We have registered suspicious traffic coming from your network, Smotrisoft. Suspicious traffic originating from your network

I’ll show you how to solve a problem in Google when an alert appears about suspicious traffic from your network. It looks like your computer is sending automatic requests.

Perhaps some malicious program that offered you to download Microsoft Office or Word 2013 actually turned out to be a fake, which not only asks for money (if you pay, you still won’t get the program you need), but also uses your computer as a puppet and makes requests that you don't see. Possibly stealing your traffic and reading it, trying to steal your passwords and so on.

The message goes like this:

We have detected suspicious traffic originating from your network. Using this page, we can determine that you are the one sending the requests and not a robot. To continue the search, please enter your number in the input field and click “send”.

A similar error may also appear on Yandex:

We are very sorry, but the requests coming from your IP address appear to be automatic. For this reason, we are forced to temporarily block access to search. To continue your search, please enter your phone number in the input field and click "send".

By entering your number and clicking “send” you will receive an SMS code from scammers, by entering it and clicking “send” you will receive some useless paid service on your mobile phone. By the way, you can disable any service; the method is described in the article How to disable the service MTS called you.

This is pure scam and deception. This page is not Google, but a scam. We can say with confidence that this is a ransomware virus. After entering your phone number, you will be offered a paid subscription to the service. Never enter your phone number. Kaspersky and the TSSDKiller utility will help you with this “virus treatment” at: support.kaspersky.ru/viruses/disinfection/5350.

If you suspect that this is a virus, then read the article How to scan Windows for new dangerous viruses or watch the video “How to find and remove viruses from your computer.”

If you didn’t buy Windows, it means you activated it through an activator, or an activator was already built into your version of repack, which periodically activates your Windows. Sometimes, with the help of these activators, you can harm your network by overloading it with automatic requests. Thus, most likely it is your windows activator that sends such requests, or maybe Google just thinks that you are asking questions in the search that look like a bot.

Then download another Windows build and reinstall Windows. If you don’t know how to reinstall Windows, then read the article How to reinstall Windows 7 or find in this playlist the reinstallation video that suits you.

But hurry to reinstall Windows, since most likely you have the third reason.

This is the most common option and the most likely. After you send a request to search for something, Google tells you: “To continue, enter the characters below.”

We have detected suspicious traffic originating from your network. Using this page, we can determine that you are the one sending the requests and not a robot.

I had a similar error even from a smartphone. You receive an error saying:

We’re sorry...but your computer or network may be sending automated queries. To protect our users, we can’t process your request right now.

It translates like this:

We're sorry, but your computer or network may be sending automated requests. To protect our users, we are unable to fulfill your request at this time.

And you will be prompted to enter the generated verification number and word (captcha).

But it all comes down to one thing - they twist our nipples.

they twist our nipples

Why does a message about suspicious traffic on the network appear?

Most often, you have nothing to do with it, but your Internet provider is to blame. The fact is that the IP addresses that are automatically issued to each Internet user are running out and there can be hundreds of ISP users on one IP address. That is, you and your neighbor and a person living far from you can have the same IP addresses. This is a crisis of iPv4 addresses. It can be solved by switching to iPv6, but it costs money.

Dmitry Bachilo spoke about this problem a long time ago when a television company interviewed him. Dmitry hid the original video on his channel, so I’m giving a link to the video from the channel of his fans who re-uploaded his videos for themselves.

How does Google explain when it reports suspicious traffic on your network?

In Google Help at: support.google.com/websearch/answer/86640?hl=en, Google writes what Google considers suspicious traffic:

• Search queries from robots, computer programs, automated services and content scrapers.
• Search queries from computer programs to determine the positions of pages and sites in Google search results.

When solving this problem, it happens that the verification word or numbers are not displayed (captcha), then Google advises you to restart the router and check your computer for viruses and malware.

Google also writes that if such messages are accompanied by unfamiliar advertisements, and an unknown site appears instead of the start page, then most likely, malicious software is installed on your computer.

There is a Chrome cleanup tool for Windows at support.google.com/chrome/answer/6086368. If you use the Google Chrome browser, then download and run Google's program removal tool.

The application scans the system and removes software that may interfere with Chrome. Click "Download".

Now after reading the Google Chrome Terms of Service, click on “Accept and Download”.

The download has started. Thanks for downloading the Chrome Cleanup Tool.

Run the Chrome Cleanup Tool and it will automatically start scanning for malware.

If nothing is found, you will see this message.

Next, you will be prompted to reset Google Chrome settings. Click "reset" to reset and delete temporary and cached data such as cookies and site content and data. Just remember all your social media passwords. networks and accounts on websites, as they will need to be entered again.

Basically, you just need to wait until the blocking on your IP address is lifted and you will be able to use Google again. Just wait 5-10 minutes and your ban will be lifted.

Here is a video about suspicious traffic coming from your network.

If we suspect automated traffic is coming from devices on your network to Google, you'll see a message that says, "Our systems have detected suspicious traffic from your computer network."

What Google considers suspicious traffic

• Search queries from robots, computer programs, automated services and content scrapers.
• Search queries from computer programs to determine the positions of pages and sites in Google Search results.

How to respond to this message

Most likely, you will be asked to recognize the test word. This way you can confirm that the requests were made by a person and not by a program. If you enter the test word correctly, the message will disappear.

Common problems

Follow these steps:

1. Check your computer for malware. Malware is software that can be installed on your computer without your knowledge. A message about suspicious traffic may appear due to the presence of such programs. Learn more about how to identify and remove malware...
2. Contact your network administrator. If you're connected to a public Wi-Fi network, such as at work or university, another computer may be sending automated Google searches. This way, a network administrator or IT specialist can find and eliminate the source of suspicious traffic.
3. If you don't have an administrator on your network, reboot your modem or router and see if that fixes the problem.

Once automated requests are no longer sent, you can use Google as usual.

The reason for the blocking could be a program or browser plugin for working with virtual private networks (VPN). Uninstall VPN software from your computer or network device and check if the problem is resolved.

Some VPNs send traffic that violates site guidelines or laws. If you are an Internet service provider, ask your users to remove VPN programs and plugins. When misuse of the Google network stops, IP addresses or ISPs will be automatically unblocked.

“We have detected suspicious traffic originating from your network...” Surely at least someone has encountered such a message when trying to enter a query in the Google search engine. A similar phrase is also in the arsenal of Yandex and, apparently, other search engines. What is this and how to deal with it?

In such a simple way as the requirement to confirm a person’s identity by entering a captcha, Google is trying to limit the number of requests to it.

(from CAPTCHA- English C ompletely A utomated P ublic T during test to tell C computers and H umans A part - a fully automated public Turing test for distinguishing between computers and people) - a computer test used to determine whether the user of a system is a person or a computer.

Material from Wikipedia - the free encyclopedia

He considers frequent homogeneous requests to be spammy or highly loaded. To put it simply, there is a constant large stream of complex or similar queries to Google from a computer or smartphone. Try calling a friend and start repeating: “Hi, how are you? How are you? How are you? How are you How are you? Normal? How about you, nothing? Are you okay? Yes? Well, clearly. Is it okay yourself? How are you?". This is roughly what requests to a search engine look like when it asks you to enter a captcha.

I ask, how many minutes can you wait until you try to stop the flow of garbage questions? This is exactly what a search engine does. This mechanism is also used as protection against DDoS attacks (Distributed Denial of Service).

Why is this happening? I didn't send any requests! Who sends them?

1. Spam and virus applications that have landed on your device send requests. It is important to combat them with the help of an antivirus, installing applications from reliable sources and a firewall.

2. The commands you use to search for specific information in a search engine. Long queries that you use to find the information you need based on many parameters are search engine commands. For example request -

intext:"We have detected suspicious traffic originating from your network" "site:.ru

forces the search engine to look for sites in the domain zone.ru that contain the text “We have registered suspicious traffic coming from your network.”

3. Services and applications that use search engines to search, analyze and process information. For example, the RDS bar browser plugin, when used excessively, “tires” search engines.

4. Are you a spammer or hacker :)

5. One of the above exists on the same network (same IP) as you.

In short, one way or another, but our device or network is regarded by the search engine as an annoying and/or malicious bot.

How can I get rid of the need to enter a captcha every time I type in the search bar of my browser?

If we do not send requests purposefully and we do not have spam or malicious applications, then we will begin to whitewash our device in the eyes of search engines. The first thought is that the search engine is banning us based on the IP address on our network. To change the dynamic address, just disconnect your router or mobile device from the Internet and connect it again. This does not always help and depends on the settings of the browser, network, etc. Sometimes the search engine bans entire pools of addresses, so in this case there will be little help.

Next, if the captcha appears again, I look at the data that the search engine leaves on my computer. These are so-called “cookies” or Cookies - files in which sites store some data on the user’s computer.

Files and descriptions.

That is, there is a “black mark” in your computer or smartphone that ruins all your karma and nerves.

I'll tell you about my research. I invite you to correct me if I make a mistake. To begin with, in the Chrome browser for Android, I went to settings.

Then I went to “Site Settings” -> “Storage”. In the search bar of the repository, I entered the name of the search engine that asks for the captcha. Among the numerous Google services, the default search engine address was also found. By tapping on the line, I brought up the following window.

I didn’t think for a long time (although I have to do this - think) - I couldn’t wait to check my guess. I deleted the entries and exited the settings. I entered a query into the browser and saw what I wanted.

I suspect that the post is crude and made “on a whim,” so I invite you to comment and correct my mistakes.

(9 ratings, average: 4,44 out of 5)
Anton Tretyak Anton Tretyak [email protected] Administrator website - reviews, instructions, life hacks

“With the help of this page, we will be able to determine that it is you, and not a robot, who is sending the requests...” - If you see similar messages when accessing Google, Yandex, social networks (Vkontakte, Odnoklassniki), the first thing you need to remember in such a situation is - Never ENTER YOUR PHONE NUMBER or send any SMS anywhere— You are being scammed by scammers, redirecting you to fake sites to sign up your phone for paid information services, and your computer is infected and needs to be treated.

When we try to log in and search for something on Yandex, we see the same picture:

In Odnoklassniki and Vkontakte it’s the same thing - the text is slightly different, the page design matches the style of the corresponding site, but there is one common point - you need to enter and send your phone number. Remember, this NEVER HAPPENS, that the WHOLE INTERNET suddenly, suddenly needs your mobile number - this first sign that you are being scammed!

The same requirement to enter your phone number from all popular sites is the first sign that you have fallen for a scammer.

When you click on the link “What to do if the code does not arrive,” they offer to send an SMS to the number 4016 (or 5014 ) with your personal identifier "I'm not a sucker" 15439231 - This second sign that you are being scammed. Firstly, self-respecting sites like Google, Yandex, Odnoklassniki will NEVER require you to send paid SMS, and secondly, they will NEVER demand this at the same time and to the same numbers!

If all the popular sites suddenly want to receive a paid SMS from you, this is yet another confirmation that you are being targeted by scammers.

Third sign fake (phishing) site - address in the address bar:

We carefully look at WHICH site we enter our personal data! In this case, instead of logging into Odnoklassniki, we give the username and password to the attackers.

But in our case, everything is fine - the attackers reliably covered their tracks, all the addresses in the address bar are correct.

Solution

First,

what needs to be done in such cases to unlock - . But, in our case, everything is clean here too, the file is not modified.

Second

Let's look at autoloading:

First, uncheck the box next to the suspicious entry (we will always have time to delete it). As it later turned out, it was another virus that had nothing to do with us.

Third

We scan the system with an antivirus (after updating with the latest antivirus databases). Avira was installed on the affected computer:

Avira antivirus always reports that it has detected the “TR/SHipUp.dfsk.2” virus in the “ProgramData\Mozilla” folder

We press the “Delete” button, the antivirus thinks for a long time and produces a result that greatly discourages us:

Avira offers to quarantine entire Windows and all active programs

Avira offers to quarantine all Windows and all active programs. This is explained by the fact that the virus is embedded in all processes running on the infected PC, but its activity (page substitution) is noticeable only in browsers (Microsoft Internet Explorer, Mozilla Firefox, Opera, Safari, Google Chrome, Chromium, Mail.Ru Internet, Yandex. Browser, Rambler Nichrome). If you click “Apply” now, the computer will no longer boot (the antivirus is fighting for peace so much that no stone will be left unturned). This option is not suitable for us, so we click “Cancel” and download either Dr.Web CureIt!, or Kaspersky Virus Removal Tool:

Dr.Web immediately removes Trojan.Mods.2 (file “jddvigb.dll” in the folder in “ProgramData\Mozilla”)

Fourth

We scan with an anti-Trojan program ( eg Malwarebytes Anti-Malware):

As you can see, the computer was pretty infected. The program found 22 objects, incl. and our Trojan. We delete everything.

Fifth

As we found out, the Mozilla Firefox browser was infected, so to be on the safe side, it is advisable to use an advanced uninstaller ( eg Revo Uninstaller) uninstall the browser for a clean one, and then, download it from the official website, install it again.

After all the actions taken, we reboot and check whether our sites open normally.

Conclusions

In this case, the Avira antivirus did not perform at its best: it let in too many Trojans and showed a complete inability to fight them (except for the proposal to destroy everything around because of one single malicious file). Therefore, it was decided to remove Avir as well and install another antivirus, and the user was given a preventive conversation on the topic of loss of vigilance)).

P.S.

Sometimes Yandex and Google actually block users if they receive too many requests. The reasons for this can be different: either computers infected with viruses create too much network activity, or the provider has many users on the same real IP address, or something else, but in any case it looks like this:

or like this (from Google):

Please note no phones, no SMS, need to just enter the code to convince the search engine that you are not a malicious program, and then you can continue to use the Internet further.