here we go....
[REDACTED]has 1 listing
Please don’t be alarmed! We understand finding your IP address or domain on a blocklist can be worrying. This website will give you information about why you are listed, and what you can do to ensure you don’t get listed again.
Where it is possible to request removal, we will help you through the process. However, if your IP is listed on the Spamhaus Blocklist (SBL), removal can only be requested by your Internet Service Provider (ISP).
CSS Blocklist - Why is this IP address listed?
Your IP address is either exhibiting suspect behavior, is misconfigured, or has a poor sending reputation.
As a result, the IP is listed in the CSS Blocklist (CSS)
Click on Show Details to see if you can request a delisting from this blocklist. This will also display any further information we have relating to this listing.
[REMOVED]
If this is a shared server, please call your hosting company or ISP!
Why was this IP listed?
This IP is making SMTP connections with HELO values that indicate a problem. The HELOs that it is connecting with are as follows:
Technical information
(IP, UTC timestamp, HELO value)
(REDACTED) 2022-02-21 14:40:00 151-244-172-164.shatel.ir
(REDACTED) 2022-02-17 13:30:00 115-64-41-157.static.tpgi.com.au
(REDACTED) 2022-02-14 13:10:00 fs-93-93-43-127.fullsave.info
(REDACTED) 2021-11-23 15:50:00 78.186.13.119.static.ttnet.com.tr
Notable things about the HELOs:
- They are often dynamic-looking rDNS and usually claim to be from geographically very different networks
- They can include impossible HELOs like "gmail.com", "outlook.com", "comcast.net" - Gmail, Outlook and Comcast do not use these. These are all fake.
- The cause of this problem is frequently found to be coming from an phone or laptop with a "free" VPN or channel unlocker app on it.
What should be done about it?
This can be caused by a spambot infection or a server misconfiguration.
First check that the HELO settings are correct. This can be done by sending an email from (REDACTED) to "helocheck@abuseat.org". A bounce that contains the required information will be returned immediately. It will look like an error. It is not. Please examine the information in the body of the email. NOTE: "helocheck@abuseat.org" does not currently work with IPv6.
If the HELO settings are correct, then there is a spambot or some other kind of malware! This needs to be found and removed.
- Limiting outbound port 25 access to only SMTP servers will stop the IP from getting listed again, and is a best practice. NOTE: this will only prevent the abusive connections from leaving your network and will not find or remove the malware.
- To find the malware, we would recommend setting up network logging/packet sniffing to see what is creating these connections to find the infected device(s) and running complete scans with an up to date anti-virus/malware on all devices behind this IP. This includes servers, laptops, phones, tablets, routers, etc. It can be anything that is connected to the internet, including a smart doorbell.
This FAQ can be helpful: https://www.spamhaus.org/faq/section/Hacked...%20Here's%20help
[MOD EDIT: Personal and private information has been removed from this post.]
