PR
This commit is contained in:
🕪 2022-01-14 08:56:26 +00:00
commit 33ee164ce8
82 changed files with 3816 additions and 0 deletions

View File

@ -0,0 +1,47 @@
```
ABOUT /subfiles/classics/*
THIS PAGE IS AN ARCHIVED HISTORY.
IF YOU NEED LATEST INFORMATION, PLEASE READ OTHER FILES (not /classics/)
```
-------------
# CloudFlare Watch
![](img/sher2.gif) ![](img/cfsign.jpg)
CloudFlare is a venture-funded startup that routes around Internet abuse by
acting as a reverse proxy. They also encourage illegality by allowing hackers,
DDoSers, cyberbullies, and copyright pirates to hide behind their servers.
By 2015, CloudFlare was even [protecting websites](isis.md) that recruited for ISIS.
- [Uncovering bad guys hiding behind CloudFlare](cfs.md)
- [Is CloudFlare affected by the EU's GDPR?](cfgdpr.md)
- [NYT: CloudFlare protects child-abuse porn sites](nytporn.txt)
- [CloudFlare attracts "repeat infringers"](repeats.md)
- [CloudFlare's half-baked SSL](cfssl.md)
- [Is CloudFlare a honey pot?](honeypot.md)
- [CloudFlare's wonky nameserver setup](cfnsdump.md)
- [Some domains that recently used CloudFlare](cfsites.md)
- [Where in the world are those CloudFlare domains?](cfusers.md)
- [The gang at CloudFlare aids and abets cybercriminals](cfgang.md)
![](img/marx2.gif)
- [Carders love CloudFlare](carders.md)
- [CloudFlare's growth is not so amazing](cfgrowth.md)
- [CloudFlare seeks riches through anarchy](twisted.md)
- [Spamhaus blocks CloudFlare's IP ranges](cfblock.md)
- [Those laughable CloudFlare terms of service](cfterms.md)
- [Dear Damon Billian: We're not as stupid as you think!](damon.md)
- [CloudFlare still chummy with ex-cons from LulzSec](lulzsec2.md)
---
"_We miss you. you will never be forgotten._"

View File

@ -0,0 +1,36 @@
```
Americans are more likely to worry about having credit card information they used in stores
stolen by computer hackers than any other crime they are asked about.
```
— Gallup.com, October 2014
### Carders love CloudFlare
. . . like flies love honey?
The carder domains listed here were online between February 2014 and August 2021, and hiding behind CloudFlare. This list will be out of date within a few weeks, because carders frequently change domain names and service providers. After all, it is illegal to sell stolen credit card data no matter where you live.
CloudFlare doesn't care about laws. They're in Silicon Valley, where the rich get richer, lobbyists own the lawmakers, and eveyone else faces higher rents and evictions. As far as we can tell, CloudFlare has done exactly nothing about criminals using their services. We thought they might do something about the marketing of 40 million credit cards stolen from Target in late 2013, but we were wrong. The major criminal exploiting this heist calls himself "Rescator," and he still uses CloudFlare. He might even be the Boss Man. His screen name appears on a couple dozen of the domains listed on this page.
![](img/resc3.png)
Maybe CloudFlare admires Rescator because his images are so cool. The one on top announced a batch of cards from Target in early December, "Pearl Harbor" was announced on January 13, and "Beaver Cage" on February 8. The next one, "Desert Strike," announced 282,000 cards on March 3. These are from 2,600 Sally Beauty locations in the U.S. The "Sanctions" image appeared on September 2, and is related to a breach at Home Depot stores.
Our theory is that CloudFlare is waiting for more images. A year or so from now they could have a full set in their trophy case. Then CloudFlare can boast that their venture-funded start-up enjoys immunity from all civil and criminal laws. That would be a perfect time to make a killing with an IPO.
![](img/holder.gif)
![](img/pcihype.png)
![](img/village.gif)
![](img/badge1.gif)
![](img/proxies.gif)
---
[home page](README.md)

View File

@ -0,0 +1,85 @@
# Spamhaus blocks CloudFlare's IP ranges
Spamhaus says about CloudFlare:
```
Hosting service refuses to shut off abusers. Spam & cybercrime
'reverse proxies' stay up after being reported. Cybercrime world
now knows of this 'bulletproof hosting' and is rushing here.
```
> July 2012
[Spamhaus](https://web.archive.org/web/20210826103614/http://en.wikipedia.org/wiki/Spamhaus) is an international nonprofit organization founded in 1998. On July 11, 2012 they added nearly the entire CloudFlare range of IP addresses to their SBL (Spamhaus Block List). [These three entries](spamhaus.md) are labeled "escalation" and include 37,000 addresses. (CloudFlare's own complete list of their IP ranges contained 44,500 IP addresses in July, 2012. Assuming that some of these were for future expansion and presently unused, this meant that Spamhaus had essentially added all of cloudflare.com to their SBL.)
This doesn't mean that the domains are unavailable. All it means is that you are less likely to find a CloudFlare-affiliated domain embedded in spam or phishing emails. And if your email address is based on a domain that is protected by CloudFlare, your system administrator might discover that outgoing emails are blocked by upstream providers who use Spamhaus blacklists. There is nothing your sysadmin can do about this except to turn off CloudFlare's service, causing your domain to resolve to a non-CloudFlare IP address.
![](img/prince.jpg)
Matthew Browning Prince, born on 1974-11-13, is the CEO and co-founder of CloudFlare. Thanks to a [rich dad](https://web.archive.org/web/20210826103614/http://web.archive.org/web/20081002173414/http://www.mufranchisee.com/article/453/), he attended the University of Chicago Law School ('00) and Harvard Business School ('09). Prince taught Internet law and was a specialist in anti-spam laws and phishing investigations. It's a mystery why he joined the Dark Side.
CloudFlare has not yet borrowed Google's "don't be evil" motto. Perhaps this is because his company was wantonly libertarian and aggressively overhyped right out of the starting gate, so that pretending to embrace probity could prove embarrassing. His [thoughts on abuse](https://web.archive.org/web/20210826103614/http://blog.cloudflare.com/thoughts-on-abuse) are pathetic for someone who should know better.
See also (Oct 2013): [Phishers using CloudFlare for SSL](https://web.archive.org/web/20210826103614/http://news.netcraft.com/archives/2013/10/07/phishers-using-cloudflare-for-ssl.html)
In fact, sysadmins everywhere will feel safer if they block all of CloudFlare's ranges:
```
103.21.244.0/22 (103.21.244.0 - 103.21.247.255)
103.22.200.0/22 (103.22.200.0 - 103.22.203.255)
103.31.4.0/22 (103.31.4.0 - 103.31.7.255)
104.16.0.0/12 (104.16.0.0 - 104.31.255.255)
108.162.192.0/18 (108.162.192.0 - 108.162.255.255)
131.0.72.0/22 (131.0.72.0 - 131.0.75.255)
141.101.64.0/18 (141.101.64.0 - 141.101.127.255)
162.158.0.0/15 (162.158.0.0 - 162.159.255.255)
172.64.0.0/13 (172.64.0.0 - 172.71.255.255)
173.245.48.0/20 (173.245.48.0 - 173.245.63.255)
188.114.96.0/20 (188.114.96.0 - 188.114.111.255)
190.93.240.0/20 (190.93.240.0 - 190.93.255.255)
197.234.240.0/22 (197.234.240.0 - 197.234.243.255)
198.41.128.0/17 (198.41.128.0 - 198.41.255.255)
199.27.128.0/21 (199.27.128.0 - 199.27.135.255)
```
![](img/cleary2.jpg)
If you are running Linux, you can enter nullroutes for CloudFlare without trying to figure out iptables. We use it on our server because CloudFlare-affiliated cybercriminals have a history of DDoSing us. One of them is named Ryan Cleary and he is in jail now in the UK. He won't get out anytime soon — he pleaded guilty and has also been indicted by a U.S. grand jury. Poor Ryan would feel better if Mr. Prince visited him in jail and offered a little bit of immoral support.
These commands will block access to CloudFlare domains for all traffic to and from your Linux box. Normally a domain that uses CloudFlare won't be coming into your box with their CloudFlare IP address. But with all those cybercriminals using CloudFlare, you never know what trickery is afoot. After these blocks, any attempt to access your box from cloudflare.com will time out. Best of all, anyone sharing your box won't be able to get to CloudFlare to read Mr. Prince's excuses. To remove these blocks, just change "add" to "del" and run the script again, or you can reboot.
```
/sbin/route add -net 103.21.244.0 netmask 255.255.252.0 reject
/sbin/route add -net 103.22.200.0 netmask 255.255.252.0 reject
/sbin/route add -net 103.31.4.0 netmask 255.255.252.0 reject
/sbin/route add -net 104.16.0.0 netmask 255.240.0.0 reject
/sbin/route add -net 108.162.192.0 netmask 255.255.192.0 reject
/sbin/route add -net 131.0.72.0 netmask 255.255.252.0 reject
/sbin/route add -net 141.101.64.0 netmask 255.255.192.0 reject
/sbin/route add -net 162.158.0.0 netmask 255.254.0.0 reject
/sbin/route add -net 172.64.0.0 netmask 255.248.0.0 reject
/sbin/route add -net 173.245.48.0 netmask 255.255.240.0 reject
/sbin/route add -net 188.114.96.0 netmask 255.255.240.0 reject
/sbin/route add -net 190.93.240.0 netmask 255.255.240.0 reject
/sbin/route add -net 197.234.240.0 netmask 255.255.252.0 reject
/sbin/route add -net 198.41.128.0 netmask 255.255.128.0 reject
/sbin/route add -net 199.27.128.0 netmask 255.255.248.0 reject
```
### Snake oil for harried webmasters
In 2009, [New York Times](https://web.archive.org/web/20210826103614/http://www.nytimes.com/external/readwriteweb/2009/10/13/13readwriteweb-google-accounts-for-6-of-all-internet-traff-90323.html) reported that according to a two-year study, Google accounts for six percent of all Internet traffic worldwide. One year later CloudFlare launched. By early 2012, according to Matthew Prince in [Forbes](https://web.archive.org/web/20210826103614/http://www.forbes.com/sites/eliseackerman/2012/02/29/how-cloudflares-free-ddos-protection-service-is-disrupting-the-multibillion-dollar-computer-security-and-content-delivery-markets), on any given day 25 percent of the Internet's visitors pass through CloudFlare. Does this mean that CloudFlare handles four times more traffic than Google? They obviously know what they're doing. You cannot go wrong!
![](img/snake3.gif)
Matthew Prince made a similar statement on July 18, 2012: "We do more traffic than Amazon, Wikipedia, Twitter, Zynga, AOL, Apple, Bing, eBay, PayPal and Instagram combined," chief executive Matthew Prince told [VentureBeat](https://web.archive.org/web/20210826103614/http://venturebeat.com/2012/07/18/cloudflare-amazon-wikipedia-twitter/). "We're about half of a Facebook, and this month we'll surpass Yahoo in terms of pageviews and unique visitors."
Curiously, Mr. Prince changed his tune in [August 2013](https://web.archive.org/web/20210826103614/http://blog.cloudflare.com/cloudflare-and-free-speech): "Today, approximately four percent of web requests flow through our network." Is CloudFlare slowing down? Not at all. The previous June he told [The Economist](https://web.archive.org/web/20210826103614/http://www.economist.com/news/international/21579818-theres-only-so-much-you-can-do-denying-deniers) that he is adding 5,000 customers per day.
If CloudFlare adds 5,000 per day over the course of a year, how does its share of Internet traffic go from 25 percent to 4 percent? Who is more guilty of spreading bullshit — high-tech CEOs, or fanboy publications that print anything they say? (More background on Prince is available [here](honeypot.md).)
---
[home page](README.md)

1725
subfiles/classics/cfgang.md Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,14 @@
# Is CloudFlare affected by the EU's GDPR?
> May 25, 2018
![](img/cfeunew.gif)
Our [geolocation results](cfusers.md) page points to direct-connect IP addresses for many of the above countries. For example, if you click on France, the first link shows almost 4,000 domains in the same /24 block that all use CloudFlare. This looks like a situation where a single service provider in France hooks up every new customer to CloudFlare automatically. This provider in France obviously must adhere to the GDPR. However, it is our belief that in cases this extreme, CloudFlare must also share responsibility for GDPR violations. If you click again, you can get a listing of the specific domains. Sometimes the domain names themselves suggest dubious content.
We haven't investigated this particular case, as there are many dozens of similar patterns in our data, even after restricting our searches to EU countries only.
---
[home page](README.md)

View File

@ -0,0 +1,447 @@
# CloudFlare's unamazing growth
Hurricane Electric is a major Internet backbone service provider, and they show a chart listing the [top 100 hosting companies](https://web.archive.org/web/20210826102852/https://bgp.he.net/report/tophosts). We asked them how this data, which updates once a week, is compiled. Rob Mosher replied that "the counts are based on domain names with their nameservers listed."
That's good enough for us, and we began capturing the data from this chart soon after CloudFlare made it into the top 100 in April 2013. Matthew Prince brags about all the traffic he handles ([more than Facebook](https://web.archive.org/web/20210826102852/http://venturebeat.com/2013/06/17/cloudflare-150b-pageviewsmonth-30gb-of-log-dataminute-and-more-traffic-than-facebook/)), but this is bogus. For example, he once claimed that China is the second largest country using CouldFlare after the U.S., while our stats showed otherwise. On further investigation, we found a later quotation in which Prince said that traffic from China was number two — not CloudFlare customers from China, and not CloudFlare websites in China, but traffic!
![](img/mao4.gif)
Yeah, okay, and our modest site here at CloudFlare Watch has been getting a lot of traffic from China also. It's called a "botnet," folks, which means a bunch of automated zombies grab stuff from us, 24 / 7, for reasons unknown. We ran Scroogle.org for seven years, and had the same sort of "traffic." By now we know that if you have zombie problems, you are supposed to be apologetic and work hard to block them. You don't brag about it.
Mr. Prince isn't content to merely compare apples to oranges. His comparison to Facebook is the equivalent of claiming that the water CloudFlare uses to keep its apple tree alive weighs more than the basket of oranges from Facebook's orange tree. It's all reckless hype, and it's amazing that the high-tech press lets him get away with it. They should recognize that Facebook attracts end-users by providing an environment and structure that encourages content, while CloudFlare is a mere traffic conduit that is divorced from both end-users and content.
![](img/evo20.gif)
While we are still interested in how Hurricane Electric collects their domain stats (is it captured midstream, or from zone file access, or what?), ultimately it doesn't matter as long as their methodology is consistent. We are interested in growth over time for domains that use CloudFlare for their authoritative nameservers. CloudFlare's [hosting partners](https://web.archive.org/web/20210826102852/https://www.cloudflare.com/partners/solution-partners/) do not count, nor should they. A click box on the control panel at a CloudFlare hosting partner means little. While it increases the traffic going through CloudFlare, it merely suggests that these partners are happy to offload a chunk of their bandwidth for free, by encouraging their own customers to try out CloudFlare. At this rate, every self-disrespecting hosting provider on the planet should have signed up by now.
![](img/sock2.gif)
No, what matters is how many registered domains use CloudFlare for their nameservers. While the lowest tier at CloudFlare is still free for this, at least it takes some minimal research and commitment before a website is willing to change the nameservers on their domain registration. In short, we feel that the stats from Hurricane Electric, when considered over a span of at least a few months, are worth more than any Matthew Prince quotations in media that [don't know when to quit](cfblock.md).
[![](img/poem.gif)](repeats.md)
```
Date Total domains Percent of top 100
2013-05-06 462,274 0.200
2013-05-13 472,085 0.204
2013-05-20 480,934 0.207
2013-05-27 485,279 0.209
2013-06-03 480,989 0.207
2013-06-10 487,366 0.209
2013-06-17 492,681 0.212
2013-06-24 497,098 0.214
2013-07-01 503,807 0.216
2013-07-08 516,126 0.221
2013-07-15 518,662 0.222
2013-07-22 519,748 0.223
2013-07-29 523,083 0.224
2013-08-05 528,595 0.226
2013-08-12 536,331 0.230
2013-08-19 540,140 0.231
2013-08-26 546,689 0.234
2013-09-02 553,002 0.236
2013-09-09 559,421 0.239
2013-09-16 566,034 0.241
2013-09-23 570,967 0.243
2013-09-30 583,379 0.248
2013-10-07 590,639 0.251
2013-10-14 598,124 0.254
2013-10-21 605,181 0.257
2013-10-28 612,161 0.260
2013-11-04 618,892 0.262
2013-11-11 625,297 0.265
2013-11-18 634,680 0.269
2013-11-25 645,166 0.273
2013-12-02 651,707 0.276
2013-12-09 656,592 0.278
2013-12-16 658,851 0.279
2013-12-23 664,087 0.281
2013-12-30 668,845 0.283
2014-01-06 674,649 0.285
2014-01-13 680,664 0.288
2014-01-20 686,548 0.290
2014-01-27 695,184 0.293
2014-02-03 701,853 0.296
2014-02-10 707,212 0.298
2014-02-17 715,565 0.301
2014-02-24 721,120 0.303
2014-03-03 727,763 0.305
2014-03-10 738,270 0.309
2014-03-17 748,705 0.313
2014-03-24 759,522 0.318
2014-03-31 767,933 0.321
2014-04-07 776,532 0.324
2014-04-14 789,967 0.329
2014-04-21 798,921 0.332
2014-04-28 810,208 0.337
2014-05-05 820,826 0.341
2014-05-12 829,597 0.344
2014-05-19 843,120 0.350
2014-05-26 854,125 0.354
2014-06-02 862,998 0.358
2014-06-09 870,092 0.360
2014-06-16 880,063 0.364
2014-06-23 888,970 0.368
2014-06-30 900,388 0.372
2014-07-07 907,303 0.375
2014-07-14 919,299 0.379
2014-07-21 929,176 0.383
2014-07-28 938,897 0.387
2014-08-04 949,517 0.391
2014-08-11 959,261 0.395
2014-08-18 971,269 0.399
2014-08-25 983,229 0.404
2014-09-01 996,492 0.409
2014-09-08 1,008,809 0.414
2014-09-15 1,018,725 0.418
2014-09-22 1,028,254 0.421
2014-09-29 1,039,559 0.425
2014-10-06 1,055,063 0.431
2014-10-13 1,069,605 0.436
2014-10-20 1,092,576 0.445
2014-10-27 1,105,575 0.451
2014-11-03 1,119,242 0.456
2014-11-10 1,137,673 0.464
2014-11-17 1,151,151 0.469
2014-11-24 1,166,656 0.475
2014-12-01 1,177,647 0.479
2014-12-08 1,189,078 0.484
2014-12-15 1,207,842 0.491
2014-12-22 1,217,563 0.495
2014-12-29 1,231,764 0.501
2015-01-05 1,247,680 0.507
2015-01-12 1,265,245 0.514
2015-01-19 1,280,109 0.520
2015-01-26 1,297,321 0.526
2015-02-02 1,312,308 0.531
2015-02-09 1,332,308 0.539
2015-02-16 1,347,477 0.544
2015-02-23 1,359,383 0.549
2015-03-02 1,381,804 0.558
2015-03-09 1,399,204 0.564
2015-03-16 1,418,583 0.572
2015-03-23 1,435,965 0.579
2015-03-30 1,454,610 0.586
2015-04-06 1,469,641 0.592
2015-04-13 1,484,206 0.597
2015-04-20 1,499,685 0.603
2015-04-27 1,517,483 0.610
2015-05-04 1,538,892 0.620
2015-05-11 1,552,349 0.625
2015-05-18 1,569,546 0.632
2015-05-25 1,589,371 0.640
2015-06-01 1,607,757 0.647
2015-06-08 1,630,764 0.655
2015-06-15 1,646,304 0.661
2015-06-22 1,671,352 0.670
2015-06-29 1,688,467 0.676
2015-07-06 1,709,286 0.683
2015-07-13 1,729,079 0.691
2015-07-20 1,755,542 0.701
2015-07-27 1,776,521 0.710
2015-08-03 1,800,276 0.719
2015-08-10 1,819,396 0.726
2015-08-17 1,849,434 0.737
2015-08-24 1,871,697 0.745
2015-08-31 1,897,175 0.755
2015-09-07 1,923,030 0.764
2015-09-14 1,965,601 0.779
...the data source did not update for one month...
2015-10-15 2,459,695 0.915
2015-10-19 2,477,094 0.919
2015-10-26 2,503,454 0.921
2015-11-02 2,525,536 0.925
2015-11-09 2,549,874 0.918
2015-11-16 2,586,187 0.914
2015-11-23 2,620,791 0.912
2015-11-30 2,654,232 0.920
2015-12-07 2,690,496 0.931
2015-12-14 2,716,079 0.938
2015-12-21 2,745,964 0.946
2015-12-28 2,767,578 0.953
2016-01-04 2,780,037 0.956
2016-01-11 2,808,816 0.964
2016-01-18 2,833,824 0.971
2016-01-25 2,854,693 0.975
2016-02-01 2,889,095 0.984
2016-02-08 2,921,854 0.992
2016-02-15 2,941,870 0.996
2016-02-22 2,980,241 1.000
2016-02-29 3,015,906 1.005
2016-03-07 3,052,477 1.010
2016-03-14 3,093,608 1.022
2016-03-21 3,123,234 1.029
2016-03-28 3,154,356 1.039
2016-04-04 3,175,503 1.043
2016-04-11 3,201,418 1.050
2016-04-18 3,230,048 1.058
2016-04-25 3,250,479 1.065
2016-05-02 3,284,012 1.076
2016-05-09 3,304,421 1.082
2016-05-16 3,345,090 1.095
2016-05-23 3,369,703 1.101
2016-05-30 3,398,037 1.110
2016-06-06 3,422,237 1.118
2016-06-13 3,446,664 1.126
2016-06-20 3,466,012 1.133
2016-06-27 3,491,453 1.143
2016-07-04 3,535,104 1.154
2016-07-11 3,557,826 1.162
2016-07-18 3,577,119 1.168
2016-07-25 3,594,073 1.173
2016-08-01 3,598,272 1.190
2016-08-08 3,643,865 1.204
2016-08-15 3,671,903 1.213
2016-08-22 3,693,125 1.219
2016-08-29 3,710,646 1.225
2016-09-05 3,741,690 1.235
2016-09-12 3,760,204 1.242
2016-09-19 3,785,458 1.252
2016-09-26 3,794,284 1.255
2016-10-03 3,826,115 1.267
2016-10-10 3,859,078 1.277
2016-10-17 3,900,896 1.289
2016-10-24 3,928,593 1.298
2016-10-31 3,966,977 1.310
2016-11-07 4,007,417 1.325
2016-11-14 4,044,849 1.336
2016-11-21 4,090,463 1.353
2016-11-28 4,128,982 1.368
2016-12-05 4,150,122 1.374
2016-12-12 4,180,124 1.388
2016-12-19 4,215,130 1.403
2016-12-26 4,264,692 1.426
2017-01-02 4,313,167 1.449
2017-01-09 4,370,013 1.468
2017-01-16 4,412,616 1.481
2017-01-23 4,435,988 1.487
2017-01-30 4,497,257 1.507
2017-02-06 4,565,328 1.528
2017-02-13 4,630,694 1.546
2017-02-20 4,692,037 1.563
2017-02-27 4,738,938 1.580
2017-03-06 4,763,870 1.582
2017-03-13 4,797,089 1.592
2017-03-20 4,848,941 1.607
2017-03-27 4,872,968 1.614
2017-04-03 4,899,299 1.627
2017-04-10 4,929,269 1.638
2017-04-17 4,935,522 1.640
2017-04-24 4,967,471 1.648
2017-05-01 4,999,621 1.656
2017-05-08 5,045,945 1.670
2017-05-15 5,085,359 1.680
2017-05-22 5,118,847 1.691
2017-05-29 5,156,948 1.699
2017-06-05 5,183,607 1.703
2017-06-12 5,231,308 1.722
2017-06-19 5,507,691 1.793
2017-06-26 5,571,118 1.813
2017-07-03 5,592,312 1.820
2017-07-10 5,617,151 1.827
2017-07-17 5,653,175 1.837
2017-07-24 5,700,932 1.851
2017-07-31 5,771,722 1.873
2017-08-07 5,809,459 1.883
2017-08-14 5,836,431 1.890
2017-08-21 5,872,947 1.900
2017-08-28 5,904,417 1.911
2017-09-04 5,944,257 1.920
2017-09-11 5,977,055 1.927
2017-09-18 6,013,372 1.936
2017-09-25 6,047,315 1.945
2017-10-02 6,094,842 1.959
2017-10-09 6,129,147 1.966
2017-10-16 6,157,099 1.973
2017-10-23 6,198,152 1.986
2017-10-30 6,235,789 1.998
2017-11-06 6,271,018 2.009
2017-11-13 6,299,504 2.024
2017-11-20 6,340,142 2.037
2017-11-27 6,363,377 2.042
2017-12-04 6,390,003 2.047
2017-12-11 6,426,854 2.058
2017-12-18 6,458,112 2.071
2017-12-25 6,445,461 2.067
2018-01-01 6,443,406 2.067
2018-01-08 6,482,529 2.077
2018-01-15 6,514,604 2.087
2018-01-22 6,528,120 2.091
2018-01-29 6,564,496 2.102
2018-02-05 6,599,073 2.110
2018-02-12 6,634,101 2.116
2018-02-19 6,664,120 2.126
2018-02-26 6,654,423 2.121
2018-03-05 6,696,513 2.133
2018-03-12 6,739,825 2.141
2018-03-19 6,779,526 2.139
2018-03-26 6,814,395 2.138
2018-04-02 6,859,918 2.149
2018-04-09 6,909,496 2.162
2018-04-16 6,954,315 2.172
2018-04-23 7,006,517 2.186
2018-04-30 7,043,652 2.198
2018-05-07 7,099,084 2.216
2018-05-14 7,148,454 2.226
2018-05-21 7,207,113 2.242
2018-05-28 7,362,802 2.287
2018-06-04 7,474,019 2.319
2018-06-11 7,563,181 2.345
2018-06-18 7,608,843 2.356
2018-06-25 7,655,184 2.365
2018-07-02 7,718,513 2.374
2018-07-09 7,762,731 2.384
2018-07-16 7,834,993 2.403
2018-07-23 7,901,368 2.424
2018-07-30 7,936,604 2.435
2018-08-06 7,992,083 2.447
2018-08-13 8,051,515 2.460
2018-08-20 8,116,197 2.477
2018-08-27 8,181,685 2.495
2018-09-03 8,233,488 2.507
2018-09-10 8,281,597 2.518
2018-09-17 8,341,527 2.531
2018-09-24 8,379,509 2.538
2018-10-01 8,413,490 2.547
2018-10-08 8,461,715 2.559
2018-10-15 8,494,717 2.565
2018-10-22 8,526,445 2.569
2018-10-29 8,561,946 2.580
2018-11-05 8,599,714 2.590
2018-11-12 8,623,601 2.594
2018-11-19 8,692,707 2.610
2018-11-26 8,725,435 2.618
2018-12-03 8,761,409 2.624
2018-12-10 8,802,587 2.634
2018-12-17 8,837,849 2.642
2018-12-24 8,884,186 2.655
2018-12-31 8,967,431 2.679
2019-01-07 9,029,733 2.696
2019-01-14 9,116,113 2.717
2019-01-21 9,163,968 2.729
2019-01-28 9,212,710 2.741
2019-02-04 9,259,657 2.751
2019-02-11 9,289,395 2.757
2019-02-18 9,327,549 2.764
2019-02-25 9,367,875 2.773
2019-03-04 9,422,615 2.785
2019-03-11 9,456,622 2.792
2019-03-18 9,536,879 2.816
2019-03-25 9,582,190 2.827
2019-04-01 9,614,826 2.834
2019-04-08 9,661,770 2.843
2019-04-15 9,639,449 2.833
2019-04-22 9,663,323 2.838
2019-04-29 9,701,268 2.846
2019-05-06 9,726,091 2.852
2019-05-13 9,755,458 2.859
2019-05-20 9,771,923 2.860
2019-05-27 9,804,848 2.868
2019-06-03 9,825,872 2.872
2019-06-10 9,848,810 2.877
2019-06-17 9,874,825 2.882
2019-06-24 9,920,997 2.892
2019-07-01 9,945,591 2.895
2019-07-08 9,966,342 2.899
2019-07-15 10,009,608 2.905
2019-07-22 10,042,009 2.916
2019-07-29 10,061,628 2.919
2019-08-05 10,083,894 2.923
2019-08-12 10,118,603 2.930
2019-08-19 10,151,279 2.936
2019-08-26 10,187,533 2.944
2019-09-02 10,229,840 2.955
2019-09-09 10,258,506 2.961
2019-09-16 10,299,487 2.970
2019-09-23 10,331,298 2.976
2019-09-30 10,365,561 2.984
2019-10-07 10,405,629 2.993
2019-10-14 10,448,773 3.001
2019-10-21 10,493,553 3.012
2019-10-28 10,530,175 3.020
2019-11-04 10,573,154 3.031
2019-11-11 10,626,620 3.043
2019-11-18 10,652,831 3.050
2019-11-25 10,712,813 3.064
2019-12-02 10,771,957 3.078
2019-12-09 10,869,576 3.104
2019-12-16 10,932,699 3.120
2019-12-23 10,992,952 3.032
2019-12-30 11,024,536 3.041
2020-01-06 11,046,219 3.045
2020-01-13 11,072,583 3.049
2020-01-20 11,104,343 3.055
2020-01-27 11,121,659 3.057
2020-02-03 11,131,602 3.056
2020-02-10 11,157,317 3.059
2020-02-17 11,195,632 3.064
2020-02-24 11,232,851 3.071
2020-03-02 11,543,562 2.799
2020-03-09 11,598,986 2.804
2020-03-16 11,608,288 2.802
2020-03-23 11,614,818 2.802
2020-03-30 11,594,092 2.796
2020-04-06 11,608,284 2.798
2020-04-13 11,661,017 2.808
2020-04-20 11,777,589 2.830
2020-04-27 11,802,977 2.834
2020-05-04 11,855,622 2.845
2020-05-11 11,905,370 2.854
2020-05-18 11,925,996 2.857
2020-05-25 11,975,702 2.867
2020-06-01 12,006,857 2.871
2020-06-08 12,040,513 2.879
2020-06-15 12,088,287 2.887
2020-06-22 12,134,019 2.896
2020-06-29 12,058,454 2.948
2020-07-06 12,121,766 2.961
2020-07-13 12,181,945 2.973
2020-07-20 12,221,082 2.981
2020-07-27 12,253,014 2.987
```
### Harvard Business School
### The source of CloudFlare's delusions
![](img/harvard.gif)
- [Why entrepreneurs need to be a little delusional](https://web.archive.org/web/20210826102852/http://web.archive.org/web/20140715071656/http://poetsandquants.com/2013/11/18/qa-with-harvards-top-entrepreneurship-professor/) (2013-11-18)
```
We can tell students what the failure odds are, but it's one thing for
people to know the stats, and it's another to actually feel it's going to
be you. A lot of people think they will be that one person to beat the
odds, and I guess that's good to have that confidence. Basically we
need people to be a little delusional.
```
— Professor Tom Eisenmann, Harvard Business School
- [HBS-founded CloudFlare is Sky High](https://web.archive.org/web/20210826102852/http://web.archive.org/web/20140911104439/http://www.harbus.org/2011/cloudflare/) (2011-11-14)
```
However you describe CloudFlare, it is clearly flourishing. Since its
founding two years ago at HBS, the company's network now extends
to 15 billion page views and 350 million visitors per month, which is
more traffic than Amazon, Wikipedia and Twitter combined. 'One out
of every five people on the Internet has passed through our network
in the last month,' says Prince. 'Kind of stunning.' ... Zatlyn and Prince
cite a number of HBS influences as critical sources of support, with
Professor Eisenmann being at the top of the list. They recount how
they took his Entrepreneurship course their first year, and he then
encouraged them from their very first discussions beginning in the
lobby bar at the Sheraton in Palo Alto. 'Tom was a cheerleader from
the beginning,' says Prince. 'And he's continued to be in touch. Every
time he is out here, we see him.'
```
![](img/shelter4.gif)
---
[home page](README.md)

View File

@ -0,0 +1,424 @@
# CloudFlare nameservers
Great moments in
anti-DDoS engineering:
![](img/eggs.jpg)
These IP addresses have been static since mid-2014.
How many lines of code are required to hit this entire
list repeatedly with a huge Internet-of-Things botnet?
Not many (see footnote).
```
abby.ns.cloudflare.com 173.245.58.100
ada.ns.cloudflare.com 173.245.58.54
adam.ns.cloudflare.com 173.245.59.54
adel.ns.cloudflare.com 173.245.58.55
adi.ns.cloudflare.com 173.245.58.56
adrian.ns.cloudflare.com 173.245.58.57
aida.ns.cloudflare.com 173.245.58.58
aiden.ns.cloudflare.com 173.245.59.55
ajay.ns.cloudflare.com 173.245.59.56
alan.ns.cloudflare.com 173.245.59.57
albert.ns.cloudflare.com 173.245.59.58
alec.ns.cloudflare.com 173.245.59.59
alex.ns.cloudflare.com 173.245.59.100
alexis.ns.cloudflare.com 173.245.59.60
algin.ns.cloudflare.com 173.245.59.61
ali.ns.cloudflare.com 173.245.58.59
alice.ns.cloudflare.com 173.245.58.60
alina.ns.cloudflare.com 173.245.58.61
alla.ns.cloudflare.com 173.245.58.62
amanda.ns.cloudflare.com 173.245.58.63
amber.ns.cloudflare.com 173.245.58.64
amir.ns.cloudflare.com 173.245.59.62
amit.ns.cloudflare.com 173.245.59.63
amy.ns.cloudflare.com 173.245.58.101
andy.ns.cloudflare.com 173.245.59.101
angela.ns.cloudflare.com 173.245.58.65
anirban.ns.cloudflare.com 173.245.59.64
anna.ns.cloudflare.com 173.245.58.102
anuj.ns.cloudflare.com 173.245.59.65
apollo.ns.cloudflare.com 173.245.59.66
april.ns.cloudflare.com 173.245.58.66
ara.ns.cloudflare.com 173.245.58.67
aragorn.ns.cloudflare.com 173.245.59.67
arch.ns.cloudflare.com 173.245.59.68
aria.ns.cloudflare.com 173.245.58.68
arnold.ns.cloudflare.com 173.245.59.69
aron.ns.cloudflare.com 173.245.58.69
art.ns.cloudflare.com 173.245.59.102
arya.ns.cloudflare.com 173.245.58.70
asa.ns.cloudflare.com 173.245.58.246
ashley.ns.cloudflare.com 173.245.58.71
athena.ns.cloudflare.com 173.245.58.72
austin.ns.cloudflare.com 173.245.59.70
barbara.ns.cloudflare.com 173.245.58.248
bart.ns.cloudflare.com 173.245.59.71
bayan.ns.cloudflare.com 173.245.59.72
beau.ns.cloudflare.com 173.245.59.73
becky.ns.cloudflare.com 173.245.58.73
bella.ns.cloudflare.com 173.245.58.74
ben.ns.cloudflare.com 173.245.59.103
beth.ns.cloudflare.com 173.245.58.103
betty.ns.cloudflare.com 173.245.58.75
bill.ns.cloudflare.com 173.245.59.74
bob.ns.cloudflare.com 173.245.59.104
bonnie.ns.cloudflare.com 173.245.58.76
boyd.ns.cloudflare.com 173.245.59.75
brad.ns.cloudflare.com 173.245.59.105
brenda.ns.cloudflare.com 173.245.58.77
brett.ns.cloudflare.com 173.245.59.76
brianna.ns.cloudflare.com 173.245.58.245
brit.ns.cloudflare.com 173.245.58.78
bruce.ns.cloudflare.com 173.245.59.77
buck.ns.cloudflare.com 173.245.59.78
burt.ns.cloudflare.com 173.245.59.79
candy.ns.cloudflare.com 173.245.58.79
carl.ns.cloudflare.com 173.245.59.106
carol.ns.cloudflare.com 173.245.58.80
carter.ns.cloudflare.com 173.245.59.80
cash.ns.cloudflare.com 173.245.59.81
cass.ns.cloudflare.com 173.245.58.81
chad.ns.cloudflare.com 173.245.59.82
chan.ns.cloudflare.com 173.245.58.82
charles.ns.cloudflare.com 173.245.59.83
cheryl.ns.cloudflare.com 173.245.58.83
chin.ns.cloudflare.com 173.245.58.84
chip.ns.cloudflare.com 173.245.59.84
chloe.ns.cloudflare.com 173.245.58.85
chris.ns.cloudflare.com 173.245.59.85
chuck.ns.cloudflare.com 173.245.59.86
clark.ns.cloudflare.com 173.245.59.87
clay.ns.cloudflare.com 173.245.59.88
cleo.ns.cloudflare.com 173.245.59.89
clint.ns.cloudflare.com 173.245.59.90
cloe.ns.cloudflare.com 173.245.58.86
clyde.ns.cloudflare.com 173.245.59.91
coby.ns.cloudflare.com 173.245.59.92
coco.ns.cloudflare.com 173.245.58.104
cody.ns.cloudflare.com 173.245.59.107
connie.ns.cloudflare.com 173.245.58.247
cortney.ns.cloudflare.com 173.245.58.87
cory.ns.cloudflare.com 173.245.59.93
cruz.ns.cloudflare.com 173.245.58.88
curt.ns.cloudflare.com 173.245.59.94
dahlia.ns.cloudflare.com 173.245.58.89
daisy.ns.cloudflare.com 173.245.58.90
dale.ns.cloudflare.com 173.245.59.95
damon.ns.cloudflare.com 173.245.59.96
dan.ns.cloudflare.com 173.245.59.108
dana.ns.cloudflare.com 173.245.58.105
dane.ns.cloudflare.com 173.245.59.97
dara.ns.cloudflare.com 173.245.58.91
darl.ns.cloudflare.com 173.245.59.98
darwin.ns.cloudflare.com 173.245.59.151
dave.ns.cloudflare.com 173.245.59.109
david.ns.cloudflare.com 173.245.59.152
dawn.ns.cloudflare.com 173.245.58.106
dean.ns.cloudflare.com 173.245.59.153
deb.ns.cloudflare.com 173.245.58.92
dee.ns.cloudflare.com 173.245.58.93
dell.ns.cloudflare.com 173.245.58.94
demi.ns.cloudflare.com 173.245.58.95
derek.ns.cloudflare.com 173.245.59.154
desi.ns.cloudflare.com 173.245.58.96
dilbert.ns.cloudflare.com 173.245.59.155
dina.ns.cloudflare.com 173.245.58.107
dion.ns.cloudflare.com 173.245.59.156
diva.ns.cloudflare.com 173.245.58.97
dolly.ns.cloudflare.com 173.245.58.98
dom.ns.cloudflare.com 173.245.59.157
donald.ns.cloudflare.com 173.245.59.158
donna.ns.cloudflare.com 173.245.58.151
dora.ns.cloudflare.com 173.245.58.108
dorthy.ns.cloudflare.com 173.245.58.249
doug.ns.cloudflare.com 173.245.59.159
drew.ns.cloudflare.com 173.245.59.160
duke.ns.cloudflare.com 173.245.59.110
earl.ns.cloudflare.com 173.245.59.161
ed.ns.cloudflare.com 173.245.59.111
edna.ns.cloudflare.com 173.245.58.109
elaine.ns.cloudflare.com 173.245.58.152
elinore.ns.cloudflare.com 173.245.58.153
elle.ns.cloudflare.com 173.245.58.110
elliot.ns.cloudflare.com 173.245.59.162
elma.ns.cloudflare.com 173.245.58.154
elmo.ns.cloudflare.com 173.245.59.163
elsa.ns.cloudflare.com 173.245.58.111
emily.ns.cloudflare.com 173.245.58.155
emma.ns.cloudflare.com 173.245.58.112
eric.ns.cloudflare.com 173.245.59.112
erin.ns.cloudflare.com 173.245.58.113
ernest.ns.cloudflare.com 173.245.59.164
etta.ns.cloudflare.com 173.245.58.156
eva.ns.cloudflare.com 173.245.58.114
evan.ns.cloudflare.com 173.245.59.165
fay.ns.cloudflare.com 173.245.58.115
fiona.ns.cloudflare.com 173.245.58.157
frank.ns.cloudflare.com 173.245.59.166
fred.ns.cloudflare.com 173.245.59.113
gabe.ns.cloudflare.com 173.245.59.114
gail.ns.cloudflare.com 173.245.58.116
gene.ns.cloudflare.com 173.245.58.158
george.ns.cloudflare.com 173.245.59.167
gerald.ns.cloudflare.com 173.245.59.168
gina.ns.cloudflare.com 173.245.58.117
glen.ns.cloudflare.com 173.245.59.169
gordon.ns.cloudflare.com 173.245.59.170
grace.ns.cloudflare.com 173.245.58.159
graham.ns.cloudflare.com 173.245.59.171
greg.ns.cloudflare.com 173.245.59.115
guss.ns.cloudflare.com 173.245.59.172
guy.ns.cloudflare.com 173.245.59.173
gwen.ns.cloudflare.com 173.245.58.160
hal.ns.cloudflare.com 173.245.59.174
hank.ns.cloudflare.com 173.245.59.116
hans.ns.cloudflare.com 173.245.59.175
heather.ns.cloudflare.com 173.245.58.161
henry.ns.cloudflare.com 173.245.59.176
hera.ns.cloudflare.com 173.245.58.162
hope.ns.cloudflare.com 173.245.58.163
hugh.ns.cloudflare.com 173.245.59.117
ian.ns.cloudflare.com 173.245.59.118
igor.ns.cloudflare.com 173.245.59.119
ines.ns.cloudflare.com 173.245.58.164
ingrid.ns.cloudflare.com 173.245.58.165
iris.ns.cloudflare.com 173.245.58.118
irma.ns.cloudflare.com 173.245.58.166
isaac.ns.cloudflare.com 173.245.59.177
isla.ns.cloudflare.com 173.245.58.119
ivan.ns.cloudflare.com 173.245.59.120
ivy.ns.cloudflare.com 173.245.58.120
jack.ns.cloudflare.com 173.245.59.121
jade.ns.cloudflare.com 173.245.58.167
jake.ns.cloudflare.com 173.245.59.122
james.ns.cloudflare.com 173.245.59.178
jamie.ns.cloudflare.com 173.245.58.168
janet.ns.cloudflare.com 173.245.58.169
jasmine.ns.cloudflare.com 173.245.58.170
jason.ns.cloudflare.com 173.245.59.179
jay.ns.cloudflare.com 173.245.59.123
jean.ns.cloudflare.com 173.245.58.121
jeff.ns.cloudflare.com 173.245.59.124
jeremy.ns.cloudflare.com 173.245.59.180
jerome.ns.cloudflare.com 173.245.59.181
jerry.ns.cloudflare.com 173.245.59.182
jessica.ns.cloudflare.com 173.245.58.171
jill.ns.cloudflare.com 173.245.58.122
jim.ns.cloudflare.com 173.245.59.125
jo.ns.cloudflare.com 173.245.58.172
joan.ns.cloudflare.com 173.245.58.173
jobs.ns.cloudflare.com 173.245.59.183
jocelyn.ns.cloudflare.com 173.245.58.174
joel.ns.cloudflare.com 173.245.59.184
john.ns.cloudflare.com 173.245.59.185
jonah.ns.cloudflare.com 173.245.59.186
josh.ns.cloudflare.com 173.245.59.126
jule.ns.cloudflare.com 173.245.58.175
june.ns.cloudflare.com 173.245.58.176
justin.ns.cloudflare.com 173.245.59.187
kai.ns.cloudflare.com 173.245.59.188
kami.ns.cloudflare.com 173.245.58.177
kanye.ns.cloudflare.com 173.245.59.189
kara.ns.cloudflare.com 173.245.58.123
karina.ns.cloudflare.com 173.245.58.178
karl.ns.cloudflare.com 173.245.59.190
kate.ns.cloudflare.com 173.245.58.124
kay.ns.cloudflare.com 173.245.58.125
ken.ns.cloudflare.com 173.245.59.127
kevin.ns.cloudflare.com 173.245.59.191
kia.ns.cloudflare.com 173.245.58.179
kiki.ns.cloudflare.com 173.245.58.180
kim.ns.cloudflare.com 173.245.58.126
kip.ns.cloudflare.com 173.245.59.128
kirk.ns.cloudflare.com 173.245.59.192
kristin.ns.cloudflare.com 173.245.58.181
kurt.ns.cloudflare.com 173.245.59.193
lady.ns.cloudflare.com 173.245.58.127
lakas.ns.cloudflare.com 173.245.59.194
lana.ns.cloudflare.com 173.245.58.182
lara.ns.cloudflare.com 173.245.58.128
lars.ns.cloudflare.com 173.245.59.195
laura.ns.cloudflare.com 173.245.58.183
leah.ns.cloudflare.com 173.245.58.129
lee.ns.cloudflare.com 173.245.59.129
leia.ns.cloudflare.com 173.245.58.184
lex.ns.cloudflare.com 173.245.59.196
lia.ns.cloudflare.com 173.245.58.185
lila.ns.cloudflare.com 173.245.58.186
lily.ns.cloudflare.com 173.245.58.130
lina.ns.cloudflare.com 173.245.58.187
linda.ns.cloudflare.com 173.245.58.250
lisa.ns.cloudflare.com 173.245.58.131
liv.ns.cloudflare.com 173.245.58.188
liz.ns.cloudflare.com 173.245.58.189
lloyd.ns.cloudflare.com 173.245.59.197
logan.ns.cloudflare.com 173.245.59.198
lola.ns.cloudflare.com 173.245.58.132
lorna.ns.cloudflare.com 173.245.58.190
lou.ns.cloudflare.com 173.245.59.199
lucy.ns.cloudflare.com 173.245.58.133
luke.ns.cloudflare.com 173.245.59.200
lynn.ns.cloudflare.com 173.245.59.201
major.ns.cloudflare.com 173.245.59.241
marek.ns.cloudflare.com 173.245.59.202
marge.ns.cloudflare.com 173.245.58.191
maria.ns.cloudflare.com 173.245.58.192
mario.ns.cloudflare.com 173.245.59.203
marjory.ns.cloudflare.com 173.245.58.193
mark.ns.cloudflare.com 173.245.59.130
marty.ns.cloudflare.com 173.245.59.204
mary.ns.cloudflare.com 173.245.58.134
matt.ns.cloudflare.com 173.245.59.131
max.ns.cloudflare.com 173.245.59.132
may.ns.cloudflare.com 173.245.58.135
maya.ns.cloudflare.com 173.245.58.194
meera.ns.cloudflare.com 173.245.58.195
meg.ns.cloudflare.com 173.245.58.196
megan.ns.cloudflare.com 173.245.58.197
melinda.ns.cloudflare.com 173.245.58.198
melissa.ns.cloudflare.com 173.245.58.199
merlin.ns.cloudflare.com 173.245.59.205
mia.ns.cloudflare.com 173.245.58.200
micah.ns.cloudflare.com 173.245.59.206
michelle.ns.cloudflare.com 173.245.58.201
miki.ns.cloudflare.com 173.245.58.202
miles.ns.cloudflare.com 173.245.59.207
mimi.ns.cloudflare.com 173.245.58.203
mira.ns.cloudflare.com 173.245.58.204
mitch.ns.cloudflare.com 173.245.59.208
molly.ns.cloudflare.com 173.245.58.205
mona.ns.cloudflare.com 173.245.58.206
nadia.ns.cloudflare.com 173.245.58.207
naomi.ns.cloudflare.com 173.245.58.208
nash.ns.cloudflare.com 173.245.59.209
ned.ns.cloudflare.com 173.245.59.210
neil.ns.cloudflare.com 173.245.59.211
nelly.ns.cloudflare.com 173.245.58.209
newt.ns.cloudflare.com 173.245.59.212
nia.ns.cloudflare.com 173.245.58.210
nick.ns.cloudflare.com 173.245.59.213
nicole.ns.cloudflare.com 173.245.58.211
nile.ns.cloudflare.com 173.245.59.214
nina.ns.cloudflare.com 173.245.58.136
nitin.ns.cloudflare.com 173.245.59.215
noah.ns.cloudflare.com 173.245.59.133
noel.ns.cloudflare.com 173.245.59.216
nola.ns.cloudflare.com 173.245.58.212
nora.ns.cloudflare.com 173.245.58.213
norm.ns.cloudflare.com 173.245.59.134
norman.ns.cloudflare.com 173.245.59.217
olga.ns.cloudflare.com 173.245.58.137
oswald.ns.cloudflare.com 173.245.59.218
owen.ns.cloudflare.com 173.245.59.219
pablo.ns.cloudflare.com 173.245.59.220
pam.ns.cloudflare.com 173.245.58.138
pat.ns.cloudflare.com 173.245.58.139
paul.ns.cloudflare.com 173.245.59.135
pete.ns.cloudflare.com 173.245.59.136
peyton.ns.cloudflare.com 173.245.59.221
phil.ns.cloudflare.com 173.245.59.137
piotr.ns.cloudflare.com 173.245.59.222
plato.ns.cloudflare.com 173.245.59.223
pola.ns.cloudflare.com 173.245.58.214
rachel.ns.cloudflare.com 173.245.58.215
rafe.ns.cloudflare.com 173.245.58.216
rajeev.ns.cloudflare.com 173.245.59.224
ram.ns.cloudflare.com 173.245.59.225
ray.ns.cloudflare.com 173.245.59.138
reza.ns.cloudflare.com 173.245.58.217
rick.ns.cloudflare.com 173.245.59.139
rihana.ns.cloudflare.com 173.245.58.244
rita.ns.cloudflare.com 173.245.58.140
roan.ns.cloudflare.com 173.245.59.226
rob.ns.cloudflare.com 173.245.59.140
robin.ns.cloudflare.com 173.245.58.218
rocky.ns.cloudflare.com 173.245.59.227
rodney.ns.cloudflare.com 173.245.59.228
rosa.ns.cloudflare.com 173.245.58.228
rose.ns.cloudflare.com 173.245.58.141
roxy.ns.cloudflare.com 173.245.58.142
rudy.ns.cloudflare.com 173.245.59.229
ruth.ns.cloudflare.com 173.245.58.143
sam.ns.cloudflare.com 173.245.59.141
sandy.ns.cloudflare.com 173.245.58.219
sara.ns.cloudflare.com 173.245.58.144
scott.ns.cloudflare.com 173.245.59.230
sean.ns.cloudflare.com 173.245.59.231
serena.ns.cloudflare.com 173.245.58.220
seth.ns.cloudflare.com 173.245.59.142
sharon.ns.cloudflare.com 173.245.58.221
sid.ns.cloudflare.com 173.245.59.143
sima.ns.cloudflare.com 173.245.58.222
simon.ns.cloudflare.com 173.245.59.232
skip.ns.cloudflare.com 173.245.59.233
sofia.ns.cloudflare.com 173.245.58.223
sri.ns.cloudflare.com 173.245.59.234
stan.ns.cloudflare.com 173.245.59.235
sue.ns.cloudflare.com 173.245.58.145
tani.ns.cloudflare.com 173.245.58.224
tara.ns.cloudflare.com 173.245.58.225
tegan.ns.cloudflare.com 173.245.58.226
terin.ns.cloudflare.com 173.245.59.236
terry.ns.cloudflare.com 173.245.59.237
tess.ns.cloudflare.com 173.245.58.227
theo.ns.cloudflare.com 173.245.59.144
thomas.ns.cloudflare.com 173.245.59.238
tia.ns.cloudflare.com 173.245.58.229
tim.ns.cloudflare.com 173.245.59.145
tina.ns.cloudflare.com 173.245.58.230
toby.ns.cloudflare.com 173.245.59.239
todd.ns.cloudflare.com 173.245.59.146
tom.ns.cloudflare.com 173.245.59.147
tony.ns.cloudflare.com 173.245.59.240
tori.ns.cloudflare.com 173.245.58.231
trey.ns.cloudflare.com 173.245.59.242
tricia.ns.cloudflare.com 173.245.58.232
ulla.ns.cloudflare.com 173.245.58.233
uma.ns.cloudflare.com 173.245.58.146
val.ns.cloudflare.com 173.245.58.234
venus.ns.cloudflare.com 173.245.58.235
vera.ns.cloudflare.com 173.245.58.147
vern.ns.cloudflare.com 173.245.59.243
vick.ns.cloudflare.com 173.245.59.244
vida.ns.cloudflare.com 173.245.58.236
vin.ns.cloudflare.com 173.245.59.245
violet.ns.cloudflare.com 173.245.58.237
vita.ns.cloudflare.com 173.245.58.238
wally.ns.cloudflare.com 173.245.58.239
walt.ns.cloudflare.com 173.245.59.148
wanda.ns.cloudflare.com 173.245.58.240
wesley.ns.cloudflare.com 173.245.59.246
west.ns.cloudflare.com 173.245.59.247
will.ns.cloudflare.com 173.245.59.149
woz.ns.cloudflare.com 173.245.59.150
yichun.ns.cloudflare.com 173.245.59.248
yolanda.ns.cloudflare.com 173.245.58.241
zara.ns.cloudflare.com 173.245.58.148
zelda.ns.cloudflare.com 173.245.58.242
zeus.ns.cloudflare.com 173.245.59.249
zita.ns.cloudflare.com 173.245.58.243
zod.ns.cloudflare.com 173.245.59.250
zoe.ns.cloudflare.com 173.245.58.149
```
```
The third quad is 58 or 59, and the
fourth quad is between 54 and 250.
Now put them together:
quad4 = quad4 + 1
if quad4 > 250
{
quad4 = 54
if quad3 == 58 then quad3 = 59 else quad3 = 58
}
```
---
[home](README.md)

12
subfiles/classics/cfs.md Normal file
View File

@ -0,0 +1,12 @@
# Uncovering bad guys hiding behind CloudFlare
We believe in privacy for passive users of the web. But publishers on the web, as opposed to passive users who merely read pages, should be accountable. All CloudFlare customers are publishers, and many use CloudFlare because it encourages them to hide their original IP address. When they receive abuse complaints, CloudFlare resorts to diversions to pretend that they are acting responsibly — assuming that they respond at all. A refusal to embrace web accountability leads to cybercrime. That's why we use the term "CrimeFlare" to describe this company.
There are sites on the web that specialize in collecting registration and nameserver data. Several are serious research sites, while the rest are sites claiming that various domain names are worth big bucks in potential ad revenue, based on their traffic. Customers must change the nameservers on their registration in order to use most services. Each customer's domain is assigned two nameservers. This makes it easier to verify which domains depend on CloudFlare, and helps us keep our domain lists relatively current.
![](img/adman2.gif)
---
[home](README.md)

View File

@ -0,0 +1,26 @@
# Some domains that recently used CloudFlare
### "Protecting our customers from bad guys..."
Do these domains deserve CloudFlare's protection?
Perhaps we all need to be protected from CloudFlare!
![](img/skull.jpg)
![](img/cfhacker.jpg)
![](img/maskguy.gif)
![](img/rstress.jpg)
![](img/lulzsec.jpg)
![](img/warez.jpg)
![](img/badge1.gif)
![](img/proxies.gif)
---
[home page](README.md)

View File

@ -0,0 +1,38 @@
"In other words, nothing can be done about the ISIS sites, carders, booters, gamblers,
escorts, phishers, malware, and copyright infringers that CloudFlare protects."
# CloudFlare's half-baked SSL: suspicious sockets layer
> October 2013
> updated: March 18, 2020
We were inspired to collect the data on this page after reading this report: [Phishers using CloudFlare for SSL](https://web.archive.org/web/20210824200208/http://news.netcraft.com/archives/2013/10/07/phishers-using-cloudflare-for-ssl.html). Also see this [technical analysis](file/httpsincdn.pdf) (PDF, 545 KB) on the use of SSL by CloudFlare and similar services. The CloudFlare certificates we found all had the common name in the same style as the "ssl2796.cloudflare.com" shown in that Netcraft report. The "ssl2796" in the name is a CloudFlare tracking ID in the 49,541 root domains we found that use "standard" (not "universal") CloudFlare certificates. Every root domain also has a subdomain wildcard line (*.example.com), which we deleted to save space.
![](img/nsa7.png)
We compiled this list by attempting a handshake with the CloudFlare domains in our database. The "standard" certificates on this page (with "ssl" in front of the number instead of "sni") mean that the domain has a paid account at CloudFlare. Paid accounts make up about five percent of the domains that use CloudFlare, according to [news reports](https://web.archive.org/web/20210824200208/http://web.archive.org/web/20160310090126/http://www.cnbc.com/2014/12/22/cloudflare-to-open-a-data-center-a-week-in-2015.html). It's all a marketing effort anyway, whether paid or free. There is no such thing as "secure" SSL when you have potential Men-In-The-Middle at scores of data centers around the world. Local authorities could be sniffing the plaintext available at these data centers, and CloudFlare wouldn't have a clue. (Their "data centers" are typically a rack or two of equipment that CloudFlare ships to a real data center, along with installation instructions.) We asked CloudFlare to confirm that sniffing is possible at these so-called "data centers," but they didn't respond. By now we're wondering if there's a plaintext Ethernet port at the back of their equipment rack that makes interception easy and convenient. If so, it would make no difference whether the origin server has its own certificate.
![](img/sniff2.gif)
CloudFlare may claim that there is no way plaintext can be accessed from their equipment racks, despite the fact that some sort of decrypt and re-encrypt must occur there due to the nature of their role as a CDN. After all, CloudFlare has engineers who come up with clever techniques to enhance SSL. But imagine that you are a government regulator in a country where a big ISP hosts a CloudFlare "data center." Your job is to consider the Internet in terms of public safety and current laws, and you go to that ISP with a list of CloudFlare-user domains you want blocked. The ISP replies that everything is encrypted, and CloudFlare traffic cannot be intercepted. In other words, nothing can be done about the ISIS sites, carders, booters, gamblers, escorts, phishers, malware, and copyright infringers that CloudFlare protects. How would you respond? It's fairly obvious — you ask this ISP to block the CloudFlare IP addresses used by the offending domains. If those IPs change, then block CloudFlare's entire IP space, and continue to monitor the situation. If CloudFlare's traffic still gets through, you ask the ISP to pull the plug on CloudFlare's racks. This is why CloudFlare will add a plaintext port to their own hardware someday, if they haven't already.
The CloudFlare certificates below encrypt the traffic only between the browser and CloudFlare. The traffic between the original web server and CloudFlare remains unencrypted unless the web server owner has his own certificate installed on his machine. Almost everyone who browses a https domain reached from CloudFlare is unaware that just half of the route is encrypted. When they see the padlock on their screen, they feel that everything is safe. This is why phishers love CloudFlare's SSL. It's easy to use for a cybercriminal with numerous domains hidden behind the privacy services of various registrars. Moreover, the subdomain wildcard option on each domain is handy for obscuring a URL in a phishing email.
Suppose that grandpa, age 90, gets an official-looking email that advises him to immediately change his password. He clicks on the URL in the email and ends up at bankofamerica.q4.es. This page is an excellent imitation of the Bank of America pages he remembers, and there is also that nice little SSL padlock in the corner of the address bar. Would he fill out the form? Probably, because he doesn't realize that he's at a subdomain of q4.es and is entering his old and new password into a fake page for the benefit of a phisher.
![](img/phish1.gif)
As if the "standard" certificates aren't enough of a problem, there are also over four million "universal" certificates that present bigger problems. All you need for a free CloudFlare account is a domain and an email address. Little countries and even some little islands all have their own top-level domain these days. Rich people can buy a generic top-level domain. Many registrars around the world are pleased to sell these ccTLD and gTLD registrations. It's a cash cow for everyone, but especially for bad guys. The same situation exists for anyone who needs a throwaway email address that's nearly impossible to trace.
Now add CloudFlare's free fly-by-night "universal" SSL. When you email CloudFlare to open your new account, they ask for your domain. Then they scrape your zone file from whatever dubious nameservers are listed at your dubious registrar. Without asking, they assign you a dubious "universal" SSL certificate. All of these "universal" certificates include that magical wildcard subdomain that invites so much mischief. Some critics are referring to these CloudFlare certificates as "fraudulent" because the domain ownership validation (a necessary component of the SSL standard) is achieved only from CloudFlare's initial access to the zone file.
With the paid accounts, there are payment records associated with a CloudFlare customer. But with free CloudFlare accounts, everything is too easy for bad guys, and the information about who's really behind a domain is frequently beyond the reach of law enforcement. The problem is that Silicon Valley is too self-serving. After the embarrassing NSA leaks, Google declared that everyone should look for a little padlock on their screen when they visit a website. Even your cat pictures should sport a little padlock these days! Now CloudFlare comes along and hopes to pave their way toward an IPO by giving away more free padlocks than anyone else. But by now the padlocks are almost meaningless. The NSA probably finds this amusing.
![](img/nsa5.gif)
![](img/kiddie.gif)
---
[home](README.md)

View File

@ -0,0 +1,44 @@
Anyone who knew anything about CloudFlare found their original Terms of Service to be unintentionally comical. The section below is preserved for your amusement. It came from CloudFlare's Terms of Service before before it was [changed](https://web.archive.org/web/20210826102411/https://www.cloudflare.com/terms) on 2012-08-20:
```
SECTION 11: PROHIBITED USES
You shall not post, transmit, retransmit, cache, or store material on or through CloudFlare's Service which, in the sole judgment of CloudFlare (a) is in violation of any local, state, federal, or foreign law or regulation, (b) is threatening, obscene, indecent, defamatory, or that otherwise could adversely affect any individual, group, or entity (collectively, "Persons"), or (c) violates the rights of any Person, including rights protected by copyright, trade secret, patent, or other intellectual property or similar laws or regulations including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for Your use. You agree that you will NOT knowingly use the Service, among other things, to:
```
![](img/tweetie.gif) ![](img/laughing.gif)
```
1. upload, post, transmit, or otherwise make available any content that is unlawful, harmful, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, libelous, invasive of another's privacy, hateful, or racially, ethnically, or otherwise objectionable;
2. harm minors in any way;
3. impersonate any person or entity, including but not limited to a CloudFlare official, forum leader, guide, or host, or falsely state or otherwise misrepresent your affiliation with a person or entity;
4. forge headers or otherwise manipulate identifiers in order to disguise the origin of any content transmitted through the Service;
5. upload, post, transmit, or otherwise make available any content that You do not have a right to make available under any law or under contractual or fiduciary relationships (such as inside information, proprietary, and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements);
6. upload, post, transmit, or otherwise make available any content that infringes any patent, trademark, trade secret, copyright, or other proprietary rights of any party;
7. upload, post, transmit, or otherwise make available any unsolicited or unauthorized advertising, promotional materials, "junk mail," "spam," "chain letters," "pyramid schemes," or the like;
8. upload, post, transmit, or otherwise make available any material that contains software viruses or any other computer code, files, or programs designed to interrupt, destroy, or limit the functionality of any computer software or hardware or telecommunications equipment;
9. interfere with or disrupt the Service or servers or networks connected to the Service, or disobey any requirements, procedures, policies, or regulations of networks connected to the Service;
10. intentionally or unintentionally violate, attempt to violate, or avoid any applicable ICANN regulation or policy;
11. intentionally or unintentionally violate any applicable local, state, national or international law, including, but not limited to, regulations promulgated by the U.S. Securities and Exchange Commission, any rules of any national or other securities exchange, including, without limitation, the New York Stock Exchange, the American Stock Exchange, or the NASDAQ, and any regulations having the force of law;
12. provide material support or resources (or to conceal or disguise the nature, location, source, or ownership of material support or resources) to any organization(s) designated by the United States government as a foreign terrorist organization pursuant to section 219 of the Immigration and Nationality Act;
13. "stalk" or otherwise harass another; or
14. promote or provide instructional information about illegal activities, promote physical harm or injury against any group or individual, or promote any act of cruelty to animals. This may include, but is not limited to, providing instructions on how to assemble bombs, grenades, and other weapons, and creating "Crush" sites.
```
---
[home page](README.md)

View File

@ -0,0 +1,200 @@
# Where in the world are those CloudFlare domains?
This site has recorded 2,608,730 direct-connect IP addresses of domains that used CloudFlare's nameservers since August 2012. Some of these domains no longer use CloudFlare, and others have shown various IPs over time. If a domain still uses CloudFlare, our [domain search box](cfs.md) displays dates when IP information was captured.
The countries below are preceded by the percentage of the domains in our database that geolocate to that country, based on an IP address lookup. By clicking on this percentage, you get a breakdown of the /24 netblocks of CloudFlare domains for that country, preceded by a count of those domains. Then by clicking on that number, you see the actual domains behind the count.
![](img/geoip.gif)
A /24 netblock is a set of IP addresses with identical numbers in the first three quads, and numbers from 0 to 255 in the fourth quad. This was once the smallest unit of address space that was allocated to applicants such as hosting providers. In recent years, however, IP address space has become fragmented because IPv4 addresses are in short supply.
```
50.708 UNITED STATES
7.004 GERMANY
4.517 UNITED KINGDOM
4.140 NETHERLANDS
3.692 HONG KONG
3.377 FRANCE
3.061 CANADA
2.591 CHINA
2.588 AUSTRALIA
2.573 IRELAND
2.212 SINGAPORE
1.368 JAPAN
1.225 RUSSIA
0.582 POLAND
0.571 BRAZIL
0.565 VIET NAM
0.545 INDIA
0.534 TAIWAN
0.500 ITALY
0.476 TURKEY
0.408 SPAIN
0.406 MALAYSIA
0.405 SWEDEN
0.377 KOREA, SOUTH
0.358 FINLAND
0.357 BELGIUM
0.290 UKRAINE
0.275 ROMANIA
0.269 INDONESIA
0.243 SOUTH AFRICA
0.238 THAILAND
0.223 SWITZERLAND
0.200 CZECHIA
0.193 DENMARK
0.171 BULGARIA
0.153 PORTUGAL
0.150 HUNGARY
0.141 NEW ZEALAND
0.138 ISRAEL
0.134 IRAN
0.129 LITHUANIA
0.079 GREECE
0.072 NORWAY
0.070 ARGENTINA
0.066 LATVIA
0.065 AUSTRIA
0.057 LUXEMBOURG
0.054 CHILE
0.052 SLOVENIA
0.047 CROATIA
0.041 SLOVAKIA
0.040 ESTONIA
0.035 KAZAKHSTAN
0.032 SEYCHELLES
0.024 CYPRUS
0.023 BELIZE
0.020 PHILIPPINES
0.020 MOLDOVA
0.020 MEXICO
0.019 BELARUS
0.018 VIRGIN ISLANDS, BRITISH
0.018 ICELAND
0.018 COSTA RICA
0.015 SERBIA
0.014 UNITED ARAB EMIRATES
0.014 SAUDI ARABIA
0.012 COLOMBIA
0.010 NEPAL
0.010 MOROCCO
0.009 MALTA
0.009 GEORGIA
0.009 BANGLADESH
0.008 PANAMA
0.008 PAKISTAN
0.008 ISLE OF MAN
0.008 ARMENIA
0.007 EGYPT
0.007 BAHRAIN
0.007 AZERBAIJAN
0.006 URUGUAY
0.005 MACAO
0.005 CAMBODIA
0.004 VENEZUELA
0.004 UZBEKISTAN
0.004 NORTH MACEDONIA
0.003 SRI LANKA
0.003 PUERTO RICO
0.003 JORDAN
0.003 GUATEMALA
0.003 ECUADOR
0.003 CURACAO
0.003 CAYMAN ISLANDS
0.003 BOSNIA AND HERZEGOVINA
0.002 TUNISIA
0.002 PERU
0.002 PALESTINIAN TERRITORY
0.002 MAURITIUS
0.002 KYRGYZSTAN
0.002 KENYA
0.002 GUERNSEY
0.002 DOMINICAN REPUBLIC
0.002 BRUNEI DARUSSALAM
0.002 ALBANIA
0.001 TRINIDAD AND TOBAGO
0.001 SURINAME
0.001 QATAR
0.001 PARAGUAY
0.001 OMAN
0.001 NIGERIA
0.001 NICARAGUA
0.001 NEW CALEDONIA
0.001 MYANMAR
0.001 MONTENEGRO
0.001 MONGOLIA
0.001 MALDIVES
0.001 LEBANON
0.001 JAMAICA
0.001 IRAQ
0.001 HAITI
0.001 GIBRALTAR
0.001 DOMINICA
0.001 BOTSWANA
0.001 BAHAMAS
0.000 ZIMBABWE
0.000 ZAMBIA
0.000 VIRGIN ISLANDS, U.S.
0.000 VANUATU
0.000 UGANDA
0.000 TURKMENISTAN
0.000 TOGO
0.000 TANZANIA
0.000 TAJIKISTAN
0.000 SYRIAN ARAB REPUBLIC
0.000 SAN MARINO
0.000 SAMOA
0.000 SAINT VINCENT AND GRENADINES
0.000 SAINT MARTIN (FRENCH PART)
0.000 SAINT KITTS AND NEVIS
0.000 SAINT BARTHELEMY
0.000 RWANDA
0.000 REUNION
0.000 PAPUA NEW GUINEA
0.000 NORTHERN MARIANA ISLANDS
0.000 NAMIBIA
0.000 MOZAMBIQUE
0.000 MONACO
0.000 MARSHALL ISLANDS
0.000 MALI
0.000 MALAWI
0.000 MADAGASCAR
0.000 LIECHTENSTEIN
0.000 LIBYA
0.000 LAOS
0.000 KUWAIT
0.000 KOREA, NORTH
0.000 JERSEY
0.000 HONDURAS
0.000 GUINEA
0.000 GUAM
0.000 GREENLAND
0.000 GHANA
0.000 FRENCH POLYNESIA
0.000 FIJI
0.000 FAROE ISLANDS
0.000 ETHIOPIA
0.000 EL SALVADOR
0.000 CUBA
0.000 COTE D'IVOIRE
0.000 COOK ISLANDS
0.000 CONGO, DEMOCRATIC REPUBLIC
0.000 CAMEROON
0.000 BONAIRE
0.000 BOLIVIA
0.000 BERMUDA
0.000 BENIN
0.000 BARBADOS
0.000 ANTIGUA AND BARBUDA
0.000 ANGOLA
0.000 ANDORRA
0.000 ALGERIA
0.000 ALAND ISLANDS
0.000 AFGHANISTAN
```
---
[home page](README.md)

View File

@ -0,0 +1,26 @@
## Dear Damon Billian: We're not as stupid as you think!
_Please stop your insulting comments on forums_
![](img/billian.jpg)
CloudFlare is hosting the DNS lookups for their customers by providing the nameservers. The entire point of DMCA and other laws concerning content on the web is to provide due process toward removing the offending content from the Internet, so that it cannot be seen by the public. If CloudFlare deleted the nameserver records for the offending domain, it would effectively be removed from the web. The content would be unreachable within a matter of minutes.
Stop insulting us, Mr. Billian. Obviously it wouldn't affect the existence of that content on the original server. It is also true that if the owner of that server tossed his box into a dumpster, the content would still be on that server. This is utterly irrelevant.
The point is this: **it would be gone from the web**. Yes, the owner can change the authoritative nameservers to a non-Cloudflare DNS provider through his registrar, and the content would again be available on the web. But if that happened we would be one step closer to identifying the owner. This owner is probably using CloudFlare because you are hiding his identity. Chances are that he would remove the offending content himself before exposing information that could reveal his identity.
![](img/mit53.gif)
When you write that you "respond to valid DMCA complaints with who the hosting provider is to people that file a valid DMCA complaint," you are being disingenuous. Your DMCA form is carefully designed to obstruct complaints. On those rare occasions when a complaint arrives despite this, you respond with the netname and not the IP address. In every case we've seen, the netname is not specific enough to identify the box that is hosting the content. This means that the information you provide is often useless.
![](img/damon.gif)
![](img/justin.png)
---
[home page](README.md)

Binary file not shown.

View File

@ -0,0 +1,33 @@
## A quotation from CEO Matthew Prince
( from the University of [Chicago law school journal](https://web.archive.org/web/20210826102142/https://web.archive.org/web/20170217121944/http://www.law.uchicago.edu/alumni/accoladesandachievements/matthew-prince-00-discusses-cloudflare-cloud-computing-journal) )
![](img/spy.gif) ![](img/honey3.jpg)
```
Back in 2003, Lee Holloway and I started Project Honey Pot as an open-source project to track online fraud and abuse. The Project allowed anyone with a website to install a piece of code and track hackers and spammers. We ran it as a hobby and didn't think much about it until, in 2008, the Department of Homeland Security called and said, 'Do you have any idea how valuable the data you have is?' That started us thinking about how we could effectively deploy the data from Project Honey Pot, as well as other sources, in order to protect websites online. That turned into the initial impetus for CloudFlare.
```
When you fetch a page from a website that is served from CloudFlare, Javascript has been injected on-the-fly into that page by CloudFlare, and they also plant a cookie that brands your browser with a globally-unique ID. This happens even if the website is using SSL and shows a cute little padlock in your browser. In fact, their entire approach to SSL appears to be a cynical marketing effort — it has a [man-in-the-middle problem](cfssl.md) that cannot be resolved.
![](img/hivemind.jpg)
We don't know if CloudFlare is tracking you. We do know that they are perfectly positioned to immediately begin tracking web surfers who visit selected sites hosted by CloudFlare. Is this why they proxy so many dodgy sites? Are they trying to jack up their stats and hype their way into another round of venture funding, or are they getting black-budget bucks from the feds? Or both?
![](img/honeypot.gif)
BBC reporter [Zoe Kleinman](https://web.archive.org/web/20210826102142/https://www.bbc.com/news/business-37348016) wrote that Matthew Prince wanted $20,000 for the Honey Pot data. "That check showed up so fast," said Prince. Michelle Zatlyn heard the story from Prince and replied, "If they'll pay for it, other people will pay for it." Soon she and Prince cofounded CloudFlare.
![](img/police.gif)
Prince gave a presentation in 2005 at a conference in Vienna. And even today,
[LinkedIn](../../image/whoismp.jpg) brags of his "substantial work with government and law enforcement."
Project Honey Pot was launched by Prince's [Unspam Technologies](https://web.archive.org/web/20210826102142/http://web.archive.org/web/20190331015236/http://www.unspam.com/), a start-up
that began circa 2001 and can only be described as a [slow-motion train wreck](https://web.archive.org/web/20210826102142/http://www.datamation.com/columns/executive_tech/article.php/3526181/How-Utah-Michigan-Legislators-Got-Fooled.htm).
![](img/nsa2.gif)
---
[home page](README.md)

Binary file not shown.

After

(image error) Size: 5.7 KiB

Binary file not shown.

After

(image error) Size: 1.7 KiB

Binary file not shown.

After

(image error) Size: 109 KiB

Binary file not shown.

After

(image error) Size: 22 KiB

Binary file not shown.

After

(image error) Size: 52 KiB

Binary file not shown.

After

(image error) Size: 16 KiB

Binary file not shown.

After

(image error) Size: 33 KiB

Binary file not shown.

After

(image error) Size: 4.1 KiB

Binary file not shown.

After

(image error) Size: 3.4 KiB

Binary file not shown.

After

(image error) Size: 8.4 KiB

Binary file not shown.

After

(image error) Size: 15 KiB

Binary file not shown.

After

(image error) Size: 24 KiB

Binary file not shown.

After

(image error) Size: 65 KiB

Binary file not shown.

After

(image error) Size: 6.6 KiB

Binary file not shown.

After

(image error) Size: 11 KiB

Binary file not shown.

After

(image error) Size: 11 KiB

Binary file not shown.

After

(image error) Size: 18 KiB

Binary file not shown.

After

(image error) Size: 7.2 KiB

Binary file not shown.

After

(image error) Size: 9.1 KiB

Binary file not shown.

After

(image error) Size: 5.9 KiB

Binary file not shown.

After

(image error) Size: 28 KiB

Binary file not shown.

After

(image error) Size: 16 KiB

Binary file not shown.

After

(image error) Size: 27 KiB

Binary file not shown.

After

(image error) Size: 12 KiB

Binary file not shown.

After

(image error) Size: 15 KiB

Binary file not shown.

After

(image error) Size: 30 KiB

Binary file not shown.

After

(image error) Size: 29 KiB

Binary file not shown.

After

(image error) Size: 77 KiB

Binary file not shown.

After

(image error) Size: 11 KiB

Binary file not shown.

After

(image error) Size: 7.1 KiB

Binary file not shown.

After

(image error) Size: 24 KiB

Binary file not shown.

After

(image error) Size: 148 KiB

Binary file not shown.

After

(image error) Size: 10 KiB

Binary file not shown.

After

(image error) Size: 26 KiB

Binary file not shown.

After

(image error) Size: 15 KiB

Binary file not shown.

After

(image error) Size: 10 KiB

Binary file not shown.

After

(image error) Size: 14 KiB

Binary file not shown.

After

(image error) Size: 9.7 KiB

Binary file not shown.

After

(image error) Size: 50 KiB

Binary file not shown.

After

(image error) Size: 23 KiB

Binary file not shown.

After

(image error) Size: 28 KiB

Binary file not shown.

After

(image error) Size: 16 KiB

Binary file not shown.

After

(image error) Size: 2.8 KiB

Binary file not shown.

After

(image error) Size: 1.9 KiB

Binary file not shown.

After

(image error) Size: 11 KiB

Binary file not shown.

After

(image error) Size: 6.4 KiB

Binary file not shown.

After

(image error) Size: 26 KiB

Binary file not shown.

After

(image error) Size: 6.3 KiB

Binary file not shown.

After

(image error) Size: 11 KiB

Binary file not shown.

After

(image error) Size: 3.2 KiB

Binary file not shown.

After

(image error) Size: 20 KiB

Binary file not shown.

After

(image error) Size: 2.8 KiB

Binary file not shown.

After

(image error) Size: 7.6 KiB

Binary file not shown.

After

(image error) Size: 27 KiB

Binary file not shown.

After

(image error) Size: 25 KiB

Binary file not shown.

After

(image error) Size: 12 KiB

Binary file not shown.

After

(image error) Size: 4.4 KiB

Binary file not shown.

After

(image error) Size: 9.0 KiB

Binary file not shown.

After

(image error) Size: 3.5 KiB

Binary file not shown.

After

(image error) Size: 32 KiB

Binary file not shown.

After

(image error) Size: 15 KiB

32
subfiles/classics/isis.md Normal file
View File

@ -0,0 +1,32 @@
```
When we asked Cloudflare why it was 'protecting' ISIS websites, CEO Matthew Prince told Mirror Online it was not actually accepting money from terrorists, because the ISIS sites listed by Anonymous relied on its free service.
```
— [Mirror Online](https://web.archive.org/web/20210826105450/http://www.mirror.co.uk/news/technology-science/technology/anonymous-hacktivists-target-american-tech-5745104), 2015-05-22
### This is not true, Mr. Prince!
We looked at 22 ISIS-related domains that use CloudFlare nameservers, and discovered that half of them are on our list of standard SSL certificates. As any CloudFlare employee could have told CEO Prince, the "standard" certificate requires a Pro account ($20/month) or better. These are not "free" accounts with "universal" certificates.
![](img/prince5.gif)
The easiest way for anyone check this out is to enter a domain in our search box. If it's on our SSL list, you will see a link to the SSL data for that domain at the top of our search results.
Mr. Prince, please try harder to get your facts straight before talking to the press. This would make our job a lot easier.
### ...one year later and we're still confused...
```
The Taliban's English-language website has been off line for weeks. A hacker tied to an online counter-extremism group called GhostSec claimed credit for taking it down. 'It was not easy, I had to gather a lot of information for it to happen,' the hacker, who goes by the name Paladin, said in an email. The Taliban website likely used technology from web-security provider CloudFlare to protect it from possible cyberattacks, said Paladin, who last week claimed responsibility for taking down the Persian-language version of the website as well. Matthew Prince, the chief executive officer of CloudFlare, said the San Francisco-based firm works closely with government authorities to counter extremist activity online. 'When we get notice that there is a site that is using us that may be illegal or involving content that may be problematic, we reach out to our contacts in law enforcement,' he said. Mr. Prince said he wasn't aware that the Taliban may have been using CloudFlare technology before their sites were knocked off line.
```
— [Wall Street Journal](https://web.archive.org/web/20210826105450/http://www.wsj.com/articles/afghanistans-taliban-push-into-new-media-1465776097), 2016-06-12
Is CloudFlare a [honey pot](honeypot.md), or are those venture angels
in Silicon Valley paying Mr. Prince to stay stupid?
[Some background on 18 U.S.C. § 2339B](https://web.archive.org/web/20210826105450/https://www.lawfareblog.com/tweeting-terrorists-part-ii-does-it-violate-law-twitter-let-terrorist-groups-have-accounts), a law about supporting foreign terrorist organizations, as it might apply to Twitter (and CloudFlare).
---
[home page](README.md)

View File

@ -0,0 +1 @@
![](img/lulzsec2.gif)

View File

@ -0,0 +1,441 @@
New York Times, Decemter 22, 2019, page 1.
Fighting the Good Fight Against Online Child Sexual Abuse
Several websites popular with sexual predators were thwarted last month
after a determined campaign by groups dedicated to eliminating the
content. It was a rare victory in an unending war.
By GABRIEL J.X. DANCE DEC. 22, 2019
In late November, the moderator of three highly trafficked websites posted
a message titled "R.I.P." It offered a convoluted explanation for why they
were left with no choice but to close.
The unnamed moderator thanked over 100,000 "brothers" who had visited and
contributed to the sites before their demise, blaming an "increasingly
intolerant world" that did not allow children to "fully express
themselves."
In fact, forums on the sites had been bastions of illegal content almost
since their inception in 2012, containing child sexual abuse photos and
videos, including violent and explicit imagery of infants and toddlers.
Exploited Articles in this series examine the explosion in online photos
and videos of children being sexually abused. They include graphic
descriptions of some instances of the abuse.
The sites managed to survive so long because the internet provides
enormous cover for sexual predators. Apps, social media platforms and
video games are also riddled with illicit material, but they have
corporate owners -- like Facebook and Microsoft -- that can monitor and
remove it.
In a world exploding with the imagery -- 45 million photos and videos of
child sexual abuse were reported last year alone -- the open web is a
freewheeling expanse where the underdog task of confronting the predators
falls mainly to a few dozen nonprofits with small budgets and outsize
determination.
Several of those groups, including a child exploitation hotline in Canada,
hunted the three sites across the internet for years but could never quite
defeat them. The websites, records show, were led by an experienced
computer programmer who was adept at staying one step ahead of his
pursuers -- in particular, through the services of American and other tech
companies with policies that can be used to shield criminal behavior.
But the Canadian hotline developed a tech weapon of its own, a
sophisticated tool to find and report illegal imagery on the web. When
the sites found the tool directed at them, they fought back with a smear
campaign, sending emails to the Canadian government and others with
unfounded claims of "grave operational and financial corruption" against
the nonprofit.
It wasn't enough. The three sites were overwhelmed by the Canadian tool,
which had sent more than 1 million notices of illegal content to the
companies keeping them online. And last month, they were compelled to
surrender.
"It's been a wonderful 7 years and we would've loved to go for another 7,"
the sites' moderator wrote in his final post, saying they had closed
because "antis," short for "anti-pedophiles," were "hunting us to death
with unprecedented zeal."
The victory was cheered by groups fighting online child sexual abuse, but
there were no illusions about the enormous undertaking that remained.
Thousands of other sites offer anybody with a web browser access to
illegal and depraved imagery of children, and unlike with apps, no special
software or downloads are required.
The three shuttered sites had hidden their tracks for years using the
services of Cloudflare, an American firm that provides companies with
cyberprotections. They also found a hosting company, Novogara, that gave
them safe harbor in the Netherlands -- a small country with a robust web
business and laws that are routinely exploited by bad actors.
Cloudflare's general counsel said the company had cooperated with the
nonprofits and law enforcement and cut ties with the sites seven times in
all, as they slightly altered their web addresses to evade targeting. A
spokesman for Novogara said the company had complied with Dutch law.
Last year, Europe eclipsed the United States as the top hosting location
for child abuse material on the open web, according to a report by Inhope,
a group that coordinates child abuse hotlines around the world. Within
Europe, the Netherlands led the list. To report online child sexual abuse
or find resources for those in need of help, contact the National Center
for Missing and Exploited Children at 1-800-843-5678.
In an interview in The Hague, the Dutch minister of justice, Ferdinand
Grapperhaus, said he was embarrassed by the role Dutch companies played.
"I had not realized the extent of cruelty, and how far it goes," he said.
When hotlines like the one in Canada learn about illegal imagery, they
issue a takedown notice to the owner of the website and its hosting
company. In most cases, the content is removed within hours or days from
law-abiding sites. But because the notices are not legally binding, some
owners and web hosts ignore or delay.
Several Dutch hosting companies will not voluntarily remove such content,
insisting that a judge decide whether it meets the legal definition of
so-called child pornography. Even when they agree, abuse imagery reappears
almost at once, setting the cycle back in motion.
The Dutch police say they do not have the resources to play what is
essentially an endless game of Whac-a-Mole with these companies, according
to Arda Gerkens, a Dutch senator who leads Meldpunt Kinderporno, the Dutch
child abuse hotline.
"It takes a lot of time," Ms. Gerkens said, "and basically, they are
swamped."
That means results like last month's, while relished by hotlines around
the world, are likely to remain rare.
Our Little Community
The trio of shuttered websites first emerged in early 2012, according to
domain records and transcripts of online chats.
Their professed goal was to offer an easily accessible digital space for
pedophiles and sexual predators to indulge their twisted obsessions, which
had often been shunned even on notorious websites like 4chan and 8chan.
At least initially, the sites steered clear of imagery that was obviously
illegal, the records show, focusing instead on photos and videos of young
children posing in revealing clothing. Even so, the founder of the sites
identified in the transcripts expressed surprise in 2014 that they had
"lasted so long."
But the Canadians were already on to them. By then, the small hotline had
been alerted to dozens of illegal images on the websites.
As the sites gained in popularity, child sexual abuse content became more
and more common. The transcripts, which include over 10,000 time-stamped
messages on a chat app, show how the founder, a man identifying himself as
Avery Chicoine, reveled in the opportunity to interact with others who
shared his interests.
"What we got here," he wrote in 2015, "is our little community."
By 2017, the sites' home pages featured images of young girls that did not
legally qualify as child pornography in most countries but signaled that
there was plenty available a click away. One of the girls, no older than
7, lay on her back in sparse clothing with her legs spread; she had been a
victim of sexual abuse, according to the Canadians, and was easily
recognizable to predators through widely circulated imagery of the crimes.
As illegal material flooded the sites, so did visitors. SimilarWeb, which
measures internet traffic, estimated that the most popular of the sites
received millions of visits a month earlier this year from an average of
more than 500,000 unique visitors.
The moderator of the sites in recent months boasted about the traffic in a
series of emails and encrypted messages to The New York Times, attributing
the popularity to the extreme content.
The sites' many visitors were perhaps "the most hated people on earth," he
said, describing them as belonging to an "oppressed sexual minority." He
showed no remorse for their behavior, even casting the community of
predators as visionaries whose crimes should be made legal.
He did not identify himself and would not say if he was Mr. Chicoine -
the sites' founder, according to the chat transcripts - or if he knew him.
Last year, a Canadian by the name of Avery Chicoine with a lengthy
criminal record was arrested in British Columbia and charged with
possessing and distributing child pornography. The Canadian authorities
would not say whether the charges related to the websites. According to
court documents, he pleaded not guilty, and a trial is set for next month.
He and his lawyer did not respond to requests for comment.
The moderator would not address another pressing question: How had the
sites managed to stay ahead of its pursuers so long?
He said he did not want to hand a blueprint to his enemies, writing: "99%
of attempts to bring us down fail. So I want the antis to keep wasting 99%
of their time, instead of figuring out what works."
In the chat transcripts, however, there were clues about the sites'
evasion tactics. They pointed to a major cybersecurity firm, Cloudflare.
A High-Tech Hideaway
Based in San Francisco, Cloudflare built a billion-dollar business
shielding websites from cyberattacks. One of its most popular services -
used by 10 percent of the world's top sites, according to the company -
can hide clients' internet addresses, making it difficult to identify the
companies hosting them.
The protections are valuable to many legitimate companies but can also be
a boon to bad actors, though Cloudflare says it is not responsible for the
content on its clients' sites. The man accused of a mass shooting at a
Walmart in Texas had posted his manifesto on 8chan, an online message
board that had been using Cloudflare's services and was well known for
hosting hateful content. Cloudflare also came under criticism for
providing services to the neo-Nazi site The Daily Stormer. (The company
has since ended its relationship with both websites.)
In the chat transcripts, the man identifying as Mr. Chicoine showed he was
fully aware of the company's advantages when he signed on. "What
cloudflare does is it masks and replaces your IP with one of theirs," he
wrote in 2015, using the abbreviation for internet address.
That year, he appeared to panic when a child abuse hotline identified one
of his sites, telling a fellow moderator their operation was "finished."
But when he later realized the hotline had sent the report to Cloudflare -
and apparently not to the company that hosted the content - he seemed
relieved. "Wait," he wrote, "may be ok."
He was right.
One month later, he expressed exasperation that a hotline had fired off
another notice, this time to Cloudflare as well as the hosting company.
The hotline confirmed the report with The Times. Still, the sites remained
online.
Interviews and records show that Cloudflare's services helped hold off the
day of reckoning for Mr. Chicoine's sites by providing protections that
forced hotlines to go to the company first.
The National Center for Missing and Exploited Children, the clearinghouse
for abuse imagery in the United States, had sent Cloudflare notices about
the sites starting in 2014, said John Shehan, a vice president at the
center. Last year, it sent thousands.
Even apart from the three sites, Mr. Shehan said, Cloudflare was well
known to be used by those who post such content. So far this year, he
said, the company had been named in 10 percent of reports about hosted
child sexual abuse material. The center is in touch with Cloudflare "every
day," Mr. Shehan said.
Separately, records kept by the Canadian hotline, known as the Canadian
Center for Child Protection, showed that since February 2017 there had
been over 130,000 reports about 1,800 sites protected by Cloudflare.
In December, the company was offering its services to 450 reported sites,
according to records reviewed by The Times.
Through its general counsel, Doug Kramer, Cloudflare said it worked
closely with hotlines and law enforcement officials and responded promptly
to their requests. It denied being responsible for the images, saying
customer data was stored on its servers only briefly. Efforts to eliminate
the content, the company said, should instead focus on the web-hosting
companies.
Records from the Canadian hotline revealed several cases in which abuse
material stayed on Cloudflare's servers even after the host company
removed it. In one instance, the imagery remained on Cloudflare for over a
week afterward, allowing predators to continue viewing it.
"The reality is that it is totally within Cloudflare<72>s power to remove
child sexual abuse material that they have on their servers," said Lloyd
Richardson, the technology director at the Canadian hotline.
Records show that for several years, the sites were clients of Cloudflare,
a U.S. tech company with servers in almost 200 cities in over 90 countries
around the world that can be used to ward off cyberattacks.
Cloudflare's protective services obscure a website's internet address.
When you visit a protected site, you are actually communicating with a
Cloudflare server located somewhere near you.
Somebody visiting a protected site from Oklahoma, for example, may be
directed to a Cloudflare server in Kansas City.
That server will communicate with the website's server in turn, but only
if it needs new information.
Often, Cloudflare will already have the information requested in its
systems.
This means that images of abuse can remain on Cloudflare, even if they
have been removed from the original host, according to records provided by
a hotline in Canada.
When asked why it did not cut ties with a number of companies known to
host child sexual abuse imagery, Mr. Kramer said Cloudflare was not in the
business of vetting customers' content. Doing so, he said, would have "a
lot of implications" and is "something that we really have not
entertained."
Still, he said, the company had stopped providing services over the past
eight years to more than 5,000 clients that had shared abuse material. And
on Wednesday, the company announced a new product - currently in
development - that would allow clients to scan their own sites.
The tension over Cloudflare's protections reflects a larger debate about
the balance between privacy on the internet and the need of law
enforcement to protect exploited children. For example, Facebook's recent
decision to encrypt its Messenger app, the largest source of reports last
year about abuse imagery, was hailed by privacy advocates but would make
it much more difficult for the authorities to catch sexual predators.
Addressing that broad tension, Matt Wright, a special agent with the
Department of Homeland Security, said law enforcement and the tech
industry needed to find "a mutual balance" - "one where companies intended
to secure data, and protect privacy, don't get in the way of our need to
have access to critical information intended to safeguard the public,
investigate crimes and prevent future criminal activity."
Going Rogue in the Netherlands
There were other clues about the sites' ability to stay online, in a trail
of activity across the web that led to the Netherlands. Internet
criminals come from far and wide to leverage Dutch technology, some of the
best in the world, for the purposes of spam, malware and viruses. They do
this by using rogue hosting companies, which are infamously uncooperative
except in response to legal requests.
"I realize that because we have such excellent internet logistics, we now
have it on our plate," said Mr. Grapperhaus, the country's minister of
justice.
For child abuse sites like the ones identified as Mr. Chicoine's, a top
draw has been the company Novogara, formerly known as Ecatel, one of the
country's most criticized hosting businesses.
The Chicoine sites were hosted on Novogara's servers for all of 2018 and
through the early part of this year, records show. While working with the
company, and without Cloudflare's protections at the time, the sites came
under increasing pressure from the Canadians. Their hotline, along with at
least four others around the world, stepped up their offensive, issuing
hundreds of thousands of more reports about abuse imagery.
The number was so great, according to the Dutch and Canadian hotlines,
that Novogara blocked the groups' email addresses to avoid receiving
additional notices. Ultimately, though, the targeting was effective:
Novogara pulled the plug on the sites in May.
Aside from sites like Mr. Chicoine's, the Dutch have an even larger
problem with sexual predators taking advantage of platforms used to upload
and share images. Since June, a company that hosts those platforms,
NFOrce, has appeared in more than half of reports the Dutch hotline has
received about illegal imagery. Over the past three years, sites using
NFOrce servers have received more than 100,000 notices of illegal content,
records show, but the company has not removed the material, according to
Ms. Gerkens, who leads the hotline.
NFOrce's sales operations manager, Dave Bakvis, said the company's hands
were tied by Dutch laws, which prevent it from monitoring customer servers
without a court order. He said NFOrce acted immediately when it received
requests from the authorities. Separately, the websites themselves can
and do remove the content.
"I hate child pornography," Mr. Bakvis said.
The Dutch national prosecutor for cybercrimes, Martijn Egberts, said in an
email that issues involving "sovereignty" and "jurisdiction" complicated
the removal of illegal material - leading the authorities to cooperate "as
much as possible" with web hosts to get results.
Legislation is now being drafted that would require Dutch web hosts to
keep the material out of their systems, essentially forcing to them to
scan for it. If a company falls short, it could face ever-increasing
fines.
Ben van Mierlo, the national police coordinator for online child sexual
exploitation, said in an email that companies like Novogara "see
themselves as a provider of a service." The challenge for the Dutch
authorities and lawmakers, he said, was to convert them into partners in
preventing the spread of illegal imagery.
"There is no space in the Netherlands for those individuals or companies
that threaten these basic rights for children," Mr. van Mierlo said.
The Final Assault
By May of this year, the moderator of the three sites was apoplectic,
complaining in an email to The Times that "tolerance" for his views was
coming to a halt.
Over the next several months, the sites hopscotched around the world,
finding more than a half-dozen new hosts - to pick up where Novogara left
off - in Denmark, Russia, the Seychelles and elsewhere. For years, they
had deployed a similar tactic of changing the last part of their web
address - moving from .com to .org, for example - to avoid being targeted
and blocked. Companies and governments that provide these domains often
do not coordinate with one another, allowing offenders to move around the
globe while largely preserving their site's identity.
But there was no hiding this time.
Records reviewed by The Times show that over seven years, the websites
were directed to servers in over 20 countries, many of which are shown
here.
A borderless internet means bad actors can move their sites between
countries, and even continents, in seconds.
This complicates the work of child abuse hotlines and law enforcement
agencies trying to eradicate images of child sexual abuse.
The Canadian hotline, working from offices in Winnipeg, Manitoba, were
using a computer program named Arachnid to crawl the internet in search of
Mr. Chicoine's sites, and to send takedown notices whenever it identified
illegal material.
And as soon as the three sites reappeared somewhere, the Canadians reached
out to the new hosts. In all, they found more than 18,000 confirmed images
of abuse on the pages, reporting most of them hundreds of times each. It
is also possible that law enforcement officials directed their firepower
at the sites.
Signy Arnason, the associate executive director of the Canadian center,
described Arachnid as a "survivor-centric" endeavor, inspired by a survey
that found victims of child sexual abuse feared being recognized in person
by those who had viewed their abuse online.
Since its launch two years ago, Arachnid has found more than 1.6 million
confirmed images of child sexual abuse, and has sent more than 4.8 million
takedown notices to websites and hosting providers. The British child
sexual abuse hotline, the Internet Watch Foundation, has also developed a
"spider" to crawl the internet. New software drove a surge in takedown
requests
Starting in 2013, abuse hotlines around the world sent a trickle of
requests to remove images on the three sites - with little effect.
Arachnid automated the detection process, creating a deluge that couldn't
be ignored.
"Arachnid is one oar - a big oar - in a ship of many oars rowing against
this issue," said Denton Howard, executive director of Inhope, the
organization supporting child abuse hotlines.
Throughout the battle, the moderator of the sites would email the
Canadians, accusing them of corruption and filling their inboxes with
spam. He also contacted Canadian government agencies with false claims
about the center, and even built software that altered the child sexual
abuse imagery, hoping to trick Arachnid into skipping it over.
It was not enough. All imagery of abuse has been removed from the sites,
and the forums for the predators are closed, at least while their
opponents have the upper hand.
But as a parting shot, the home pages were filled with links to other
sites that offered similar content, giving criminals a road map to
continue their pursuits - and the groups dedicated to stopping them a list
of new targets.
Michael H. Keller contributed reporting from New York.
Produced by Rich Harris, Virginia Lozano and Rumsey Taylor.
END

View File

@ -0,0 +1,27 @@
# CloudFlare attracts "repeat infringers"
Google publishes a [Transparency Report](https://web.archive.org/web/20210826102213/https://transparencyreport.google.com/copyright/explore) regarding copyright removal requests. One of the three large files in this downloadable data package is domains.csv, which lists domains specified in removal requests. We processed this file after downloading it on 2021-08-13. At that time the file was 333.3 million lines, and included domains mentioned in removal requests received by Google since July 2011.
Each removal request had a unique ID, which meant that it was on a separate line in this file. First we stripped out all the data except the domain name. Then we compressed the file by listing each domain once, preceded by the number of lines on which this domain appeared in that file. Finally, we extracted only those domains that were currently using CloudFlare nameservers. We wanted a rough idea of whether "repeat infringers" (a term used in the DMCA) might find CloudFlare attractive.
After adding these numbers together, it turns out that CloudFlare's contribution to Google's problem is 24.81 percent. Search-engine crawlers should avoid CloudFlare's [entire IP space](https://web.archive.org/web/20210826102213/https://www.cloudflare.com/ips/).
![](img/smells.gif)
![](img/daddy5.jpg)
![](img/cfeu.gif)
![](img/couple5.gif)
![](img/jamie.gif)
![](img/koolaid.jpg)
![](img/dmca9.gif)
---
[home](README.md)

View File

@ -0,0 +1,117 @@
This was the Spamhaus "SBL" listing page for
CloudFlare for two weeks in mid-July, 2012.
( The current version of this page is [here](https://web.archive.org/web/20210826103816/http://www.spamhaus.org/sbl/listings/cloudflare.com). )
```
Found 18 SBL listings for IPs under the responsibility of cloudflare.com
SBL146937
199.27.135.0/32 cloudflare.com
12-Jul-2012 08:04 GMT
Blackhat SEO spammer hosting @199.27.135.43
SBL146752
141.101.64.0/18 cloudflare.com
11-Jul-2012 15:29 GMT
Spammer hosting (escalation)
SBL146751
173.245.48.0/20 cloudflare.com
11-Jul-2012 15:28 GMT
Spammer hosting (escalation)
SBL146750
108.162.192.0/18 cloudflare.com
11-Jul-2012 15:28 GMT
Spammer hosting (escalation)
SBL146043
108.162.196.180/32 cloudflare.com
07-Jul-2012 18:35 GMT
"Polyee Plast" / polyeeplast.com
SBL146042
108.162.196.80/32 cloudflare.com
07-Jul-2012 18:35 GMT
"Polyee Plast" / polyeeplast.com
SBL145952
141.101.124.42/32 cloudflare.com
07-Jul-2012 04:36 GMT
work at home scammer/spammer landing site (redirection via a black hole site)
SBL145939
141.101.125.42/32 cloudflare.com
07-Jul-2012 04:06 GMT
work at home scammer/spammer landing site (redirection via a black hole site)
SBL145142
108.162.195.154/32 cloudflare.com
02-Jul-2012 09:07 GMT
imagevat.com: Hosting phish spammer images for several weeks...
SBL143793
108.162.196.196/32 cloudflare.com
20-Jun-2012 17:49 GMT
backlinkbiz.info / usabacklinks.info
SBL143792
108.162.197.97/32 cloudflare.com
20-Jun-2012 17:49 GMT
backlinkbiz.info / usabacklinks.info
SBL142597
199.27.135.0/32 cloudflare.com
13-Jun-2012 05:32 GMT
Blackhat SEO spammer hosting @199.27.135.43
SBL141644
173.245.60.0/32 cloudflare.com
05-Jun-2012 19:07 GMT
Blackhat SEO spammer hosting @173.245.60.55
SBL141634
199.27.135.0/32 cloudflare.com
05-Jun-2012 19:04 GMT
Blackhat SEO spammer hosting @199.27.135.43
SBL140586
173.245.60.0/32 cloudflare.com
27-May-2012 07:41 GMT
Spammer hosting @173.245.60.143
SBL138291
173.245.60.0/32 cloudflare.com
06-May-2012 19:43 GMT
Malware botnet controller @173.245.60.57
SBL136345
173.245.61.138/32 cloudflare.com
16-Apr-2012 22:27 GMT
globaltrade.net
SBL136344
199.27.135.52/32 cloudflare.com
16-Apr-2012 22:26 GMT
globaltrade.net
```

View File

@ -0,0 +1,41 @@
# CloudFlare seeks riches through anarchy
_Civil society and the twisted web_
> July 2012
One of the concepts that eludes the digital generation is that Internet participation requires a balance between privacy and accountability. If you are using a search engine for passive research, you have the right to remain anonymous. But if you publish something that can affect others, you should be accountable, and hence identifiable. Even comments under a blog post or on Facebook should be signed with a real name. It's that simple.
During 2011, CloudFlare responded to complaints about content on their servers by insisting that they are merely a pass-through content delivery network (CDN) and not a hosting provider. At the same time they usually gave you the hosting provider's IP address. In 2012 they stopped responding to many complaints, and even those that they still deem worthy are given only the netname of the hosting provider instead of the specific IP address.
![](img/nodmca.gif)
Anyone attempting to file a complaint with only a netname will get nowhere. Frequently the netname is at the top of a pyramid, and any number of leased or owned IP netblocks are below that name. The netname alone is not specific enough to identify the server that hosts the content.
CloudFlare is delighted with this. In retrospect they are happy that they hosted LulzSec because it brought publicity and more customers. Currently they even host the website of a professional DDoSer named "Gwapo" in the Philippines. He explains how you can send him money to take down any website.
![](img/geek7.jpg)
The question of whether CloudFlare is a pass-through provider is debatable. They change the pages they cache by adding JavaScript and compression, sometimes they intercept pages with a captcha, and they display their orange-cloud logo at every opportunity. Browsers who land on a domain serviced by CloudFlare end up with a globally-unique "cfduid" cookie that is 43 digits long. CloudFlare is _not_ the equivalent of a data center on the Internet backbone, which has no responsibility for content because it operates on a different Internet layer. This means that CloudFlare should be sensitive to content complaints. Despite this, they offer advice on how to hide your IP address, and they help basement-dwellers reduce bandwidth costs. Some of these teenagers run abusive websites for the lulz or because piracy is fun, and most have little money.
![](img/damonb.gif)
CloudFlare is basically a hosting provider, or at least an active and intrusive appendage to a hosting provider. In cases such as LulzSec and [Encyclopedia Dramatica](https://web.archive.org/web/20210826103612/http://josephevers.blogspot.com/) they are a necessary appendage, as those sites wouldn't exist without it. The brass at CloudFlare know this, and seem worried that someday it will be an issue for a judge or jury to decide. Whenever some fanboy comments about CloudFlare on some blog and uses the term "hosting provider," the company's official "Community Evangelist" [Damon Billian](damon.md) adds a comment to point out that CloudFlare is "not a hosting provider." Co-founder Matthew Prince echoes the same mantra. They want everyone to think that they have immunity from laws, so don't bother complaining to them about content.
![](img/cfads6.jpg)
They hype themselves to venture capitalists through media coverage, and have no time to read their own terms of service. Responsible citizenship interferes with getting rich. CloudFlare presents themselves as the world's solution to DDoS and hacking attacks, and cannot be bothered to handle complaints reasonably. As Google might say, accountability lacks scalability. Nothing short of a court order will get the attention of either CloudFlare or Google. It is left to public-sector activists and regulators do what they can to promote civility in Silicon Valley and accountability on the Internet.
Direct IP addresses are sometimes found on CloudFlare's nameservers. Since CloudFlare cannot handle email forwarding or direct uploading to the origin server, the site owner may add a "direct-connect" subdomain address to their DNS record. We try to collect these non-CloudFlare IP addresses by compiling lists of domains in CloudFlare's nameservers and checking each with several lookups.
Unfortunately, bad guys are often aware of technical issues, and quickly delete any direct-connect records or wildcard subdomains. CloudFlare should install a search box on their home page that lets anyone enter a domain name and get a history of IP addresses that have been feeding that domain to CloudFlare. But if they did this, all of their abusive customers would go elsewhere. They might even lose customers who are afraid of DDoS, and are trying to hide their IP from some of those same bad guys. See our search page, [Uncovering bad guys hiding behind CloudFlare](cfs.md), for more information and a search box.
![](img/hype9.gif)
From CloudFlare's perspective, it is better to keep both camps under one roof, and continue to spin and hype this wretched mess until the time comes when they can get rich with an IPO.
---
[home page](README.md)