Timeline
- 20:15:02 – Last recorded Oracle hit. Quiet after that.
- 21:20 – A normal visit lands on the article. Samsung browser on Android, natural scroll, cookies enabled, real human behaviour.
- 21:24 – Our edge tarpit lights up with a request from DigitalOcean in Frankfurt.
- 21:26 – AWS joins from Portland. Also tarpitted.
Hit summary
165.22.65.XX ASN 14061 DigitalOcean PoP FRA Path: /
44.246.33.XXX ASN 16509 Amazon AWS PoP PDX Path: /
UA samples: Chrome/139.0 on Linux, Chrome/66.0 on Windows
Coincidence
A legitimate reader finishes the article, then within four minutes fresh probes arrive from different clouds, not Oracle, and get caught at the edge. The timing is a gleaming coincidence. Call it reactive scanning, call it curiosity. Either way, it walked straight into treacle.
Oracle went silent after
20:15. The probes that followed the read came from new providers. New masks, same intent.
Reactive security theatre
- Throwaway instances spin up, hit the root, spoof dated Chrome strings.
- ASN checks trigger, requests slow, fingerprints log, credits burn elsewhere.
- The site stays static, the controls stay active, the tarpit stays patient.
Takeaway
Publish clear telemetry, watch the reflex fire, document the result. No need to chase. The pattern reveals itself again and again.
Kieron JH
Founder, The Reasonable Adjustment
Still bored, still logging, still laughing.
Be First to Comment