I got listed as well (layer 3 only), because there were more than 32 cases of spam in an ISP that maintains more than 4 /16 networks across the whole country. With the whole AS blocklisted, I fail to see the point of UCEPROTECT and agree with the OP that they are mere thieves.
On topic of protecting people, they have a trivial XSS right on the input field where one checks if their IP address is listed - yes, a GET variable is printed directly to HTML.
I got listed as well (layer 3 only), because there were more than 32 cases of spam in an ISP that maintains more than 4 /16 networks across the whole country. With the whole AS blocklisted, I fail to see the point of UCEPROTECT and agree with the OP that they are mere thieves.
On topic of protecting people, they have a trivial XSS right on the input field where one checks if their IP address is listed - yes, a GET variable is printed directly to HTML.
</rant>