1

Lately I've been seeing CloudFlare and Akamai IPs show up as the requesting IPs in logs for a public facing website. The user agent is suspicious; Mozilla/5.0. Also, there are no other values in the x-forwarded-for header, only a singular IP. Adding to the mystery, it's only scraping images. Our business says they are not aware of any vendor using these IP ranges for scraping.

Is there a new bot/crawler that utilizes these networks? I'd like to block the traffic, though not sure of any potential business impact.

Any feedback is appreciated.

Gerg
  • 68
  • 6
  • Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Mar 31 '22 at 18:40
  • We've seen two such massive traffic surges just like this, in the past month or so. Coming from Akamai + Cloudflare, using `Mozill/5.0` for the `User-Agent`. Requesting mostly assets (images) from a single web page. Starts off with a huge spike, then diminishes over the next 1-3 days. – mkopala Apr 29 '22 at 23:53

1 Answers1

0

I've also noticed this kind of traffic on our systems, and I think there's a good chance it is Apple's Mail Privacy Protection (MPP), based on the info found at - https://www.spamresource.com/2022/02/lets-track-apple-mpp-opens.html

Topher4529
  • 1
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community May 19 '22 at 07:27