Page 1 of 1

Captcha request wherever I go

Posted: Tue May 30, 2017 5:38 pm
by d3j4n
Some nights ago I noticed that almost wherever I go, whatever website I visit, I get captcha request!
I have no idea what's going on. I did some research and they led me to projecthoneypot, and there I enter my IP address, and it shows that I did some illegal activity.
Well, I have no idea how that happened, since I'm the only one who uses this computer.
I copied an url of a projecthoneypot page with info from my IP, so if anyone can explain to me how this works, or what to do, or what I could've done wrong, please tell me.
To be honest, I've been using my computer for a long time, but never did anything regarding IP changing, or anything that could harm my connection, simply because I don't know anything about that stuff.
This is really annoying, and I would like it gone as soon as possible.
Thanks in advance!

Re: Captcha request wherever I go

Posted: Wed May 31, 2017 8:18 am
by Chrispcritters
If you perform a lookup on your IP address at you'll see the following:
IP Address is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet.

It was last detected at 2017-05-31 15:00 GMT (+/- 30 minutes), approximately 30 minutes ago.

This IP is infected with, or is NATting for a machine infected with s_unknown

Note: If you wish to look up this bot name via the web, remove the "s_" before you do your search.

This was detected by observing this IP attempting to make contact to a s_unknown Command and Control server, with contents unique to s_unknown C&C command protocols.

This was detected by a TCP/IP connection from "" on port "57166" going to IP address "" (the sinkhole) on port "80".

The botnet command and control domain for this connection was "".
There are a couple of possibilities of what is happening:

1) One or more computers on your network have been compromised and infected.
2) The IP address that is currently assigned to your network was previously assigned to someone else who has an infected computer.
3) Your ISP runs a proxy service and what you see as your IP address may be shared amongst many customers of your ISP.

I suggest the following:

1) Visit the CBL link above, enter your IP address, read the details and follow the instructions to check for and remove an infection.
2) If everything is clean try turning off your modem and router for at least 8 hours in the hopes your ISP will assign you a new IP address. -- Once you get a new IP address check it on CBL.

Re: Captcha request wherever I go

Posted: Tue Jun 06, 2017 11:08 am
by d3j4n
Hey! Thanks for the reply! I will try to do what you told me to. I've been busy for the last few days, so I'll use the first opportunity I have to sit down and look this through in detail!
So, I will share the new findings here.

Re: Captcha request wherever I go

Posted: Wed Jun 21, 2017 5:03 pm
by d3j4n
Well, the only solution was to reinstall OS! Prior to that I tried literally anything I could see online, but reinstalling was the only solution! My PC was obviously infected... SO, it's all good for now! I hope it doesn't appear again.