I’m trying to think through something that happened recently to my organization’s website and would appreciate any thoughts or help from the Cloudflare Community.
To preface, say our domain is example.org, and someone registered thefalseexample.org and set it up so that whenever it is visited, the content from example.org is served but the address bar in the browser stays on thefalseexample.org.
Is this something that can be easily done with a Cloudflare CNAME record? Is there anything I can do to prevent it from happening to my website?
The reason I mention Cloudflare is that the “false” domain thefalseexample.org has a valid certificate issued by Cloudflare and the nameservers also trace back to Cloudflare.
In addition, there are a few headers that mention Cloudflare on the 200 response:
|**Expect-CT:**|max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"|
|**Report-To:**|{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IAzmr2Uiti%2FFzkl%2FsfUOWm3eBe5RC8B%2BgbwZJ9YznOMDjIW%2F5IHwKasP%2FTQRfkZJfSyswymAbnTxyu3z80GYWyEOIdNB%2F0kbfPxCNC7KckVoDUAO8Q6hSSRfZQC6kxAqpRPvmlLynZ%2Bc8w%3D%3D"}],"group":"cf-nel","max_age":604800}|
|**NEL:**|{"success_fraction":0,"report_to":"cf-nel","max_age":604800}|
|**Server:**|cloudflare|
|**CF-RAY:**|6c8f8a688a384a80-FRA|
Thanks for your time and any help with getting to the bottom of this - I’m not sure how directly related Cloudflare is here, but figured it was worth a try.