Aisuru, a rapidly expanding botnet made up of hundreds of thousands of compromised IoT devices, has recently manipulated Cloudflare’s domain rankings. These domains overtook major companies like Amazon and Google, leading Cloudflare to redact Aisuru domains from its public list. Cloudflare's CEO Matthew Prince explained that the botnet generates a high volume of DNS requests, aiming to distort rankings while also attacking Cloudflare's DNS service. Aisuru's growth since its emergence in 2024 has been alarming, with the botnet capable of launching DDoS attacks nearing 30 terabits per second. The botnet switched its DNS servers from Google to Cloudflare in October, which triggered the surge in its domains appearing in rankings. Screenshots of these domains, including one that resembled a Massachusetts street address, circulated on social media, raising concerns about the botnet's unchecked power. While Cloudflare attempted to address the situation by partially redacting malicious domains, experts criticized the rankings for failing to accurately represent legitimate user traffic. Renee Burton from Infoblox noted that many misinterpret the rankings, mistakenly thinking they reflect the number of infected devices rather than just DNS queries. Alex Greenland, CEO of Epi, pointed out that Cloudflare's rankings should reflect genuine human usage, not just automated traffic. He emphasized the need for separate rankings to distinguish between trusted domains and those associated with malicious activity, as the presence of such domains can mislead systems that rely on these rankings for trust and safety assessments. Despite Cloudflare's efforts to hide Aisuru domains from its public list, some still appear in the downloaded data. Experts tracking Aisuru report that many control servers for the botnet are registered under the .su top-level domain, which is often associated with cybercrime. A simple strategy for detecting Aisuru activity might involve monitoring for requests to .su domains, given their history of abuse in the cybercrime sphere.