Rob O 3d ago
Does anyone happen to have any good resources for how much malware is hosted behind CloudFlare? I know the answer is a lot, but I've not actual stats.
Show threadViss3d ago
@nerdpr0f cc @neurovagrant
Show threadViss3d ago
@nerdpr0f @neurovagrant also cc @cR0w
SomeVeganCheeseIsOk1d ago
Show threadIan Campbell 🏴

@Viss @nerdpr0f @cR0w As a back-of-napkin calculation:

From June 1 to June 12, Cloudflare racked up more than 100,000 newly observed domains (as in, first seen also in that June 1-12 period) that were explicitly blocklisted by at least one well known third-party blocklist.

Jun 22 at 7:19pmWeb
Show threadnyanbinary (unvalued goose)3d ago
@neurovagrant @Viss @nerdpr0f @cR0w I assume that includes all causes, not just malware (e.g. phishing)? I guess the difference is a bit academic but... 
Show threadIan Campbell 🏴3d ago
@nyanbinary @Viss @nerdpr0f @cR0w Correct, multiple causes.
Show threadSimon Zerafa3d ago

@neurovagrant @Viss @nerdpr0f @cR0w

So @cloudflare has a fairly well developed bulletproof hosting service? 😟

Show threadIan Campbell 🏴3d ago

@simonzerafa @Viss @nerdpr0f @cR0w @cloudflare They're loud and proud about it, in fact. It's the core of their business model, regardless of the damage caused.

Left behind: financially ruined people and businesses, government agencies and critical infrastructure targeted by hostile nation-state threat actors that just love Cloudflare.

Show threadRaphaël Vinot3d ago
@neurovagrant @Viss @nerdpr0f @cR0w and out of the bad domains you know, is it more than 50% of them?
Show threadIan Campbell 🏴3d ago
@rafi0t @Viss @nerdpr0f @cR0w Not sure, but very unlikely 50% of newly observed domains on Cloudflare are detected as malicious.
Show threadRaphaël Vinot3d ago
@neurovagrant @Viss @nerdpr0f @cR0w good to know they're not mostly doing malware