Is my router compromised?

So I was just surfing the web, doing basically nothing of worth. And I google something about cookie clicker (unimportant (?) ) and recieve this message:

We have detected that your router/modem may be compromised and part of the Meris DDoS botnet, or you are using a proxy associated with past Meris attacks.

Along with a captcha.

I’ve googled this for the past 20 mins but have found nothing. I’m hoping that it was just the VPN I was using (Mullvad set to Sweden). Also, after switching the region to USA, I recieved no more notifications.

I just wanted to verify that it was just my VPN and not anything else. Can anyone help?

Edit: Wanted to add that I know next to nothing about Meris attacks and if they are common or not. Also wanting to add that my computer is not showing signs of a DDoS attack, I’m just worried there might be some sort of virus or ransomware on my router or PC.

I’m hoping that it was just the VPN I was using (Mullvad set to Sweden). Also, after switching the region to USA, I recieved no more notifications.

If you were using a VPN, then the IP was probably flagged in the past. This is pretty common- lots of websites and services just flat out block access from known VPN IPs because they are frequently used for non-legit purposes.

I honestly would not worry about it.

Try looking up your IP address here? That might show you if your infected with a botnet. Malwarebytes scan wouldn’t hurt either.

CG NAT based ISP? I get this a lot on O2 in the UK because like 10’000+ people are sharing a small pool of IPs

Sorry for an unhelpful response to a dead post, but I use Mullvad as well and got this exact same message. Maybe it’s a Mullvad specific issue?

I just had this come up on my PC and I’m not using a VPN at all, no idea what it is

I just got the same message. Any solution?

I’ve been getting this and don’t use a vpn

Had this same exact issue. Had to restart my phone so it would go away.

“ We have detected that your router/modem may be compromised
and part of the Meris DDoS botnet, or you are using a proxy
associated with past Meris attacks. This page checks to see if it
is really a human sending the requests and not an attack.”

I’m using Cloudflare WARP, so my IP is proxied by Cloudflare. I’ve been seeing this message since then, maybe they are doing some sort of port NAT so my IP is shared by other users.

Been getting this when using Chrome on my Mac, for which I do not use a VPN.
The page lists an IP address that is not mine.
Upon checking the IP address listed, it is flagged for spam.
Said IP address is also based in Wichita Kansas (not anywhere near me).
Very suspicious.

Yeah, I assumed it was just the VPN. I was just a little jarred because it was my first time using that region and had never seen that message before. Thank you for your help!!

I got this message from an IP address in Linode VPS that I have owned for a few years now which I installed my own VPN server on. So… it’s not even a router I’m connecting on, unless Linode has malware on its own routers I don’t even understand why I would be getting this message. I assume they know what they are doing and don’t have this kind of problem, but maybe I’m mistaken?

The botnet box was marked green for me, but the spam box was marked red. What would that mean?

Thank you for that website! Scanned and everything came up green. Thanks for the help!

No because I get this on my iPhone with no vpn…just using the “incognito” mode on the Safari browser with Google set as my search engine. I can’t figure it out, but it’s definitely not limited to any vpn’s.

Every figure this out?

Same. Very odd and never had this happen prior

I think spam means you are blacklisted. Check here. I just checked my IP and it is blacklisted with SORBS so that may be common with Dynamic IPs. Some have procedures for removal you can follow.

Thanks so much for the response.

Do you know of any common reasons why some IP’s may get blacklisted?