The machine using this IP is infected with malware that is emitting spam, or is sharing a connection with an infected device.
As a result, this IP address is listed in the eXploits Blocklist (XBL)
A machine using 126.96.36.199 is infected with malware associated with the avalanche/andromeda family.
188.8.131.52 initiated contact with a
nymaim command and control server, using contents unique to
nymaim C&C command protocols.
184.108.40.206 initiated a
tcp connection from
220.127.116.11 using source port
55232, to the sinkhole IP address
18.104.22.168 on destination port
The most recent detection was on: December 9 2023, 13:31:45 UTC.
The Andromeda/Avalanche botnet was associated with 80 different malware families: Andromeda, Win3/Dofoil, Gamarue, Smoke Loader, W32/Zurgop.BK!tr.dldr, and many others. The Avalanche network also provided the Command & Control communications for these other botnets: TeslaCrypt, Nymaim, Corebot, GetTiny, Matsnu, Rovnix, Urlzone, QakBot, etc. This botnet was taken down in 2016 but malware associated with it remains active.
Additional information on nymaim can be found on Wikipedia.
If this is a shared server, please call your hosting company or ISP!
This listing is the result of what we believe to be a security issue. Your machine is still infected, and it is probable that there is more than one type of malware present. To stop ongoing listings and to secure your network, websites, devices and data we recommend both prevention and remediation of the issue.
Spamhaus has an FAQ about general security best practices that should be followed.
XBL listings expire automatically some time after the last detection. If necessary, once the security issue is solved, you can request removal.