I tried to install Antergos today, but cnchi kept freezing after the “System Check” step. After some investigative work I found out that cnchi was making requests to http://antergos-beta.tk:3000/ip which were timing out, explaining why the program froze. What’s especially interesting is that http://anteros-beta.tk/ redirects to http://twero.com/, an adult (NSFW) dating site. A quick look at the WHOIS records reveals that the domain has been hijacked by Freenom. This begs the question, why does Antergos even use .tk domains?
Something else that I find very interesting is this line in geoip.py. Why are the URLs written from right the left in the list and then reversed when they’re actually used in line 88? My only possible explanation for this is to hide the URLs from commands like grep, but why?
I feel like there is definitely something wrong here and would like an explanation.