Dear List
I am a bit puzzled by repeated Cloudflare Takedown Requests regarding the domain: lord-film.cash we are getting.
lord-film.cash has address 172.67.181.230 lord-film.cash has address 104.21.32.5 lord-film.cash has IPv6 address 2606:4700:3035::6815:2005 lord-film.cash has IPv6 address 2606:4700:3032::ac43:b5e6
According to Cloudflare, the content is hosted at an IP address under our control, on a Webserver on Port 80.
I told them some time ago, there is no Webserver running under the IP address they mention.
They replied, they could verify the IP with:
curl -v -H "Host: lord-film.cash" [IPADDRESS]/
Still, every time I try, I don't get a connection. No wonder, that is a NAT router with Firewall.
So I wonder, if either the user of that IP Address has cleverly set up a firewall which blocks all requests not via Cloudflare proxies, or if this domain uses some kind of P2P Protocol and the IP of that user is just one of 'many' which is only reachable, when some P2P tool is running and opening a UPNP Port.
When I try to access the site itself: http://lord-film.cash/ I get 'access denied' from Cloudflare.
Do others get similar takedown notices? Maybe even for that same domain?
Mit freundlichen Grüssen
-Benoît Panizzon-
Hello Benoit
Do others get similar takedown notices? Maybe even for that same domain?
Yes we did once because of text (a company was mentioned) on a site, but it was not against any swiss law, so we informed Cloudflare about that, they were OK with that.
Some of our customers do use Cloudflare, they all only open port 80 and 443 for the Cloudflare servers.
Freundliche Grüsse Matias Meier
-----Ursprüngliche Nachricht----- Von: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] Im Auftrag von Benoit Panizzon Gesendet: Dienstag, 6. Juli 2021 11:03 An: swinog@lists.swinog.ch Betreff: [swinog] Cloudflare DMCA Takedown requests - but content not present under mentioned IP
Dear List
I am a bit puzzled by repeated Cloudflare Takedown Requests regarding the domain: lord-film.cash we are getting.
lord-film.cash has address 172.67.181.230 lord-film.cash has address 104.21.32.5 lord-film.cash has IPv6 address 2606:4700:3035::6815:2005 lord-film.cash has IPv6 address 2606:4700:3032::ac43:b5e6
According to Cloudflare, the content is hosted at an IP address under our control, on a Webserver on Port 80.
I told them some time ago, there is no Webserver running under the IP address they mention.
They replied, they could verify the IP with:
curl -v -H "Host: lord-film.cash" [IPADDRESS]/
Still, every time I try, I don't get a connection. No wonder, that is a NAT router with Firewall.
So I wonder, if either the user of that IP Address has cleverly set up a firewall which blocks all requests not via Cloudflare proxies, or if this domain uses some kind of P2P Protocol and the IP of that user is just one of 'many' which is only reachable, when some P2P tool is running and opening a UPNP Port.
When I try to access the site itself: http://lord-film.cash/ I get 'access denied' from Cloudflare.
Do others get similar takedown notices? Maybe even for that same domain?
Mit freundlichen Grüssen
-Benoît Panizzon-
Hello Benoit,
I am a bit puzzled by repeated Cloudflare Takedown Requests regarding the domain: lord-film.cash we are getting.
lord-film.cash has address 172.67.181.230 lord-film.cash has address 104.21.32.5 lord-film.cash has IPv6 address 2606:4700:3035::6815:2005 lord-film.cash has IPv6 address 2606:4700:3032::ac43:b5e6
According to Cloudflare, the content is hosted at an IP address under our control, on a Webserver on Port 80.
I find this a bit odd, that they'd send you take-down requests for their own IP addresses....
when I search the domain in google, they show some site with cyrillic description (russian?), and you can even look at the cached page in google, and it does seem to host movies (just ran it through google translate). My guess is the entry page is probably geo fenced. I then clicked some of the russian links, was again redirected through cloudflare with their infamouse captchas, but was finally shown this link:
https://hd-1.lordfilms.help/2019/01/06/vpered-v-proshloe-2007.html
which, again, is hosted at cloudflare...
It definitely looks illegal for consumers in DMCA countries...
Cheers, Markus
Am Tue, 6 Jul 2021 12:01:58 +0200 schrieb Markus Wild swinog-list@dudes.ch:
I find this a bit odd, that they'd send you take-down requests for their own IP addresses....
No, that was me resolving the domain. :-)
They of course mention the IP in our ranges, which I don't want to expose here as I can not find any way to verify the DMCA claims.
Mit freundlichen Grüssen
-Benoît Panizzon-
They could simply take it down by:
- Contacting their own customer (for which they are proxying) - Stop providing proxy services to any entity and often for 'free'...
Fun that they contact you, while they are exposing it to the Internet ;)
Greets, Jeroen
On 20210706, at 13:20, Benoit Panizzon benoit.panizzon@imp.ch wrote:
Am Tue, 6 Jul 2021 12:01:58 +0200 schrieb Markus Wild swinog-list@dudes.ch:
I find this a bit odd, that they'd send you take-down requests for their own IP addresses....
No, that was me resolving the domain. :-)
They of course mention the IP in our ranges, which I don't want to expose here as I can not find any way to verify the DMCA claims.
Mit freundlichen Grüssen
-Benoît Panizzon-
I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
I'm not sure I have a clear picture here. It sounds like you're saying that cloudflare is retrieving information from your IP addresses that you don't yourselves see or serve. Could your prefix have been hijacked?
Eliot
On 06.07.21 13:20, Benoit Panizzon wrote:
Am Tue, 6 Jul 2021 12:01:58 +0200 schrieb Markus Wild swinog-list@dudes.ch:
I find this a bit odd, that they'd send you take-down requests for their own IP addresses....
No, that was me resolving the domain. :-)
They of course mention the IP in our ranges, which I don't want to expose here as I can not find any way to verify the DMCA claims.
Mit freundlichen Grüssen
-Benoît Panizzon-
-
Benoit Panizzon -
Eliot Lear -
Jeroen Massar -
Markus Wild -
Matias Meier