IP and Domain
Reputation Checker
2

111.225.153.248 has 2 listings

Robot speaking
Robot speaking

Please don’t be alarmed! We understand finding your IP address or domain on a blocklist can be worrying. This website will give you information about why you are listed, and what you can do to ensure you don’t get listed again.

Where it is possible to request removal, we will help you through the process. However, if your IP is listed on the Spamhaus Blocklist (SBL), removal can only be requested by your Internet Service Provider (ISP).

1.
CSS Blocklist - Why is this IP address listed?

Your IP address is either exhibiting suspect behavior, is misconfigured, or has a poor sending reputation.

As a result, the IP is listed in the CSS Blocklist (CSS)

Click on Show Details to see if you can request a delisting from this blocklist. This will also display any further information we have relating to this listing.

Why was this IP listed?

111.225.153.248 is making connections with technical values and unusual sending behavior that indicate a problem: usually malware. In some cases this may also be caused by server misconfiguration.

Please check both things.

Technical information

The most recent connection was on: September 11 2023, 00:00:00 UTC (+/- 5 minutes). The observed HELO value(s) were:

111.225.153.248 2023-09-11 00:00:00 348wlep8diary7y1wo6igeuwi9
111.225.153.248 2023-09-07 00:35:00 eriu16a8zfnww0q6ak8q1npfpei399mn
111.225.153.248 2023-09-05 21:10:00 0qda3cofnohrd0wu7ll7khvc0zuo96c2
111.225.153.248 2023-09-05 08:45:00 ukommuvo5hghw8ddvmyn4yt4m0v8ix
111.225.153.248 2023-09-03 21:30:00 ksnnob19anyox66twfykbstxm845swt

What should be done about it?

To find and eliminate the problem, we recommend all of the following actions: HELO/EHLO & DNS CHECKS:

  • Check your DNS (A record and rDNS), email authentication and HELO values.
  • Ensure they are realistic for their intended use, and resolvable in external DNS.
  • If this is a Plesk, cPanel or DirectAdmin host, please read the FAQ.

You can test a server's HELO configuration by sending an email from it to helocheck@abuseat.org. A bounce that contains the required information will be returned immediately. It will look like an error, but it is not. Examine the contents of this email. NOTE: this check does not currently work on IPv6. This is only a syntax check, NOT a verification that the DNS problem has been resolved.

  • If the HELO/EHLO value does NOT exist in DNS, that should be corrected
  • If the HELO/EHLO value is NOT correct, that should be fixed
  • If the HELO/EHLO is using a domain that does NOT exist, that should be corrected
  • If the HELO/EHLO IS what you expect it to be AND it exists in DNS, please take measures against the presence of malware.

Make sure your SPF record is current, accurate AND published!

If the HELO/EHLO IS what you expect it to be AND it exists in DNS, then there is very probably a spambot or some other kind of malware! This needs to be found and removed.

MALWARE CHECKS:

  • Secure your firewall to not allow any packets outbound on port 25, except those coming from any email server(s) on your local network. Remote sending of email to servers or printers on the Internet will still work if web-based, or correctly configured to use port 587 using SMTP-AUTH.
  • Guest networks should also be secured - infected personal devices are a big issue!

NOTE: limiting port 25 outbound will only prevent the abusive connections from leaving your network and will not find or remove the malware. In order to do that, we suggest setting up network logging/packet logging to monitor anomalous traffic. This will help identify sources of malware if the scans do not find anything.

  • Perform complete scans with an up to date anti-virus/malware on all devices behind this IP on a scheduled basis.
  • Remember to check personal devices such as laptops, phones, tablets, as well as routers, etc. Malware can be on almost anything that is connected to the internet, including a smart doorbell.
  • Consider the router or firewall as a source of the problem if scans find no other devices.
  • Logging at the router or firewall can reveal unusual traffic and help find the compromised device(s). (For example: What is trying to connect out on port 25 that should not?)

This FAQ can be helpful: https://www.spamhaus.org/faq/section/Hacked...%20Here's%20help

Removal from CSS

If the problem on 111.225.153.248 has been addressed, you can request removal:

2.
Policy Blocklist (PBL) - This is for information only. No action is required (unless you run your own mail server).

This IP is listed in the Policy Blocklist (PBL)

Don’t panic!

The inclusion of your IP address on the Policy Blocklist (PBL) is standard for the vast majority of internet users and is not the result of your actions. Here are some key PBL facts for your understanding:

  • Being on this list does not mean you won’t be able to send emails.
  • You do not need to request removal from PBL.
  • This listing is controlled by your Internet Service Provider (ISP), not Spamhaus.
  • Your ISP lists ranges of IP addresses that shouldn’t be sending email directly to the internet.
  • Typically, IPs of broadband or dial-up customers will be included in this list.
  • This is part of Internet best practices enacted to protect all users.

Run your own mail server?

If you run your own mail server, and require removal from the PBL, please click on “Show Details” to review your ISP’s policy. Once you have reviewed the policy, please tick the “I am running my own mail server” check-box at the bottom of the page to enable removal.

NOTE: Exclusions are only valid for 1 year. If your IP gets listed on another Spamhaus Blocklist, it will automatically be relisted on the PBL.

111.225.0.0/16 is listed on the Policy Block List (PBL)

Outbound Email policy of The Spamhaus Project for this IP range

This IP address range has been identified by Spamhaus as not meeting our policy for IP addresses permitted to deliver unauthenticated 'direct-to-mx' email to PBL users.

Important: If you are using any normal email software (such as Outlook, Entourage, Thunderbird, Apple Mail, etc.) and you are being blocked by this Spamhaus PBL listing when you try to send email, the reason is simply that you need to turn on "SMTP Authentication" in your email program settings. For help with SMTP Authentication or ways to quickly fix this problem click here.

Removal procedure

If you are not using normal email software but instead are running a mail server and you are the owner of a Static IP address in the range 111.225.0.0/16 and you have a legitimate reason for operating a mail server on this IP, you can automatically remove (suppress) your static IP address from the PBL database.

About The PBL

The Spamhaus Policy Block List (PBL) is an international anti-spam system maintained by The Spamhaus Project in conjunction with Internet Service Providers and is used by Internet networks to enforce inbound email policies. The PBL database lists end-user IP address ranges which should not be delivering unauthenticated email to any mail server except those provided for specifically for that customer's use. The PBL lists only IP addresses (not domains or email addresses).

For full information on how the PBL operates please see the PBL Home page and the PBL Frequently Asked Questions.

Next steps