Analytics is showing traffic from russia everyday even though I don’t have anything hosted on my domain.
What steps have you taken to resolve the issue?
I’ve tried putting a security rule to block all traffic from Russia but I’m still getting it.
What are the steps to reproduce the issue?
I’m new to cloudflare and I have recently bought the domain here. I’m not even hosting anything on it currently, was just hosting there a website for a few days to test it out. A while back I noticed I suddenly got large traffic from russia for about a week. Now I still can see about 12 requests a day (for more than a month) from what seems like a single visitor. I just want to understand what might be happening and how is that even possible when I don’t even have any dns rules related to this domain.
What feature, service or problem is this related to?
Or are you only seeing it on the Cloudflare Dashboard?
When you register a domain name, some automated scanners may be picking up the domain name quickly.
In addition, when a certificate is issued for your domain name (for encrypted traffic (e.g. https:// address, with a padlock in your browser)), these certificates will be registered in the Certificate Transparency logs.
The Certificate Transparency logs are public information, and several automated scanners are picking up domain names that way.
You literally cannot put anything on the Internet these days, without expecting some kind of random and noisy traffic.
When you’re saying “dns rules”, … do you actually mean that the following page is completely empty?
The server is off, so only the cloudflare dashboard. Seems like all of that traffic is cached too.
Yes, I meant the dns records. This page is completely empty, I’ve removed all of them some time ago but the dashboard still shows the traffic daily.
I understand that I can be getting some random traffic when I actually host something on the domain. What I don’t undertand is why do I see the traffic when there is nothing hosted. And why does it all come from one visitor.
In that case, these automated scanners / “bots” likely found some Cloudflare IP addresses, before you removed the DNS records.
Lets pretend that I found some IP addresses for your domain last week, … you have no guarantee that I will clear out these IP addresses from my data, even though you change or delete your DNS records.
I might eventually continue to be poking the IP addresses that I found forever, to see if I find something that I find useful, sometime later on.
Automated scanners / “bots” will quite often seem very meaningless, with the traffic they generate.
I wouldn’t worry about it, -
The automated scanners / “bots” have likely cached the Cloudflare IP addresses they saw previously, and are now continuing to poke them, to see what they find for your domain name, when querying these IP addresses.
Thank you for the answer. That pretty much explains it. I didn’t know the cloudflare IP could still somehow be associated with the domain after I deleted the dns records.
