Cloudflare flags archive.today as "C&C/Botnet"; no longer resolves via 1.1.1.2

winkelmann

"archive.today is currently categorized as: * CIPA Filter * Reference * Command and Control & Botnet * DNS Tunneling" Ditto for their other domains like archive.is and archive.ph Example DoH request: $ curl -s " https://1.1.1.2/dns-query?name=archive.is&type=A " -H "accept: application/dns-json" {"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"archive.is","type":1}],"Answer":[{"name":"archive.is","type":1,"TTL":60,"data":"0.0.0.0"}],"Comment":["EDE(16): Censored"]} --- Relevant HN discussions: https://news.ycombinator.com/item?id=46843805 "Archive.today is directing a DDoS attack against my blog" https://news.ycombinator.com/item?id=47092006 "Wikipedia deprecates Archive.today, starts removing archive links" https://news.ycombinator.com/item?id=46624740 "Ask HN: Weird archive.today behavior?" - Post about the script used to execute the denial-of-service attack Wikipedia page on deprecating and replacing archive.today links: https://en.wikipedia.org/wiki/Wikipedia:Archive.today_guidan...

razingeden

Cloudflare dns has gone back and forth on whether it wants to resolve them since 2019. It’s taken that away and restored it again (intentionally? mistake?) at least four times. The c&c/botnet designation would seem to be new though.

charcircuit

When the heat dies down, hopefully this flag gets removed.

_moof

Good. You don't get to use my computer for a DDoS. I don't care why the DDoS was happening. I wasn't asked, and that's a serious breach of trust.

stuffoverflow

Archive.today's attack on https://gyrovague.com is still on-going btw. It started just over two months ago. Some IPs get through normally but for example finnish residential IPs get stuck on endless captchas. The JS snippet that starts spamming gyrovague appears after solving the first captcha.