Jump to content
Sign in to follow this  
Plok

Constant CloudFlare screens, possible suspicious IP history

Recommended Posts

I'm extremely disturbed by the way Internet browsing has gone for me this afternoon. Many sites suddenly started giving me CloudFlare's reCaptchas out of the blue, often in the same session. First it started on MobyGames, so I thought it was a newly implemented way of fighting spammers which pop up on their forums here and there. But then, more and more sites started doing this.

So I started investigating, and some said this occured with Tor. I don't use Tor and never have. Then, this official CloudFlare support page came up. As point 1 suggested, I checked my IP with Project Honeypot, and I was shocked.

The Project Honey Pot system has detected behavior from the IP address consistent with that of a mail server and dictionary attacker. Below we've reported some other data associated with this IP. This interrelated data helps map spammers' networks and aids in law enforcement efforts. If you know something about this IP, please leave a comment.



Spider First Seen: approximately 3 months, 2 weeks ago
Spider Last Seen: within 3 months, 2 weeks
Spider Sightings: 1 visit(s)
User-Agents: seen with 1 user-agent(s)

First Received From: approximately 1 year, 1 month, 3 weeks ago
Last Received From: within 1 week*
Number Received: 6 email(s) sent from this IP
Dictionary Attacks: 106 email(s) sent from this IP
First Received From: approximately 1 year, 1 month, 3 weeks ago
Last Received From: within 1 year, 1 month, 3 weeks

 

*another menu states it's as late as 3 days ago!

The data on the User Agents Strings part does NOT comply with mine (I'm on Win10, not 7, and I'm using the latest Firefox):

 

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1

 

And also, this...

 

Example Messages Sent From [iP REDACTED]
From: "Смир��ова"
Subject: mail3.premedic.chel.ru Ваш са
From: "Смир��ова"
Subject: Ваш сайт - очень плохо оптим
From: "См��рн��ва"
Subject: Ваш сайт оптимиз
From: "Apple Assist" <[email protected]
Subject: Apple Services Validation Oct
From: "iCloud Global" <[email protected]
Subject: iCloud Support Oct

 

However, the bottom of the page had these two comments...

 

Honey Pot System commented...
WHITELIST NOTICE: This IP has been whitelisted. Future bad activity will result in automatic removal.
October 16 2016 10:10 AM

Honey Pot System commented...

WHITELIST NOTICE: This IP has been marked to be included on Project Honey Pot whitelists. The whitelist is scheduled with a delay of 00:00:05. Documented reason for whitelist: Mistaken Listing
October 16 2016 10:08 AM

 

Here's a catch - I'm on an ISP which gives out IP addresses dynamically, and has done so for many years, usually after a day or so. They've recently expanded their IP range, though.

I don't know what to think of this, anyone savvy enough able to give assistance or advice? (BTW, a full malware scan is running as I'm typing this).

 

 

EDIT: Abuseat.org states this is a symptom of having the Gamut spambot. Malwarebytes says I'm all clean. Should I shiver for the troubled history of previous IP "owners"?

Share this post


Link to post

As the last lines say your ip is whitelisted, not blacklisted. You might get more capchars but that's basically it.

If law enforcement comes down on the ip your isp will also if at all only give them relevant data for the given times when malicious use has been detected (if they keep records at all).

Edited by Lauren

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×