CDN on Cloudflare network flagged by criminalip.io

We are using Cloudflare’s DNS proxy for our www.gogreenup.com site (a very simple site created and hosted through GoDaddy).

In Edge dev tools, some of the content proxied hits site: wsimg.com, but is being hosted by IP 188.114.96.0. This IP is reported malicious here: https://www.criminalip.io/asset/report/188.114.96.0

Furthermore, 188.114.96.0 appears to be owned by Cloudflare, so I’m assuming it’s part of the DNS proxy service behavior, versus the backend of GoDaddy, unless they are also hosting or proxying their site design through Cloudflare).

Either way, I’m assuming from my sleuthing that this IP of 188.114.96.0 is on the Cloudflare side. It looks like a case of 3rd party abuse trickling across hosting services and potentially hurting other Cloudflare clients (if others’ security services poll criminalip.io for bad sites and block traffic).

We aren’t suffering any outages, but based on the trail, is this blocklisting something Cloudflare themselves should get rescanned/unflagged on their end against criminalip.io?

Thanks!

That’s a very odd scan they have done. They only seem to detect port 80 and not all the ports docs that are supported. In fact, the response they show is a 403 error because they tried direct IP access.

Cloudflare might be able to work with them, but it probably doesn’t make much sense because it could easily be flagged again. It would be like asking AWS to unblock IPs because users were running malicious lambdas.

1 Like

Weird, right? I’m thinking Cloudflare could help at least reach out and educate them on why it’s a bad block method. I’m running into a similar issue with a client using a 3rd party spam filter that is blindly blocking 100 MS mail servers by IP because someone reported a spam message coming from these multi-tenant hosts… grr…

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.