Abuse form on Cloudflare - safe?


We identified a Man in the Middle site that is DNS hosted at Cloudflare but registrar is 3rd party. We want to let Cloudflare know through the abuse form, and the option to share this with the website hosting provider is mandatory (which is great) but so is sharing with the website owner (which seems dodgy since they are likely malicious). The options on the Cloudflare form suggest our own contact information isn’t shared by default, but I was wondering what other people have done/experienced in this type of submission. In the interim I have gone directly to the registrar on file to report. Thanks!

With the options you have selected, everything in your report will be sent to the website owner, including the justification, but they will not know who sent it since your name and contact information are not included.

Without knowing details about the situation (and it shouldn’t be shared here either), this function is useful in situations where the website owner is for example the owner of a SaaS company providing service to their own customers, because with notice they can shut down the customer causing the problem, rather than it having to go through the hosting provider.

If you do not want the website owner to know a detail of your report, you will have to just not include it in the report. To my knowledge they are sent the domain and URL, as well as the evidence and comments.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.