Community discussions

MikroTik App
 
Denialkj
just joined
Topic Author
Posts: 2
Joined: Fri Oct 16, 2020 10:01 pm

Need help, ip Blacklist

Sun Apr 11, 2021 3:29 pm

Hello friends
I'm experiencing attacks on my network,

searching at https://mxtoolbox.com/ ip my address is blocked.


Blacklist Reason TTL ResponseTime
LISTED CBL ********* was listed 900 43 Ignore
LISTED RATS NoPtr ********* was listed 2100 55 Ignore
LISTED Spamhaus ZEN ********* was listed 300 2 Ignore

sipas
https://www.spamhaus.org/

Why was this IP listed?
The machine using this IP is infected (or sharing its connection with a computer that is infected) with malware, associated with the Avalanche malware network. This infection will probably be of the Dofoil or Gamarue malware (or one of the other Anti-Virus vendor aliases, such as: Andromeda, Smoke Loader, Win3/Dofoil, W32/Zurgop.BK!tr.dldr, Gamarue and many others

This was detected by observing this IP attempting to make contact to a "andromeda" Command and Control server, with contents unique to "andromeda" C&C command protocols.

Technical details of the andromeda detection
This was detected by a tcp connection from 79.106.227.242 on port 49299, to the sinkhole IP address 184.105.192.2 on port 80.

The detection that caused this listing corresponds to a connection on April 9 2021, 18:43:43 UTC.


what should i do to stop these problems
 
User avatar
ingdaka
Trainer
Trainer
Posts: 452
Joined: Thu Aug 30, 2012 3:06 pm
Location: Albania
Contact:

Re: Need help, ip Blacklist

Sun Apr 11, 2021 7:32 pm

First of all this is not an Mikrotik problem!
This is an Blacklist problem and you should take care for your devices. Is is Andromeda that means that 1 or more devices in your LAN is infected with Andromeda botnet and those devices make DDoS attack to IP 84.105.192.2 on port 80.

If you are an residential customer then you should talk to your Provicer (Albtelecom), if you are an small local Internet Provider you should be careful to your network!

I'm an engineer from Albania too!

Who is online

Users browsing this forum: Bing [Bot], Briancer, Google [Bot], GoogleOther [Bot], lurker888 and 50 guests