|
|
|
|
|
|
by twhb
2866 days ago
|
|
|
I'm guessing archive.is has misidentified DNS requests from 1.1.1.1 as a DDoS, so is resolving them to the requester's own IP address in an attempt to get them to DDoS themselves. "returning answers tailored to the IP address of the requestor" is normal and correct behavior for most large websites, the problem is that one of those IP addresses is wrong. Specifically, when the requester is CloudFlare, archive.is is returning a CloudFlare internal IP address instead of their own. I'm guessing where they got that IP address is that it's the requester, and where they got mixed up is that virtually all high-volume DNS requesters that appear overnight are DDoS attacks. |
|
|