Can't report phishing abuse on a domain that redirects to another website

What is the name of the domain?

coíņbase.com

What is the issue you’re encountering

When I try to report the domain, it says that the domain (that it resolves from following the redirect) is not managed by cloudflare.

What steps have you taken to resolve the issue?

Reaching out to you.

Here’s the results of dig:

dig coíņbase.com

; <<>> DiG 9.18.1-1ubuntu1.3-Ubuntu <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61899
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;coíņbase.com. IN A

;; AUTHORITY SECTION:
coíņbase.com. 1800 IN SOA <link removed due to post restrictions, it’s cloudflare>. 2346145694 10000 2400 604800 1800

;; Query time: 20 msec
;; SERVER: 10.255.255.254#53(10.255.255.254) (UDP)
;; WHEN: Fri Aug 23 17:17:34 PDT 2024
;; MSG SIZE rcvd: 126

What is the current SSL/TLS setting?

Off

image

Cloudflare will be passing on the abuse reports to the hosting providers behind Cloudflare, for DNS record(s) that are set to Proxied (:orange:), and being served through Cloudflare.

However, -

There are no DNS record(s) (e.g. AAAA or A) in that output, and as such, no web traffic will be over Cloudflare, for that specific name.

As a result of that, there is nothing for Cloudflare to pass on in this instance.

1 Like

Can cloudflare not do anything about the fact that the domain’s name servers are being served through cloudflare and the domain is being used for sending malicious email?

Who to contact in regards to abuse depend on what kind of abuse it is, how it is done, et al.

You will need to check the email headers, and identify the first “untrusted” IP address, in the reverse order of the message transmission, e.g. the one that delivered the message to your email provider.

  1. Make a WHOIS lookup on the IP address.

  2. Identify the abuse contact email address from WHOIS.

  3. Send an explanation of the issue to the abuse contact email address, including a full and non-redacted copy of the message and it’s headers, which can be done by most email clients via the “forward as attachment” feature.

As Cloudflare does not operate any email sending service, this one also falls out of the scope of where Cloudflare would be able to do anything.

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.