PR

PR

subfiles/classics/README.md

@@ -0,0 +1,47 @@
+```
+    ABOUT /subfiles/classics/*
+
+THIS PAGE IS AN ARCHIVED HISTORY.
+IF YOU NEED LATEST INFORMATION, PLEASE READ OTHER FILES (not /classics/)
+```
+
+
+-------------
+
+# CloudFlare Watch
+
+
+![](img/sher2.gif) ![](img/cfsign.jpg)
+
+
+CloudFlare is a venture-funded startup that routes around Internet abuse by  
+acting as a reverse proxy. They also encourage illegality by allowing hackers,
+DDoSers, cyberbullies, and copyright pirates to hide behind their servers.
+By 2015, CloudFlare was even [protecting websites](isis.md) that recruited for ISIS.
+
+
+- [Uncovering bad guys hiding behind CloudFlare](cfs.md)
+- [Is CloudFlare affected by the EU's GDPR?](cfgdpr.md)
+- [NYT: CloudFlare protects child-abuse porn sites](nytporn.txt)
+- [CloudFlare attracts "repeat infringers"](repeats.md)
+- [CloudFlare's half-baked SSL](cfssl.md)
+- [Is CloudFlare a honey pot?](honeypot.md)
+- [CloudFlare's wonky nameserver setup](cfnsdump.md)
+- [Some domains that recently used CloudFlare](cfsites.md)
+- [Where in the world are those CloudFlare domains?](cfusers.md)
+- [The gang at CloudFlare aids and abets cybercriminals](cfgang.md)
+
+![](img/marx2.gif)
+
+- [Carders love CloudFlare](carders.md)
+- [CloudFlare's growth is not so amazing](cfgrowth.md)
+- [CloudFlare seeks riches through anarchy](twisted.md)
+- [Spamhaus blocks CloudFlare's IP ranges](cfblock.md)
+- [Those laughable CloudFlare terms of service](cfterms.md)
+- [Dear Damon Billian: We're not as stupid as you think!](damon.md)
+- [CloudFlare still chummy with ex-cons from LulzSec](lulzsec2.md)
+
+
+---
+
+"_We miss you. you will never be forgotten._"

subfiles/classics/carders.md

@@ -0,0 +1,36 @@
+```
+Americans are more likely to worry about having credit card information they used in stores
+stolen by computer hackers than any other crime they are asked about.
+```
+ — Gallup.com, October 2014
+
+
+### Carders love CloudFlare
+
+    . . . like flies love honey?
+
+
+The carder domains listed here were online between February 2014 and August 2021, and hiding behind CloudFlare. This list will be out of date within a few weeks, because carders frequently change domain names and service providers. After all, it is illegal to sell stolen credit card data no matter where you live.
+
+CloudFlare doesn't care about laws. They're in Silicon Valley, where the rich get richer, lobbyists own the lawmakers, and eveyone else faces higher rents and evictions. As far as we can tell, CloudFlare has done exactly nothing about criminals using their services. We thought they might do something about the marketing of 40 million credit cards stolen from Target in late 2013, but we were wrong. The major criminal exploiting this heist calls himself "Rescator," and he still uses CloudFlare. He might even be the Boss Man. His screen name appears on a couple dozen of the domains listed on this page.
+
+![](img/resc3.png)
+
+Maybe CloudFlare admires Rescator because his images are so cool. The one on top announced a batch of cards from Target in early December, "Pearl Harbor" was announced on January 13, and "Beaver Cage" on February 8. The next one, "Desert Strike," announced 282,000 cards on March 3. These are from 2,600 Sally Beauty locations in the U.S. The "Sanctions" image appeared on September 2, and is related to a breach at Home Depot stores.
+
+Our theory is that CloudFlare is waiting for more images. A year or so from now they could have a full set in their trophy case. Then CloudFlare can boast that their venture-funded start-up enjoys immunity from all civil and criminal laws. That would be a perfect time to make a killing with an IPO.
+
+![](img/holder.gif)
+
+![](img/pcihype.png)
+
+![](img/village.gif)
+
+![](img/badge1.gif)
+
+![](img/proxies.gif)
+
+
+---
+
+[home page](README.md)

subfiles/classics/cfblock.md

@@ -0,0 +1,85 @@
+# Spamhaus blocks CloudFlare's IP ranges
+
+
+Spamhaus says about CloudFlare:
+
+```
+Hosting service refuses to shut off abusers. Spam & cybercrime
+'reverse proxies' stay up after being reported. Cybercrime world
+now knows of this 'bulletproof hosting' and is rushing here.
+```
+
+> July 2012
+
+
+[Spamhaus](https://web.archive.org/web/20210826103614/http://en.wikipedia.org/wiki/Spamhaus) is an international nonprofit organization founded in 1998. On July 11, 2012 they added nearly the entire CloudFlare range of IP addresses to their SBL (Spamhaus Block List). [These three entries](spamhaus.md) are labeled "escalation" and include 37,000 addresses. (CloudFlare's own complete list of their IP ranges contained 44,500 IP addresses in July, 2012. Assuming that some of these were for future expansion and presently unused, this meant that Spamhaus had essentially added all of cloudflare.com to their SBL.)
+
+This doesn't mean that the domains are unavailable. All it means is that you are less likely to find a CloudFlare-affiliated domain embedded in spam or phishing emails. And if your email address is based on a domain that is protected by CloudFlare, your system administrator might discover that outgoing emails are blocked by upstream providers who use Spamhaus blacklists. There is nothing your sysadmin can do about this except to turn off CloudFlare's service, causing your domain to resolve to a non-CloudFlare IP address.
+
+![](img/prince.jpg)
+
+Matthew Browning Prince, born on 1974-11-13, is the CEO and co-founder of CloudFlare. Thanks to a [rich dad](https://web.archive.org/web/20210826103614/http://web.archive.org/web/20081002173414/http://www.mufranchisee.com/article/453/), he attended the University of Chicago Law School ('00) and Harvard Business School ('09). Prince taught Internet law and was a specialist in anti-spam laws and phishing investigations. It's a mystery why he joined the Dark Side.
+
+CloudFlare has not yet borrowed Google's "don't be evil" motto. Perhaps this is because his company was wantonly libertarian and aggressively overhyped right out of the starting gate, so that pretending to embrace probity could prove embarrassing. His [thoughts on abuse](https://web.archive.org/web/20210826103614/http://blog.cloudflare.com/thoughts-on-abuse) are pathetic for someone who should know better.
+
+See also (Oct 2013):  [Phishers using CloudFlare for SSL](https://web.archive.org/web/20210826103614/http://news.netcraft.com/archives/2013/10/07/phishers-using-cloudflare-for-ssl.html)
+
+In fact, sysadmins everywhere will feel safer if they block all of CloudFlare's ranges:
+
+```
+            103.21.244.0/22   (103.21.244.0 - 103.21.247.255)
+            103.22.200.0/22   (103.22.200.0 - 103.22.203.255)
+            103.31.4.0/22   (103.31.4.0 - 103.31.7.255)
+            104.16.0.0/12   (104.16.0.0 - 104.31.255.255)
+            108.162.192.0/18   (108.162.192.0 - 108.162.255.255)
+            131.0.72.0/22   (131.0.72.0 - 131.0.75.255)
+            141.101.64.0/18   (141.101.64.0 - 141.101.127.255)
+            162.158.0.0/15   (162.158.0.0 - 162.159.255.255)
+            172.64.0.0/13   (172.64.0.0 - 172.71.255.255)
+            173.245.48.0/20   (173.245.48.0 - 173.245.63.255)
+            188.114.96.0/20   (188.114.96.0 - 188.114.111.255)
+            190.93.240.0/20   (190.93.240.0 - 190.93.255.255)
+            197.234.240.0/22   (197.234.240.0 - 197.234.243.255)
+            198.41.128.0/17   (198.41.128.0 - 198.41.255.255)
+            199.27.128.0/21   (199.27.128.0 - 199.27.135.255)
+```
+
+![](img/cleary2.jpg)
+
+If you are running Linux, you can enter nullroutes for CloudFlare without trying to figure out iptables. We use it on our server because CloudFlare-affiliated cybercriminals have a history of DDoSing us. One of them is named Ryan Cleary and he is in jail now in the UK. He won't get out anytime soon — he pleaded guilty and has also been indicted by a U.S. grand jury. Poor Ryan would feel better if Mr. Prince visited him in jail and offered a little bit of immoral support.
+
+These commands will block access to CloudFlare domains for all traffic to and from your Linux box. Normally a domain that uses CloudFlare won't be coming into your box with their CloudFlare IP address. But with all those cybercriminals using CloudFlare, you never know what trickery is afoot. After these blocks, any attempt to access your box from cloudflare.com will time out. Best of all, anyone sharing your box won't be able to get to CloudFlare to read Mr. Prince's excuses. To remove these blocks, just change "add" to "del" and run the script again, or you can reboot.
+
+```
+            /sbin/route add -net 103.21.244.0 netmask 255.255.252.0 reject
+            /sbin/route add -net 103.22.200.0 netmask 255.255.252.0 reject
+            /sbin/route add -net 103.31.4.0 netmask 255.255.252.0 reject
+            /sbin/route add -net 104.16.0.0 netmask 255.240.0.0 reject
+            /sbin/route add -net 108.162.192.0 netmask 255.255.192.0 reject
+            /sbin/route add -net 131.0.72.0 netmask 255.255.252.0 reject
+            /sbin/route add -net 141.101.64.0 netmask 255.255.192.0 reject
+            /sbin/route add -net 162.158.0.0 netmask 255.254.0.0 reject
+            /sbin/route add -net 172.64.0.0 netmask 255.248.0.0 reject
+            /sbin/route add -net 173.245.48.0 netmask 255.255.240.0 reject
+            /sbin/route add -net 188.114.96.0 netmask 255.255.240.0 reject
+            /sbin/route add -net 190.93.240.0 netmask 255.255.240.0 reject
+            /sbin/route add -net 197.234.240.0 netmask 255.255.252.0 reject
+            /sbin/route add -net 198.41.128.0 netmask 255.255.128.0 reject
+            /sbin/route add -net 199.27.128.0 netmask 255.255.248.0 reject
+```
+
+### Snake oil for harried webmasters
+
+In 2009, [New York Times](https://web.archive.org/web/20210826103614/http://www.nytimes.com/external/readwriteweb/2009/10/13/13readwriteweb-google-accounts-for-6-of-all-internet-traff-90323.html) reported that according to a two-year study, Google accounts for six percent of all Internet traffic worldwide. One year later CloudFlare launched. By early 2012, according to Matthew Prince in [Forbes](https://web.archive.org/web/20210826103614/http://www.forbes.com/sites/eliseackerman/2012/02/29/how-cloudflares-free-ddos-protection-service-is-disrupting-the-multibillion-dollar-computer-security-and-content-delivery-markets), on any given day 25 percent of the Internet's visitors pass through CloudFlare. Does this mean that CloudFlare handles four times more traffic than Google? They obviously know what they're doing. You cannot go wrong!
+
+![](img/snake3.gif)
+
+Matthew Prince made a similar statement on July 18, 2012: "We do more traffic than Amazon, Wikipedia, Twitter, Zynga, AOL, Apple, Bing, eBay, PayPal and Instagram combined," chief executive Matthew Prince told [VentureBeat](https://web.archive.org/web/20210826103614/http://venturebeat.com/2012/07/18/cloudflare-amazon-wikipedia-twitter/). "We're about half of a Facebook, and this month we'll surpass Yahoo in terms of pageviews and unique visitors."
+
+Curiously, Mr. Prince changed his tune in [August 2013](https://web.archive.org/web/20210826103614/http://blog.cloudflare.com/cloudflare-and-free-speech): "Today, approximately four percent of web requests flow through our network." Is CloudFlare slowing down? Not at all. The previous June he told [The Economist](https://web.archive.org/web/20210826103614/http://www.economist.com/news/international/21579818-theres-only-so-much-you-can-do-denying-deniers) that he is adding 5,000 customers per day.
+
+If CloudFlare adds 5,000 per day over the course of a year, how does its share of Internet traffic go from 25 percent to 4 percent? Who is more guilty of spreading bullshit — high-tech CEOs, or fanboy publications that print anything they say? (More background on Prince is available [here](honeypot.md).) 
+
+---
+
+[home page](README.md)

subfiles/classics/cfgdpr.md

@@ -0,0 +1,14 @@
+# Is CloudFlare affected by the EU's GDPR?
+
+> May 25, 2018
+
+
+![](img/cfeunew.gif)
+
+Our [geolocation results](cfusers.md) page points to direct-connect IP addresses for many of the above countries. For example, if you click on France, the first link shows almost 4,000 domains in the same /24 block that all use CloudFlare. This looks like a situation where a single service provider in France hooks up every new customer to CloudFlare automatically. This provider in France obviously must adhere to the GDPR. However, it is our belief that in cases this extreme, CloudFlare must also share responsibility for GDPR violations. If you click again, you can get a listing of the specific domains. Sometimes the domain names themselves suggest dubious content.
+
+We haven't investigated this particular case, as there are many dozens of similar patterns in our data, even after restricting our searches to EU countries only. 
+
+---
+
+[home page](README.md)

subfiles/classics/cfgrowth.md

@@ -0,0 +1,447 @@
+# CloudFlare's unamazing growth
+
+
+Hurricane Electric is a major Internet backbone service provider, and they show a chart listing the [top 100 hosting companies](https://web.archive.org/web/20210826102852/https://bgp.he.net/report/tophosts). We asked them how this data, which updates once a week, is compiled. Rob Mosher replied that "the counts are based on domain names with their nameservers listed."
+
+That's good enough for us, and we began capturing the data from this chart soon after CloudFlare made it into the top 100 in April 2013. Matthew Prince brags about all the traffic he handles ([more than Facebook](https://web.archive.org/web/20210826102852/http://venturebeat.com/2013/06/17/cloudflare-150b-pageviewsmonth-30gb-of-log-dataminute-and-more-traffic-than-facebook/)), but this is bogus. For example, he once claimed that China is the second largest country using CouldFlare after the U.S., while our stats showed otherwise. On further investigation, we found a later quotation in which Prince said that traffic from China was number two — not CloudFlare customers from China, and not CloudFlare websites in China, but traffic!
+
+![](img/mao4.gif)
+
+Yeah, okay, and our modest site here at CloudFlare Watch has been getting a lot of traffic from China also. It's called a "botnet," folks, which means a bunch of automated zombies grab stuff from us, 24 / 7, for reasons unknown. We ran Scroogle.org for seven years, and had the same sort of "traffic." By now we know that if you have zombie problems, you are supposed to be apologetic and work hard to block them. You don't brag about it.
+
+Mr. Prince isn't content to merely compare apples to oranges. His comparison to Facebook is the equivalent of claiming that the water CloudFlare uses to keep its apple tree alive weighs more than the basket of oranges from Facebook's orange tree. It's all reckless hype, and it's amazing that the high-tech press lets him get away with it. They should recognize that Facebook attracts end-users by providing an environment and structure that encourages content, while CloudFlare is a mere traffic conduit that is divorced from both end-users and content.
+
+![](img/evo20.gif)
+
+While we are still interested in how Hurricane Electric collects their domain stats (is it captured midstream, or from zone file access, or what?), ultimately it doesn't matter as long as their methodology is consistent. We are interested in growth over time for domains that use CloudFlare for their authoritative nameservers. CloudFlare's [hosting partners](https://web.archive.org/web/20210826102852/https://www.cloudflare.com/partners/solution-partners/) do not count, nor should they. A click box on the control panel at a CloudFlare hosting partner means little. While it increases the traffic going through CloudFlare, it merely suggests that these partners are happy to offload a chunk of their bandwidth for free, by encouraging their own customers to try out CloudFlare. At this rate, every self-disrespecting hosting provider on the planet should have signed up by now.
+
+![](img/sock2.gif)
+
+No, what matters is how many registered domains use CloudFlare for their nameservers. While the lowest tier at CloudFlare is still free for this, at least it takes some minimal research and commitment before a website is willing to change the nameservers on their domain registration. In short, we feel that the stats from Hurricane Electric, when considered over a span of at least a few months, are worth more than any Matthew Prince quotations in media that [don't know when to quit](cfblock.md). 
+
+[![](img/poem.gif)](repeats.md)
+
+```
+Date 	Total domains 	Percent of top 100
+2013-05-06 	462,274 	0.200
+2013-05-13 	472,085 	0.204
+2013-05-20 	480,934 	0.207
+2013-05-27 	485,279 	0.209
+2013-06-03 	480,989 	0.207
+2013-06-10 	487,366 	0.209
+2013-06-17 	492,681 	0.212
+2013-06-24 	497,098 	0.214
+2013-07-01 	503,807 	0.216
+2013-07-08 	516,126 	0.221
+2013-07-15 	518,662 	0.222
+2013-07-22 	519,748 	0.223
+2013-07-29 	523,083 	0.224
+2013-08-05 	528,595 	0.226
+2013-08-12 	536,331 	0.230
+2013-08-19 	540,140 	0.231
+2013-08-26 	546,689 	0.234
+2013-09-02 	553,002 	0.236
+2013-09-09 	559,421 	0.239
+2013-09-16 	566,034 	0.241
+2013-09-23 	570,967 	0.243
+2013-09-30 	583,379 	0.248
+2013-10-07 	590,639 	0.251
+2013-10-14 	598,124 	0.254
+2013-10-21 	605,181 	0.257
+2013-10-28 	612,161 	0.260
+2013-11-04 	618,892 	0.262
+2013-11-11 	625,297 	0.265
+2013-11-18 	634,680 	0.269
+2013-11-25 	645,166 	0.273
+2013-12-02 	651,707 	0.276
+2013-12-09 	656,592 	0.278
+2013-12-16 	658,851 	0.279
+2013-12-23 	664,087 	0.281
+2013-12-30 	668,845 	0.283
+2014-01-06 	674,649 	0.285
+2014-01-13 	680,664 	0.288
+2014-01-20 	686,548 	0.290
+2014-01-27 	695,184 	0.293
+2014-02-03 	701,853 	0.296
+2014-02-10 	707,212 	0.298
+2014-02-17 	715,565 	0.301
+2014-02-24 	721,120 	0.303
+2014-03-03 	727,763 	0.305
+2014-03-10 	738,270 	0.309
+2014-03-17 	748,705 	0.313
+2014-03-24 	759,522 	0.318
+2014-03-31 	767,933 	0.321
+2014-04-07 	776,532 	0.324
+2014-04-14 	789,967 	0.329
+2014-04-21 	798,921 	0.332
+2014-04-28 	810,208 	0.337
+2014-05-05 	820,826 	0.341
+2014-05-12 	829,597 	0.344
+2014-05-19 	843,120 	0.350
+2014-05-26 	854,125 	0.354
+2014-06-02 	862,998 	0.358
+2014-06-09 	870,092 	0.360
+2014-06-16 	880,063 	0.364
+2014-06-23 	888,970 	0.368
+2014-06-30 	900,388 	0.372
+2014-07-07 	907,303 	0.375
+2014-07-14 	919,299 	0.379
+2014-07-21 	929,176 	0.383
+2014-07-28 	938,897 	0.387
+2014-08-04 	949,517 	0.391
+2014-08-11 	959,261 	0.395
+2014-08-18 	971,269 	0.399
+2014-08-25 	983,229 	0.404
+2014-09-01 	996,492 	0.409
+2014-09-08 	1,008,809 	0.414
+2014-09-15 	1,018,725 	0.418
+2014-09-22 	1,028,254 	0.421
+2014-09-29 	1,039,559 	0.425
+2014-10-06 	1,055,063 	0.431
+2014-10-13 	1,069,605 	0.436
+2014-10-20 	1,092,576 	0.445
+2014-10-27 	1,105,575 	0.451
+2014-11-03 	1,119,242 	0.456
+2014-11-10 	1,137,673 	0.464
+2014-11-17 	1,151,151 	0.469
+2014-11-24 	1,166,656 	0.475
+2014-12-01 	1,177,647 	0.479
+2014-12-08 	1,189,078 	0.484
+2014-12-15 	1,207,842 	0.491
+2014-12-22 	1,217,563 	0.495
+2014-12-29 	1,231,764 	0.501
+2015-01-05 	1,247,680 	0.507
+2015-01-12 	1,265,245 	0.514
+2015-01-19 	1,280,109 	0.520
+2015-01-26 	1,297,321 	0.526
+2015-02-02 	1,312,308 	0.531
+2015-02-09 	1,332,308 	0.539
+2015-02-16 	1,347,477 	0.544
+2015-02-23 	1,359,383 	0.549
+2015-03-02 	1,381,804 	0.558
+2015-03-09 	1,399,204 	0.564
+2015-03-16 	1,418,583 	0.572
+2015-03-23 	1,435,965 	0.579
+2015-03-30 	1,454,610 	0.586
+2015-04-06 	1,469,641 	0.592
+2015-04-13 	1,484,206 	0.597
+2015-04-20 	1,499,685 	0.603
+2015-04-27 	1,517,483 	0.610
+2015-05-04 	1,538,892 	0.620
+2015-05-11 	1,552,349 	0.625
+2015-05-18 	1,569,546 	0.632
+2015-05-25 	1,589,371 	0.640
+2015-06-01 	1,607,757 	0.647
+2015-06-08 	1,630,764 	0.655
+2015-06-15 	1,646,304 	0.661
+2015-06-22 	1,671,352 	0.670
+2015-06-29 	1,688,467 	0.676
+2015-07-06 	1,709,286 	0.683
+2015-07-13 	1,729,079 	0.691
+2015-07-20 	1,755,542 	0.701
+2015-07-27 	1,776,521 	0.710
+2015-08-03 	1,800,276 	0.719
+2015-08-10 	1,819,396 	0.726
+2015-08-17 	1,849,434 	0.737
+2015-08-24 	1,871,697 	0.745
+2015-08-31 	1,897,175 	0.755
+2015-09-07 	1,923,030 	0.764
+2015-09-14 	1,965,601 	0.779
+
+...the data source did not update for one month...
+
+2015-10-15 	2,459,695 	0.915
+2015-10-19 	2,477,094 	0.919
+2015-10-26 	2,503,454 	0.921
+2015-11-02 	2,525,536 	0.925
+2015-11-09 	2,549,874 	0.918
+2015-11-16 	2,586,187 	0.914
+2015-11-23 	2,620,791 	0.912
+2015-11-30 	2,654,232 	0.920
+2015-12-07 	2,690,496 	0.931
+2015-12-14 	2,716,079 	0.938
+2015-12-21 	2,745,964 	0.946
+2015-12-28 	2,767,578 	0.953
+2016-01-04 	2,780,037 	0.956
+2016-01-11 	2,808,816 	0.964
+2016-01-18 	2,833,824 	0.971
+2016-01-25 	2,854,693 	0.975
+2016-02-01 	2,889,095 	0.984
+2016-02-08 	2,921,854 	0.992
+2016-02-15 	2,941,870 	0.996
+2016-02-22 	2,980,241 	1.000
+2016-02-29 	3,015,906 	1.005
+2016-03-07 	3,052,477 	1.010
+2016-03-14 	3,093,608 	1.022
+2016-03-21 	3,123,234 	1.029
+2016-03-28 	3,154,356 	1.039
+2016-04-04 	3,175,503 	1.043
+2016-04-11 	3,201,418 	1.050
+2016-04-18 	3,230,048 	1.058
+2016-04-25 	3,250,479 	1.065
+2016-05-02 	3,284,012 	1.076
+2016-05-09 	3,304,421 	1.082
+2016-05-16 	3,345,090 	1.095
+2016-05-23 	3,369,703 	1.101
+2016-05-30 	3,398,037 	1.110
+2016-06-06 	3,422,237 	1.118
+2016-06-13 	3,446,664 	1.126
+2016-06-20 	3,466,012 	1.133
+2016-06-27 	3,491,453 	1.143
+2016-07-04 	3,535,104 	1.154
+2016-07-11 	3,557,826 	1.162
+2016-07-18 	3,577,119 	1.168
+2016-07-25 	3,594,073 	1.173
+2016-08-01 	3,598,272 	1.190
+2016-08-08 	3,643,865 	1.204
+2016-08-15 	3,671,903 	1.213
+2016-08-22 	3,693,125 	1.219
+2016-08-29 	3,710,646 	1.225
+2016-09-05 	3,741,690 	1.235
+2016-09-12 	3,760,204 	1.242
+2016-09-19 	3,785,458 	1.252
+2016-09-26 	3,794,284 	1.255
+2016-10-03 	3,826,115 	1.267
+2016-10-10 	3,859,078 	1.277
+2016-10-17 	3,900,896 	1.289
+2016-10-24 	3,928,593 	1.298
+2016-10-31 	3,966,977 	1.310
+2016-11-07 	4,007,417 	1.325
+2016-11-14 	4,044,849 	1.336
+2016-11-21 	4,090,463 	1.353
+2016-11-28 	4,128,982 	1.368
+2016-12-05 	4,150,122 	1.374
+2016-12-12 	4,180,124 	1.388
+2016-12-19 	4,215,130 	1.403
+2016-12-26 	4,264,692 	1.426
+2017-01-02 	4,313,167 	1.449
+2017-01-09 	4,370,013 	1.468
+2017-01-16 	4,412,616 	1.481
+2017-01-23 	4,435,988 	1.487
+2017-01-30 	4,497,257 	1.507
+2017-02-06 	4,565,328 	1.528
+2017-02-13 	4,630,694 	1.546
+2017-02-20 	4,692,037 	1.563
+2017-02-27 	4,738,938 	1.580
+2017-03-06 	4,763,870 	1.582
+2017-03-13 	4,797,089 	1.592
+2017-03-20 	4,848,941 	1.607
+2017-03-27 	4,872,968 	1.614
+2017-04-03 	4,899,299 	1.627
+2017-04-10 	4,929,269 	1.638
+2017-04-17 	4,935,522 	1.640
+2017-04-24 	4,967,471 	1.648
+2017-05-01 	4,999,621 	1.656
+2017-05-08 	5,045,945 	1.670
+2017-05-15 	5,085,359 	1.680
+2017-05-22 	5,118,847 	1.691
+2017-05-29 	5,156,948 	1.699
+2017-06-05 	5,183,607 	1.703
+2017-06-12 	5,231,308 	1.722
+2017-06-19 	5,507,691 	1.793
+2017-06-26 	5,571,118 	1.813
+2017-07-03 	5,592,312 	1.820
+2017-07-10 	5,617,151 	1.827
+2017-07-17 	5,653,175 	1.837
+2017-07-24 	5,700,932 	1.851
+2017-07-31 	5,771,722 	1.873
+2017-08-07 	5,809,459 	1.883
+2017-08-14 	5,836,431 	1.890
+2017-08-21 	5,872,947 	1.900
+2017-08-28 	5,904,417 	1.911
+2017-09-04 	5,944,257 	1.920
+2017-09-11 	5,977,055 	1.927
+2017-09-18 	6,013,372 	1.936
+2017-09-25 	6,047,315 	1.945
+2017-10-02 	6,094,842 	1.959
+2017-10-09 	6,129,147 	1.966
+2017-10-16 	6,157,099 	1.973
+2017-10-23 	6,198,152 	1.986
+2017-10-30 	6,235,789 	1.998
+2017-11-06 	6,271,018 	2.009
+2017-11-13 	6,299,504 	2.024
+2017-11-20 	6,340,142 	2.037
+2017-11-27 	6,363,377 	2.042
+2017-12-04 	6,390,003 	2.047
+2017-12-11 	6,426,854 	2.058
+2017-12-18 	6,458,112 	2.071
+2017-12-25 	6,445,461 	2.067
+2018-01-01 	6,443,406 	2.067
+2018-01-08 	6,482,529 	2.077
+2018-01-15 	6,514,604 	2.087
+2018-01-22 	6,528,120 	2.091
+2018-01-29 	6,564,496 	2.102
+2018-02-05 	6,599,073 	2.110
+2018-02-12 	6,634,101 	2.116
+2018-02-19 	6,664,120 	2.126
+2018-02-26 	6,654,423 	2.121
+2018-03-05 	6,696,513 	2.133
+2018-03-12 	6,739,825 	2.141
+2018-03-19 	6,779,526 	2.139
+2018-03-26 	6,814,395 	2.138
+2018-04-02 	6,859,918 	2.149
+2018-04-09 	6,909,496 	2.162
+2018-04-16 	6,954,315 	2.172
+2018-04-23 	7,006,517 	2.186
+2018-04-30 	7,043,652 	2.198
+2018-05-07 	7,099,084 	2.216
+2018-05-14 	7,148,454 	2.226
+2018-05-21 	7,207,113 	2.242
+2018-05-28 	7,362,802 	2.287
+2018-06-04 	7,474,019 	2.319
+2018-06-11 	7,563,181 	2.345
+2018-06-18 	7,608,843 	2.356
+2018-06-25 	7,655,184 	2.365
+2018-07-02 	7,718,513 	2.374
+2018-07-09 	7,762,731 	2.384
+2018-07-16 	7,834,993 	2.403
+2018-07-23 	7,901,368 	2.424
+2018-07-30 	7,936,604 	2.435
+2018-08-06 	7,992,083 	2.447
+2018-08-13 	8,051,515 	2.460
+2018-08-20 	8,116,197 	2.477
+2018-08-27 	8,181,685 	2.495
+2018-09-03 	8,233,488 	2.507
+2018-09-10 	8,281,597 	2.518
+2018-09-17 	8,341,527 	2.531
+2018-09-24 	8,379,509 	2.538
+2018-10-01 	8,413,490 	2.547
+2018-10-08 	8,461,715 	2.559
+2018-10-15 	8,494,717 	2.565
+2018-10-22 	8,526,445 	2.569
+2018-10-29 	8,561,946 	2.580
+2018-11-05 	8,599,714 	2.590
+2018-11-12 	8,623,601 	2.594
+2018-11-19 	8,692,707 	2.610
+2018-11-26 	8,725,435 	2.618
+2018-12-03 	8,761,409 	2.624
+2018-12-10 	8,802,587 	2.634
+2018-12-17 	8,837,849 	2.642
+2018-12-24 	8,884,186 	2.655
+2018-12-31 	8,967,431 	2.679
+2019-01-07 	9,029,733 	2.696
+2019-01-14 	9,116,113 	2.717
+2019-01-21 	9,163,968 	2.729
+2019-01-28 	9,212,710 	2.741
+2019-02-04 	9,259,657 	2.751
+2019-02-11 	9,289,395 	2.757
+2019-02-18 	9,327,549 	2.764
+2019-02-25 	9,367,875 	2.773
+2019-03-04 	9,422,615 	2.785
+2019-03-11 	9,456,622 	2.792
+2019-03-18 	9,536,879 	2.816
+2019-03-25 	9,582,190 	2.827
+2019-04-01 	9,614,826 	2.834
+2019-04-08 	9,661,770 	2.843
+2019-04-15 	9,639,449 	2.833
+2019-04-22 	9,663,323 	2.838
+2019-04-29 	9,701,268 	2.846
+2019-05-06 	9,726,091 	2.852
+2019-05-13 	9,755,458 	2.859
+2019-05-20 	9,771,923 	2.860
+2019-05-27 	9,804,848 	2.868
+2019-06-03 	9,825,872 	2.872
+2019-06-10 	9,848,810 	2.877
+2019-06-17 	9,874,825 	2.882
+2019-06-24 	9,920,997 	2.892
+2019-07-01 	9,945,591 	2.895
+2019-07-08 	9,966,342 	2.899
+2019-07-15 	10,009,608 	2.905
+2019-07-22 	10,042,009 	2.916
+2019-07-29 	10,061,628 	2.919
+2019-08-05 	10,083,894 	2.923
+2019-08-12 	10,118,603 	2.930
+2019-08-19 	10,151,279 	2.936
+2019-08-26 	10,187,533 	2.944
+2019-09-02 	10,229,840 	2.955
+2019-09-09 	10,258,506 	2.961
+2019-09-16 	10,299,487 	2.970
+2019-09-23 	10,331,298 	2.976
+2019-09-30 	10,365,561 	2.984
+2019-10-07 	10,405,629 	2.993
+2019-10-14 	10,448,773 	3.001
+2019-10-21 	10,493,553 	3.012
+2019-10-28 	10,530,175 	3.020
+2019-11-04 	10,573,154 	3.031
+2019-11-11 	10,626,620 	3.043
+2019-11-18 	10,652,831 	3.050
+2019-11-25 	10,712,813 	3.064
+2019-12-02 	10,771,957 	3.078
+2019-12-09 	10,869,576 	3.104
+2019-12-16 	10,932,699 	3.120
+2019-12-23 	10,992,952 	3.032
+2019-12-30 	11,024,536 	3.041
+2020-01-06 	11,046,219 	3.045
+2020-01-13 	11,072,583 	3.049
+2020-01-20 	11,104,343 	3.055
+2020-01-27 	11,121,659 	3.057
+2020-02-03 	11,131,602 	3.056
+2020-02-10 	11,157,317 	3.059
+2020-02-17 	11,195,632 	3.064
+2020-02-24 	11,232,851 	3.071
+2020-03-02 	11,543,562 	2.799
+2020-03-09 	11,598,986 	2.804
+2020-03-16 	11,608,288 	2.802
+2020-03-23 	11,614,818 	2.802
+2020-03-30 	11,594,092 	2.796
+2020-04-06 	11,608,284 	2.798
+2020-04-13 	11,661,017 	2.808
+2020-04-20 	11,777,589 	2.830
+2020-04-27 	11,802,977 	2.834
+2020-05-04 	11,855,622 	2.845
+2020-05-11 	11,905,370 	2.854
+2020-05-18 	11,925,996 	2.857
+2020-05-25 	11,975,702 	2.867
+2020-06-01 	12,006,857 	2.871
+2020-06-08 	12,040,513 	2.879
+2020-06-15 	12,088,287 	2.887
+2020-06-22 	12,134,019 	2.896
+2020-06-29 	12,058,454 	2.948
+2020-07-06 	12,121,766 	2.961
+2020-07-13 	12,181,945 	2.973
+2020-07-20 	12,221,082 	2.981
+2020-07-27 	12,253,014 	2.987
+```
+
+
+### Harvard Business School
+### The source of CloudFlare's delusions
+
+![](img/harvard.gif)
+
+- [Why entrepreneurs need to be a little delusional](https://web.archive.org/web/20210826102852/http://web.archive.org/web/20140715071656/http://poetsandquants.com/2013/11/18/qa-with-harvards-top-entrepreneurship-professor/)   (2013-11-18)
+
+```
+We can tell students what the failure odds are, but it's one thing for
+people to know the stats, and it's another to actually feel it's going to
+be you. A lot of people think they will be that one person to beat the
+odds, and I guess that's good to have that confidence. Basically we
+need people to be a little delusional.
+```
+ — Professor Tom Eisenmann, Harvard Business School
+
+
+- [HBS-founded CloudFlare is Sky High](https://web.archive.org/web/20210826102852/http://web.archive.org/web/20140911104439/http://www.harbus.org/2011/cloudflare/)   (2011-11-14)
+
+```
+However you describe CloudFlare, it is clearly flourishing. Since its
+founding two years ago at HBS, the company's network now extends
+to 15 billion page views and 350 million visitors per month, which is
+more traffic than Amazon, Wikipedia and Twitter combined. 'One out
+of every five people on the Internet has passed through our network
+in the last month,' says Prince. 'Kind of stunning.' ... Zatlyn and Prince
+cite a number of HBS influences as critical sources of support, with
+Professor Eisenmann being at the top of the list. They recount how
+they took his Entrepreneurship course their first year, and he then
+encouraged them from their very first discussions beginning in the
+lobby bar at the Sheraton in Palo Alto. 'Tom was a cheerleader from
+the beginning,' says Prince. 'And he's continued to be in touch. Every
+time he is out here, we see him.'
+```
+
+![](img/shelter4.gif)
+
+
+---
+
+[home page](README.md)

subfiles/classics/cfnsdump.md

@@ -0,0 +1,424 @@
+# CloudFlare nameservers
+
+Great moments in
+anti-DDoS engineering:
+
+![](img/eggs.jpg)
+
+
+These IP addresses have been static since mid-2014.
+How many lines of code are required to hit this entire
+list repeatedly with a huge Internet-of-Things botnet?
+Not many (see footnote).
+
+```
+        abby.ns.cloudflare.com 173.245.58.100
+        ada.ns.cloudflare.com 173.245.58.54
+        adam.ns.cloudflare.com 173.245.59.54
+        adel.ns.cloudflare.com 173.245.58.55
+        adi.ns.cloudflare.com 173.245.58.56
+        adrian.ns.cloudflare.com 173.245.58.57
+        aida.ns.cloudflare.com 173.245.58.58
+        aiden.ns.cloudflare.com 173.245.59.55
+        ajay.ns.cloudflare.com 173.245.59.56
+        alan.ns.cloudflare.com 173.245.59.57
+        albert.ns.cloudflare.com 173.245.59.58
+        alec.ns.cloudflare.com 173.245.59.59
+        alex.ns.cloudflare.com 173.245.59.100
+        alexis.ns.cloudflare.com 173.245.59.60
+        algin.ns.cloudflare.com 173.245.59.61
+        ali.ns.cloudflare.com 173.245.58.59
+        alice.ns.cloudflare.com 173.245.58.60
+        alina.ns.cloudflare.com 173.245.58.61
+        alla.ns.cloudflare.com 173.245.58.62
+        amanda.ns.cloudflare.com 173.245.58.63
+        amber.ns.cloudflare.com 173.245.58.64
+        amir.ns.cloudflare.com 173.245.59.62
+        amit.ns.cloudflare.com 173.245.59.63
+        amy.ns.cloudflare.com 173.245.58.101
+        andy.ns.cloudflare.com 173.245.59.101
+        angela.ns.cloudflare.com 173.245.58.65
+        anirban.ns.cloudflare.com 173.245.59.64
+        anna.ns.cloudflare.com 173.245.58.102
+        anuj.ns.cloudflare.com 173.245.59.65
+        apollo.ns.cloudflare.com 173.245.59.66
+        april.ns.cloudflare.com 173.245.58.66
+        ara.ns.cloudflare.com 173.245.58.67
+        aragorn.ns.cloudflare.com 173.245.59.67
+        arch.ns.cloudflare.com 173.245.59.68
+        aria.ns.cloudflare.com 173.245.58.68
+        arnold.ns.cloudflare.com 173.245.59.69
+        aron.ns.cloudflare.com 173.245.58.69
+        art.ns.cloudflare.com 173.245.59.102
+        arya.ns.cloudflare.com 173.245.58.70
+        asa.ns.cloudflare.com 173.245.58.246
+        ashley.ns.cloudflare.com 173.245.58.71
+        athena.ns.cloudflare.com 173.245.58.72
+        austin.ns.cloudflare.com 173.245.59.70
+        barbara.ns.cloudflare.com 173.245.58.248
+        bart.ns.cloudflare.com 173.245.59.71
+        bayan.ns.cloudflare.com 173.245.59.72
+        beau.ns.cloudflare.com 173.245.59.73
+        becky.ns.cloudflare.com 173.245.58.73
+        bella.ns.cloudflare.com 173.245.58.74
+        ben.ns.cloudflare.com 173.245.59.103
+        beth.ns.cloudflare.com 173.245.58.103
+        betty.ns.cloudflare.com 173.245.58.75
+        bill.ns.cloudflare.com 173.245.59.74
+        bob.ns.cloudflare.com 173.245.59.104
+        bonnie.ns.cloudflare.com 173.245.58.76
+        boyd.ns.cloudflare.com 173.245.59.75
+        brad.ns.cloudflare.com 173.245.59.105
+        brenda.ns.cloudflare.com 173.245.58.77
+        brett.ns.cloudflare.com 173.245.59.76
+        brianna.ns.cloudflare.com 173.245.58.245
+        brit.ns.cloudflare.com 173.245.58.78
+        bruce.ns.cloudflare.com 173.245.59.77
+        buck.ns.cloudflare.com 173.245.59.78
+        burt.ns.cloudflare.com 173.245.59.79
+        candy.ns.cloudflare.com 173.245.58.79
+        carl.ns.cloudflare.com 173.245.59.106
+        carol.ns.cloudflare.com 173.245.58.80
+        carter.ns.cloudflare.com 173.245.59.80
+        cash.ns.cloudflare.com 173.245.59.81
+        cass.ns.cloudflare.com 173.245.58.81
+        chad.ns.cloudflare.com 173.245.59.82
+        chan.ns.cloudflare.com 173.245.58.82
+        charles.ns.cloudflare.com 173.245.59.83
+        cheryl.ns.cloudflare.com 173.245.58.83
+        chin.ns.cloudflare.com 173.245.58.84
+        chip.ns.cloudflare.com 173.245.59.84
+        chloe.ns.cloudflare.com 173.245.58.85
+        chris.ns.cloudflare.com 173.245.59.85
+        chuck.ns.cloudflare.com 173.245.59.86
+        clark.ns.cloudflare.com 173.245.59.87
+        clay.ns.cloudflare.com 173.245.59.88
+        cleo.ns.cloudflare.com 173.245.59.89
+        clint.ns.cloudflare.com 173.245.59.90
+        cloe.ns.cloudflare.com 173.245.58.86
+        clyde.ns.cloudflare.com 173.245.59.91
+        coby.ns.cloudflare.com 173.245.59.92
+        coco.ns.cloudflare.com 173.245.58.104
+        cody.ns.cloudflare.com 173.245.59.107
+        connie.ns.cloudflare.com 173.245.58.247
+        cortney.ns.cloudflare.com 173.245.58.87
+        cory.ns.cloudflare.com 173.245.59.93
+        cruz.ns.cloudflare.com 173.245.58.88
+        curt.ns.cloudflare.com 173.245.59.94
+        dahlia.ns.cloudflare.com 173.245.58.89
+        daisy.ns.cloudflare.com 173.245.58.90
+        dale.ns.cloudflare.com 173.245.59.95
+        damon.ns.cloudflare.com 173.245.59.96
+        dan.ns.cloudflare.com 173.245.59.108
+        dana.ns.cloudflare.com 173.245.58.105
+        dane.ns.cloudflare.com 173.245.59.97
+        dara.ns.cloudflare.com 173.245.58.91
+        darl.ns.cloudflare.com 173.245.59.98
+        darwin.ns.cloudflare.com 173.245.59.151
+        dave.ns.cloudflare.com 173.245.59.109
+        david.ns.cloudflare.com 173.245.59.152
+        dawn.ns.cloudflare.com 173.245.58.106
+        dean.ns.cloudflare.com 173.245.59.153
+        deb.ns.cloudflare.com 173.245.58.92
+        dee.ns.cloudflare.com 173.245.58.93
+        dell.ns.cloudflare.com 173.245.58.94
+        demi.ns.cloudflare.com 173.245.58.95
+        derek.ns.cloudflare.com 173.245.59.154
+        desi.ns.cloudflare.com 173.245.58.96
+        dilbert.ns.cloudflare.com 173.245.59.155
+        dina.ns.cloudflare.com 173.245.58.107
+        dion.ns.cloudflare.com 173.245.59.156
+        diva.ns.cloudflare.com 173.245.58.97
+        dolly.ns.cloudflare.com 173.245.58.98
+        dom.ns.cloudflare.com 173.245.59.157
+        donald.ns.cloudflare.com 173.245.59.158
+        donna.ns.cloudflare.com 173.245.58.151
+        dora.ns.cloudflare.com 173.245.58.108
+        dorthy.ns.cloudflare.com 173.245.58.249
+        doug.ns.cloudflare.com 173.245.59.159
+        drew.ns.cloudflare.com 173.245.59.160
+        duke.ns.cloudflare.com 173.245.59.110
+        earl.ns.cloudflare.com 173.245.59.161
+        ed.ns.cloudflare.com 173.245.59.111
+        edna.ns.cloudflare.com 173.245.58.109
+        elaine.ns.cloudflare.com 173.245.58.152
+        elinore.ns.cloudflare.com 173.245.58.153
+        elle.ns.cloudflare.com 173.245.58.110
+        elliot.ns.cloudflare.com 173.245.59.162
+        elma.ns.cloudflare.com 173.245.58.154
+        elmo.ns.cloudflare.com 173.245.59.163
+        elsa.ns.cloudflare.com 173.245.58.111
+        emily.ns.cloudflare.com 173.245.58.155
+        emma.ns.cloudflare.com 173.245.58.112
+        eric.ns.cloudflare.com 173.245.59.112
+        erin.ns.cloudflare.com 173.245.58.113
+        ernest.ns.cloudflare.com 173.245.59.164
+        etta.ns.cloudflare.com 173.245.58.156
+        eva.ns.cloudflare.com 173.245.58.114
+        evan.ns.cloudflare.com 173.245.59.165
+        fay.ns.cloudflare.com 173.245.58.115
+        fiona.ns.cloudflare.com 173.245.58.157
+        frank.ns.cloudflare.com 173.245.59.166
+        fred.ns.cloudflare.com 173.245.59.113
+        gabe.ns.cloudflare.com 173.245.59.114
+        gail.ns.cloudflare.com 173.245.58.116
+        gene.ns.cloudflare.com 173.245.58.158
+        george.ns.cloudflare.com 173.245.59.167
+        gerald.ns.cloudflare.com 173.245.59.168
+        gina.ns.cloudflare.com 173.245.58.117
+        glen.ns.cloudflare.com 173.245.59.169
+        gordon.ns.cloudflare.com 173.245.59.170
+        grace.ns.cloudflare.com 173.245.58.159
+        graham.ns.cloudflare.com 173.245.59.171
+        greg.ns.cloudflare.com 173.245.59.115
+        guss.ns.cloudflare.com 173.245.59.172
+        guy.ns.cloudflare.com 173.245.59.173
+        gwen.ns.cloudflare.com 173.245.58.160
+        hal.ns.cloudflare.com 173.245.59.174
+        hank.ns.cloudflare.com 173.245.59.116
+        hans.ns.cloudflare.com 173.245.59.175
+        heather.ns.cloudflare.com 173.245.58.161
+        henry.ns.cloudflare.com 173.245.59.176
+        hera.ns.cloudflare.com 173.245.58.162
+        hope.ns.cloudflare.com 173.245.58.163
+        hugh.ns.cloudflare.com 173.245.59.117
+        ian.ns.cloudflare.com 173.245.59.118
+        igor.ns.cloudflare.com 173.245.59.119
+        ines.ns.cloudflare.com 173.245.58.164
+        ingrid.ns.cloudflare.com 173.245.58.165
+        iris.ns.cloudflare.com 173.245.58.118
+        irma.ns.cloudflare.com 173.245.58.166
+        isaac.ns.cloudflare.com 173.245.59.177
+        isla.ns.cloudflare.com 173.245.58.119
+        ivan.ns.cloudflare.com 173.245.59.120
+        ivy.ns.cloudflare.com 173.245.58.120
+        jack.ns.cloudflare.com 173.245.59.121
+        jade.ns.cloudflare.com 173.245.58.167
+        jake.ns.cloudflare.com 173.245.59.122
+        james.ns.cloudflare.com 173.245.59.178
+        jamie.ns.cloudflare.com 173.245.58.168
+        janet.ns.cloudflare.com 173.245.58.169
+        jasmine.ns.cloudflare.com 173.245.58.170
+        jason.ns.cloudflare.com 173.245.59.179
+        jay.ns.cloudflare.com 173.245.59.123
+        jean.ns.cloudflare.com 173.245.58.121
+        jeff.ns.cloudflare.com 173.245.59.124
+        jeremy.ns.cloudflare.com 173.245.59.180
+        jerome.ns.cloudflare.com 173.245.59.181
+        jerry.ns.cloudflare.com 173.245.59.182
+        jessica.ns.cloudflare.com 173.245.58.171
+        jill.ns.cloudflare.com 173.245.58.122
+        jim.ns.cloudflare.com 173.245.59.125
+        jo.ns.cloudflare.com 173.245.58.172
+        joan.ns.cloudflare.com 173.245.58.173
+        jobs.ns.cloudflare.com 173.245.59.183
+        jocelyn.ns.cloudflare.com 173.245.58.174
+        joel.ns.cloudflare.com 173.245.59.184
+        john.ns.cloudflare.com 173.245.59.185
+        jonah.ns.cloudflare.com 173.245.59.186
+        josh.ns.cloudflare.com 173.245.59.126
+        jule.ns.cloudflare.com 173.245.58.175
+        june.ns.cloudflare.com 173.245.58.176
+        justin.ns.cloudflare.com 173.245.59.187
+        kai.ns.cloudflare.com 173.245.59.188
+        kami.ns.cloudflare.com 173.245.58.177
+        kanye.ns.cloudflare.com 173.245.59.189
+        kara.ns.cloudflare.com 173.245.58.123
+        karina.ns.cloudflare.com 173.245.58.178
+        karl.ns.cloudflare.com 173.245.59.190
+        kate.ns.cloudflare.com 173.245.58.124
+        kay.ns.cloudflare.com 173.245.58.125
+        ken.ns.cloudflare.com 173.245.59.127
+        kevin.ns.cloudflare.com 173.245.59.191
+        kia.ns.cloudflare.com 173.245.58.179
+        kiki.ns.cloudflare.com 173.245.58.180
+        kim.ns.cloudflare.com 173.245.58.126
+        kip.ns.cloudflare.com 173.245.59.128
+        kirk.ns.cloudflare.com 173.245.59.192
+        kristin.ns.cloudflare.com 173.245.58.181
+        kurt.ns.cloudflare.com 173.245.59.193
+        lady.ns.cloudflare.com 173.245.58.127
+        lakas.ns.cloudflare.com 173.245.59.194
+        lana.ns.cloudflare.com 173.245.58.182
+        lara.ns.cloudflare.com 173.245.58.128
+        lars.ns.cloudflare.com 173.245.59.195
+        laura.ns.cloudflare.com 173.245.58.183
+        leah.ns.cloudflare.com 173.245.58.129
+        lee.ns.cloudflare.com 173.245.59.129
+        leia.ns.cloudflare.com 173.245.58.184
+        lex.ns.cloudflare.com 173.245.59.196
+        lia.ns.cloudflare.com 173.245.58.185
+        lila.ns.cloudflare.com 173.245.58.186
+        lily.ns.cloudflare.com 173.245.58.130
+        lina.ns.cloudflare.com 173.245.58.187
+        linda.ns.cloudflare.com 173.245.58.250
+        lisa.ns.cloudflare.com 173.245.58.131
+        liv.ns.cloudflare.com 173.245.58.188
+        liz.ns.cloudflare.com 173.245.58.189
+        lloyd.ns.cloudflare.com 173.245.59.197
+        logan.ns.cloudflare.com 173.245.59.198
+        lola.ns.cloudflare.com 173.245.58.132
+        lorna.ns.cloudflare.com 173.245.58.190
+        lou.ns.cloudflare.com 173.245.59.199
+        lucy.ns.cloudflare.com 173.245.58.133
+        luke.ns.cloudflare.com 173.245.59.200
+        lynn.ns.cloudflare.com 173.245.59.201
+        major.ns.cloudflare.com 173.245.59.241
+        marek.ns.cloudflare.com 173.245.59.202
+        marge.ns.cloudflare.com 173.245.58.191
+        maria.ns.cloudflare.com 173.245.58.192
+        mario.ns.cloudflare.com 173.245.59.203
+        marjory.ns.cloudflare.com 173.245.58.193
+        mark.ns.cloudflare.com 173.245.59.130
+        marty.ns.cloudflare.com 173.245.59.204
+        mary.ns.cloudflare.com 173.245.58.134
+        matt.ns.cloudflare.com 173.245.59.131
+        max.ns.cloudflare.com 173.245.59.132
+        may.ns.cloudflare.com 173.245.58.135
+        maya.ns.cloudflare.com 173.245.58.194
+        meera.ns.cloudflare.com 173.245.58.195
+        meg.ns.cloudflare.com 173.245.58.196
+        megan.ns.cloudflare.com 173.245.58.197
+        melinda.ns.cloudflare.com 173.245.58.198
+        melissa.ns.cloudflare.com 173.245.58.199
+        merlin.ns.cloudflare.com 173.245.59.205
+        mia.ns.cloudflare.com 173.245.58.200
+        micah.ns.cloudflare.com 173.245.59.206
+        michelle.ns.cloudflare.com 173.245.58.201
+        miki.ns.cloudflare.com 173.245.58.202
+        miles.ns.cloudflare.com 173.245.59.207
+        mimi.ns.cloudflare.com 173.245.58.203
+        mira.ns.cloudflare.com 173.245.58.204
+        mitch.ns.cloudflare.com 173.245.59.208
+        molly.ns.cloudflare.com 173.245.58.205
+        mona.ns.cloudflare.com 173.245.58.206
+        nadia.ns.cloudflare.com 173.245.58.207
+        naomi.ns.cloudflare.com 173.245.58.208
+        nash.ns.cloudflare.com 173.245.59.209
+        ned.ns.cloudflare.com 173.245.59.210
+        neil.ns.cloudflare.com 173.245.59.211
+        nelly.ns.cloudflare.com 173.245.58.209
+        newt.ns.cloudflare.com 173.245.59.212
+        nia.ns.cloudflare.com 173.245.58.210
+        nick.ns.cloudflare.com 173.245.59.213
+        nicole.ns.cloudflare.com 173.245.58.211
+        nile.ns.cloudflare.com 173.245.59.214
+        nina.ns.cloudflare.com 173.245.58.136
+        nitin.ns.cloudflare.com 173.245.59.215
+        noah.ns.cloudflare.com 173.245.59.133
+        noel.ns.cloudflare.com 173.245.59.216
+        nola.ns.cloudflare.com 173.245.58.212
+        nora.ns.cloudflare.com 173.245.58.213
+        norm.ns.cloudflare.com 173.245.59.134
+        norman.ns.cloudflare.com 173.245.59.217
+        olga.ns.cloudflare.com 173.245.58.137
+        oswald.ns.cloudflare.com 173.245.59.218
+        owen.ns.cloudflare.com 173.245.59.219
+        pablo.ns.cloudflare.com 173.245.59.220
+        pam.ns.cloudflare.com 173.245.58.138
+        pat.ns.cloudflare.com 173.245.58.139
+        paul.ns.cloudflare.com 173.245.59.135
+        pete.ns.cloudflare.com 173.245.59.136
+        peyton.ns.cloudflare.com 173.245.59.221
+        phil.ns.cloudflare.com 173.245.59.137
+        piotr.ns.cloudflare.com 173.245.59.222
+        plato.ns.cloudflare.com 173.245.59.223
+        pola.ns.cloudflare.com 173.245.58.214
+        rachel.ns.cloudflare.com 173.245.58.215
+        rafe.ns.cloudflare.com 173.245.58.216
+        rajeev.ns.cloudflare.com 173.245.59.224
+        ram.ns.cloudflare.com 173.245.59.225
+        ray.ns.cloudflare.com 173.245.59.138
+        reza.ns.cloudflare.com 173.245.58.217
+        rick.ns.cloudflare.com 173.245.59.139
+        rihana.ns.cloudflare.com 173.245.58.244
+        rita.ns.cloudflare.com 173.245.58.140
+        roan.ns.cloudflare.com 173.245.59.226
+        rob.ns.cloudflare.com 173.245.59.140
+        robin.ns.cloudflare.com 173.245.58.218
+        rocky.ns.cloudflare.com 173.245.59.227
+        rodney.ns.cloudflare.com 173.245.59.228
+        rosa.ns.cloudflare.com 173.245.58.228
+        rose.ns.cloudflare.com 173.245.58.141
+        roxy.ns.cloudflare.com 173.245.58.142
+        rudy.ns.cloudflare.com 173.245.59.229
+        ruth.ns.cloudflare.com 173.245.58.143
+        sam.ns.cloudflare.com 173.245.59.141
+        sandy.ns.cloudflare.com 173.245.58.219
+        sara.ns.cloudflare.com 173.245.58.144
+        scott.ns.cloudflare.com 173.245.59.230
+        sean.ns.cloudflare.com 173.245.59.231
+        serena.ns.cloudflare.com 173.245.58.220
+        seth.ns.cloudflare.com 173.245.59.142
+        sharon.ns.cloudflare.com 173.245.58.221
+        sid.ns.cloudflare.com 173.245.59.143
+        sima.ns.cloudflare.com 173.245.58.222
+        simon.ns.cloudflare.com 173.245.59.232
+        skip.ns.cloudflare.com 173.245.59.233
+        sofia.ns.cloudflare.com 173.245.58.223
+        sri.ns.cloudflare.com 173.245.59.234
+        stan.ns.cloudflare.com 173.245.59.235
+        sue.ns.cloudflare.com 173.245.58.145
+        tani.ns.cloudflare.com 173.245.58.224
+        tara.ns.cloudflare.com 173.245.58.225
+        tegan.ns.cloudflare.com 173.245.58.226
+        terin.ns.cloudflare.com 173.245.59.236
+        terry.ns.cloudflare.com 173.245.59.237
+        tess.ns.cloudflare.com 173.245.58.227
+        theo.ns.cloudflare.com 173.245.59.144
+        thomas.ns.cloudflare.com 173.245.59.238
+        tia.ns.cloudflare.com 173.245.58.229
+        tim.ns.cloudflare.com 173.245.59.145
+        tina.ns.cloudflare.com 173.245.58.230
+        toby.ns.cloudflare.com 173.245.59.239
+        todd.ns.cloudflare.com 173.245.59.146
+        tom.ns.cloudflare.com 173.245.59.147
+        tony.ns.cloudflare.com 173.245.59.240
+        tori.ns.cloudflare.com 173.245.58.231
+        trey.ns.cloudflare.com 173.245.59.242
+        tricia.ns.cloudflare.com 173.245.58.232
+        ulla.ns.cloudflare.com 173.245.58.233
+        uma.ns.cloudflare.com 173.245.58.146
+        val.ns.cloudflare.com 173.245.58.234
+        venus.ns.cloudflare.com 173.245.58.235
+        vera.ns.cloudflare.com 173.245.58.147
+        vern.ns.cloudflare.com 173.245.59.243
+        vick.ns.cloudflare.com 173.245.59.244
+        vida.ns.cloudflare.com 173.245.58.236
+        vin.ns.cloudflare.com 173.245.59.245
+        violet.ns.cloudflare.com 173.245.58.237
+        vita.ns.cloudflare.com 173.245.58.238
+        wally.ns.cloudflare.com 173.245.58.239
+        walt.ns.cloudflare.com 173.245.59.148
+        wanda.ns.cloudflare.com 173.245.58.240
+        wesley.ns.cloudflare.com 173.245.59.246
+        west.ns.cloudflare.com 173.245.59.247
+        will.ns.cloudflare.com 173.245.59.149
+        woz.ns.cloudflare.com 173.245.59.150
+        yichun.ns.cloudflare.com 173.245.59.248
+        yolanda.ns.cloudflare.com 173.245.58.241
+        zara.ns.cloudflare.com 173.245.58.148
+        zelda.ns.cloudflare.com 173.245.58.242
+        zeus.ns.cloudflare.com 173.245.59.249
+        zita.ns.cloudflare.com 173.245.58.243
+        zod.ns.cloudflare.com 173.245.59.250
+        zoe.ns.cloudflare.com 173.245.58.149
+```
+
+```
+                  The third quad is 58 or 59, and the
+                  fourth quad is between 54 and 250.
+
+                  Now put them together:
+
+                  quad4 = quad4 + 1
+                  if quad4 > 250
+                  {
+                    quad4 = 54
+                    if quad3 == 58 then quad3 = 59 else quad3 = 58
+                  } 
+```
+
+---
+
+[home](README.md)

subfiles/classics/cfs.md

@@ -0,0 +1,12 @@
+# Uncovering bad guys hiding behind CloudFlare
+
+
+We believe in privacy for passive users of the web. But publishers on the web, as opposed to passive users who merely read pages, should be accountable. All CloudFlare customers are publishers, and many use CloudFlare because it encourages them to hide their original IP address. When they receive abuse complaints, CloudFlare resorts to diversions to pretend that they are acting responsibly — assuming that they respond at all. A refusal to embrace web accountability leads to cybercrime. That's why we use the term "CrimeFlare" to describe this company.
+
+There are sites on the web that specialize in collecting registration and nameserver data. Several are serious research sites, while the rest are sites claiming that various domain names are worth big bucks in potential ad revenue, based on their traffic. Customers must change the nameservers on their registration in order to use most services. Each customer's domain is assigned two nameservers. This makes it easier to verify which domains depend on CloudFlare, and helps us keep our domain lists relatively current.
+
+![](img/adman2.gif)
+
+---
+
+[home](README.md)

subfiles/classics/cfsites.md

@@ -0,0 +1,26 @@
+# Some domains that recently used CloudFlare
+
+### "Protecting our customers from bad guys..."
+
+Do these domains deserve CloudFlare's protection?
+Perhaps we all need to be protected from CloudFlare! 
+
+![](img/skull.jpg)
+
+![](img/cfhacker.jpg)
+
+![](img/maskguy.gif)
+
+![](img/rstress.jpg)
+
+![](img/lulzsec.jpg)
+
+![](img/warez.jpg)
+
+![](img/badge1.gif)
+
+![](img/proxies.gif)
+
+---
+
+[home page](README.md)

subfiles/classics/cfssl.md

@@ -0,0 +1,38 @@
+
+"In other words, nothing can be done about the ISIS sites, carders, booters, gamblers,
+escorts, phishers, malware, and copyright infringers that CloudFlare protects."
+
+# CloudFlare's half-baked SSL: suspicious sockets layer
+
+> October 2013
+> updated: March 18, 2020
+
+We were inspired to collect the data on this page after reading this report: [Phishers using CloudFlare for SSL](https://web.archive.org/web/20210824200208/http://news.netcraft.com/archives/2013/10/07/phishers-using-cloudflare-for-ssl.html). Also see this [technical analysis](file/httpsincdn.pdf) (PDF, 545 KB) on the use of SSL by CloudFlare and similar services. The CloudFlare certificates we found all had the common name in the same style as the "ssl2796.cloudflare.com" shown in that Netcraft report. The "ssl2796" in the name is a CloudFlare tracking ID in the 49,541 root domains we found that use "standard" (not "universal") CloudFlare certificates. Every root domain also has a subdomain wildcard line (*.example.com), which we deleted to save space.
+
+![](img/nsa7.png)
+
+We compiled this list by attempting a handshake with the CloudFlare domains in our database. The "standard" certificates on this page (with "ssl" in front of the number instead of "sni") mean that the domain has a paid account at CloudFlare. Paid accounts make up about five percent of the domains that use CloudFlare, according to [news reports](https://web.archive.org/web/20210824200208/http://web.archive.org/web/20160310090126/http://www.cnbc.com/2014/12/22/cloudflare-to-open-a-data-center-a-week-in-2015.html). It's all a marketing effort anyway, whether paid or free. There is no such thing as "secure" SSL when you have potential Men-In-The-Middle at scores of data centers around the world. Local authorities could be sniffing the plaintext available at these data centers, and CloudFlare wouldn't have a clue. (Their "data centers" are typically a rack or two of equipment that CloudFlare ships to a real data center, along with installation instructions.) We asked CloudFlare to confirm that sniffing is possible at these so-called "data centers," but they didn't respond. By now we're wondering if there's a plaintext Ethernet port at the back of their equipment rack that makes interception easy and convenient. If so, it would make no difference whether the origin server has its own certificate.
+
+![](img/sniff2.gif)
+
+CloudFlare may claim that there is no way plaintext can be accessed from their equipment racks, despite the fact that some sort of decrypt and re-encrypt must occur there due to the nature of their role as a CDN. After all, CloudFlare has engineers who come up with clever techniques to enhance SSL. But imagine that you are a government regulator in a country where a big ISP hosts a CloudFlare "data center." Your job is to consider the Internet in terms of public safety and current laws, and you go to that ISP with a list of CloudFlare-user domains you want blocked. The ISP replies that everything is encrypted, and CloudFlare traffic cannot be intercepted. In other words, nothing can be done about the ISIS sites, carders, booters, gamblers, escorts, phishers, malware, and copyright infringers that CloudFlare protects. How would you respond? It's fairly obvious — you ask this ISP to block the CloudFlare IP addresses used by the offending domains. If those IPs change, then block CloudFlare's entire IP space, and continue to monitor the situation. If CloudFlare's traffic still gets through, you ask the ISP to pull the plug on CloudFlare's racks. This is why CloudFlare will add a plaintext port to their own hardware someday, if they haven't already.
+
+The CloudFlare certificates below encrypt the traffic only between the browser and CloudFlare. The traffic between the original web server and CloudFlare remains unencrypted unless the web server owner has his own certificate installed on his machine. Almost everyone who browses a https domain reached from CloudFlare is unaware that just half of the route is encrypted. When they see the padlock on their screen, they feel that everything is safe. This is why phishers love CloudFlare's SSL. It's easy to use for a cybercriminal with numerous domains hidden behind the privacy services of various registrars. Moreover, the subdomain wildcard option on each domain is handy for obscuring a URL in a phishing email.
+
+Suppose that grandpa, age 90, gets an official-looking email that advises him to immediately change his password. He clicks on the URL in the email and ends up at bankofamerica.q4.es. This page is an excellent imitation of the Bank of America pages he remembers, and there is also that nice little SSL padlock in the corner of the address bar. Would he fill out the form? Probably, because he doesn't realize that he's at a subdomain of q4.es and is entering his old and new password into a fake page for the benefit of a phisher.
+
+![](img/phish1.gif)
+
+As if the "standard" certificates aren't enough of a problem, there are also over four million "universal" certificates that present bigger problems. All you need for a free CloudFlare account is a domain and an email address. Little countries and even some little islands all have their own top-level domain these days. Rich people can buy a generic top-level domain. Many registrars around the world are pleased to sell these ccTLD and gTLD registrations. It's a cash cow for everyone, but especially for bad guys. The same situation exists for anyone who needs a throwaway email address that's nearly impossible to trace.
+
+Now add CloudFlare's free fly-by-night "universal" SSL. When you email CloudFlare to open your new account, they ask for your domain. Then they scrape your zone file from whatever dubious nameservers are listed at your dubious registrar. Without asking, they assign you a dubious "universal" SSL certificate. All of these "universal" certificates include that magical wildcard subdomain that invites so much mischief. Some critics are referring to these CloudFlare certificates as "fraudulent" because the domain ownership validation (a necessary component of the SSL standard) is achieved only from CloudFlare's initial access to the zone file.
+
+With the paid accounts, there are payment records associated with a CloudFlare customer. But with free CloudFlare accounts, everything is too easy for bad guys, and the information about who's really behind a domain is frequently beyond the reach of law enforcement. The problem is that Silicon Valley is too self-serving. After the embarrassing NSA leaks, Google declared that everyone should look for a little padlock on their screen when they visit a website. Even your cat pictures should sport a little padlock these days! Now CloudFlare comes along and hopes to pave their way toward an IPO by giving away more free padlocks than anyone else. But by now the padlocks are almost meaningless. The NSA probably finds this amusing.
+
+![](img/nsa5.gif)
+
+![](img/kiddie.gif)
+
+---
+
+[home](README.md)

subfiles/classics/cfterms.md

@@ -0,0 +1,44 @@
+Anyone who knew anything about CloudFlare found their original Terms of Service to be unintentionally comical.  The section below is preserved for your amusement.  It came from CloudFlare's Terms of Service before before it was [changed](https://web.archive.org/web/20210826102411/https://www.cloudflare.com/terms) on 2012-08-20:
+
+
+```
+    SECTION 11: PROHIBITED USES
+
+    You shall not post, transmit, retransmit, cache, or store material on or through CloudFlare's Service which, in the sole judgment of CloudFlare (a) is in violation of any local, state, federal, or foreign law or regulation, (b) is threatening, obscene, indecent, defamatory, or that otherwise could adversely affect any individual, group, or entity (collectively, "Persons"), or (c) violates the rights of any Person, including rights protected by copyright, trade secret, patent, or other intellectual property or similar laws or regulations including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for Your use. You agree that you will NOT knowingly use the Service, among other things, to:
+```
+
+![](img/tweetie.gif) ![](img/laughing.gif)
+
+```
+    1. upload, post, transmit, or otherwise make available any content that is unlawful, harmful, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, libelous, invasive of another's privacy, hateful, or racially, ethnically, or otherwise objectionable;
+
+    2. harm minors in any way;
+
+    3. impersonate any person or entity, including but not limited to a CloudFlare official, forum leader, guide, or host, or falsely state or otherwise misrepresent your affiliation with a person or entity;
+
+    4. forge headers or otherwise manipulate identifiers in order to disguise the origin of any content transmitted through the Service;
+
+    5. upload, post, transmit, or otherwise make available any content that You do not have a right to make available under any law or under contractual or fiduciary relationships (such as inside information, proprietary, and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements);
+
+    6. upload, post, transmit, or otherwise make available any content that infringes any patent, trademark, trade secret, copyright, or other proprietary rights of any party;
+
+    7. upload, post, transmit, or otherwise make available any unsolicited or unauthorized advertising, promotional materials, "junk mail," "spam," "chain letters," "pyramid schemes," or the like;
+
+    8. upload, post, transmit, or otherwise make available any material that contains software viruses or any other computer code, files, or programs designed to interrupt, destroy, or limit the functionality of any computer software or hardware or telecommunications equipment;
+
+    9. interfere with or disrupt the Service or servers or networks connected to the Service, or disobey any requirements, procedures, policies, or regulations of networks connected to the Service;
+
+    10. intentionally or unintentionally violate, attempt to violate, or avoid any applicable ICANN regulation or policy;
+
+    11. intentionally or unintentionally violate any applicable local, state, national or international law, including, but not limited to, regulations promulgated by the U.S. Securities and Exchange Commission, any rules of any national or other securities exchange, including, without limitation, the New York Stock Exchange, the American Stock Exchange, or the NASDAQ, and any regulations having the force of law;
+
+    12. provide material support or resources (or to conceal or disguise the nature, location, source, or ownership of material support or resources) to any organization(s) designated by the United States government as a foreign terrorist organization pursuant to section 219 of the Immigration and Nationality Act;
+
+    13. "stalk" or otherwise harass another; or
+
+    14. promote or provide instructional information about illegal activities, promote physical harm or injury against any group or individual, or promote any act of cruelty to animals. This may include, but is not limited to, providing instructions on how to assemble bombs, grenades, and other weapons, and creating "Crush" sites.
+```
+
+---
+
+[home page](README.md)

subfiles/classics/cfusers.md

@@ -0,0 +1,200 @@
+# Where in the world are those CloudFlare domains?
+
+
+This site has recorded 2,608,730 direct-connect IP addresses of domains that used CloudFlare's nameservers since August 2012. Some of these domains no longer use CloudFlare, and others have shown various IPs over time. If a domain still uses CloudFlare, our [domain search box](cfs.md) displays dates when IP information was captured.
+
+The countries below are preceded by the percentage of the domains in our database that geolocate to that country, based on an IP address lookup. By clicking on this percentage, you get a breakdown of the /24 netblocks of CloudFlare domains for that country, preceded by a count of those domains. Then by clicking on that number, you see the actual domains behind the count.
+
+![](img/geoip.gif)
+
+A /24 netblock is a set of IP addresses with identical numbers in the first three quads, and numbers from 0 to 255 in the fourth quad. This was once the smallest unit of address space that was allocated to applicants such as hosting providers. In recent years, however, IP address space has become fragmented because IPv4 addresses are in short supply.
+
+
+```
+        50.708 UNITED STATES
+         7.004 GERMANY
+         4.517 UNITED KINGDOM
+         4.140 NETHERLANDS
+         3.692 HONG KONG
+         3.377 FRANCE
+         3.061 CANADA
+         2.591 CHINA
+         2.588 AUSTRALIA
+         2.573 IRELAND
+         2.212 SINGAPORE
+         1.368 JAPAN
+         1.225 RUSSIA
+         0.582 POLAND
+         0.571 BRAZIL
+         0.565 VIET NAM
+         0.545 INDIA
+         0.534 TAIWAN
+         0.500 ITALY
+         0.476 TURKEY
+         0.408 SPAIN
+         0.406 MALAYSIA
+         0.405 SWEDEN
+         0.377 KOREA, SOUTH
+         0.358 FINLAND
+         0.357 BELGIUM
+         0.290 UKRAINE
+         0.275 ROMANIA
+         0.269 INDONESIA
+         0.243 SOUTH AFRICA
+         0.238 THAILAND
+         0.223 SWITZERLAND
+         0.200 CZECHIA
+         0.193 DENMARK
+         0.171 BULGARIA
+         0.153 PORTUGAL
+         0.150 HUNGARY
+         0.141 NEW ZEALAND
+         0.138 ISRAEL
+         0.134 IRAN
+         0.129 LITHUANIA
+         0.079 GREECE
+         0.072 NORWAY
+         0.070 ARGENTINA
+         0.066 LATVIA
+         0.065 AUSTRIA
+         0.057 LUXEMBOURG
+         0.054 CHILE
+         0.052 SLOVENIA
+         0.047 CROATIA
+         0.041 SLOVAKIA
+         0.040 ESTONIA
+         0.035 KAZAKHSTAN
+         0.032 SEYCHELLES
+         0.024 CYPRUS
+         0.023 BELIZE
+         0.020 PHILIPPINES
+         0.020 MOLDOVA
+         0.020 MEXICO
+         0.019 BELARUS
+         0.018 VIRGIN ISLANDS, BRITISH
+         0.018 ICELAND
+         0.018 COSTA RICA
+         0.015 SERBIA
+         0.014 UNITED ARAB EMIRATES
+         0.014 SAUDI ARABIA
+         0.012 COLOMBIA
+         0.010 NEPAL
+         0.010 MOROCCO
+         0.009 MALTA
+         0.009 GEORGIA
+         0.009 BANGLADESH
+         0.008 PANAMA
+         0.008 PAKISTAN
+         0.008 ISLE OF MAN
+         0.008 ARMENIA
+         0.007 EGYPT
+         0.007 BAHRAIN
+         0.007 AZERBAIJAN
+         0.006 URUGUAY
+         0.005 MACAO
+         0.005 CAMBODIA
+         0.004 VENEZUELA
+         0.004 UZBEKISTAN
+         0.004 NORTH MACEDONIA
+         0.003 SRI LANKA
+         0.003 PUERTO RICO
+         0.003 JORDAN
+         0.003 GUATEMALA
+         0.003 ECUADOR
+         0.003 CURACAO
+         0.003 CAYMAN ISLANDS
+         0.003 BOSNIA AND HERZEGOVINA
+         0.002 TUNISIA
+         0.002 PERU
+         0.002 PALESTINIAN TERRITORY
+         0.002 MAURITIUS
+         0.002 KYRGYZSTAN
+         0.002 KENYA
+         0.002 GUERNSEY
+         0.002 DOMINICAN REPUBLIC
+         0.002 BRUNEI DARUSSALAM
+         0.002 ALBANIA
+         0.001 TRINIDAD AND TOBAGO
+         0.001 SURINAME
+         0.001 QATAR
+         0.001 PARAGUAY
+         0.001 OMAN
+         0.001 NIGERIA
+         0.001 NICARAGUA
+         0.001 NEW CALEDONIA
+         0.001 MYANMAR
+         0.001 MONTENEGRO
+         0.001 MONGOLIA
+         0.001 MALDIVES
+         0.001 LEBANON
+         0.001 JAMAICA
+         0.001 IRAQ
+         0.001 HAITI
+         0.001 GIBRALTAR
+         0.001 DOMINICA
+         0.001 BOTSWANA
+         0.001 BAHAMAS
+         0.000 ZIMBABWE
+         0.000 ZAMBIA
+         0.000 VIRGIN ISLANDS, U.S.
+         0.000 VANUATU
+         0.000 UGANDA
+         0.000 TURKMENISTAN
+         0.000 TOGO
+         0.000 TANZANIA
+         0.000 TAJIKISTAN
+         0.000 SYRIAN ARAB REPUBLIC
+         0.000 SAN MARINO
+         0.000 SAMOA
+         0.000 SAINT VINCENT AND GRENADINES
+         0.000 SAINT MARTIN (FRENCH PART)
+         0.000 SAINT KITTS AND NEVIS
+         0.000 SAINT BARTHELEMY
+         0.000 RWANDA
+         0.000 REUNION
+         0.000 PAPUA NEW GUINEA
+         0.000 NORTHERN MARIANA ISLANDS
+         0.000 NAMIBIA
+         0.000 MOZAMBIQUE
+         0.000 MONACO
+         0.000 MARSHALL ISLANDS
+         0.000 MALI
+         0.000 MALAWI
+         0.000 MADAGASCAR
+         0.000 LIECHTENSTEIN
+         0.000 LIBYA
+         0.000 LAOS
+         0.000 KUWAIT
+         0.000 KOREA, NORTH
+         0.000 JERSEY
+         0.000 HONDURAS
+         0.000 GUINEA
+         0.000 GUAM
+         0.000 GREENLAND
+         0.000 GHANA
+         0.000 FRENCH POLYNESIA
+         0.000 FIJI
+         0.000 FAROE ISLANDS
+         0.000 ETHIOPIA
+         0.000 EL SALVADOR
+         0.000 CUBA
+         0.000 COTE D'IVOIRE
+         0.000 COOK ISLANDS
+         0.000 CONGO, DEMOCRATIC REPUBLIC
+         0.000 CAMEROON
+         0.000 BONAIRE
+         0.000 BOLIVIA
+         0.000 BERMUDA
+         0.000 BENIN
+         0.000 BARBADOS
+         0.000 ANTIGUA AND BARBUDA
+         0.000 ANGOLA
+         0.000 ANDORRA
+         0.000 ALGERIA
+         0.000 ALAND ISLANDS
+         0.000 AFGHANISTAN
+```
+
+---
+
+[home page](README.md)

subfiles/classics/damon.md

@@ -0,0 +1,26 @@
+## Dear Damon Billian: We're not as stupid as you think!
+
+_Please stop your insulting comments on forums_
+
+
+![](img/billian.jpg)
+
+
+CloudFlare is hosting the DNS lookups for their customers by providing the nameservers. The entire point of DMCA and other laws concerning content on the web is to provide due process toward removing the offending content from the Internet, so that it cannot be seen by the public. If CloudFlare deleted the nameserver records for the offending domain, it would effectively be removed from the web. The content would be unreachable within a matter of minutes.
+
+Stop insulting us, Mr. Billian. Obviously it wouldn't affect the existence of that content on the original server. It is also true that if the owner of that server tossed his box into a dumpster, the content would still be on that server. This is utterly irrelevant.
+
+The point is this: **it would be gone from the web**. Yes, the owner can change the authoritative nameservers to a non-Cloudflare DNS provider through his registrar, and the content would again be available on the web. But if that happened we would be one step closer to identifying the owner. This owner is probably using CloudFlare because you are hiding his identity. Chances are that he would remove the offending content himself before exposing information that could reveal his identity.
+
+![](img/mit53.gif)
+
+When you write that you "respond to valid DMCA complaints with who the hosting provider is to people that file a valid DMCA complaint," you are being disingenuous. Your DMCA form is carefully designed to obstruct complaints. On those rare occasions when a complaint arrives despite this, you respond with the netname and not the IP address. In every case we've seen, the netname is not specific enough to identify the box that is hosting the content. This means that the information you provide is often useless.
+
+![](img/damon.gif)
+
+![](img/justin.png)
+
+
+---
+
+[home page](README.md)

subfiles/classics/honeypot.md

@@ -0,0 +1,33 @@
+## A quotation from CEO Matthew Prince
+( from the University of [Chicago law school journal](https://web.archive.org/web/20210826102142/https://web.archive.org/web/20170217121944/http://www.law.uchicago.edu/alumni/accoladesandachievements/matthew-prince-00-discusses-cloudflare-cloud-computing-journal) )
+
+![](img/spy.gif) ![](img/honey3.jpg)
+
+```
+Back in 2003, Lee Holloway and I started Project Honey Pot as an open-source project to track online fraud and abuse. The Project allowed anyone with a website to install a piece of code and track hackers and spammers. We ran it as a hobby and didn't think much about it until, in 2008, the Department of Homeland Security called and said, 'Do you have any idea how valuable the data you have is?' That started us thinking about how we could effectively deploy the data from Project Honey Pot, as well as other sources, in order to protect websites online. That turned into the initial impetus for CloudFlare.
+```
+
+
+When you fetch a page from a website that is served from CloudFlare, Javascript has been injected on-the-fly into that page by CloudFlare, and they also plant a cookie that brands your browser with a globally-unique ID. This happens even if the website is using SSL and shows a cute little padlock in your browser. In fact, their entire approach to SSL appears to be a cynical marketing effort — it has a [man-in-the-middle problem](cfssl.md) that cannot be resolved.
+
+![](img/hivemind.jpg)
+
+We don't know if CloudFlare is tracking you. We do know that they are perfectly positioned to immediately begin tracking web surfers who visit selected sites hosted by CloudFlare. Is this why they proxy so many dodgy sites? Are they trying to jack up their stats and hype their way into another round of venture funding, or are they getting black-budget bucks from the feds?   Or both?
+
+![](img/honeypot.gif)
+
+BBC reporter [Zoe Kleinman](https://web.archive.org/web/20210826102142/https://www.bbc.com/news/business-37348016) wrote that Matthew Prince wanted $20,000 for the Honey Pot data. "That check showed up so fast," said Prince.   Michelle Zatlyn heard the story from Prince and replied, "If they'll pay for it, other people will pay for it." Soon she and Prince cofounded CloudFlare.
+
+![](img/police.gif)
+
+Prince gave a presentation in 2005 at a conference in Vienna.  And even today,
+ [LinkedIn](../../image/whoismp.jpg) brags of his "substantial work with government and law enforcement."
+Project Honey Pot was launched by Prince's  [Unspam Technologies](https://web.archive.org/web/20210826102142/http://web.archive.org/web/20190331015236/http://www.unspam.com/),  a start-up
+that began circa 2001 and can only be described as a [slow-motion train wreck](https://web.archive.org/web/20210826102142/http://www.datamation.com/columns/executive_tech/article.php/3526181/How-Utah-Michigan-Legislators-Got-Fooled.htm).
+
+![](img/nsa2.gif)
+
+
+---
+
+[home page](README.md)

subfiles/classics/isis.md

@@ -0,0 +1,32 @@
+```
+When we asked Cloudflare why it was 'protecting' ISIS websites, CEO Matthew Prince told Mirror Online it was not actually accepting money from terrorists, because the ISIS sites listed by Anonymous relied on its free service.
+```
+— [Mirror Online](https://web.archive.org/web/20210826105450/http://www.mirror.co.uk/news/technology-science/technology/anonymous-hacktivists-target-american-tech-5745104), 2015-05-22
+
+
+### This is not true, Mr. Prince!
+
+We looked at 22 ISIS-related domains that use CloudFlare nameservers, and discovered that half of them are on our list of standard SSL certificates. As any CloudFlare employee could have told CEO Prince, the "standard" certificate requires a Pro account ($20/month) or better. These are not "free" accounts with "universal" certificates.
+
+![](img/prince5.gif)
+
+The easiest way for anyone check this out is to enter a domain in our search box. If it's on our SSL list, you will see a link to the SSL data for that domain at the top of our search results.
+
+Mr. Prince, please try harder to get your facts straight before talking to the press. This would make our job a lot easier.
+
+### ...one year later and we're still confused...
+
+```
+The Taliban's English-language website has been off line for weeks. A hacker tied to an online counter-extremism group called GhostSec claimed credit for taking it down. 'It was not easy, I had to gather a lot of information for it to happen,' the hacker, who goes by the name Paladin, said in an email. The Taliban website likely used technology from web-security provider CloudFlare to protect it from possible cyberattacks, said Paladin, who last week claimed responsibility for taking down the Persian-language version of the website as well. Matthew Prince, the chief executive officer of CloudFlare, said the San Francisco-based firm works closely with government authorities to counter extremist activity online. 'When we get notice that there is a site that is using us that may be illegal or involving content that may be problematic, we reach out to our contacts in law enforcement,' he said. Mr. Prince said he wasn't aware that the Taliban may have been using CloudFlare technology before their sites were knocked off line.
+```
+ — [Wall Street Journal](https://web.archive.org/web/20210826105450/http://www.wsj.com/articles/afghanistans-taliban-push-into-new-media-1465776097), 2016-06-12
+
+
+Is CloudFlare a [honey pot](honeypot.md), or are those venture angels
+in Silicon Valley paying Mr. Prince to stay stupid?
+
+[Some background on 18 U.S.C. § 2339B](https://web.archive.org/web/20210826105450/https://www.lawfareblog.com/tweeting-terrorists-part-ii-does-it-violate-law-twitter-let-terrorist-groups-have-accounts), a law about supporting foreign terrorist organizations, as it might apply to Twitter (and CloudFlare). 
+
+---
+
+[home page](README.md)

subfiles/classics/lulzsec2.md

@@ -0,0 +1 @@
+![](img/lulzsec2.gif)

subfiles/classics/nytporn.txt

@@ -0,0 +1,441 @@
+New York Times, Decemter 22, 2019, page 1.
+
+Fighting the Good Fight Against Online Child Sexual Abuse
+
+Several websites popular with sexual predators were thwarted last month
+after a determined campaign by groups dedicated to eliminating the
+content. It was a rare victory in an unending war.
+
+By GABRIEL J.X. DANCE DEC. 22, 2019
+
+In late November, the moderator of three highly trafficked websites posted
+a message titled "R.I.P." It offered a convoluted explanation for why they
+were left with no choice but to close.
+
+The unnamed moderator thanked over 100,000 "brothers" who had visited and
+contributed to the sites before their demise, blaming an "increasingly
+intolerant world" that did not allow children to "fully express
+themselves."
+
+In fact, forums on the sites had been bastions of illegal content almost
+since their inception in 2012, containing child sexual abuse photos and
+videos, including violent and explicit imagery of infants and toddlers.
+Exploited Articles in this series examine the explosion in online photos
+and videos of children being sexually abused. They include graphic
+descriptions of some instances of the abuse.
+
+The sites managed to survive so long because the internet provides
+enormous cover for sexual predators. Apps, social media platforms and
+video games are also riddled with illicit material, but they have
+corporate owners -- like Facebook and Microsoft -- that can monitor and
+remove it.
+
+In a world exploding with the imagery -- 45 million photos and videos of
+child sexual abuse were reported last year alone -- the open web is a
+freewheeling expanse where the underdog task of confronting the predators
+falls mainly to a few dozen nonprofits with small budgets and outsize
+determination.
+
+Several of those groups, including a child exploitation hotline in Canada,
+hunted the three sites across the internet for years but could never quite
+defeat them. The websites, records show, were led by an experienced
+computer programmer who was adept at staying one step ahead of his
+pursuers -- in particular, through the services of American and other tech
+companies with policies that can be used to shield criminal behavior.
+
+But the Canadian hotline developed a tech weapon of its own, a
+sophisticated tool to find and report illegal imagery on the web. When
+the sites found the tool directed at them, they fought back with a smear
+campaign, sending emails to the Canadian government and others with
+unfounded claims of "grave operational and financial corruption" against
+the nonprofit.
+
+It wasn't enough. The three sites were overwhelmed by the Canadian tool,
+which had sent more than 1 million notices of illegal content to the
+companies keeping them online. And last month, they were compelled to
+surrender.
+
+"It's been a wonderful 7 years and we would've loved to go for another 7,"
+the sites' moderator wrote in his final post, saying they had closed
+because "antis," short for "anti-pedophiles," were "hunting us to death
+with unprecedented zeal."
+
+The victory was cheered by groups fighting online child sexual abuse, but
+there were no illusions about the enormous undertaking that remained.
+Thousands of other sites offer anybody with a web browser access to
+illegal and depraved imagery of children, and unlike with apps, no special
+software or downloads are required.
+
+The three shuttered sites had hidden their tracks for years using the
+services of Cloudflare, an American firm that provides companies with
+cyberprotections. They also found a hosting company, Novogara, that gave
+them safe harbor in the Netherlands -- a small country with a robust web
+business and laws that are routinely exploited by bad actors.
+
+Cloudflare's general counsel said the company had cooperated with the
+nonprofits and law enforcement and cut ties with the sites seven times in
+all, as they slightly altered their web addresses to evade targeting. A
+spokesman for Novogara said the company had complied with Dutch law.
+
+Last year, Europe eclipsed the United States as the top hosting location
+for child abuse material on the open web, according to a report by Inhope,
+a group that coordinates child abuse hotlines around the world. Within
+Europe, the Netherlands led the list. To report online child sexual abuse
+or find resources for those in need of help, contact the National Center
+for Missing and Exploited Children at 1-800-843-5678.
+
+In an interview in The Hague, the Dutch minister of justice, Ferdinand
+Grapperhaus, said he was embarrassed by the role Dutch companies played.
+"I had not realized the extent of cruelty, and how far it goes," he said.
+
+When hotlines like the one in Canada learn about illegal imagery, they
+issue a takedown notice to the owner of the website and its hosting
+company. In most cases, the content is removed within hours or days from
+law-abiding sites. But because the notices are not legally binding, some
+owners and web hosts ignore or delay.
+
+Several Dutch hosting companies will not voluntarily remove such content,
+insisting that a judge decide whether it meets the legal definition of
+so-called child pornography. Even when they agree, abuse imagery reappears
+almost at once, setting the cycle back in motion.
+
+The Dutch police say they do not have the resources to play what is
+essentially an endless game of Whac-a-Mole with these companies, according
+to Arda Gerkens, a Dutch senator who leads Meldpunt Kinderporno, the Dutch
+child abuse hotline.
+
+"It takes a lot of time," Ms. Gerkens said, "and basically, they are
+swamped."
+
+That means results like last month's, while relished by hotlines around
+the world, are likely to remain rare. 
+
+Our Little Community
+
+The trio of shuttered websites first emerged in early 2012, according to
+domain records and transcripts of online chats.
+
+Their professed goal was to offer an easily accessible digital space for
+pedophiles and sexual predators to indulge their twisted obsessions, which
+had often been shunned even on notorious websites like 4chan and 8chan.
+
+At least initially, the sites steered clear of imagery that was obviously
+illegal, the records show, focusing instead on photos and videos of young
+children posing in revealing clothing. Even so, the founder of the sites
+identified in the transcripts expressed surprise in 2014 that they had
+"lasted so long."
+
+But the Canadians were already on to them. By then, the small hotline had
+been alerted to dozens of illegal images on the websites.
+
+As the sites gained in popularity, child sexual abuse content became more
+and more common. The transcripts, which include over 10,000 time-stamped
+messages on a chat app, show how the founder, a man identifying himself as
+Avery Chicoine, reveled in the opportunity to interact with others who
+shared his interests.
+
+"What we got here," he wrote in 2015, "is our little community."
+
+By 2017, the sites' home pages featured images of young girls that did not
+legally qualify as child pornography in most countries but signaled that
+there was plenty available a click away. One of the girls, no older than
+7, lay on her back in sparse clothing with her legs spread; she had been a
+victim of sexual abuse, according to the Canadians, and was easily
+recognizable to predators through widely circulated imagery of the crimes.
+
+As illegal material flooded the sites, so did visitors. SimilarWeb, which
+measures internet traffic, estimated that the most popular of the sites
+received millions of visits a month earlier this year from an average of
+more than 500,000 unique visitors.
+
+The moderator of the sites in recent months boasted about the traffic in a
+series of emails and encrypted messages to The New York Times, attributing
+the popularity to the extreme content.
+
+The sites' many visitors were perhaps "the most hated people on earth," he
+said, describing them as belonging to an "oppressed sexual minority." He
+showed no remorse for their behavior, even casting the community of
+predators as visionaries whose crimes should be made legal.
+
+He did not identify himself and would not say if he was Mr. Chicoine -
+the sites' founder, according to the chat transcripts - or if he knew him.
+Last year, a Canadian by the name of Avery Chicoine with a lengthy
+criminal record was arrested in British Columbia and charged with
+possessing and distributing child pornography. The Canadian authorities
+would not say whether the charges related to the websites. According to
+court documents, he pleaded not guilty, and a trial is set for next month.
+He and his lawyer did not respond to requests for comment.
+
+The moderator would not address another pressing question: How had the
+sites managed to stay ahead of its pursuers so long?
+
+He said he did not want to hand a blueprint to his enemies, writing: "99%
+of attempts to bring us down fail. So I want the antis to keep wasting 99%
+of their time, instead of figuring out what works."
+
+In the chat transcripts, however, there were clues about the sites'
+evasion tactics. They pointed to a major cybersecurity firm, Cloudflare.
+
+A High-Tech Hideaway
+
+Based in San Francisco, Cloudflare built a billion-dollar business
+shielding websites from cyberattacks. One of its most popular services -
+used by 10 percent of the world's top sites, according to the company -
+can hide clients' internet addresses, making it difficult to identify the
+companies hosting them.
+
+The protections are valuable to many legitimate companies but can also be
+a boon to bad actors, though Cloudflare says it is not responsible for the
+content on its clients' sites. The man accused of a mass shooting at a
+Walmart in Texas had posted his manifesto on 8chan, an online message
+board that had been using Cloudflare's services and was well known for
+hosting hateful content. Cloudflare also came under criticism for
+providing services to the neo-Nazi site The Daily Stormer. (The company
+has since ended its relationship with both websites.)
+
+In the chat transcripts, the man identifying as Mr. Chicoine showed he was
+fully aware of the company's advantages when he signed on. "What
+cloudflare does is it masks and replaces your IP with one of theirs," he
+wrote in 2015, using the abbreviation for internet address.
+
+That year, he appeared to panic when a child abuse hotline identified one
+of his sites, telling a fellow moderator their operation was "finished."
+But when he later realized the hotline had sent the report to Cloudflare -
+and apparently not to the company that hosted the content - he seemed
+relieved. "Wait," he wrote, "may be ok."
+
+He was right.
+
+One month later, he expressed exasperation that a hotline had fired off
+another notice, this time to Cloudflare as well as the hosting company.
+The hotline confirmed the report with The Times. Still, the sites remained
+online.
+
+Interviews and records show that Cloudflare's services helped hold off the
+day of reckoning for Mr. Chicoine's sites by providing protections that
+forced hotlines to go to the company first.
+
+The National Center for Missing and Exploited Children, the clearinghouse
+for abuse imagery in the United States, had sent Cloudflare notices about
+the sites starting in 2014, said John Shehan, a vice president at the
+center. Last year, it sent thousands.
+
+Even apart from the three sites, Mr. Shehan said, Cloudflare was well
+known to be used by those who post such content. So far this year, he
+said, the company had been named in 10 percent of reports about hosted
+child sexual abuse material. The center is in touch with Cloudflare "every
+day," Mr. Shehan said.
+
+Separately, records kept by the Canadian hotline, known as the Canadian
+Center for Child Protection, showed that since February 2017 there had
+been over 130,000 reports about 1,800 sites protected by Cloudflare.
+
+In December, the company was offering its services to 450 reported sites,
+according to records reviewed by The Times.
+
+Through its general counsel, Doug Kramer, Cloudflare said it worked
+closely with hotlines and law enforcement officials and responded promptly
+to their requests. It denied being responsible for the images, saying
+customer data was stored on its servers only briefly. Efforts to eliminate
+the content, the company said, should instead focus on the web-hosting
+companies.
+
+Records from the Canadian hotline revealed several cases in which abuse
+material stayed on Cloudflare's servers even after the host company
+removed it. In one instance, the imagery remained on Cloudflare for over a
+week afterward, allowing predators to continue viewing it.
+
+"The reality is that it is totally within Cloudflare<72>s power to remove
+child sexual abuse material that they have on their servers," said Lloyd
+Richardson, the technology director at the Canadian hotline.
+
+Records show that for several years, the sites were clients of Cloudflare,
+a U.S. tech company with servers in almost 200 cities in over 90 countries
+around the world that can be used to ward off cyberattacks.
+
+Cloudflare's protective services obscure a website's internet address.
+When you visit a protected site, you are actually communicating with a
+Cloudflare server located somewhere near you.
+
+Somebody visiting a protected site from Oklahoma, for example, may be
+directed to a Cloudflare server in Kansas City.
+
+That server will communicate with the website's server in turn, but only
+if it needs new information.
+
+Often, Cloudflare will already have the information requested in its
+systems.
+
+This means that images of abuse can remain on Cloudflare, even if they
+have been removed from the original host, according to records provided by
+a hotline in Canada.
+
+When asked why it did not cut ties with a number of companies known to
+host child sexual abuse imagery, Mr. Kramer said Cloudflare was not in the
+business of vetting customers' content. Doing so, he said, would have "a
+lot of implications" and is "something that we really have not
+entertained."
+
+Still, he said, the company had stopped providing services over the past
+eight years to more than 5,000 clients that had shared abuse material. And
+on Wednesday, the company announced a new product - currently in
+development - that would allow clients to scan their own sites.
+
+The tension over Cloudflare's protections reflects a larger debate about
+the balance between privacy on the internet and the need of law
+enforcement to protect exploited children. For example, Facebook's recent
+decision to encrypt its Messenger app, the largest source of reports last
+year about abuse imagery, was hailed by privacy advocates but would make
+it much more difficult for the authorities to catch sexual predators.
+
+Addressing that broad tension, Matt Wright, a special agent with the
+Department of Homeland Security, said law enforcement and the tech
+industry needed to find "a mutual balance" - "one where companies intended
+to secure data, and protect privacy, don't get in the way of our need to
+have access to critical information intended to safeguard the public,
+investigate crimes and prevent future criminal activity."
+
+Going Rogue in the Netherlands
+
+There were other clues about the sites' ability to stay online, in a trail
+of activity across the web that led to the Netherlands. Internet
+criminals come from far and wide to leverage Dutch technology, some of the
+best in the world, for the purposes of spam, malware and viruses. They do
+this by using rogue hosting companies, which are infamously uncooperative
+except in response to legal requests.
+
+"I realize that because we have such excellent internet logistics, we now
+have it on our plate," said Mr. Grapperhaus, the country's minister of
+justice.
+
+For child abuse sites like the ones identified as Mr. Chicoine's, a top
+draw has been the company Novogara, formerly known as Ecatel, one of the
+country's most criticized hosting businesses.
+
+The Chicoine sites were hosted on Novogara's servers for all of 2018 and
+through the early part of this year, records show. While working with the
+company, and without Cloudflare's protections at the time, the sites came
+under increasing pressure from the Canadians. Their hotline, along with at
+least four others around the world, stepped up their offensive, issuing
+hundreds of thousands of more reports about abuse imagery.
+
+The number was so great, according to the Dutch and Canadian hotlines,
+that Novogara blocked the groups' email addresses to avoid receiving
+additional notices. Ultimately, though, the targeting was effective:
+Novogara pulled the plug on the sites in May.
+
+Aside from sites like Mr. Chicoine's, the Dutch have an even larger
+problem with sexual predators taking advantage of platforms used to upload
+and share images. Since June, a company that hosts those platforms,
+NFOrce, has appeared in more than half of reports the Dutch hotline has
+received about illegal imagery. Over the past three years, sites using
+NFOrce servers have received more than 100,000 notices of illegal content,
+records show, but the company has not removed the material, according to
+Ms. Gerkens, who leads the hotline.
+
+NFOrce's sales operations manager, Dave Bakvis, said the company's hands
+were tied by Dutch laws, which prevent it from monitoring customer servers
+without a court order. He said NFOrce acted immediately when it received
+requests from the authorities. Separately, the websites themselves can
+and do remove the content.
+
+"I hate child pornography," Mr. Bakvis said.
+
+The Dutch national prosecutor for cybercrimes, Martijn Egberts, said in an
+email that issues involving "sovereignty" and "jurisdiction" complicated
+the removal of illegal material - leading the authorities to cooperate "as
+much as possible" with web hosts to get results.
+
+Legislation is now being drafted that would require Dutch web hosts to
+keep the material out of their systems, essentially forcing to them to
+scan for it. If a company falls short, it could face ever-increasing
+fines.
+
+Ben van Mierlo, the national police coordinator for online child sexual
+exploitation, said in an email that companies like Novogara "see
+themselves as a provider of a service." The challenge for the Dutch
+authorities and lawmakers, he said, was to convert them into partners in
+preventing the spread of illegal imagery.
+
+"There is no space in the Netherlands for those individuals or companies
+that threaten these basic rights for children," Mr. van Mierlo said.
+
+The Final Assault
+
+By May of this year, the moderator of the three sites was apoplectic,
+complaining in an email to The Times that "tolerance" for his views was
+coming to a halt.
+
+Over the next several months, the sites hopscotched around the world,
+finding more than a half-dozen new hosts - to pick up where Novogara left
+off - in Denmark, Russia, the Seychelles and elsewhere. For years, they
+had deployed a similar tactic of changing the last part of their web
+address - moving from .com to .org, for example - to avoid being targeted 
+and blocked. Companies and governments that provide these domains often 
+do not coordinate with one another, allowing offenders to move around the 
+globe while largely preserving their site's identity.
+
+But there was no hiding this time.
+
+Records reviewed by The Times show that over seven years, the websites
+were directed to servers in over 20 countries, many of which are shown
+here.
+
+A borderless internet means bad actors can move their sites between
+countries, and even continents, in seconds.
+
+This complicates the work of child abuse hotlines and law enforcement
+agencies trying to eradicate images of child sexual abuse.
+
+The Canadian hotline, working from offices in Winnipeg, Manitoba, were
+using a computer program named Arachnid to crawl the internet in search of
+Mr. Chicoine's sites, and to send takedown notices whenever it identified
+illegal material.
+
+And as soon as the three sites reappeared somewhere, the Canadians reached
+out to the new hosts. In all, they found more than 18,000 confirmed images
+of abuse on the pages, reporting most of them hundreds of times each. It
+is also possible that law enforcement officials directed their firepower
+at the sites.
+
+Signy Arnason, the associate executive director of the Canadian center,
+described Arachnid as a "survivor-centric" endeavor, inspired by a survey
+that found victims of child sexual abuse feared being recognized in person
+by those who had viewed their abuse online.
+
+Since its launch two years ago, Arachnid has found more than 1.6 million
+confirmed images of child sexual abuse, and has sent more than 4.8 million
+takedown notices to websites and hosting providers. The British child
+sexual abuse hotline, the Internet Watch Foundation, has also developed a
+"spider" to crawl the internet. New software drove a surge in takedown
+requests
+
+Starting in 2013, abuse hotlines around the world sent a trickle of
+requests to remove images on the three sites - with little effect.
+Arachnid automated the detection process, creating a deluge that couldn't
+be ignored.
+
+"Arachnid is one oar - a big oar - in a ship of many oars rowing against
+this issue," said Denton Howard, executive director of Inhope, the
+organization supporting child abuse hotlines.
+
+Throughout the battle, the moderator of the sites would email the
+Canadians, accusing them of corruption and filling their inboxes with
+spam. He also contacted Canadian government agencies with false claims
+about the center, and even built software that altered the child sexual
+abuse imagery, hoping to trick Arachnid into skipping it over.
+
+It was not enough. All imagery of abuse has been removed from the sites,
+and the forums for the predators are closed, at least while their
+opponents have the upper hand.
+
+But as a parting shot, the home pages were filled with links to other
+sites that offered similar content, giving criminals a road map to
+continue their pursuits - and the groups dedicated to stopping them a list
+of new targets.
+
+Michael H. Keller contributed reporting from New York.
+
+Produced by Rich Harris, Virginia Lozano and Rumsey Taylor.
+
+END

subfiles/classics/repeats.md

@@ -0,0 +1,27 @@
+# CloudFlare attracts "repeat infringers"
+
+
+Google publishes a [Transparency Report](https://web.archive.org/web/20210826102213/https://transparencyreport.google.com/copyright/explore) regarding copyright removal requests. One of the three large files in this downloadable data package is domains.csv, which lists domains specified in removal requests. We processed this file after downloading it on 2021-08-13. At that time the file was 333.3 million lines, and included domains mentioned in removal requests received by Google since July 2011.
+
+Each removal request had a unique ID, which meant that it was on a separate line in this file. First we stripped out all the data except the domain name. Then we compressed the file by listing each domain once, preceded by the number of lines on which this domain appeared in that file. Finally, we extracted only those domains that were currently using CloudFlare nameservers. We wanted a rough idea of whether "repeat infringers" (a term used in the DMCA) might find CloudFlare attractive.
+
+After adding these numbers together, it turns out that CloudFlare's contribution to Google's problem is 24.81 percent. Search-engine crawlers should avoid CloudFlare's [entire IP space](https://web.archive.org/web/20210826102213/https://www.cloudflare.com/ips/).
+
+![](img/smells.gif)
+
+![](img/daddy5.jpg)
+
+![](img/cfeu.gif)
+
+![](img/couple5.gif)
+
+![](img/jamie.gif)
+
+![](img/koolaid.jpg)
+
+![](img/dmca9.gif)
+
+
+---
+
+[home](README.md)

subfiles/classics/spamhaus.md

@@ -0,0 +1,117 @@
+This was the Spamhaus "SBL" listing page for
+CloudFlare for two weeks in mid-July, 2012.
+
+( The current version of this page is [here](https://web.archive.org/web/20210826103816/http://www.spamhaus.org/sbl/listings/cloudflare.com). )
+	
+									
+```
+Found 18 SBL listings for IPs under the responsibility of cloudflare.com
+
+
+SBL146937 	
+199.27.135.0/32 	cloudflare.com
+12-Jul-2012 08:04 GMT 	
+Blackhat SEO spammer hosting @199.27.135.43 	
+
+
+SBL146752 	
+141.101.64.0/18 	cloudflare.com
+11-Jul-2012 15:29 GMT 	
+Spammer hosting (escalation) 	
+
+
+SBL146751 	
+173.245.48.0/20 	cloudflare.com
+11-Jul-2012 15:28 GMT 	
+Spammer hosting (escalation) 	
+
+
+SBL146750 	
+108.162.192.0/18 	cloudflare.com
+11-Jul-2012 15:28 GMT 	
+Spammer hosting (escalation) 	
+
+
+SBL146043 	
+108.162.196.180/32 	cloudflare.com
+07-Jul-2012 18:35 GMT 	
+"Polyee Plast" / polyeeplast.com 	
+
+
+SBL146042 	
+108.162.196.80/32 	cloudflare.com
+07-Jul-2012 18:35 GMT 	
+"Polyee Plast" / polyeeplast.com 	
+
+
+SBL145952 	
+141.101.124.42/32 	cloudflare.com
+07-Jul-2012 04:36 GMT 	
+work at home scammer/spammer landing site (redirection via a black hole site) 	
+
+
+SBL145939 	
+141.101.125.42/32 	cloudflare.com
+07-Jul-2012 04:06 GMT 	
+work at home scammer/spammer landing site (redirection via a black hole site) 	
+
+
+SBL145142 	
+108.162.195.154/32 	cloudflare.com
+02-Jul-2012 09:07 GMT 	
+imagevat.com: Hosting phish spammer images for several weeks... 	
+
+
+SBL143793 	
+108.162.196.196/32 	cloudflare.com
+20-Jun-2012 17:49 GMT 	
+backlinkbiz.info / usabacklinks.info 	
+
+
+SBL143792 	
+108.162.197.97/32 	cloudflare.com
+20-Jun-2012 17:49 GMT 	
+backlinkbiz.info / usabacklinks.info 	
+
+
+SBL142597 	
+199.27.135.0/32 	cloudflare.com
+13-Jun-2012 05:32 GMT 	
+Blackhat SEO spammer hosting @199.27.135.43 	
+
+
+SBL141644 	
+173.245.60.0/32 	cloudflare.com
+05-Jun-2012 19:07 GMT 	
+Blackhat SEO spammer hosting @173.245.60.55 	
+
+
+SBL141634 	
+199.27.135.0/32 	cloudflare.com
+05-Jun-2012 19:04 GMT 	
+Blackhat SEO spammer hosting @199.27.135.43 	
+
+
+SBL140586 	
+173.245.60.0/32 	cloudflare.com
+27-May-2012 07:41 GMT 	
+Spammer hosting @173.245.60.143 	
+
+
+SBL138291 	
+173.245.60.0/32 	cloudflare.com
+06-May-2012 19:43 GMT 	
+Malware botnet controller @173.245.60.57 	
+
+
+SBL136345 	
+173.245.61.138/32 	cloudflare.com
+16-Apr-2012 22:27 GMT 	
+globaltrade.net 	
+
+
+SBL136344 	
+199.27.135.52/32 	cloudflare.com
+16-Apr-2012 22:26 GMT 	
+globaltrade.net 
+```

subfiles/classics/twisted.md

@@ -0,0 +1,41 @@
+# CloudFlare seeks riches through anarchy
+
+_Civil society and the twisted web_
+
+> July 2012
+
+
+One of the concepts that eludes the digital generation is that Internet participation requires a balance between privacy and accountability. If you are using a search engine for passive research, you have the right to remain anonymous. But if you publish something that can affect others, you should be accountable, and hence identifiable. Even comments under a blog post or on Facebook should be signed with a real name. It's that simple.
+
+During 2011, CloudFlare responded to complaints about content on their servers by insisting that they are merely a pass-through content delivery network (CDN) and not a hosting provider. At the same time they usually gave you the hosting provider's IP address. In 2012 they stopped responding to many complaints, and even those that they still deem worthy are given only the netname of the hosting provider instead of the specific IP address.
+
+![](img/nodmca.gif)
+
+Anyone attempting to file a complaint with only a netname will get nowhere. Frequently the netname is at the top of a pyramid, and any number of leased or owned IP netblocks are below that name. The netname alone is not specific enough to identify the server that hosts the content.
+
+CloudFlare is delighted with this. In retrospect they are happy that they hosted LulzSec because it brought publicity and more customers. Currently they even host the website of a professional DDoSer named "Gwapo" in the Philippines. He explains how you can send him money to take down any website.
+
+![](img/geek7.jpg)
+
+The question of whether CloudFlare is a pass-through provider is debatable. They change the pages they cache by adding JavaScript and compression, sometimes they intercept pages with a captcha, and they display their orange-cloud logo at every opportunity. Browsers who land on a domain serviced by CloudFlare end up with a globally-unique "cfduid" cookie that is 43 digits long. CloudFlare is _not_ the equivalent of a data center on the Internet backbone, which has no responsibility for content because it operates on a different Internet layer. This means that CloudFlare should be sensitive to content complaints. Despite this, they offer advice on how to hide your IP address, and they help basement-dwellers reduce bandwidth costs. Some of these teenagers run abusive websites for the lulz or because piracy is fun, and most have little money.
+
+![](img/damonb.gif)
+
+CloudFlare is basically a hosting provider, or at least an active and intrusive appendage to a hosting provider. In cases such as LulzSec and [Encyclopedia Dramatica](https://web.archive.org/web/20210826103612/http://josephevers.blogspot.com/) they are a necessary appendage, as those sites wouldn't exist without it. The brass at CloudFlare know this, and seem worried that someday it will be an issue for a judge or jury to decide. Whenever some fanboy comments about CloudFlare on some blog and uses the term "hosting provider," the company's official "Community Evangelist" [Damon Billian](damon.md) adds a comment to point out that CloudFlare is "not a hosting provider." Co-founder Matthew Prince echoes the same mantra. They want everyone to think that they have immunity from laws, so don't bother complaining to them about content.
+
+![](img/cfads6.jpg)
+
+They hype themselves to venture capitalists through media coverage, and have no time to read their own terms of service. Responsible citizenship interferes with getting rich. CloudFlare presents themselves as the world's solution to DDoS and hacking attacks, and cannot be bothered to handle complaints reasonably. As Google might say, accountability lacks scalability. Nothing short of a court order will get the attention of either CloudFlare or Google. It is left to public-sector activists and regulators do what they can to promote civility in Silicon Valley and accountability on the Internet.
+
+Direct IP addresses are sometimes found on CloudFlare's nameservers. Since CloudFlare cannot handle email forwarding or direct uploading to the origin server, the site owner may add a "direct-connect" subdomain address to their DNS record. We try to collect these non-CloudFlare IP addresses by compiling lists of domains in CloudFlare's nameservers and checking each with several lookups.
+
+Unfortunately, bad guys are often aware of technical issues, and quickly delete any direct-connect records or wildcard subdomains. CloudFlare should install a search box on their home page that lets anyone enter a domain name and get a history of IP addresses that have been feeding that domain to CloudFlare. But if they did this, all of their abusive customers would go elsewhere. They might even lose customers who are afraid of DDoS, and are trying to hide their IP from some of those same bad guys. See our search page, [Uncovering bad guys hiding behind CloudFlare](cfs.md), for more information and a search box.
+
+![](img/hype9.gif)
+
+From CloudFlare's perspective, it is better to keep both camps under one roof, and continue to spin and hype this wretched mess until the time comes when they can get rich with an IPO.
+
+
+---
+
+[home page](README.md)