Cloudflare IPs blocked by T-MOBILE PL

What is the name of the domain?

serwisant.online

What is the error number?

ERR_CONNECTION_TIMED_OUT

What is the issue you’re encountering

Customers using T-MOBILE PL network are getting ERR_CONNECTION_TIMED_OUT error in browser, other networks works fine.

What steps have you taken to resolve the issue?

None I can take

What feature, service or problem is this related to?

I don’t know

What are the steps to reproduce the issue?

Bunch of customers using T-MOBILE PL network reporting issue with connectivity. THey’re getting ERR_CONNECTION_TIMED_OUT error in browser. It’s doesn’t looks like backend issues because https://serwisant.online/cdn-cgi/trace also not responding (screenshot). For the same customers, when they’re using other domain sticked to the same backend or are switching to other network provider everything works fine.

Maybe Cloudflare’s IPs resolved by domain are locked somehow:
188.114.97.3
188.114.96.3

There are no ASN WAF rules for domain.

Screenshot of the error

I join the problem. Previously we struggled with this two months ago, the problem suddenly stopped (I thought by turning on AGRO). Since yesterday, it has been blowing up all pages directed by Cloudflare from t-mobile internet in Poland (tested from different SIM cards in 2 cities Szczecin and Poznan). AGRO is not helping, only pulling in cash.

Since we have two main domains and a test domain, and Cloudflare decided to charge us the PRO plan package when we were on FREE all the time (not bad there). I decided to take advantage of the money already pulled in and switch to PRO for testing on the main domain.

I tracked the web traffic of both domains and got interesting results:
Domain on PRO plan

  1. the network goes out from our IP
  2. we jump a few times in Germany (Deutsche Telekom, NTT, Frankfurt)
  3. we hit Cloduflare, Frankfurt, Germany, and then the end server.
  4. average response time: 77.286 ms

For the FREE plan:

  1. the network goes out from our IP
  2. we jump a few times in Germany (Deutsche Telekom)
  3. we fly ourselves to New York (NTT, Newark, USA)
  4. we hit Cloduflare, New York, USA, and then the end server.
  5. average response time: 158.413 ms

To summarize:

  1. In the case of the main domain on the PRO plan, the route stays in Europe (mainly Germany) and ends up on Cloudflare servers in Europe (Frankfurt).
  2. In the case of the domain where we test the application on the FREE plan, the route goes through Germany, but then the packets jump across the ocean to the US (Newark, New York).

// Quick update - while writing this reply, the test domain started working. On the other hand, we are not happy with this information, because within 48h once it works and once it stops working.

1 Like

As I mentioned in a previous comment, there was no reason to rejoice, the system is once again blasted into space. Traceroute:

traceroute to **********.pro (***.***.**.*), 64 hops max, 52 byte packets
 1  ***.***.**.* (***.***.**.*)  4.079 ms  6.298 ms  3.599 ms
 2  * **.*.***.*** (**.*.**.***)  43.678 ms  50.937 ms
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
31  * * *
32  * * *
33  * * *
34  * * *
35  * * *
36  * * *
37  * * *
38  * * *
39  * * *
40  * * *
41  * * *
42  * * *
43  * * *
44  * * *
45  * * *
46  * * *
47  * * *
48  * * *
49  * * *
50  * * *
51  * * *
52  * * *
53  * * *
54  * * *
55  * * *
56  * * *
57  * * *
58  * * *
59  * * *
60  * * *
61  * * *
62  * * *
63  * * *
64  * * *

We are also experiencing the problem that the website upflix.pl returns a timeout when trying to visit from the T-Mobile network.

I would appreciate any help in fixing this.

1 Like

T-MOBILE support says IPs might be blocked by one of their “security products” like “Ochrona w sieci” (business) or “Bezpieczne Surfowanie” (customer)

Is there any possibility to change Cloudflare’s IPs assigned to domain?

Currently blocked domain resolving to: 188.114.96.11 188.114.97.11 or 188.114.96.3 188.114.97.3 (depends on DNS I’m using)

Other domain, that works for T-MOBILE customers is resolving to: 172.67.155.107 104.21.90.95

I have received confirmation from several users who have experienced this problem that it no longer occurs as of yesterday. However, I do not know if this is a global fix.

Yes, it is currently working. On the other hand, if they do not do something about it, we will meet again in this thread in a while. 2 months ago there was an identical situation, which also suddenly resolved itself.

1 Like

Hi, I have looked for that problem.

I am on T mobile Croatia. And I can’t access my sites that are proxied on cloudflare. On other networks everything works fine.
There is nothing I can do?

Hi,
Cloudflare as you can see is not interested in this topic in any way, similar threads have been going on for several years on this forum. In one of the threads I saw that someone reported directly to t-mobile, which referred him to… cloudflare :slight_smile:

There isn’t anything Cloudflare can do to remove a block that has been implemented by another provider. If Cloudflare assigned a new IP, it would just wind up blocked, too. Only the party doing the blocking can fix the problem that they have created.

1 Like

Unfortunately, we are in a stalemate, which in Poland alone blocks the traffic of 12.575 million people from time to time (data from Q1 2023). Everyone is just spreading their hands. I don’t know if Cloudflare is able to do something about it or not, while for us it is a global and very serious problem, which blocked several transactions for us and we realistically lost income opportunities (non-functioning application on customer prezenctation).

My dissatisfaction with Cloudflare stems from the tragic support. I have had various problems over the past 3 months, including even being charged to my account for services that were not activated at all. Not a single ticket has even been transferred by their team.

We are already on a higher package, in the PRO plan there are no problems with t-mobile (so far), while support continues to be non-existent for us.

If you have unresolved billing issues, you can share the ticket number along with a brief summary in a new topic in the Billing category and someone can request escalation for you.

In general you’re right, but… IMO it’s Cloudflare business to provide working service.

Those IPs are falling into blocklists probably because malicious websites hiding by Cloudflare proxy. Cloudflarare’s policy is to provide proxy for all, but with that policy should go responsibility. Single malicious website can put down hundreds “healthy” services.

T-Mobile probably do not understand what Cloudflare is. Maybe Cloudflare should help them understand a problem, maybe should cooperate with them, but first of all Cloudflare should have some procedures to protect “healthy” customers for such situations

Lol. Rest assured, they do know.

Cloudflare is providing a working service. When it works with every other ISP, it’s clearly a problem with the ISP.

That could be, but it could also simply be that some websites are legal in one country but not in another (porn, gambling etc).

And Cloudflare would very likely not even know which site is responsible for the block, which leads back to this:

Most definitely not. You can read more about Cloudflare’s policy here:

1 Like

Well, you’re talking from Cloudflare perspective, not customer’s perspective :slight_smile:

Why would I be talking from a Cloudflare perspective?

This is an age-old problem that I don’t see going away any time soon. There’s even a blog post about it:

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.