IP address: 126.96.36.199
Issue: Botnet command and controller detection
What is the problem with this IP address?
The Spamhaus Project’s research team has intelligence indicating that the above IP address is hosting an active botnet command and controller (C&C) used by bad actors to control infected devices using win.redline_stealer malware.
What will happen due to this problem?
As a result of this detection, this IP address is now listed on the Spamhaus Botnet Controller List (BCL).
We advise all internet users worldwide NOT to accept network traffic to or from this IP address due to the threat it poses.
What action do you need to take?
1) Read further information regarding this listing at: https://check.spamhaus.org/listed/?searchterm=188.8.131.52
2) Please take the appropriate mitigation steps relating to this IP address to prevent further abuse.
3) Once you have resolved the abuse, please request the IPs’ removal from the Spamhaus BCL via the Reputation Portal, https://manage.spamhaus.com. If you don’t have a Portal account, use the IP and Domain Checker to request removal, https://check.spamhaus.org
No matter what tool you use to request removal, please provide the listing team with the corrective actions you have taken. The team will remove the listing where appropriate, increasing your IPs’ reputation.
If you have questions relating to the listing, you can communicate with the Spamhaus team via the removal request form in the Reptation Portal and Checker.
What is the Spamhaus Reputation Portal?
For ASN owners, the Spamhaus Reputation Portal provides free access to IP reputation data relating to your network, allows you to get regular updates on listings via email or API, and offers a quick removal process with the ability to track submissions via a Ticket Center.
Register for a free account at https://manage.spamhaus.com/register/
How can you contact us?
All communications regarding this listing should be made via the Reputation Portal (if you have an account) or the IP and Domain Reputation Checker. Type in the IP address, request removal, and a ticket will be raised.
Please do not reply to this email.
The Spamhaus Project
Abuse Message [AbuseID:B13A30:22]: AbuseNormal: Spamhaus Notification | 184.108.40.206 — Botnet C&C Activity