IP and Domain
Reputation Checker
1

34.239.167.149 has 1 listing

Robot speaking
Robot speaking

Please don’t be alarmed! We understand finding your IP address or domain on a blocklist can be worrying. This website will give you information about why you are listed, and what you can do to ensure you don’t get listed again.

Where it is possible to request removal, we will help you through the process. However, if your IP is listed on the Spamhaus Blocklist (SBL), removal can only be requested by your Internet Service Provider (ISP).

eXploits Blocklist (XBL) - Why was this IP address listed?

The machine using this IP is infected with malware that is emitting spam or is sharing a connection with an infected device.

As a result, this IP address is listed in the eXploits Blocklist (XBL)

Click on Show Details to see if you can request a delisting from this blocklist. This will also display any further information we have relating to this listing.

34.239.167.149 is listed on the Spamhaus XBL

Why was this IP listed?

A device using 34.239.167.149 is infected with malware associated with the avalanche/andromeda family.

34.239.167.149 initiated contact with a nymaim command and control server, using contents unique to nymaim C&C command protocols.

Technical details of the nymaim detection

34.239.167.149 initiated a tcp connection from 34.239.167.149 using source port 38818, to the sinkhole IP address 216.218.185.162 on destination port 80.

The most recent detection was on: July 1 2022, 06:46:13 UTC.

Information about the nymaim botnet

The Andromeda/Avalanche botnet was associated with 80 different malware families: Andromeda, Win3/Dofoil, Gamarue, Smoke Loader, W32/Zurgop.BK!tr.dldr, and many others. The Avalanche network also provided the Command & Control communications for these other botnets: TeslaCrypt, Nymaim, Corebot, GetTiny, Matsnu, Rovnix, Urlzone, QakBot, etc. This botnet was taken down in 2016 but malware associated with it remains active.

Additional information on nymaim can be found on Wikipedia.

What should be done about it?

If this is a shared server, please call your hosting company or ISP!

This listing is the result of what we believe to be a security issue. Your PC is still infected, and it is probable that there is more than one type of malware present. To stop ongoing listings and to secure your network, devices, and data, we recommend both prevention and remediation of the issue.

Prevention

Spamhaus has an FAQ about general security best practices that should be followed.

Remediation

To find and remove the malware from your Windows computer please see the Microsoft website and run Microsoft Defender to catch any other related malware that may be present.

XBL listings expire automatically after the last detection. If necessary, once the security issue is solved, you can update an existing ticket to request removal.