I got a phishing link with a report-to a cloudflare site

I recently got a phishing SMS telling me to click the following link:

https://garnyb.com/ZX85aV

I used curl to see where it went, and it redirected immediately to google.com, but included the following headers, which seem like they are reporting information on the link clicked to a cloudflare account. I’m guessing they’re using the link to confirm that the SMS is valid / someone is willing to click the link sent to that SMS. I guess I’m wondering if anyone here knows anything about the headers (cf-cache-status / report-to / etc…

Thanks much for any help understanding this.

Cheers,
Kem

cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v3?s=loF%2BmoGbTiN4Vidk4VdyzAFNu7q%2F0WGrVpEFf3J%2BdGUKfDxUKp13UNGE3ad7m%2FhaGshnUqMK4vBD7XoMq7U0EQCoAHKrL76bRtQffZs6NQUOQU9o131h8fj%2B1OJK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 83081c025bc87c6b-LAX
< alt-svc: h3=":443"; ma=86400
<

Reporting sites, regardless whichever reason you may have, won’t be something that the Cloudflare Community can assist you with.

I will therefore suggest you to use this form, to report the it to the Trust and Safety team, if you believe there are anything that the Cloudflare Trust and Safety team can, or should be able to do about it:

https://cloudflare.com/abuse/form

Thanks – I wasn’t 100% on exactly the mechanism they were using, so I was hoping to gain some insight here about what the report-to endpoint stuff was all about. I wasn’t aware of the abuse form though, so thanks much for that, I will report there also.

Cheers,
Kem

The “Report-To” HTTP response header has nothing to do with reporting abuse.

It is one of several experimental HTTP response headers, which allows you to opt-in to receive reports regarding your website, such as e.g. information about failed network fetches.

The results of these reports could possibly help you with troubleshooting, such as for example if certain people may have trouble reaching your website.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.