AT AIIKM Hosting we provide our clients with technical infrastructure that is resilient to complaints of almost any activities, which serves as a basic building block for streamlining numerous types of contents, but, we strictly disallow having any highlighted content such as child-porn or arms/drugs marketing web pages. In trend, most of our Bulletproof Hosting services are dns spoofed infrastructures from lower end service providers (hosting ISPs, cloud CDNs) instead of from monolithic providers such as AWS which makes us the most invisibles. This has rendered many of the prior methods of detecting our IPv4 less effective, since instead of the infrastructure being highly concentrated within a few malicious Autonomous Systems (ASes) it is now agile and dispersed across a larger set of providers that is used for DNS spoofing & Reverse IP for our servers. AIIKM Hosting, presents the first systematic line2line server connection on this platform of Bulletproof Hosting services. By collecting and analyzing a large amount of data of the entire Whois IPv4 address space, we have a 1.5 TB of passive DNS spoofing network to skim out of several blacklist feeds, thus, we are able to identify a set of new features that uniquely characterizes on any sub-allocations but then we are costly to evade. Based upon these features, classifier for detecting malicious sub-allocated network blocks, fails a 97% recall of our actual IPv4 and 2.5% false discovery rate of our IPv6. Using a trained version of our own personal classifier, we also scan the whole IPv4 and 6 address space and detect any faulty DNS Spoofing network blocks. This allows us to perform a large-scale study to avoid any detection from other ecosystems, which sheds light on this underground business strategy, including patterns of network blocks being recycled and clients being migrated to different network blocks, in an effort to evade IP address based blacklisting.