80.76.43.52/32 (root IP: 80.76.43.52) (PTR: 67683.vm.spacecore.network./mail.gokoz.ru.) was added to the EGP Cloudblock RBL for the following reason: "Spam host - SBL/CSS hit (https://check.spamhaus.org/listed/?searchterm=80.76.43.52) [ strike 1: 3 day minimum ]" (see "ADDITIONAL INFORMATION" below) =============================================================================================================== AUTOMATIC DELISTING POLICY - DO NOT REQUEST DELISTING: https://cloudblock.espresso-gridpoint.net/delisting.html --------------------------------------------------------------------------------------------------------------- The EGP Cloudblock RBL has an automated delisting policy. The MINIMUM amount of days that 80.76.43.52 will be listed depends on the amount of times 80.76.43.52 was listed by us before. The current list status for 80.76.43.52 is: [ strike 1: 3 day minimum ]. The countdown to automatic delisting starts at the timestamp of this notification. Delistings will be retried once every hour. ======================================================================== ABOUT THE EGP CLOUDBLOCK RBL: https://cloudblock.espresso-gridpoint.net/ ------------------------------------------------------------------------ We offer as much information in our reports as we possibly can. Additional information will only be given to you if it is in our own interest to do so. ================================================================================================================== ADDITIONAL INFORMATION FOR RESEARCH AND SECURITY SCANNERS: https://cloudblock.espresso-gridpoint.net/scanners.html ------------------------------------------------------------------------------------------------------------------ We are willing to suppress abuse reports to you and your ISP/hoster under specific conditions. We will not opt out of your unsolicited probes or scans, nor will we whitelist your IP ranges. ============================== Why did *YOU* get this e-mail? ------------------------------ We like to operate in a transparent and predictable fashion and think you should be made aware of abuse emanating from your IP space; so we will inform you about listing. Your e-mail address <abuse@spacecore.pro> was retrieved (i.e. best-guessed based on role accounts, handles, and typical contact addresses) automatically from public WHOIS/RDAP data (e.g. https://www.whois.com/whois/80.76.43.52 and https://client.rdap.org/?type=ip&object=80.76.43.52) and other public IP/domain-related information. If <abuse@spacecore.pro> is not the correct e-mail address to report abuse and security issues inside your network(s), please update your public WHOIS/RDAP data or ask your ISP or IP owner to do so. The purpose of this email (and a separate email, containing details about the abusive traffic) is to perform a basic, civic Internet duty: to make you aware of abuse coming from an IP address or network under your supervision. We invite you to look at this information and to take action! to prevent it from reoccurring or spreading. This may be a private list; public lists are even harder to get out of. It may not be too late to salvage your IP space's reputation. Consider this an early warning. How you decide to handle these reports (if at all) is entirely up to you. We do not require a reply, a ticket, an acknowledgment, or even any action from you. In fact, all automated replies to these reports are discarded. Just note that repeated abuse from your IP space will lead to an increasingly longer, and increasingly broader, refusal to accept any traffic from you to any of our networks, or our partners' networks. Check http://multirbl.valli.org/dnsbl-lookup/80.76.43.52.html, https://blocklist.info?80.76.43.52, and https://www.abuseipdb.com/check/80.76.43.52 for possible other issues with 80.76.43.52/32. ================= COMPROMISED HOSTS ----------------- The continued presence of either an 'SBL' or an 'XBL' listing at https://check.spamhaus.org/listed/?searchterm=80.76.43.52 will lead to automatic (re)listing when 80.76.43.52 contacts any of our servers, and it will prevent automatic delisting from the EGP Cloudblock RBL. Is 80.76.43.52/32 listed in the Spamhaus CSS / Spamhaus SBL? --> YES. <-- Is 80.76.43.52/32 listed in the Spamhaus XBL / Abuseat CBL? No. ========================= RESIDENTIAL/DYNAMIC HOSTS ------------------------- Residential or dynamic hosts should NEVER connect directly to a public SMTP server, they should only send outgoing mail through the relay server of their own ISP or network. These IP addresses will always be blocklisted upon connection to our SMTP servers. Network owners dealing with residential or dynamic hosts are strongly advised to disallow all outbound connections to SMTP servers on their border firewalls. Is 80.76.43.52/32 listed in the Spamhaus PBL? No. ====================== ADDITIONAL INFORMATION ---------------------- Excerpt from mail logging (times are CET): -------------------------------------------------------------------------------- Feb 10 08:57:32 sm-mta-in[37114]: 31A7vQY9037114: from=<arh@gokoz.ru>, size=0, class=0, nrcpts=0, proto=ESMTPS, daemon=MTA, relay=mail.gokoz.ru [80.76.43.52] Feb 10 16:32:03 sm-mta-in[67651]: 31AFW2OX067651: to=<info@advocaten.org>, reject=451 4.7.1 Host mail.gokoz.ru (80.76.43.52) {mail.gokoz.ru} disallowed by Spamhaus CSS - https://check.spamhaus.org/listed/?searchterm=80.76.43.52 Feb 10 16:32:03 sm-mta-in[67651]: 31AFW2OX067651: from=<studio@gokoz.ru>, size=0, class=0, nrcpts=1, proto=ESMTPS, daemon=MTA, relay=mail.gokoz.ru [80.76.43.52] ==================================================================================================== Current EGP Cloudblock RBL listing for 80.76.43.52/32: ---------------------------------------------------------------------------------------------------- 80.76.43.52/32 Spam host - SBL/CSS hit (https://check.spamhaus.org/listed/?searchterm=80.76.43.52) [strike 1: 3 day minimum] @@1676043126 ==================================================================================================== Current EGP Cloudblock packet logging for 80.76.43.52/32: ---------------------------------------------------------------------------------------------------- 1676015846.415946 00:50:56:b1:8b:c2 > 00:50:56:88:81:37, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 49, id 11221, offset 0, flags [DF], proto TCP (6), length 60) 80.76.43.52.40697 > 84.241.130.131.25: Flags [S], cksum 0x2abf (correct), seq 183557709, win 29200, options [mss 1360,sackOK,TS val 73397656 ecr 0,nop,wscale 7], length 0 0x0000: 0050 5688 8137 0050 56b1 8bc2 0800 4500 .PV..7.PV.....E. 0x0010: 003c 2bd5 4000 3106 f49a 504c 2b34 ac1e .<+.@.1...PL+4.. 0x0020: 01ae 9ef9 0019 0af0 de4d 0000 0000 a002 .........M...... 0x0030: 7210 2abf 0000 0204 0550 0402 080a 045f r.*......P....._ 0x0040: f598 0000 0000 0103 0307 .......... 1676015852.280157 00:50:56:b1:8b:c2 > 00:50:56:88:81:37, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 49, id 11241, offset 0, flags [DF], proto TCP (6), length 52) 80.76.43.52.40697 > 84.241.130.131.25: Flags [F.], cksum 0xf201 (correct), seq 183558373, ack 2271548289, win 385, options [nop,nop,TS val 73403520 ecr 3131009182], length 0 0x0000: 0050 5688 8137 0050 56b1 8bc2 0800 4500 .PV..7.PV.....E. 0x0010: 0034 2be9 4000 3106 f48e 504c 2b34 ac1e .4+.@.1...PL+4.. 0x0020: 01ae 9ef9 0019 0af0 e0e5 8765 1381 8011 ...........e.... 0x0030: 0181 f201 0000 0101 080a 0460 0c80 ba9f ...........`.... 0x0040: 689e h. 1676016397.147350 00:50:56:b1:8b:c2 > 00:50:56:88:81:37, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 49, id 39397, offset 0, flags [DF], proto TCP (6), length 60) 80.76.43.52.50075 > 84.241.130.131.25: Flags [S], cksum 0x339a (correct), seq 2405876998, win 29200, options [mss 1360,sackOK,TS val 73948387 ecr 0,nop,wscale 7], length 0 0x0000: 0050 5688 8137 0050 56b1 8bc2 0800 4500 .PV..7.PV.....E. 0x0010: 003c 99e5 4000 3106 868a 504c 2b34 ac1e .<..@.1...PL+4.. 0x0020: 01ae c39b 0019 8f66 c506 0000 0000 a002 .......f........ 0x0030: 7210 339a 0000 0204 0550 0402 080a 0468 r.3......P.....h 0x0040: 5ce3 0000 0000 0103 0307 \......... 1676016397.166526 00:50:56:b1:8b:c2 > 00:50:56:88:81:37, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 49, id 39399, offset 0, flags [DF], proto TCP (6), length 52) 80.76.43.52.50075 > 84.241.130.131.25: Flags [F.], cksum 0x8f23 (correct), seq 2405876999, ack 3262524345, win 229, options [nop,nop,TS val 73948406 ecr 1984487277], length 0 0x0000: 0050 5688 8137 0050 56b1 8bc2 0800 4500 .PV..7.PV.....E. 0x0010: 0034 99e7 4000 3106 8690 504c 2b34 ac1e .4..@.1...PL+4.. 0x0020: 01ae c39b 0019 8f66 c507 c276 2bb9 8011 .......f...v+... 0x0030: 00e5 8f23 0000 0101 080a 0468 5cf6 7648 ...#.......h\.vH 0x0040: df6d .m 1676043122.211684 00:50:56:88:91:9a > 00:50:56:88:ba:8f, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 51, id 22960, offset 0, flags [DF], proto TCP (6), length 60) 80.76.43.52.43235 > 185.132.252.225.25: Flags [S], cksum 0x0c73 (correct), seq 899382785, win 29200, options [mss 1360,sackOK,TS val 100673457 ecr 0,nop,wscale 7], length 0 0x0000: 0050 5688 ba8f 0050 5688 919a 0800 4500 .PV....PV.....E. 0x0010: 003c 59b0 4000 3306 ae75 504c 2b34 ac10 .<Y.@.3..uPL+4.. 0x0020: 1806 a8e3 0019 359b 7e01 0000 0000 a002 ......5.~....... 0x0030: 7210 0c73 0000 0204 0550 0402 080a 0600 r..s.....P...... 0x0040: 27b1 0000 0000 0103 0307 '......... 1676043123.838380 00:50:56:88:91:9a > 00:50:56:88:ba:8f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 51, id 22979, offset 0, flags [DF], proto TCP (6), length 52) 80.76.43.52.43235 > 185.132.252.225.25: Flags [F.], cksum 0x4684 (correct), seq 899383435, ack 2491669668, win 386, options [nop,nop,TS val 100675084 ecr 3400343578], length 0 0x0000: 0050 5688 ba8f 0050 5688 919a 0800 4500 .PV....PV.....E. 0x0010: 0034 59c3 4000 3306 ae6a 504c 2b34 ac10 .4Y.@.3..jPL+4.. 0x0020: 1806 a8e3 0019 359b 808b 9483 dca4 8011 ......5......... 0x0030: 0182 4684 0000 0101 080a 0600 2e0c caad ..F............. 0x0040: 201a .. ================================================================================================================== The blocklisted IP address 80.76.43.52 is part of the network 80.76.43.0/24; ------------------------------------------------------------------------------------------------------------------ These are the current blocklistings for 80.76.43.0/24 in EGP Cloudblock RBL ------------------------------------------------------------------------------------------------------------------ 80.76.43.52/32 Spam host - SBL/CSS hit (https://check.spamhaus.org/listed/?searchterm=80.76.43.52) [strike 1: 3 day minimum] @@1676043126 ------------------------------------------------------------------------------------------------------------------ 2 of this network's 256 IP addresses (0.78%) were blocklisted in the last 90 days ------------------------------------------------------------------------------------------------------------------ 80.76.43.52/32 Spam host - SBL/CSS hit (https://check.spamhaus.org/listed/?searchterm=80.76.43.52) @@1676043126 80.76.43.78/32 Exploited host - CBL/XBL hit (https://check.spamhaus.org/listed/?searchterm=80.76.43.78) @@1666147553 ------------------------------------------------------------------------------------------------------------ Note: any "@@" timestamps in this report can be converted to your local time using https://www.epoch101.com/ ------------------------------------------------------------------------------------------------------------ -- Regards, EGP Abuse Dept. <abuse@abuse.espresso-gridpoint.net> EGP Cloudblock RBL: https://cloudblock.espresso-gridpoint.net/
