Amazon.com blacklisted by SpamHaus XBL

Update: Spamhaus contact us to let us know that they removed amazon from the blacklist and are investigating the issue.

SPAMHAUS has various blacklists and one of them is the XBL:

“The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits.”

Well, this morning I got this notification from Sucuri Internet Monitor:

29c29,30
< OK: Host www.amazon.com clean.

> WARN: http://www.spamhaus.org/query/bl?ip=72.21.207.65
> WARN: Host www.amazon.com blacklisted.

First I thought that something was wrong, but then I double checked:

$ host www.amazon.com
www.amazon.com has address 72.21.207.65

And if I visit I see that it is still blacklisted: http://www.spamhaus.org/query/bl?ip=72.21.207.65
I assume it is a false positive… Anyone know more information?

Scan your website for free:
About David Dede

David Dede is a Security Researcher in the SucuriLabs group. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

  • http://www.blogger.com/profile/10095677644141376672 Phishy

    It's incredibly rare that Spamhaus XBL would have a false positive, so assume there is some problem with 72.21.207.65 bad enough for it to get listed in the CBL (which is part of the XBL).

    72.21.207.65 is just one amazon IP and has no rDNS, while http://www.amazon.com is actually balanced depending on where one looks from…

    http://www.amazon.com IN A 207.171.166.252

  • http://www.blogger.com/profile/14980808976404159238 http://sucuri.net

    Yes, but that's not the minimize the issue:

    $ dig @8.8.8.8 amazon.com

    ; <
    > DiG 9.4.2-P2.1 <
    > @8.8.8.8 amazon.com
    ; (1 server found)
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 30904
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;amazon.com. IN A

    ;; ANSWER SECTION:
    amazon.com. 15 IN A 72.21.210.250
    amazon.com. 15 IN A 72.21.207.65
    amazon.com. 15 IN A 207.171.166.252

    They have three IP addresses and one is reporting in the blacklist… Not good..

  • Anonymous

    SpamHaus are idiots and cause nothing but trouble for legitimate server owners because of their draconian principles. They make a massive profit in causing problems for many others, when simple steps taken would fix the problem.