How did someone point a "false" domain using Cloudflare DNS at my website?

I’m trying to think through something that happened recently to my organization’s website and would appreciate any thoughts or help from the Cloudflare Community.

To preface, say our domain is, and someone registered and set it up so that whenever it is visited, the content from is served but the address bar in the browser stays on

Is this something that can be easily done with a Cloudflare CNAME record? Is there anything I can do to prevent it from happening to my website?

The reason I mention Cloudflare is that the “false” domain has a valid certificate issued by Cloudflare and the nameservers also trace back to Cloudflare.

In addition, there are a few headers that mention Cloudflare on the 200 response:

|**Expect-CT:**|max-age=604800, report-uri=""|





Thanks for your time and any help with getting to the bottom of this - I’m not sure how directly related Cloudflare is here, but figured it was worth a try.

No. Your host would know immediately that someone is trying to connect using a false domain name. If your server was properly configured, it would not deliver your domain’s content to any requests with a different hostname in them.

I suggest you take a look at your server logs to check the IP addresses that are making these requests.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.