The cloudflare states the issue was the configuration of their database ...
and states that the bot that was handling the the determination of botnet has issues on that time so the data can not be trusted then .

There is always a myth says :
the crypto is speaking tongue and a tv for bad politician decisions

GFW Update Report – November 2025


In the last GFW update (past ~2 weeks) we have some very interesting and bad changes:

- GFW gesture has completely changed since the last two weeks
- The main change is how DPI now reacts to TCP connections
- As we know, a TCP connection has a handshake and a keep-alive part
- Now the firewall does these gestures against every TCP connection:

→ When the connection is going to be established, it checks the SNI, matches it with the real certificate, and even reverses the IP to map it back to the domain

→ If the SNI does not match the IP in the firewall cache and whitelist → immediately timed out (RST)
→ If the SNI matches the IP, but the IP is in the gray list and the SNI is blocked → connection is dropped after a few packets
→ If the SNI is in the gray list or any trick on TLS handshake is recognized (fake SNI, weird extensions, forbidden fragments size,etc.) → active reset from firewall

The firewall also resets the whole gray IP list after a while.
This behavior is very clear on CDN V2Ray configs, Telegram calls, and any long connection that stays on the same IP range – they all die together when the gray list is wiped.(mostly happens from 6.pm to midnight)

- DoH is closed for all popular providers (Cloudflare 1.1.1.1, Google 8.8.8.8, Quad9, etc.)
- Fragmentation above certain packet numbers is ineffective now – old fragment tricks are mostly dead and need much more time and effort

- For the UDP side the firewall also blocks the connection after a few seconds if it can find a handshake.
QUIC protocol and WireGuard took most hits from this.
If the handshake is going to be established it mostly tries not to let you do it.
In second hand it makes a profile of your connection and if it sees normal Warp checking, it immediately blocks the connection to the endpoint – so no data passes through then.
On QUIC there is the same situation: the firewall is too cautious about handshake requests to Warp ranges no matter IPv4 or IPv6. The Warp connection to these IPs is immediately interrupted.

Overall we assess the internet situation in Iran as very frustrating for users right now.

One thing we noticed: CDN IP ranges are still less restricted than normal clean IPs.
But don’t count on them and don’t put all emergency configs behind CDNs only – this is exactly their trick!
Blocking the whole Cloudflare is much easier than finding unknown ASN/VPS provider IPs, so they keep CDN half-alive on purpose and poison clean IPs much faster.

Keep your non-CDN emergency configs ready at all times.
That’s the situation today.

©Atomic
#report #iran #gfw

اخرین فیچر x داره غوعا میکنه نه !
طبق مطالعاتی که ما داشتیم و کامنت های نیکیتا بیر دولوپر ایکس که در پلتفرم قرار داده این داده ها خیلی دقیق هستن و شکی توی لوکیشنشون نیست .
نیکیتا در اوایل ۲۴ دسامبر اعلام کرد که این فیچر یه باگ در تشخیص داشت که دوازده ساعت بعد فیکس شد و مشکل اون برطرف شد
بر اساس صحبت های اون و الگوریتمی که ایکس در محاسبه ونمایش این مورد پی گرفته
مواردی که در عکس بالا اومده وبه طور خلاصه :
- اولین ایپی که شخص باهاش اکانت رو ساخته
-استوری که ازش دانلود کرده
- یک محاسبه روی ایپی هایی که به دفعات وارد اکانت شده توی اون دخیل بوده.

داخل ایکس خیلی ها به افراد دولتی ادعای سیمکارت سفید داشتن چسبودن .
شکی نیست :)
اما خیلی از افراد ایرانی دیگه هم لوکیشن ایران رو براشون نشون میده !
ایا همه سیمکارت سفید دارن ؟
نه لزوما .
تمامی کاربرانی که از پروتکل هایی استفاده کردن که میتونه فیلترینگ رو دور بزنه اما ایپی ایران به سمت سرور توییتر بده (مثال بارز و خیلی محبوب وارپ که در چین و ایران استفاده میشه) لوکیشنش کشور خودش میخوره .

vWarp v2.1.1

بعد از چند ماه توسعه و تست سنگین در شرایط واقعی (ایران، چین و شبکه‌های شرکتی بسته)، نسخه ۲.۱.۰ آماده شد.
هدف اصلی این آپدیت یکپارچه سازی دو تا پورتکل وایرگارد و کوییک در یک هسته بوده و همینطور برای رفع فیلتر اون ها تمرکز داشته.

تمرکز اصلی دو بخش بوده:

تونل MASQUE کامل (QUIC روی HTTP/3) از طریق کلادفلر
موتور Noize؛ قوی‌ترین سیستم obfuscation متن‌باز فعلی که مخصوص شکستن DPI پیشرفته و فیلترهای مبتنی بر یادگیری ماشین ساخته شده.
چه چیزهایی اضافه شده:

• MASQUE پایدار + فال‌بک خودکار به WireGuard
• مخفی‌سازی چندلایه: junk packet، تقلید پروتکل، تصادفی‌سازی تایمینگ، خرد کردن پکت، پدینگ هوشمند
• پرست‌های آماده: light • medium • heavy • stealth • gfw • firewall
• کانفیگ کامل JSON (هر پارامتر قابل تنظیم)
• سربار ۵-۱۰٪ در حالت light، حداکثر ۵۰٪ در حالت stealth
• بهینه‌سازی اختصاصی برای شرایط ایران و چین

فعلاً اسکنر خودکار رو کنار بذارید؛ از endpointهای تست‌شده و ثابت استفاده کنید.
چون برای وی وارپ فیلتر معنی نداره
اجرای پیشنهادی:

vwarp.exe --masque --masque-noize --masque-noize-preset light --endpoint 162.159.198.1:443

کانفیگ‌های آماده و راهنمای کامل در پوشه docs هست.
میتونید اگه روی اینترنتتون کانفیگ های پریست جواب نداد دستی اونو کانفیگ کنید

موفق باشید.
void
#vwarp
#warp

این نسخه که داده شد برای بعضی از دوستان مشکل رجیستر روی دستگاه ها داشت که توی اپدیدت اخر(v2.1.1) حل شده . افرادی که مسک رو نمیتونستن وصل بشن حتما دوباره امتحان کنن

GFW-Slayer Update !
What's New:

- Irancell DPI blocks FIXED - High DPI censorship bypassed
- IP Block Proxy - New prototype for hard IP blocks (like telegram)

we also reconstruct the projec . from next update the old sub links will be ofw. follow the readme in the project to update the subs.

📥 Quick Links:

Iran Users (Irancell fix)
also for chiana and russia we made a all in one config and we estimate this works on youre country too . please try and feedback us for imrpvement.


V-Force Power Users(or scan Qr code above):

https://raw.githubusercontent.com/voidr3aper-anon/GFW-slayer/main/configs/general/V-force.json

🔄 How to Update:

Update subscriptions in V2RayNG/V2RayN
Try Iran configs first if you're on Irancell or MCI (config below the config named irancell are the best)
Use V-Force for maximum performance
GitHub: https://github.com/voidr3aper-anon/GFW-slayer

Break free from censorship!

#GFWSlayer #V2Ray #AntiCensorship #serverless

for telegram and ip block issues we have made a template that you can place a free socks proxy to use that for telegram for now . you can find the configuration at the end of the telegram configs.
even some blocked socks can be used again in this mode .

We have updated the Vwarp with some user-friendly features that are helpful in place.
— The noise obfuscation was tricky for some, and we made a config file for it. now you can just give the vwarp a config file and it will do its rest!
— For the connection, we observe that firewalls in Iran and China are extremely prone to reset, break, or time out the long VPN-like connections to any outside entity. We manage this issue with smart handling now, and the VPN, in the worst case, will reconnect automatically. It observes the transport layer communication and its performance, making it more robust against these firewall tricks. This feature is beneficial on servers too; you don't need to restart the VPN manually to restore the connection. The benchmarks showed stability up to one week.

We also have made a document (https://github.com/voidr3aper-anon/Vwarp/blob/voidr3aper-anon-readme-enhance/docs/CONFIG_FORGE.md) and describe every field that is customizable by the user to make it super adaptive with the connection it has.
All of these can be found in the project

We have updated the Vwarp (v2.2.2) with some user-friendly features that are helpful in place:

— The noise obfuscation was tricky for some, and we made a config file for it. now you can just give the Vwarp a config file and it will do its rest!

— For the connection, we observe that firewalls in Iran and China are extremely prone to reset, break, or time out the long VPN-like connections to any outside entity. We manage this issue with smart handling now, and the VPN, in the worst case, will reconnect automatically. It observes the transport layer communication and its performance, making it more robust against these firewall tricks.

This feature is beneficial on servers too; you don't need to restart the VPN manually to restore the connection. The benchmarks showed stability up to one week for restricted areas

We also have made a document and describe every field that is customizable by the user to make it super adaptive with the connection it has.
All of these can be found in the project

#vwarp

sample config for vwarp you can use
#by we4vendetta
#vwarp_conf

We have been informed that atomic_anon , the researcher of team has been arrested.
First we inform all the projects in his account are guaranteed and all activites been transferred to the team in a safe place.

We will continue his way of freedom, and we do not stand aside watching this pity!

Revenge is a must, and we do not forgive and we do not forget.

We have worked on a  blog and  started sharing the analytics  of  firewall .
From now on we try to share our post mainly there
https://voidr3aper-anon.github.io/Void-Blog/

#blog

We have updated the serverless configurations for Iran.
Tests show that they work on both TCI and MCI.
However, the general internet environment is inconsistent, so these configurations may inherit the same issues.
But overall they are robust.

#gfw_slayer
#serverless

Sub link:

https://raw.githubusercontent.com/voidr3aper-anon/GFW-slayer/refs/heads/main/configs/regional/iran/emergency-add-on-for-iran.json

https://voidr3aper-anon.github.io/Void-Blog/network%20monitoring/Psiphon-The-Last-Bastion-fa/
سایفون: آخرین سنگر در برابر دیوار بزرگ اینترنت ایران | Void Blog - Network Analysis, Hacking & GFW Bypass

سلام!
ما در آپدیدت جدید  بلاگ  نسخه ترجمه شده به  فارسی  گزارش های خود را هم منتشر میکنیم .
این شاید به دنبال کنندگان فارسی کمک بکند !

How is the weather in
https://amlak.mrud.ir
:)

Little problems. Aint it?

zoomit.ir needs a little bit of help :)

New update on serverless to add faster configs.
There are now two new configs for hamrah and irancell both work.
This is worth saying that they are much better on pc v2ray core

https://raw.githubusercontent.com/voidr3aper-anon/GFW-slayer/refs/heads/main/configs/regional/iran/emergency-add-on-for-iran.json

Among everything telegram could open to help people of iran,they choose story!

Not the sheild to make them connect easier,
Not the free api proxies made for such situation

Just A slap in the face :)

By by aparat.com!!
Bullshit self choosing content