My team have been having a lot of problems with phishing links hosted by Cloudflare.
We reported a lot of phishing links and got the same answer from Cloudflare saying they have restrcted access to the phishing link, but the fact is the phishing links are all still active.
We replied back attaching the evidence but got not reply, and the phishing links remain active.
This is really frustrating! Does any one have tips how to make Cloudflare actually take down the right phishing link? Thanks!
Hi @yufenli If you feel that a site is engaging in illegal or inappropriate activities, you can submit an abuse report at Abuse approach - Cloudflare. If you did not receive a reply, please check your spam folder and/or re-submit the sites as I suspect the submission did not go through.
You will receive a confirmation email with a confirmation code in the Subject. While the Trust and Safety team will review the details of your report, that may be the only reply you receive.
You can also report the site to your relevant local authorities. Complaints cannot be filed via this forum.
Really frustrating to hear about your struggles with phishing links on Cloudflare. It’s key to ensure the evidence is clear and follow up persistently. Tagging their official support on social media for visibility might help too. Keep fighting the good fight against phishing! #CyberSecurity#CloudflareIssues
So I posted on this forum three days ago saying that we have difficulties with Cloudflare regarding phishing links reported by us not suspended, even though we got reply from Cloudflare saying they have taken actions.
I got a reply from a administrator on this forum Cloonan saying that I should report to their dedicated abuse report form and he suspects that my complaint did not go through. I wanted to reply but found out my post already got closed and marked as resolved! How funny when none of the problems I listed got resolved and remained a huge headache at my daily work!
To reply Cloonan: Yes of course we filed complaints at the abuse report form you listed: https://abuse.cloudflare.com/, and we did get reply from the Trust and Safety team saying they have reviewed our complaint and took actions, but the reality is when we checked the phishing links that were supposedly suspended by Cloudflare, they were all still active!!!
Can someone please look into this? It is such a huge issue as more and more threat attackers are now making advantage of Cloudflare not doing anything, and we see an increasing number of phishing links hosted on Cloudflare every day!!!
For your information I also wrote to [email protected] to report the issue but never got reply.
Cloudflare security team works as if they are protecting these phishing sites with their service.
I have provided very clearly. But they did not read it, they rejected it within 1 minute. I thought I did not send enough evidence, I wrote and rewrote it and realized that in less than 1 minute, I received a reject email from Cloudflare.
Are they really working, or are they providing protection services for these phishing sites?
I need a satisfactory answer or find a way to sue Cloudflare to ICANN or international court.
My customers are complaining and my business is getting worse.
The problem is that the scam websites are continuous and widespread.
I have spent a lot of money reporting these phishing websites. But then there are still many other websites that continue to impersonate and scam.
But now the owners are in other countries in the world, the litigation has become very difficult and extremely expensive.
Meanwhile, the service provider is Cloudflare. What I provided in the most detail they denied within 1 minute.
Video evidence. License. Images of customers being scammed,… all were rejected within 1 minute as if they had not seen it.
I’ve heard that Cloudflare sponsors the dark forces. This is really ironic.
Reporting to the court about what Cloudflare did wrong would cost a lot of money.
It’s key to ensure the evidence is clear and follow up persistently. Tagging their official support on social media for visibility might help too. 
Keep fighting the good fight against phishing!