Cloudflare abuse report system rejects all domains that do 301 redirects

Feedback

The fraud report tool is broken for sites that do 301 redirects. If a site does a 301 redirect to another cloudflare fraud site, then the fraud report tool always rejects reporting the first site (says no content found).

When the second site is removed due to fraud, the first site then redirects to a new fraud site. Cloudflares abuse report system fails to detect this and refuses to accept a fraud report even though this site is being actively used for phishing fraud.

Phishing attacks are ongoing thru a url I have tried reporting multiple times and I immediately get a response rejecting the report, even though ScamSniffer and other security tools 100% identify the site as fraud.

I’ve tried emailing the cloudflare abuse reply email address, and never get a response.

Does Cloudflare want phishing passing thru its network? This insane that such a simple setup completely bypasses Cloudflares abuse report system and yet nobody seems to care.

On looking closer, it’s not a 301 redirect but a 302 “temporarily moved” redirect.

The criminals behind this site are well organized and drain millions of dollars every year from it’s victims.

A screenshot showing the issue:

1000003396582×500 75.1 KB

For future reference, the malicious sites abusing this loophole are dozens of crypto wallet drainers posted to Alex Beckers Twitter profile.

Alex allows these scams on his profile, and when people post criticism of him he has, on occasion, threatened to send wallet drainers to the user posting criticism.

It seems being a “crypto influencer” is most profitable when they participate in the multi-million dollar a year crypto drainer industry.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.