I’m trying to report phishing messages that were relayed via Cloudflare’s servers. However the abuse form requires specifying an offending domain/website, which is not available in the headers of these emails, because the offenders are good and spoofed the sender’s domain. How do I report this abuse?
Cloudflare does not handle emails, so that cant have been relayed via Cloudflare.
Well, here’s a snippet from the header:
Received: from vps36.cloudflare.com (localhost [127.0.0.1])
by vps36.cloudflare.com (8.14.7/8.14.7) with ESMTP id 02NGfNvu024356
for <r********@g**********.com>; Mon, 23 Mar 2020 19:41:23 +0300
Received: (from [email protected])
They simply announce that hostname, that is pretty much faked. That email did not go through Cloudflare.
That well me be the case give almost everything in the header is faked. Don’t use this service, simply wanted to report it in case it’s the only piece of real info. However, “they” like to associate their IP with this particular Cloudflare address, looking at their hosting info.
You could run it through spamcop.net which would send complaints to the right addresses.
If there is a phishing domain on Cloudflare you can use cloudflare.com/abuse to report the domain. 127.0.0.1 is a reserved, non-routable address for the local machine (any local machine).
Thanks. I know that. There is no domain in that header that your reporting system recognizes as being served by you. Never mind. I’ve taken appropriate measures on our end. For your record the offending IP that is using or pretending to use your systems is 22.214.171.124.
[email protected] would be responsible for that particular address.
yea man, and they’re gonna tell the dead Russian painter to stop phishing my clients =))))
This topic was automatically closed after 14 days. New replies are no longer allowed.