[HN Gopher] Austrian ISPs Block Cloudflare IP addresses after ap... ___________________________________________________________________ Austrian ISPs Block Cloudflare IP addresses after apparent court order Author : the_mitsuhiko Score : 255 points Date : 2022-08-28 18:33 UTC (4 hours ago) (HTM) web link (netzsperre.liwest.at) (TXT) w3m dump (netzsperre.liwest.at) | the_mitsuhiko wrote: | Apparently a copyright holding company ("LSG - Wahrnehmung von | Leistungsschutzrechten GesmbH") managed to convince a court to | block IP addresses. Something which in this form wasn't done | before. | | However since those are Cloudflare addresses there is a ton of | collateral damage. | johnklos wrote: | Which is exactly what Cloudflare wants and has planned all | along. | sp332 wrote: | It's pretty much how any CDN would work? | explaingarlic wrote: | So what that Cloudflare hides behind the fact that it serves | a large chunk of the internet? | | It's a strategic fact that they use to their advantage, not | their ultimate evil goal to make your life worse eventually. | | I think we're quite spoiled with how much we benefit from | their economy of scale. | [deleted] | xfitm3 wrote: | Safe harbor provisions are for this exact scenario, we must | depend on that not corp scale to maintain reasonable | governing. Safe harbor has come under attack lately, | unfairly so IMO. | zaroth wrote: | The safe harbor has to do with moderation policy. | | The historical purpose of safe harbor was to allow AOL to | have a walled garden without become responsible for all | the illegal content that snuck past. | | IANAL, but DMCA safe harbor doesn't really apply to a | companies like CloudFlare, nor is it needed, because they | are not moderating UGC on a publishing platform, they are | a routing optimization utility. | cyrix281 wrote: | Not sure where you saw that the DMCA safe harbor | provisions apply to moderation policy; It has everything | to do with Copyright and removal of copyrighted material; | nothing to do with moderation of UGC. It is directly in | the name "Digital Millenium Copyright Act". | | Content moderation is covered by the CDA section 230; | completely separate from the DMCA | | And it 100% should apply to Cloudflare as well; if | they're caching copyrighted material they need to respond | to takedown requests or lose that safe harbor protection. | Just as it applies to Google for indexing alleged | copyright material; if you've ever seen that "links | removed due to DMCA takedown notices" in search results, | even when they are not hosting said content. | | IANAL also, and I don't know how much DMCA stuff is | handled cross borders (I do believe some DMCA provisions | are applicable thru trade treaties and the like, but not | sure); and I do think DMCA takedowns are rife with abuse; | but content moderation really has nothing to do with it.. | robertlagrant wrote: | It's not hiding behind that fact. It just is a fact. | explaingarlic wrote: | I'm directly replying to: Which is | exactly what Cloudflare wants and has planned all along. | | The idea that it's all planned and was a strategic bid to | get into a stable business position and so on... | johnklos wrote: | They've planned all along to mix bad hosting with good | hosting to make any attempts to block them, legal or | personal, cause plenty of collateral damage. | _flux wrote: | So to avoid this, how should they have done things | differently? | bayindirh wrote: | Maybe they should have confined "bad" hosting to some IPs | and disseminated this to countries directly? | | P.S.: I'm not serious, of course. | CrazyStat wrote: | RFC 3514 would be helpful here. | bayindirh wrote: | Ah, yes. That's a much more elegant way. | hsbauauvhabzb wrote: | Does the order force blocking of the IP bound to a DNS address? | Could piracy sites change DNS A records to arbitrary IP | addresses to deny service to other sites? | twelvedogs wrote: | In the past the court hasn't specified how to block sites so | they're usually blocked at dns level, just point the DNS | record at one of the isp's ip addresses with a block message | | If they really are having to block actual ips I would be | surprised | the_mitsuhiko wrote: | Unclear. I was unable to find the court order so I'm not sure | where it's coming from. | riedel wrote: | Seems that they just wanted to block some piracy sites like | newalbumreleases.net if you compare the dates and check the | IPs behind those domains. Wonder however if this actually | enforced because I think there is no IP block and no | reports from Austria about collateral damage (or am I wrong | and Austria cannot complain because they are cut of from | the internet) | | Edit: btw, the domains added with date August 29 are | already blocked in Germany and some other EU countries for | a while: https://onlinefilter.info/cuii-dns- | sperre/newalbumreleasesne... . | riedel wrote: | The strange thing is that this order is still not | published (and has a date of tomorrow): https://www.rtr.a | t/TKP/aktuelles/entscheidungen/Uebersichtse... | luckylion wrote: | I'd be somewhat surprised if a court ordered something vague | like "block whatever IP that resolves to at any time in the | future", they'll either say "block these IPs" or "stop | resolving this domain", anything else would require constant | monitoring and continuous involvement of the target of the | order. | hakre wrote: | But wait, isn't Cloudflare exactly offering that as a | service? | xbar wrote: | auf Wiedersehen Osterreich | trasz wrote: | Not related to KiwiFarms by any chance? (From the downvotes I | infer that cesspool is somewhat popular.) | jacko0 wrote: | Works fine for me in the UK (M247), but when I use a German | (Telecom) connection or UK (Plusnet) they are blocked. | austinpena wrote: | Ironically, wouldn't using WARP by Cloudflare solve this? | [deleted] | Lacerda69 wrote: | Nice best of list of pirate services! A couple of those I didnt | know, how kind of them to provide this helpful overview. | musha68k wrote: | Pirate Streisand effect. Love it. | | I'm just wondering about this as Austria historically has been | very lax about falling for demands of the intellectual | properties bullies. | | Edit: I see it's mostly Austrian film makers (some great ones | in there to be fair) and Elsevier (yikes!) behind those | takedown attempts. | mmh0000 wrote: | The Piracy subreddit is one of the best sources for staying | abreast of current pirating options: | | https://www.reddit.com/r/Piracy/ | bakugo wrote: | This happens in my country as well. When I first noticed random | cloudflare IPs timing out, I didn't think too much about it and | assumed it was some routing issue, but then it happened again and | again so I did some searching and found some people on the same | ISP as me mentioning that it conveniently happens when big | football matches are on, and the dates did indeed line up. No, | that is not a joke. | CommitSyn wrote: | What country, if you care to share? | bakugo wrote: | I'd rather not share, but it's not russia. | coolspot wrote: | Russia. They also temporarily blocked large chunks of AWS IPs | back when they fought with Telegram. | | https://www.bleepingcomputer.com/news/government/russia- | bans... | CraigRood wrote: | I will guess at the UK. Premier League have many court | ordered blocks on ISPs in place. | DarkmSparks wrote: | On the up side. Its only fair that Austria be put at an economic | and scientific disadvantage for once. Well, whoever signed this | off must have thought so anyway. | ChuckNorris89 wrote: | They're way ahead of you on that. Much like its bigger cousin | Germany, Austria is in general a dinosaur, technologically, | culturally and politically. | | Low tech wages and archaic working practices, stuffy | bureaucracy, cash and physical paperwork needed for many | things, poorly developed, expensive and slow internet | infrastructure, corrupt and idiot politicians who don't | understand the modern technology sector, litigious politically | connected companies who sue anyone they don't like and lobby | for anti-consumer laws that only benefit their cartel, privacy | regulations taken to the extreme which mainly protect the | crooked and unlawful people and businesses from being known to | the public, etc. | | This news isn't surprising to anyone familiar with Austria and | these intelectual property bullies from the list of companies | that got the Austrian court to block those IPs is just the tip | of a huge shitty iceberg in Austrian tech & politics. | fisf wrote: | Ha, I reckon you live there. The description is pretty | authentic. | cloutchaser wrote: | They're also like world no 8 in gdp per capita. I think | they'll be ok. | ChuckNorris89 wrote: | GDP per capita isn't the be-all and end-al of statistics | for defining a country's success. Just ask the residents of | the Republic of Ireland, the country with the second | highest GDP/capita in the EU, how they feel about this | position. | | Sure, life is good here, _if_ , you're not a tech worker, | and that sector become more and more important in | generating wealth, skilled jobs with a future, attracting | skilled immigrants to pay taxes, and to project influence | and soft power globally, that's why so many smart but not | necessarily rich countries jumped to take advantage of this | new sector (China most famously). | | So a high GDP per capita might not save you in the long run | if every ambitious tech graduate is leaving your country to | Switzerland, London, Germany, Ireland, SV, etc. for a | better environment where they can grow their career and | earn better salaries, which leads to most tech products and | web services used in your country all coming from abroad | because your domestic tech industry is shit since your | country got complacent and decided to sleep through the | tech revolution with the idea that you'll "be fine since | we're 8th GDP/capita in the world". | scottydelta wrote: | It's easier for Cloudflare to ban the sites causing this and | replace the affected IPs than to fight this in the court. | clever-leap wrote: | tomp wrote: | Not that different from the rest of Europe TBH. | | Individual freedom, restrictions on government power, freedom | of speech... all these concepts are not prioritised by, and are | somewhat foreign to, Europeans | clever-leap wrote: | Yes, you are right. Austria is not alone in this behaviour. | malermeister wrote: | As a European, I find a lot of these to be euphemisms for | things that are actively harmful. | troad wrote: | > As a European, I find a lot of these to be euphemisms for | things that are actively harmful. | | As a gay man, as the child of parents who grew up under | totalitarianism: I rather value those things. | meibo wrote: | This is very on-brand for the Austrian government, it somehow | manages to be even worse at these things than the German one. | | Fun(and very disappointing) talk in German about their fuckups | during the pandemic: https://media.ccc.de/v/gpn20-12-die- | unterhaltsamsten-sterrei... | manmal wrote: | Courts act completely separate from the government actually, at | least in Austria. | dewey wrote: | It's nice that they give people a public list of interesting | websites in case they want to infringe on some copyrights. | ChuckNorris89 wrote: | Don't think it works like that. | | The people who didn't know about these site before probably | didn't practice piracy at all anyway, so having this list of | blocked websites won't help them now anyway as they can't | access them easily now anyway. | | So IMHO these blocks mainly work at stopping Average Joes from | accessing low-friction, low hanging fruit piracy and annoying | them enough that they'd rather give Netflix 12 Euros than learn | how to bypass these annoying restrictions. | dewey wrote: | You are probably right, it's just funny that there's a public | list saying ,,don't go there" which kinda acts like a | ,,forbidden books" list making it more interesting. | ChuckNorris89 wrote: | For broke kids with more free time than money, yeah | learning to access forbidden pirate sites is cool and | interesting, but since Austria is a relatively high income | country, most people I know here don't bother with piracy | at all and just pay for content anyway. | | So blocks like these will definitely discourage more | Average Joes from low hanging fruit piracy and keep them as | law-abiding paying customers rather than turning them into | "hackers". | manmal wrote: | Weird, I'm from AT as well and I know people from every | income bracket who pirate content. Except for elderly | people, currently. | dewey wrote: | It was a joke, don't take it so seriously... | | But as an Austrian myself, piracy was alive and well when | I was in the age group where that usually happens and | many "regular" people used free streaming sites when | kino.to and others were still popular. | zagrebian wrote: | That website doesn't have HTTPS. | josteink wrote: | Good plan. Then he won't need cloudflare to put a HTTPS proxy | in front of it and get blocked. | [deleted] | alberth wrote: | Australia has been problematic for Cloudflare for 5+ years now. | [0] | | Bandwidth is prohibitive expensive there, and as such - | Cloudflare has routed around Australia resulting in much higher | latencies. | | Australia has pushed for tech companies to install back doors | into user data. [1] | | Now this. | | [0] https://medium.com/@SimonEast/the-declining-value-of- | cloudfl... | | [1] https://www.accessnow.org/closing-backdoor-australia/ | | EDIT. I have to laugh at myself. I misread this as "Australia", | not "Austria". Doh. | chinathrow wrote: | Article is about Austria. | Dylan16807 wrote: | There's an article? I see a list of blocks with no | commentary. | [deleted] | mixologic wrote: | The headline is about Austria, not Australia. | [deleted] | [deleted] | [deleted] | croes wrote: | Just to be sure, you do realize this is about Austria not | Australia? | marginalia_nu wrote: | Austria, Australia; Sweden, Switzerland; and worst of all | Colombia, The District of Columbia (which isn't a district | but a state), British Columbia (which isn't in Britain), also | a small Australian Columbia (which is actually in Australia). | | I feel we need to get someone on clearing up this mess of | confusingly named localities. | alberth wrote: | Lol. My mistake. Thanks for pointing that out to me. I just | updated my post. Whoops. | quickthrower2 wrote: | Made the same mistake at first (using old glasses | prescription is my excuse...). Felt like an Aussie | government kinda thing to do as well, so it made sense. On | second thoughts they probably wouldn't need the court order | ha ha. | zerof1l wrote: | Did a check with the Austiran VPN server. The block must be on | DNS level only. Using google servers as DNS, for example, will | bypass all of these blocks. Or you can run your own DNS server | like Unbound. | mmh0000 wrote: | Long ago, I used to have my favorite pirate sites bookmarked and | sometimes the IPs saved. Now, Yandex, is the great piracy search | engine. Just type in what you want, and in what format you want | it in, and it'll usually show up within the first 10 results. For | example: | | https://yandex.com/search/?msid=1661717771857485-52510224241... | godmode2019 wrote: | Please stop, you are letting the secret out. If too many people | know yandex will start filtering the results. | ahmed_ds wrote: | Yandex is a pretty good search engine. Yandex is essentially | what people think DuckDuckGo is, on the other hand DuckDuckGo | is essentially is just Bing. | prox wrote: | Isn't Yandex completely Russian? I usually get Yandex with my | malware as well. | ipaddr wrote: | .ru is but .com the other is european based. | zamadatix wrote: | My impression was most use DuckDuckGo for privacy reasons so | it's a bit surprising to read Yandex is supposed to be what | people think DuckDuckGo is. Also DuckDuckGo sources from far | more than just Bing and it does have its own crawler as well. | | My understanding of Yandex was that it's just another user- | information-is-primary-income search provider this time HQ'd | in Russia, neither of which exactly appealing to the typical | DDG crowd. | | Though I'd throw Kagi out to anyone who puts a lot of weight | on such things as being a more pure example than either. | thrown_22 wrote: | >My understanding of Yandex was that it's just another | user-information-is-primary-income search provider this | time HQ'd in Russia, neither of which exactly appealing to | the typical DDG crowd. | | A Russian company having my data given the current state of | relations between it and my government is less worrisome | than Google having the same. | z3c0 wrote: | _Your_ data is useless, no matter where it is. Data on | the collective of American citizens, however, is not. | mrgalaxy wrote: | > Also DuckDuckGo sources from far more than just Bing and | it does have its own crawler as well. | | Do you have a source for this? I'd be interested in reading | the technicals of merging search results from multiple | sources. | zozbot234 wrote: | They do use their crawler to source some "smart" results, | but the bulk of ordinary results seems to be from Bing. | zamadatix wrote: | When I was looking into it I only found a few high level | things like https://help.duckduckgo.com/duckduckgo-help- | pages/results/so.... Nothing on how the sausage is made | unfortunately. Same for Kagi which takes a similar | layered approach (though anecdotally it seemed a bit more | spread across backend sources). | syntaxing wrote: | This is an awesome pro tip. The results reminds me of the early | 2010 google results. | coolspot wrote: | For most things you can skip Yandex and go directly to the | rutracker which would be the top result for most things anyway. | desindol wrote: | Just google and use site:vk.ru | WillPostForFood wrote: | At least in the US, google indexes: site:vk.com | manmal wrote: | That yields no results and the hint ,,Some results may have | been removed under data protection law in Europe." for me. | WillPostForFood wrote: | try site:vk.com | ricardobayes wrote: | No HTTPS, no party. | nouryqt wrote: | https://archive.ph/yByeX | tsimionescu wrote: | What do you think HTTPS has to do with IP blocking by your ISP? | alborzb wrote: | It's possibly that the commenter is reffering to OP's link | not being HTTPS? | tsimionescu wrote: | I hadn't notice that, perhaps you're right. | ricardobayes wrote: | yup | 8191 wrote: | Seems to be a specific action/order by mentioned ISP. Using the | biggest ISP in Austria (A1) still allows access to listed IPs. | the_mitsuhiko wrote: | I see failures on Magenta, A1 (in parts), Liwest and Drei. It's | not constantly blocked which is why I think they didn't fully | roll it out yet. | | Also failures won't happen if you have an IPv6 connection and | it can connect that way. | hsbauauvhabzb wrote: | I live in a country that has also blocked piracy but at the DNS | level (Australia, not Austria). | | I suspect that most anti piracy groups are now moving to long | game by increasing the difficulty in getting to piracy websites | rather than blocking them. I remember significantly more seeds on | popular torrents in 2014 compared to now. I think this is a mix | of streaming services as well as complexity of piracy. | | I do take solice in the fact that piracy will act as a disruptor | in unruly markets. Advertisement breaks in streaming platforms, | increased cost per service or service fragmentation and other | user hostile activities will increase the rate of piracy, | creating a balance between good and unscrupulous. | mabbo wrote: | > but at the DNS level | | Isn't this a bit like taking the phone numbers out of the phone | book? Sure, people can't easily look them up, but if you _know | the right numbers_ , you don't need that. | | Or is there more than that? | lormayna wrote: | Several ISP have appliances that can inspect DNS traffic and | redirect to a the ISP DNS. Then, even if you change DNS | servers, you will be not able to reach blocked sites. The | only way to bypass that, at the moment is to use DoH. | | Source: I have been worked for an ISP and I was in charge of | that. | Ayesh wrote: | There was some real shit going on with some Indonesian ISPs | downright blocking connections to known public DNS | resolvers (8.8.8.8, 1.1.1.1, etc). Dangerously close to the | China-level firewalls that block known VPNs as well. | politelemon wrote: | > Then, even if you change DNS servers, you will be not | able to reach blocked sites. | | Is this done simply by intercepting UDP port 53 requests | somehow? I've only ever had to intercept https as part of | development, but have no idea how this would work for UDP. | Any details you can share? | NavinF wrote: | Yep that's exactly how it works. Not all ISPs actively | intercept and reply to your queries, but the rest still | monitor all port 53 traffic and log your queries. | | Naturally, a lot of HNers hate encrypted DoH which solves | both the active MITM and passive monitoring problems. | Example: https://news.ycombinator.com/item?id=25344358 | folmar wrote: | We just prefer the small local ISP monitoring our queries | to Google and Cloudflare doing so, as the ISP does not | learn a lot more than already at hand - they know the IPs | I connect to anyway. | derkades wrote: | Simply direct all outbound DNS traffic to your own DNS | server. You could do the same for your LAN by adding a | port forward rule in your router (for LAN, not for WAN | like you usually would to get incoming traffic around | NAT) | brian_cunnie wrote: | My mother's cable provider, Optimum Cable, routes DNS | traffic to their own DNS servers. | | To make matters worse, they engage in gratuitous blocking; | for example, they won't resolve addresses of private | networks (192.168.x.y, 10.x.y.z, etc...). For example, | 192.168.1.1.nip.io won't resolve on my mom's network, but | will almost everywhere else. | | The solution, as another poster pointed out, was to use | DNS-over-TLS. | cesarb wrote: | > for example, they won't resolve addresses of private | networks (192.168.x.y, 10.x.y.z, etc...) | | That's called "DNS rebinding protection", and it's meant | to protect against DNS rebind attacks | (https://en.wikipedia.org/wiki/DNS_rebinding). | eknkc wrote: | Dns over TLS has been a life saver due to this shit. I've | my modem exposing its own dns server but using a dns over | tls upstream instead of my ISP. Works perfectly. | mabbo wrote: | Could I not just put the IP address in my url bar? Or do | browsers go through DNS with that anyway? | cortesoft wrote: | That usually won't work. If a site uses SNI and has many | sites behind a single IP (like cloudflare, for example), | the server won't know which host's content to respond | with. | | If it isn't a shared IP, your own browser will block it | because of a cert mismatch. | | The best way to do this is to update your own /etc/hosts | file to point the domain at the correct IP. | gsich wrote: | It's supposed to be a measure against technically non-savy | people. It might work since a lot of people are not aware of | DNS. | twelvedogs wrote: | Yeah no one really cares that it's not super effective in | Australia though. | | the courts order blocks, the ISPs block it at dns because | it's cheap and easy and pirates are either scared off by the | warning message or just use Google dns | | It's good enough and mostly non disruptive | Yujf wrote: | Dns blocking is exactly like that. I don't live australia, | but if I go to the piratebay for example with my isp dns I | get a message it's blocked. If I change to google or | cloudflare dns it works just fine | quickthrower2 wrote: | Malwarebytes won't let me near any of them. Take from that what | you will (they are genuinely harmful, or someone wants them | blocked, or a bit of both?) | [deleted] | scarfolk wrote: | My ISP is Plusnet (a subsiduary of British Telecom) and half of | those IPs resolve to http://www.ukispcourtorders.co.uk. | | I don't know whether the DNS is being resolved first, but in the | url it's listing the IP: | http://www.ukispcourtorders.co.uk/?JNI_URL=104.21.36.27/&JNI... | ... | | My DNS is Quad9 over TLS. | [deleted] | whiterock wrote: | Hmm, I am a LIWEST customer myself, but libgen.is is not blocked | for me - so are they really blocking IP adresses? I am using | 1.1.1.1 as my DNS. | | Edit: Okay i tried a few links now - many show a ,,this domain is | for sale" page, while some work - so I dunno what to do with | that... | Akronymus wrote: | Energie AG here, nothing seems blocked for me. | the_mitsuhiko wrote: | The IP addresses on the bottom of the list are blocked. For | instance you can check a host which only has a single blocked | IP on and you won't be able to navigate to it. For instance | preis-zone.com or www.skodacommunity.de are fully unavailable | right now since both the IPs on that domain are blocked | (188.114.96.12 and 188.114.97.12) when resolved from Austria. | | Some cloudflare worker page are also not loading correctly. A | reply I got on twitter pointed out that you cannot load | urbanarrow.com from Austria properly (for me it gets stuck | after language selection). | | Also you are more likely to see failures if you are only using | IPv4 as some hosts also answer to IPv6. | ARandomerDude wrote: | If the comments here are correct, the Austrians told Cloudflare | "you'll go a-waltzing matilda with me." Or however you say that | in German. Mate. | raffraffraff wrote: | Wow. Are they basically turning off a large chunk of the internet | for Austria? | | *Fixed | whiterock wrote: | the other Australia, the one in Europe, you know Freud, Mozart, | Schwarzenegger, Hitler, that Austria. | moomin wrote: | Don't forget Arnold Schoenberg and the Von Trapp Family | Singers. | mkurz wrote: | Also Johann Holzl, better known as Falco. And of course | Josef Mayrhoff, better known as Josef Fritzl... (He changed | his name in Prison) | reichardt wrote: | Austria--Schnitzel not kangaroo. | wizofaus wrote: | The two aren't at all mutually exclusive, just so you know! | mabbo wrote: | Kangaroo schnitzel sounds intriguing but gamey. | wizofaus wrote: | No more than venison schnitzel. Lots of good recipes | online. | wizofaus wrote: | And now that we're already totally off topic...does | "gamey" actually mean anything other "having flavour that | we're not inured to or been watered down to lowest-common | denominator tastes?" | trasz wrote: | Perhaps, but there are many methods to make meat less | gamey, and I suspect most of them was invented before the | current blandness set in, which suggests it wasn't | welcome in the old days either. | wizofaus wrote: | Supposedly it's related to iron content. | | But I'm baffled at the Oxford definition returned by | Google: "having the strong flavour or smell of game, | especially when it is high". There are very similar | definitions that use "tainted" or even "spoiled" instead | of "high". I think I'd rather my roo steak tasting of | marijuana than of rotten flesh. | rr808 wrote: | Lets put another shrimp on the bar-b. | https://www.youtube.com/watch?v=2hOLm_k6eCs | reaperducer wrote: | The last time I was in Austria, all of the tourist shops had | t-shirts with one of those Australian kangaroo crossing signs | on it and the text "No kangaroos in Austria." | fit2rule wrote: | whiterock wrote: | we have to. our country is confused for Australia so often, | we just HAVE TO sell these shirts. | manmal wrote: | Yes. Not only once did shops in the US ship my stuff to | Australia instead of Austria. | mig39 wrote: | Austria. | [deleted] | rvz wrote: | Austria. Not Australia. | trompetenaccoun wrote: | Sci-hub and LibGen blocked for Elsevier. So that only people able | to pay hundreds of dollars have access tho scientific papers and | books. | | Stay classy, "free" societies. | manmal wrote: | Fortunately some Scihub domains are not blocked in Austria, you | just gotta try some. | raverbashing wrote: | It seems it's blocking the domains, not the IPs, so I guess it's | more at DNS level | the_mitsuhiko wrote: | They used to do DNS blocking for years which you could easily | bypass by using a different DNS provider. Today they added IP | addresses (see bottom of the list). ___________________________________________________________________ (page generated 2022-08-28 23:00 UTC)