0

Over the past month I've had about 5 or so occasions where Google force me to do a capture on a normal search, saying that there is unusual traffic from my device.

Recently, past few days, I've had a few specific websites and apps timeout while all other services work as normal.

So, I decided to look into my devices traffic. I found this quite difficult on an android device. But what I did find is that my ip address appears on two blacklists. One of the blacklists state the following:

This IP is infected (or NATting for a computer that is infected) with an infection that is emitting spam.

Note: [ip removed] appeared to be suspicious because it was using the following name to identify itself during email connections (port 25) via the HELO/EHLO smtp commands: ".".

I have installed avg antivirus and performed I full scan where no threats were found. The only email client I use is gmail which does not use port 25. Avg does not have a firewall so I have not yet blocked outgoing requests on port 25.

  1. How might I find out what is sending requests over port 25?
  2. How might I remove it
  3. Are there any other steps I should take?

Please help.

Thanks.

Nokia 7.2 handset Android 10 (up to date) Using 4g connection

Edit 1: I have factory reset my device and have a different IP address. As soon as I went into chrome I was greeted with "we have detected unusual traffic from your computer network" and the new IP appears on two blacklists for the same reasons. Although the connectivity issues to specific websites have now been solved.

MrOtto
  • 21
  • 5
  • Are you using a VPN? That's one common reason for this as I realised when I had this issue long back – beeshyams Aug 25 '20 at 11:58
  • 1
    It's possible that this is a dynamic IP and thus you're sharing IP with others. I've had once the same experience when accessing Wikipedia and noticing I suddenly got a notification for vandalism from my IP address. At this point, the issue is possibly not on your device, but you're just unlucky to get this IP address from your data provider. Try toggling the mobile data (or airplane mode) to reset the IP address and hope that you get a new IP address that is not blacklisted. Otherwise, contact your mobile provider to let them know about this issue. – Andrew T. Aug 25 '20 at 12:05
  • @beeshyams I am not using a vpn – MrOtto Aug 25 '20 at 12:09
  • @Andrew T. I have toggles my data and it yields the same up address, also since this problem started I have restarted my device dozens of times. – MrOtto Aug 25 '20 at 12:11
  • Regarding the edit, there are at least 2 probable causes: 1) your device is infected (and this question is a valid question trying to identify the culprit, perhaps https://android.stackexchange.com/q/17745/44325 might help), or 2) a range of IP address is blacklisted due to someone else on the same provider doing something suspicious, which you can't do anything about it (perhaps VPN might help, otherwise note each blacklisted IP address and tell the mobile provider to investigate the issue) – Andrew T. Aug 25 '20 at 14:26

0 Answers0