1.1.1.2 blocking gogoanime

malware filtering is blocking gogoanime, a popular streaming service for japanese anime:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @1.1.1.2 gogoanime.pro
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13406
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;gogoanime.pro. IN A

;; ANSWER SECTION:
gogoanime.pro. 60 IN A 0.0.0.0

;; Query time: 5 msec
;; SERVER: 1.1.1.2#53(1.1.1.2)
;; WHEN: Sat Apr 11 01:13:47 +04 2020
;; MSG SIZE rcvd: 71

Same with the mirror website:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @1.1.1.2 www5.gogoanimehub(dot)tv
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11368
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;www5.gogoanimehub(dot)tv. IN A

;; ANSWER SECTION:
www5.gogoanimehub(dot)tv. 60 IN A 0.0.0.0

;; Query time: 3 msec
;; SERVER: 1.1.1.2#53(1.1.1.2)
;; WHEN: Sat Apr 11 01:14:44 +04 2020
;; MSG SIZE rcvd: 85

Could this be a false positive on 1.1.1.2’s side ?

It does seem like a false positive to me

You may report it here
https://report.teams.cloudflare.com/

Thanks @soldier_21. I have filed 2 reports.

you can try go to gogoanime.io or gogoanime.video It work fine with me, using with 1.1.1.2

It may, just may, have something to do with the fact that no single “gogoanime” domain is actually hosted by or uses the same provider services (such as CloudFlare). There are literally nearly 100 “gogoanime” sites, ~ 50 of which use that exact do,aim name, the other half of which use similar domain names. Many of those 100 claim to be the “official” site. Many of them are known to host malware of one variation or another. So, there’s Phishing involved (via ~100 domain variations, none of which are actually “mirrors” at least according to each site’s claim that it, not the others, are the “official” site). And there’s malware involved and probable Pirating involved within a subset of the ~100 domain variations. As a security researcher and maintainer of two distinct anti-malware/phishing/etc… blacklists, I would definitely consider adding it to both blacklists after a bit more digging. So thank-you for your post.