Cloudflare IP 104.27.158.134 blacklisted by cbl.abuseat.org

Hi, my company has just been told by cakemail (who handle our emailings to clients) that the ip address 104.27.158.134 (part of Cloudflarenet 104.16.0.0/12 and CDN IP for our transactional website) has been blacklisted by cbl.abuseat.org and listed in RBL - (3 spam points).
As well, there does not appear to be a reverse hostnema (PTR DNS record).
Can someone advise how and why this is and what can be done about it ?
We trust Cloudflare but now the CDN IPs are blacklisted hindering our business.
Not cool

1 Like

@cloonan

2 Likes

You got this through using Cloudflare CDN ?

Through cbl.abuseat.org IP lookup: https://www.abuseat.org/lookup.cgi
And metioned domain is using CF at the time.

Hi @laferrierec, can you loop in our Customer Support team? To reach them, login & go to https://dash.Cloudflare.com/?account=support and select get more help, third blue button center of the screen. Please share your ticket number when you have it as I’d like to keep track of root cause.

1 Like

Thanks, just send them a message and opened a ticket.

Chris

1 Like

That link mentioned by CBL redirects to another domain that is also using CF

1 Like

Making any request on infected website that leads to a 404 would be handled by the malware for redirection.

I just copy&pasted that link onto my new toy, the Windows 10 new feature called Windows Sandbox, and was immediately redirected to the (porn) domain I just posted. Upon clicking on a few “questions” I was further redirected, to another domain, this one not under CF. I then closed the Sandbox back to safety :police_car:

1 Like

I’m not that optimistic to trust in Windows.

1 Like

It requires virtualization and runs under Hyper-V, so a potential attacker would need a hyper-v breakout to cause any damage to the system. It does provide unrestricted network access though, including LAN, so I wouldn’t count on it for worms or malware that may start printing things or temporarily enroll you in a botnet.

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.