Where I usually get tarpitted is by Cloudflare. I'll pass the (automated) CAPTCHA, the page will reload (still as if I had passed), and … it'll be another CAPTCHA. I'm pretty sure these usually amount to a passive-aggressive demand for cookies/storage, but I just vote with my browser & go back/somewhere else.
Cloudflare deep down greatly discriminates against shared IPs. If you have a real honest-to-goodness IPv4 address that doesn't change, you'll hardly ever encounter anything.
But if you are behind any sort of carrier-grade NAT or otherwise sharing IPs, you're a second-class netizen, sucks to be you.
I'm behind your typical non-CGNAT residential NAT, for v4. (Was v4 only for the longest time, but Verizon just recently rolled out a v6… so we'll see if that changes anything, I guess.)
If you encounter it relatively often with VPN off, I would do a full scan/check of all devices (including wifi phones, etc) and update all software, as you may have a bot virus or similar. If you DO find one, clean it up and then turn your router off for a few hours or whatever is necessary to get your ISP to give you a new IP, heh.
But, haha fool you, CF now gatekeeps some unholy percentage of the web, so the "somewhere else" list is going to get smaller and smaller with no recourse, as best I can tell. Maybe disposable Firefox containers for your specific situation, but only maybe
Where I usually get tarpitted is by Cloudflare. I'll pass the (automated) CAPTCHA, the page will reload (still as if I had passed), and … it'll be another CAPTCHA. I'm pretty sure these usually amount to a passive-aggressive demand for cookies/storage, but I just vote with my browser & go back/somewhere else.