HN

Need help?
<- Back
Cloudflare flags archive.today as "C&C/Botnet"; no longer resolves via 1.1.1.2

Cloudflare flags archive.today as "C&C/Botnet"; no longer resolves via 1.1.1.2

winkelmann

Comments (140)

  • winkelmann
    "archive.today is currently categorized as: * CIPA Filter * Reference * Command and Control & Botnet * DNS Tunneling"Ditto for their other domains like archive.is and archive.phExample DoH request:$ curl -s "https://1.1.1.2/dns-query?name=archive.is&type=A" -H "accept: application/dns-json"{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"archive.is","type":1}],"Answer":[{"name":"archive.is","type":1,"TTL":60,"data":"0.0.0.0"}],"Comment":["EDE(16): Censored"]}---Relevant HN discussions:https://news.ycombinator.com/item?id=46843805 "Archive.today is directing a DDoS attack against my blog"https://news.ycombinator.com/item?id=47092006 "Wikipedia deprecates Archive.today, starts removing archive links"https://news.ycombinator.com/item?id=46624740 "Ask HN: Weird archive.today behavior?" - Post about the script used to execute the denial-of-service attackWikipedia page on deprecating and replacing archive.today links:https://en.wikipedia.org/wiki/Wikipedia:Archive.today_guidan...
  • rollulus
    I think there are two angles to look at this. Yes, there’s the attack on the weblog. But there’s also pressure on archive.today, e.g. an FBI investigation [1] and some entity using fictitious CSAM allegations [2].[1]: https://arstechnica.com/tech-policy/2025/11/fbi-subpoena-tri... [2]: https://adguard-dns.io/en/blog/archive-today-adguard-dns-blo...
  • stuffoverflow
    Archive.today's attack on https://gyrovague.com is still on-going btw. It started just over two months ago. Some IPs get through normally but for example finnish residential IPs get stuck on endless captchas. The JS snippet that starts spamming gyrovague appears after solving the first captcha.
  • _moof
    Good. You don't get to use my computer for a DDoS. I don't care why the DDoS was happening. I wasn't asked, and that's a serious breach of trust.
  • f-serif
    A bit context if you are confused why Public DNS server blocking websites. 1.1.1.2 is Malware blocking DNS server similar to AdBlock DNS server. It is not 1.1.1.1 and 1.0.0.1Here is the DDoS context https://gyrovague.com
  • jeremie_strand
    The DNS tuneling flag alongside C&C/botnet is the odd one — that category implies data exfiltration or firewall bypass, not just aggressive crawling or DDoS behavior. Would be interesting to know what traffic pattern triggered it.
  • bunbun69
    Good. What archive.today is doing is illegal
  • razingeden
    Cloudflare dns has gone back and forth on whether it wants to resolve them since 2019. It’s taken that away and restored it again (intentionally? mistake?) at least four times.The c&c/botnet designation would seem to be new though.
  • PeterStuer
    Otoh, without archive.today a substantial % of HN posts would be unreadable for nearly all of the audience.
  • anon
    undefined
  • charcircuit
    When the heat dies down, hopefully this flag gets removed.
  • algolint
    [dead]
  • ddactic
    [dead]
  • 3842056935870
    [dead]
  • chloecv
    [dead]
  • andor
    Bulletproof hosting service not happy that someone is running their C&C infrastructure elsewhere