Cloudflare flags archive.today as "C&C/Botnet"; no longer resolves via 1.1.1.2

Archive.today's attack on https://gyrovague.com is still on-going btw. It started just over two months ago. Some IPs get through normally but for example finnish residential IPs get stuck on endless captchas. The JS snippet that starts spamming gyrovague appears after solving the first captcha.

"archive.today is currently categorized as: * CIPA Filter * Reference * Command and Control & Botnet * DNS Tunneling"

Ditto for their other domains like archive.is and archive.ph

Example DoH request:

$ curl -s "https://1.1.1.2/dns-query?name=archive.is&type=A" -H "accept: application/dns-json"

{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"archive.is","type":1}],"Answer":[{"name":"archive.is","type":1,"TTL":60,"data":"0.0.0.0"}],"Comment":["EDE(16): Censored"]}

---

Relevant HN discussions:

https://news.ycombinator.com/item?id=46843805 "Archive.today is directing a DDoS attack against my blog"

https://news.ycombinator.com/item?id=47092006 "Wikipedia deprecates Archive.today, starts removing archive links"

https://news.ycombinator.com/item?id=46624740 "Ask HN: Weird archive.today behavior?" - Post about the script used to execute the denial-of-service attack

Wikipedia page on deprecating and replacing archive.today links:

https://en.wikipedia.org/wiki/Wikipedia:Archive.today_guidan...

Good. You don't get to use my computer for a DDoS. I don't care why the DDoS was happening. I wasn't asked, and that's a serious breach of trust.

Cloudflare dns has gone back and forth on whether it wants to resolve them since 2019. It’s taken that away and restored it again (intentionally? mistake?) at least four times.

The c&c/botnet designation would seem to be new though.

Bulletproof hosting service not happy that someone is running their C&C infrastructure elsewhere

When the heat dies down, hopefully this flag gets removed.

[dead]