<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div><blockquote type="cite" class=""><div class="">On 05 Nov 2015, at 21:05, Cameron Kaiser <<a href="mailto:spectre@floodgap.com" class="">spectre@floodgap.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">76.72.161.76 is being blacklisted due to some incredible system load. If<br class="">that's you, you'd better apologize and tell me how you're going to fix it.<br class=""></div></blockquote></div><div class=""><br class=""></div>I’m sure you’ve snooped around already, but that’s on Level3 network in Philly. The customer seems to be "Enciva LLC” - they have  76.72.161.72/29 range which that IP belongs to. Seems to be some Oracle hosting company….<div class=""><br class=""></div><div class=""><a href="http://whois.arin.net/rest/nets;q=76.72.161.76?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2" class="">http://whois.arin.net/rest/nets;q=76.72.161.76?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2</a></div><div class=""><a href="https://www.enciva.com/" class="">https://www.enciva.com/</a></div><div class=""><br class=""></div><div class="">If I was you I’d shoot an email to all upstreams, one by one, to abuse@<domain>, and complain about a DDoS from that IP. That magical word usually gets people to do nice things...</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">- Kim<br class=""><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div></div></body></html>