IP and Domain
Reputation Checker
3

103.213.118.46 has 3 listings

Robot speaking
Robot speaking

Please don’t be alarmed! We understand finding your IP address or domain on a blocklist can be worrying. This website will give you information about why you are listed, and what you can do to ensure you don’t get listed again.

Where it is possible to request removal, we will help you through the process. However, if your IP is listed on the Spamhaus Blocklist (SBL), removal can only be requested by your Internet Service Provider (ISP).

1.
eXploits Blocklist (XBL) & CSS Blocklist (CSS) - Why is this IP address listed?

The machine using this IP is infected with malware that is emitting spam, or is sharing a connection with an infected device.

As a result, this IP is listed in the eXploits Blocklist (XBL) and the CSS Blocklist (CSS)

Click on Show Details to see if you can request a delisting from this blocklist. This will also display any further information we have relating to this listing.

103.213.118.46 is listed on the Spamhaus XBL

Why was this IP listed?

A device using 103.213.118.46 is infected with malware:

103.213.118.46 initiated a connection to a ranbyus command and control server, with contents unique to ranbyus C&C command protocols.

Technical details of the ranbyus detection

103.213.118.46 initiated a tcp connection from 103.213.118.46 using source port 48426, to the sinkhole IP address 216.218.185.162 on destination port 80.

The most recent detection was on: March 25 2023, 22:29:18 UTC.

What should be done about it?

If this is a shared server, please call your hosting company or ISP!

These listings are the result of what we believe to be a security issue. To stop ongoing listings and to secure your network, devices, and data, we recommend both prevention and remediation of the issue.

Prevention

For home networks & end users:

Apps or software should be always be downloaded and updated from official pages or platforms, such as Google Play and the Apple Store.

  • Update operating systems and software on all computers and devices
  • Update your anti-virus/anti-malware programs, and run full scans on every device that is available
  • Change all passwords - routers, computers, laptops, phones, mobiles, etc and reboot them afterward
    • Use two-factor authentication when possible!
  • Any smart devices that are not in use should be disconnected from the network immediately.

For business/office/enterprise environments:

  • Update operating systems and software on all computers and devices
  • Update your anti-virus/anti-malware programs, and run full scans on every device that is available
  • Verify router and firewall configurations and ensure the firmware is the most recent version
    • Disable any unecessary external access to your router & network, and appropriately secure any necessary external access procedures
  • Change all passwords - routers, computers, laptops, servers, CMS, FTP, administrative, domain, email, etc
    • Use two-factor authentication when possible!
  • Monitoring and reviewing network traffic for unusual patterns or destination ports can be very useful
    • Consider investing in an host-based IDS or an enterprise anti-malware solution, and update it frequently.

Remediation

The device(s) or computer(s) that caused this issue should be found and secured. The following information should address most cases, but please seek professional assistance if it is necessary:

  • Update your anti-virus/anti-malware programs, and run full scans on every device that is available
  • Programs like Windows Defender, Windows Malicious Software Removal Tool (MSRT), Malwarebytes, Norton Power Eraser, CCleaner and/or McAfee Stinger can help. There is also a version of Malwarebytes for Mac/OSX. These tools are free of charge!
  • If you have a CMS or website, ensure it is up to date. All plug-ins, extensions & patches for it should be updated and regularly maintained
  • We can only see what's coming from the NAT (public) IP; anything inside your network is visible only to you. Packet capture is a good way to identify which devices are generating unusual traffic
  • Calling your ISP or taking your device to a professional tech support service can be helpful.

Spamhaus has a "hacked or compromised devices" FAQ with tips and links to help in this situation.

XBL listings expire automatically after the last detection. If necessary, once the security issue is solved, you can update an existing ticket to request removal.

Removal from XBL

XBL listings expire automatically some time after the last detection. If necessary, once the security issue is solved, you can request removal.

2.
Policy Blocklist (PBL) - This is for information only. No action is required (unless you run your own mail server).

This IP is listed in the Policy Blocklist (PBL)

Don’t panic!

The inclusion of your IP address on the Policy Blocklist (PBL) is standard for the vast majority of internet users and is not the result of your actions. Here are some key PBL facts for your understanding:

  • Being on this list does not mean you won’t be able to send emails.
  • You do not need to request removal from PBL.
  • This listing is controlled by your Internet Service Provider (ISP), not Spamhaus.
  • Your ISP lists ranges of IP addresses that shouldn’t be sending email directly to the internet.
  • Typically, IPs of broadband or dial-up customers will be included in this list.
  • This is part of Internet best practices enacted to protect all users.

Run your own mail server?

If you run your own mail server, and require removal from the PBL, please click on “Show Details” to review your ISP’s policy. Once you have reviewed the policy, please tick the “I am running my own mail server” check-box at the bottom of the page to enable removal.

NOTE: Exclusions are only valid for 1 year. If your IP gets listed on another Spamhaus Blocklist, it will automatically be relisted on the PBL.

103.213.118.0/24 is listed on the Policy Block List (PBL)

Outbound Email policy of The Spamhaus Project for this IP range

This IP address range has been identified by Spamhaus as not meeting our policy for IP addresses permitted to deliver unauthenticated 'direct-to-mx' email to PBL users.

Important: If you are using any normal email software (such as Outlook, Entourage, Thunderbird, Apple Mail, etc.) and you are being blocked by this Spamhaus PBL listing when you try to send email, the reason is simply that you need to turn on "SMTP Authentication" in your email program settings. For help with SMTP Authentication or ways to quickly fix this problem click here.

Removal procedure

If you are not using normal email software but instead are running a mail server and you are the owner of a Static IP address in the range 103.213.118.0/24 and you have a legitimate reason for operating a mail server on this IP, you can automatically remove (suppress) your static IP address from the PBL database.

About The PBL

The Spamhaus Policy Block List (PBL) is an international anti-spam system maintained by The Spamhaus Project in conjunction with Internet Service Providers and is used by Internet networks to enforce inbound email policies. The PBL database lists end-user IP address ranges which should not be delivering unauthenticated email to any mail server except those provided for specifically for that customer's use. The PBL lists only IP addresses (not domains or email addresses).

For full information on how the PBL operates please see the PBL Home page and the PBL Frequently Asked Questions.

Next steps