #1 U.S. SPAM source in my company's inboxes for the past couple of months.

Spamhaus mentions BlueVM because they have been repeatedly lied to by both ColoCrossing and the 4 providers named above about spammers being terminated.  Today Spamhaus "upgraded" 2 of the BlueVM SBL's which were initially /32 blacklistings to /24 and /25 blacklistings because the same spammers reappeared on those IP ranges. 



> Claimed resolved at 2014-03-19 15:14:00 UTC, still spamming several hours after that:


Spamhaus also blacklisted an entire unswipped ColoCrossing /20 this week (the /15 they blacklisted last month is still blacklisted).


----------



## SkylarM (Mar 20, 2014)

That /15 will likely be removed from spamhaus shortly following CC getting a new allocation from ARIN, just like what happened back in December.


----------



## peterw (Mar 20, 2014)

DomainBop said:


> Spamhaus mentions BlueVM because they have been repeatedly lied to by both ColoCrossing and the 4 providers named above about spammers being terminated.  Today Spamhaus "upgraded" 2 of the BlueVM SBL's which were initially /32 blacklistings to /24 and /25 blacklistings because the same spammers reappeared on those IP ranges.


I want a statement from Bluevm about the SBLs.


----------



## Magiobiwan (Mar 20, 2014)

I'll pass that on to Justin for an official comment.


----------



## DomainBop (Mar 20, 2014)

Pass these comments on to Justin too that Spamhaus made about BlueVM today in those upgraded SBLs



> Re-enabled and extended to the SWIP'd allocation, as this network is blatantly unable to manage repeatedly abusing customer.
> Will be removed when there are good reasons to believe BlueVM found a way to solve its abuse issues.





> Whatever the problem of these people is, they're evidently unable to solve it, as they're providing more resources every single day to the same spammers:
> 
> 
> SBL216785 192.210.211.77 2014-03-20 Snowshoe spam source - BlueVM Communications
> ...


----------



## Aldryic C'boas (Mar 20, 2014)

Those beer goggles aren't worth a damn after you wake up and realize who you crawled into bed with.


----------



## bzImage (Mar 20, 2014)

Aldryic C said:


> Those beer goggles aren't worth a damn after you wake up and realize who you crawled into bed with.


https://www.youtube.com/watch?v=q2CX20bBNJE


----------



## MannDude (Mar 24, 2014)

SBL217211 23.249.170.5/32	velocity-servers.net

24-Mar-2014 08:41 GMT Spamming every address they seem to be able to harvest from the web

Small listing but hilarious description.


----------



## Nett (Mar 24, 2014)

Colocrossing needs to block port 25 and offer a paid mail relay service lol.


----------



## lbft (Mar 24, 2014)

SkylarM said:


> ColoCrossing has a bunch on UCEPROTECT as well. A few /24's and /23's. UCEPROTECT is a timed-based delist or you can pay some asinine amount of $$$ to get a block de-listed.


Pretty sure UCEPROTECT have listed CC's whole AS in the past (although they've done that with others too, including OVH).

That said they're a pretty shitty DNSBL from what I've seen and I don't get the impression many mailservers use them.


----------



## mtwiscool (Mar 24, 2014)

Nett said:


> Colocrossing needs to block port 25 and offer a paid mail relay service lol.


Most hosts budgets are too tight for that.

And people should be allowed to send emails.


----------



## drmike (Mar 24, 2014)

mtwiscool said:


> Most hosts budgets are too tight for that.
> 
> 
> And people should be allowed to send emails.


Yeah, allowed to send emails, but not spam.

It's non stop on CC's network.  If all their crap was put under them and not slathered elsewhere, like ChicagoVPS being broke out, CC would at times be making the front page top 10 bad network list.

http://www.spamhaus.org/sbl/listings/chicagovps.net

= 8 current listings.

8 there + 27 for Velocity = 35 ... Plus whatever else is being slipped erroneously to other piles for other companies.

Heck only takes 42 to get on the top 10 list... Time to fire a message off to Spamhaus about comboing CC/Velocity + CVPS.

I don't want to ruin the fun, but here's some much needed support.  I've been logging Spamhaus entries for Velocity for roughly 2 weeks.  

SBL Entries in Archive: 121


Current SBL Website Entries: 27

As you see, they are quick to clean things up and with Spamhaus unless its a ROKSO gang spammer, the traces of such disappear.  Well, I am keeping them.  Later we shall mine them and do a whole lot more with them.


----------



## BlueVM (Mar 24, 2014)

DomainBop said:


> Spamhaus mentions BlueVM because they have been repeatedly lied to by both ColoCrossing and the 4 providers named above about spammers being terminated.


We have never lied to spamhaus about terminating spammers... nor do we support spammers in any fashion.

Today I launched a new detection system which should put a stop to spam on our network altogether. I take spam termination very seriously and our new system will catch and suspend abusive users in this regard. I hope within the next few weeks that we'll have successfully removed 100% of the snow shoe spammers from our network or at the very least made them think twice about using BlueVM for their crap.


----------



## mtwiscool (Mar 24, 2014)

BlueVM said:


> We have never lied to spamhaus about terminating spammers... nor do we support spammers in any fashion.
> 
> Today I launched a new detection system which should put a stop to spam on our network altogether. I take spam termination very seriously and our new system will catch and suspend abusive users in this regard. I hope within the next few weeks that we'll have successfully removed 100% of the snow shoe spammers from our network or at the very least made them think twice about using BlueVM for their crap.


But did spamhus give you a warning before listing you?


----------



## DomainBop (Mar 24, 2014)

mtwiscool said:


> And people should be allowed to send emails.


If people don't want to wake up and find that the entire /24 their website is hosted on has been blacklisted and their emails are being blocked then they should choose their providers more carefully and only choose providers who proactively fight spam (see example #2 below) and avoid those providers who are either spam friendly or lax about following up on abuse reports/SBL's (see example #1 below), or who don't have the tools /skills to effectively reduce spam on their networks.

example #1 (spammers love them): http://www.spamhaus.org/sbl/listings/velocity-servers.net

example #2 (proactively fights SPAM) http://www.spamhaus.org/sbl/listings/incero.com


----------



## mtwiscool (Mar 24, 2014)

DomainBop said:


> If people don't want to wake up and find that the entire /24 their website is hosted on has been blacklisted and their emails are being blocked then they should choose their providers more carefully and only choose providers who proactively fight spam (see example #2 below) and avoid those providers who are either spam friendly or lax about following up on abuse reports/SBL's (see example #1 below), or who don't have the tools /skills to effectively reduce spam on their networks.
> 
> 
> example #1 (spammers love them): http://www.spamhaus.org/sbl/listings/velocity-servers.net
> ...


I have a feeling that I'm talking to retards.


As they are loads of points like spam reports need to be investigated not just ip ban.


----------



## MartinD (Mar 24, 2014)

Woah - you are calling people retards? Have you had a conversation with yourself recently? Pot and kettle much?


----------



## hellogoodbye (Mar 24, 2014)

mtwiscool said:


> I have a feeling that I'm talking to retards.
> 
> 
> As they are loads of points like spam reports need to be investigated not just ip ban.


It was explained to you many times by other people and you're the one who's still failing to grasp it. However, just because you either do not agree with their views or do not understand what they're saying does not mean anyone is a retard, yourself included. 

All I'm saying is there are better ways of getting your point across without resorting to petty name-calling. If you're purposely looking to antagonize others, that's fine, I'm sure a ban will be coming your way in the future. If you're just frustrated because no one seems to be sharing your perspective, you should get away from the forum or even your computer entirely and chill for a while before making an attempt to explain your point of view in what would hopefully be a more concise (and less insulting) manner.


----------



## Francisco (Mar 24, 2014)

mtwiscool said:


> But did spamhus give you a warning before listing you?


BlueVM doesn't own their IP space so no, it's unlikely spamhaus ever actually talked to JJ.

The pressure would come from CC if anyone for BlueVM to cleanup their signups and or

actually looking them over before auto accepting every order.

CC just had a /32 listing turn into a /23 because they haven't handled it. They also had an

entire /20 get listed that doesn't have any SWIP records either. You can try to play

devils advocate and say that it's just that CC didn't triple check their users, but they're

allocating *4096 IP addresses* without following ARIN's guidelines. It's literally the

2nd /20 to get listed in the past week or two. That's going to make people start saying

that they're just trying to move said spammer around while they try to clear listings.

To top the turd cake, you have servermania recently having a /24 of their own hit.

If they don't get their act together soon spamhaus is going to hit their whole ASN.

Francisco


----------



## texteditor (Mar 25, 2014)

this kinda makes me sick when i realize ARIN won't cut them off and a lot of legitimate providers who are more responsible won't be able to get IP space from ARIN and will have to resort to leasing tainted CC IPs (I mean, it's already happening, but will get worse)


----------



## mtwiscool (Mar 25, 2014)

MartinD said:


> Woah - you are calling people retards? Have you had a conversation with yourself recently? Pot and kettle much?


But you call me names.


----------



## MartinD (Mar 25, 2014)

No, I state facts, there's a difference.


----------



## BlueVM (Mar 25, 2014)

mtwiscool said:


> But did spamhus give you a warning before listing you?


No... spamhaus seems to have a shoot first ask questions later attitude when dealing with us.

We asked them for suggestions and methods they've found effective and they basically told us that we should block port 25 and stop accepting customers who want to send mail. Which makes about as much sense to me as shooting myself in the foot... Spam is a problem, but the solution shouldn't be turning legitimate clients away.



Francisco said:


> BlueVM doesn't own their IP space so no, it's unlikely spamhaus ever actually talked to JJ.
> 
> 
> The pressure would come from CC if anyone for BlueVM to cleanup their signups and or
> ...


Actually the pressure came from our clients who want usable IP ranges. Literally it was like spamhaus flipped a switch and just decided we were evil and our networks were full of spam (prior to this month we'd had one listing in ~4 months? to my knowledge). Might also be that a few spammers decided our network was 'interesting' and started flocking to us... regardless they should be gone.

Anyway we'd like our own ranges, but it'd involve migrating everyone to new blocks which is an administrative and technical pain. We'll probably bite the bullet sometime around the end of this year.


----------



## D. Strout (Mar 25, 2014)

BlueVM said:


> Anyway we'd like our own ranges, but it'd involve migrating everyone to new blocks which is an administrative and technical pain. We'll probably bite the bullet sometime around the end of this year.


Probably a good idea. It would serve several useful purposes. AFAIK, you guys are one of the few legit companies operating on CC's network. Switching to owned IP ranges would separate you from the rest of the crowd that are either shell companies or n00bs attracted by the artificially low prices. Obviously, you would benefit from being separate in the eyes of SpamHaus, and when you announce the switch you could take the opportunity to very clearly reiterate your policy as regards spammers.


----------



## Aldryic C'boas (Mar 25, 2014)

BlueVM said:


> We asked them for suggestions and methods they've found effective and they basically told us that we should block port 25 and stop accepting customers who want to send mail. Which makes about as much sense to me as shooting myself in the foot... Spam is a problem, but the solution shouldn't be turning legitimate clients away.


Your association with CC is to blame there.  CC is well known for having shady 'sub companies' they rotate spammers through - so really with Spamhaus seeing you using CC IPs, it's only natural they assume that you're in on the spammer rotation as well.  Blame the upstream for this one.


----------



## wlanboy (Mar 25, 2014)

BlueVM said:


> Anyway we'd like our own ranges, but it'd involve migrating everyone to new blocks which is an administrative and technical pain. We'll probably bite the bullet sometime around the end of this year.


Yup switching IPs is a pain and you will loose some customers because of the trouble.

But you should really get out of that mess.


----------



## DomainBop (Mar 25, 2014)

> Anyway we'd like our own ranges, but it'd involve migrating everyone to new blocks which is an administrative and technical pain. We'll probably bite the bullet sometime around the end of this year.


Smart move but I wouldn't wait for the end of the year. . 



> No... spamhaus seems to have a shoot first ask questions later attitude when dealing with us.



That's due to your association with CC (i.e. you use their IPs) and because several of the spammers that rotate between a small handful of CC based providers (CVPS/123sys/HVH/ BlueVM/and CC unswiped range) have regularly been showing up in IPs assigned to you, and Spamhaus probably finds it strange that out of dozens (or is it hundreds) of providers using CC facilities almost all of the SPAM is concentrated in 4 providers.

If you want another example of why Spamhaus is cracking down on anything CC related take a look at this latest New Wave NetConnect /24 SBL.  Every single usable IP in the /24 was being used for SPAM:  http://www.spamhaus.org/sbl/query/SBL217391

=========

ColoCrossing CC-10 (NET-198-23-128-0-1) 198.23.128.0 - 198.23.255.255


New Wave NetConnect, LLC CC-198-23-198-0-24 (NET-198-23-198-0-1) 198.23.198.0 - 198.23.198.255


rDNS:


198.23.198.1 .


198.23.198.2 .


198.23.198.3 .


198.23.198.4 .


198.23.198.5 abduct.glaglaess.com.


198.23.198.6 abduct.yesercova.com.


198.23.198.7 ablest.glaglaess.com.


198.23.198.8 abound.glaglaess.com.


198.23.198.9 absurd.glaglaess.com.


198.23.198.10 abused.glaglaess.com.


198.23.198.11 abuser.glaglaess.com.


198.23.198.12 acetyl.glaglaess.com.


198.23.198.13 acquit.glaglaess.com.


198.23.198.14 acuity.glaglaess.com.


198.23.198.15 aculei.glaglaess.com.


198.23.198.16 acumen.glaglaess.com.


198.23.198.17 acuter.glaglaess.com.


198.23.198.18 adieux.glaglaess.com.


198.23.198.19 adjoin.glaglaess.com.


198.23.198.20 adjure.glaglaess.com.


198.23.198.21 adjust.glaglaess.com.


198.23.198.22 advent.glaglaess.com.


198.23.198.23 adverb.glaglaess.com.


198.23.198.24 advert.glaglaess.com.


198.23.198.25 advice.glaglaess.com.


198.23.198.26 advise.glaglaess.com.


198.23.198.27 afield.glaglaess.com.


198.23.198.28 agnize.glaglaess.com.


198.23.198.29 agonic.glaglaess.com.


198.23.198.30 aguish.glaglaess.com.


198.23.198.31 akimbo.glaglaess.com.


198.23.198.32 albino.glaglaess.com.


198.23.198.33 albite.glaglaess.com.


198.23.198.34 alcove.glaglaess.com.


198.23.198.35 alexin.glaglaess.com.


198.23.198.36 algoid.glaglaess.com.


198.23.198.37 alined.glaglaess.com.


198.23.198.38 almond.glaglaess.com.


198.23.198.39 almost.glaglaess.com.


198.23.198.40 ambush.glaglaess.com.


198.23.198.41 amebic.glaglaess.com.


198.23.198.42 amidst.glaglaess.com.


198.23.198.43 ampule.glaglaess.com.


198.23.198.44 amulet.glaglaess.com.


198.23.198.45 amused.glaglaess.com.


198.23.198.46 anemic.glaglaess.com.


198.23.198.47 anodic.glaglaess.com.


198.23.198.48 anomic.glaglaess.com.


198.23.198.49 anomie.glaglaess.com.


198.23.198.50 anthem.glaglaess.com.


198.23.198.51 anther.glaglaess.com.


198.23.198.52 anyhow.glaglaess.com.


198.23.198.53 apercu.glaglaess.com.


198.23.198.54 aplite.glaglaess.com.


198.23.198.55 aplomb.glaglaess.com.


198.23.198.56 arched.glaglaess.com.


198.23.198.57 arcing.glaglaess.com.


198.23.198.58 ardent.glaglaess.com.


198.23.198.59 argent.glaglaess.com.


198.23.198.60 argued.glaglaess.com.


198.23.198.61 argufy.glaglaess.com.


198.23.198.62 argyle.glaglaess.com.


198.23.198.63 arisen.glaglaess.com.


198.23.198.64 arming.glaglaess.com.


198.23.198.65 around.ostisniar.com.


198.23.198.66 arouse.ostisniar.com.


198.23.198.67 arpent.ostisniar.com.


198.23.198.68 artful.ostisniar.com.


198.23.198.69 ashore.ostisniar.com.


198.23.198.70 aspect.ostisniar.com.


198.23.198.71 aspire.ostisniar.com.


198.23.198.72 atonic.ostisniar.com.


198.23.198.73 atopic.ostisniar.com.


198.23.198.74 audile.ostisniar.com.


198.23.198.75 auklet.ostisniar.com.


198.23.198.76 auntie.ostisniar.com.


198.23.198.77 author.ostisniar.com.


198.23.198.78 autism.ostisniar.com.


198.23.198.79 avouch.ostisniar.com.


198.23.198.80 avowed.ostisniar.com.


198.23.198.81 aweigh.ostisniar.com.


198.23.198.82 awhile.ostisniar.com.


198.23.198.83 backed.ostisniar.com.


198.23.198.84 badger.ostisniar.com.


198.23.198.85 badmen.ostisniar.com.


198.23.198.86 bagmen.ostisniar.com.


198.23.198.87 bagnio.ostisniar.com.


198.23.198.88 bailed.ostisniar.com.


198.23.198.89 baited.ostisniar.com.


198.23.198.90 baling.ostisniar.com.


198.23.198.91 baling.ostisniar.com.


198.23.198.92 banged.ostisniar.com.


198.23.198.93 banged.ostisniar.com.


198.23.198.94 banger.ostisniar.com.


198.23.198.95 bangle.ostisniar.com.


198.23.198.96 banker.ostisniar.com.


198.23.198.97 banter.ostisniar.com.


198.23.198.98 bardic.ostisniar.com.


198.23.198.99 barged.ostisniar.com.


198.23.198.100 baring.ostisniar.com.


198.23.198.101 barite.ostisniar.com.


198.23.198.102 barmen.ostisniar.com.


198.23.198.103 barong.ostisniar.com.


198.23.198.104 barony.ostisniar.com.


198.23.198.105 barque.ostisniar.com.


198.23.198.106 baryon.ostisniar.com.


198.23.198.107 bashed.ostisniar.com.


198.23.198.108 basted.ostisniar.com.


198.23.198.109 bating.ostisniar.com.


198.23.198.110 batmen.ostisniar.com.


198.23.198.111 bawdry.ostisniar.com.


198.23.198.112 beachy.ostisniar.com.


198.23.198.113 beacon.ostisniar.com.


198.23.198.114 becalm.ostisniar.com.


198.23.198.115 beduin.ostisniar.com.


198.23.198.116 befoul.ostisniar.com.


198.23.198.117 behalf.ostisniar.com.


198.23.198.118 beluga.ostisniar.com.


198.23.198.119 berlin.ostisniar.com.


198.23.198.120 bestir.ostisniar.com.


198.23.198.121 bewail.ostisniar.com.


198.23.198.122 bezoar.ostisniar.com.


198.23.198.123 bicker.ostisniar.com.


198.23.198.124 bifold.ostisniar.com.


198.23.198.125 biform.ostisniar.com.


198.23.198.126 bijoux.ostisniar.com.


198.23.198.127 .


198.23.198.128 .


198.23.198.129 abduct.wariteawn.com.


198.23.198.130 abjure.wariteawn.com.


198.23.198.131 ablest.wariteawn.com.


198.23.198.132 abound.wariteawn.com.


198.23.198.133 absurd.wariteawn.com.


198.23.198.134 abused.wariteawn.com.


198.23.198.135 abuser.wariteawn.com.


198.23.198.136 acetyl.wariteawn.com.


198.23.198.137 acquit.wariteawn.com.


198.23.198.138 acuity.wariteawn.com.


198.23.198.139 aculei.wariteawn.com.


198.23.198.140 acumen.wariteawn.com.


198.23.198.141 acuter.wariteawn.com.


198.23.198.142 adieux.wariteawn.com.


198.23.198.143 adjoin.wariteawn.com.


198.23.198.144 adjure.wariteawn.com.


198.23.198.145 adjust.wariteawn.com.


198.23.198.146 advent.wariteawn.com.


198.23.198.147 adverb.wariteawn.com.


198.23.198.148 advert.wariteawn.com.


198.23.198.149 advice.wariteawn.com.


198.23.198.150 advise.wariteawn.com.


198.23.198.151 afield.wariteawn.com.


198.23.198.152 agnize.wariteawn.com.


198.23.198.153 agonic.wariteawn.com.


198.23.198.154 aguish.wariteawn.com.


198.23.198.155 akimbo.wariteawn.com.


198.23.198.156 albino.wariteawn.com.


198.23.198.157 albite.wariteawn.com.


198.23.198.158 alcove.wariteawn.com.


198.23.198.159 alexin.wariteawn.com.


198.23.198.160 algoid.wariteawn.com.


198.23.198.161 alined.wariteawn.com.


198.23.198.162 almond.wariteawn.com.


198.23.198.163 almost.wariteawn.com.


198.23.198.164 ambush.wariteawn.com.


198.23.198.165 amebic.wariteawn.com.


198.23.198.166 amidst.wariteawn.com.


198.23.198.167 ampule.wariteawn.com.


198.23.198.168 amulet.wariteawn.com.


198.23.198.169 amused.wariteawn.com.


198.23.198.170 anodic.yesercova.com.


198.23.198.171 anomic.yesercova.com.


198.23.198.172 anomie.yesercova.com.


198.23.198.173 anthem.yesercova.com.


198.23.198.174 anther.yesercova.com.


198.23.198.175 anyhow.yesercova.com.


198.23.198.176 apercu.yesercova.com.


198.23.198.177 aplite.yesercova.com.


198.23.198.178 aplomb.yesercova.com.


198.23.198.179 arched.yesercova.com.


198.23.198.180 arched.yesercova.com.


198.23.198.181 arcing.yesercova.com.


198.23.198.182 ardent.yesercova.com.


198.23.198.183 argent.yesercova.com.


198.23.198.184 argued.yesercova.com.


198.23.198.185 argufy.yesercova.com.


198.23.198.186 argyle.yesercova.com.


198.23.198.187 arisen.yesercova.com.


198.23.198.188 arming.yesercova.com.


198.23.198.189 armlet.yesercova.com.


198.23.198.190 around.yesercova.com.


198.23.198.191 arouse.yesercova.com.


198.23.198.192 arpent.yesercova.com.


198.23.198.193 artful.yesercova.com.


198.23.198.194 ashore.yesercova.com.


198.23.198.195 aspect.yesercova.com.


198.23.198.196 aspire.yesercova.com.


198.23.198.197 atonic.yesercova.com.


198.23.198.198 atopic.yesercova.com.


198.23.198.199 audile.yesercova.com.


198.23.198.200 auklet.yesercova.com.


198.23.198.201 auntie.yesercova.com.


198.23.198.202 author.yesercova.com.


198.23.198.203 autism.yesercova.com.


198.23.198.204 avouch.yesercova.com.


198.23.198.205 avowed.yesercova.com.


198.23.198.206 aweigh.yesercova.com.


198.23.198.207 awhile.yesercova.com.


198.23.198.208 backed.yesercova.com.


198.23.198.209 badger.yesercova.com.


198.23.198.210 badmen.yesercova.com.


198.23.198.211 bagmen.yesercova.com.


198.23.198.212 bailed.diorriait.com.


198.23.198.213 baited.diorriait.com.


198.23.198.214 baling.diorriait.com.


198.23.198.215 balked.diorriait.com.


198.23.198.216 banged.diorriait.com.


198.23.198.217 banger.diorriait.com.


198.23.198.218 bangle.diorriait.com.


198.23.198.219 banker.diorriait.com.


198.23.198.220 banter.diorriait.com.


198.23.198.221 bardic.diorriait.com.


198.23.198.222 barged.diorriait.com.


198.23.198.223 baring.diorriait.com.


198.23.198.224 barite.diorriait.com.


198.23.198.225 barmen.diorriait.com.


198.23.198.226 barong.diorriait.com.


198.23.198.227 barony.diorriait.com.


198.23.198.228 barque.diorriait.com.


198.23.198.229 baryon.diorriait.com.


198.23.198.230 bashed.diorriait.com.


198.23.198.231 basted.diorriait.com.


198.23.198.232 bating.diorriait.com.


198.23.198.233 batmen.diorriait.com.


198.23.198.234 bawdry.diorriait.com.


198.23.198.235 beachy.diorriait.com.


198.23.198.236 beacon.diorriait.com.


198.23.198.237 becalm.diorriait.com.


198.23.198.238 beduin.diorriait.com.


198.23.198.239 befoul.diorriait.com.


198.23.198.240 behalf.diorriait.com.


198.23.198.241 beluga.diorriait.com.


198.23.198.242 bestir.diorriait.com.


198.23.198.243 bewail.diorriait.com.


198.23.198.244 .


198.23.198.245 bewail.diorriait.com.


198.23.198.246 bezoar.diorriait.com.


198.23.198.247 bicker.diorriait.com.


198.23.198.248 bifold.diorriait.com.


198.23.198.249 biform.diorriait.com.


198.23.198.250 bijoux.diorriait.com.


198.23.198.251 bilked.diorriait.com.


198.23.198.252 binder.diorriait.com.


198.23.198.253 binged.diorriait.com.


198.23.198.254 biopsy.diorriait.com.


----------



## Francisco (Mar 25, 2014)

@DomainBop

What it sounds like to me is that they have constant RDNS pulls coming off CC's nameservers.

They likely have their own mailtraps but I know when I wrote my RDNS scraper it was hitting

just *tons* of huge subnets sold for that purpose. There was multiple full /20's sold for

spam and it was obvious.

Francisco


----------



## drmike (Mar 25, 2014)

I feel for BlueVM... Simple solution in theory is just doing what cPanel and other shared hosting does, but at a VPS / upper level -- iptables perhaps?   and limit the number of SMTP outbound operations per hour.

By doing such, won't be appealing to mass spam operations and damages will be capped at threshold per interval (example: 100 sends per hour)


----------



## flvhosting (Sep 10, 2015)

mtwiscool said:


> BlueVM said:
> 
> 
> > We have never lied to spamhaus about terminating spammers... nor do we support spammers in any fashion.
> ...


A year old thread and I get BluVM spam ALLL the time and from colocrossing. From sites just set up with email programs

Received: from essessoverseas.net (HELO server.essessoverseas.net) (192.210.214.32)X-PHP-Originating-Script: 0:email.php

what needs to happen is the peering needs petitioned to cut them off from the web entirely


----------



## Munzy (Sep 10, 2015)

> mtwiscool said:
> 
> 
> > BlueVM said:
> ...



That is why someone built this lovely app for nulling there whole asn. https://www.enjen.net/asn-blocklist/index.php?asn=AS36352&type=ipblackhole  Enjoy!


----------

