The IP address shown is one from the Cloudflare network, as your visitor’s IP addresses are hidden behind it.
Check your WordPress plugin or firewall and add exceptions for this IP ranges,
Good! Its still not a Cloudflare error and nobody here can tell what is installed on your server/network. That screen must come from somewhere and you’d need to check what that is. Either on your own or with the assistance of the person responsible for it.
Error messages from Cloudflare indicating that access is denied are branded. You message isn’t. It seems that this captcha is triggered when a Cloudflare IP hits your server. And that’s the case when you set your DNS records to
Check your server, software, WordPress plugins… Everything. It could also be compromised. Just saying.
Try disabling ModSecurity on the server and see if problem is solved.
Seems your webserver/website doesn’t receive the actual IP of end user, and by multiple attempts from different users in the same region (or a single user) your security solution is triggered. To gain access you need to use a different CF server, so any VPN other than brasil could do that for you.