Phishing Link Not Suspended!

Hello guys,

So I posted on this forum three days ago saying that we have difficulties with Cloudflare regarding phishing links reported by us not suspended, even though we got reply from Cloudflare saying they have taken actions.

I got a reply from a administrator on this forum Cloonan saying that I should report to their dedicated abuse report form and he suspects that my complaint did not go through. I wanted to reply but found out my post already got closed and marked as resolved! How funny when none of the problems I listed got resolved and remained a huge headache at my daily work!

To reply Cloonan: Yes of course we filed complaints at the abuse report form you listed: https://abuse.cloudflare.com/, and we did get reply from the Trust and Safety team saying they have reviewed our complaint and took actions, but the reality is when we checked the phishing links that were supposedly suspended by Cloudflare, they were all still active!!!

Can someone please look into this? It is such a huge issue as more and more threat attackers are now making advantage of Cloudflare not doing anything, and we see an increasing number of phishing links hosted on Cloudflare every day!!!

For your information I also wrote to [email protected] to report the issue but never got reply.

Hi, are you referring to phishing websites related to game platforms that offer fake gifts? I have also reported similar abusive behavior on websites. However, it’s worth noting that these websites usually don’t use a domain name for a long period of time. After a week or half a month, the current fake domain name will be abandoned. They will register many accounts and domain names, and use the accounts they have already stolen to send new scam links to their friends. For this, Cloudflare may be powerless to prevent all scam domains. Scammers may have already changed their accounts, or even used other service providers or domains. What needs to be done is to popularize anti-fraud knowledge and not to log in to any of your accounts lightly.

Please note that this response has been partially machine-translated and may contain inaccuracies. Thank you for your understanding.

Hi,

Well in my case all the phishing links are abusing Cloudflare’s own domain for example cloudflare-ipfs.com, and no the scammers are not using the domain temporarily. A lot of new phishing links are created using such domain :frowning: It’s just sad that Cloudflare is not doing anything to stop this.

I have a basic understanding of Cloudflare IPFS. Cloudflare’s IPFS gateway provides a read-only interface accessible via HTTP for accessing the Interplanetary File System (IPFS). IPFS is a distributed file storage protocol that allows computers around the world to store and provide files as part of a large peer-to-peer network.

IPFS is essentially a distributed hash table (DHT) that maps content identifiers (CIDs) to people who own that CID content. The hash table is distributed because no single node in the network holds the entire table. Instead, each node stores a subset of the hash table and information about other nodes that store related parts.

When people talk about “uploading” content to IPFS, they usually mean that they are announcing to the network that they own some content by adding an entry from CID to their IP address in the DHT. Other people who want to download their data will look for the CID in the DHT, find that person’s IP address, and download the data directly from them.

cloudflare-ipfs.com is indeed Cloudflare’s official domain for its IPFS gateway service. This means that you can access any public file on the IPFS network using Cloudflare’s IPFS gateway through URLs like https://cloudflare-ipfs.com/ipfs/{CID}.

According to the principle of IPFS, anyone can publish decentralized and anonymous content, which is why Cloudflare IPFS is marked as a phishing website. Too many people use decentralized anonymous networks to engage in illegal and criminal activities. Cloudflare may not be able to monitor every decentralized content provided, and Cloudflare’s authority may mislead many people to believe in its content. Strengthening anti-fraud knowledge education is a better solution. Decentralized networks are a double-edged sword, bringing privacy and speed while also introducing some filth. Decentralization allows scammers to hide their tracks and protect their source servers from exposure, to avoid being caught by law enforcement or being attacked.
The phishing activities I encountered are indeed as I described. After reporting, Cloudflare can usually quickly stop its owner’s account, but they can register a new account at no cost and use a new domain name.

Please note that this response has been partially machine-translated and may contain inaccuracies. Thank you for your understanding.

1 Like

A post was merged into an existing topic: Phishing Link Not Suspended

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.