Please don’t be alarmed! We understand finding your IP address or domain on a blocklist can be worrying. This website will give you information about why you are listed, and what you can do to ensure you don’t get listed again.
Where it is possible to request removal, we will help you through the process. However, if your IP is listed on the Spamhaus Blocklist (SBL), removal can only be requested by your Internet Service Provider (ISP).
The machine using this IP is infected with malware that is emitting spam, or is sharing a connection with an infected device.
As a result, this IP address is listed in the eXploits Blocklist (XBL)
A device using 22.214.171.124 is infected with malware associated with the avalanche/andromeda family.
126.96.36.199 initiated contact with a
nymaim command and control server, using contents unique to
nymaim C&C command protocols.
188.8.131.52 initiated a
tcp connection from
184.108.40.206 from port
57288, to the sinkhole IP address
220.127.116.11 on port
The most recent detection was on: June 11 2021, 06:52:58 UTC.
The Andromeda/Avalanche botnet was associated with 80 different malware families: Andromeda, Win3/Dofoil, Gamarue, Smoke Loader, W32/Zurgop.BK!tr.dldr, and many others. The Avalanche network also provided the Command & Control communications for these other botnets: TeslaCrypt, Nymaim, Corebot, GetTiny, Matsnu, Rovnix, Urlzone, QakBot, etc. This botnet was taken down in 2016 but malware associated with it remains active.
Additional information on nymaim can be found on Wikipedia.
This listing is the result of what we believe to be a security issue. Your PC is still infected, and it is probable that there is more than one type of malware present. To stop ongoing listings and to secure your network, devices, and data, we recommend both prevention and remediation of the issue.
Spamhaus has an FAQ about general security best practices that should be followed.
To find and remove the malware from your Windows computer please see the relevant Microsoft website.