Reporting malicious domains registered with Cloudflare


The answer to this may be obvious, however I have come across this a few times.

Often I see malicious phishing domains that according to the whois contact information have Cloudflare as the domain registrar, however when i try and submit an abuse form via the Cloudflare website, it tells me that that domain does not exist with Cloudflare.

Why is this occuring? Is Cloudflare not the actual registrar, and if so how would I find the correct registrar abuse contact?


I believe the correct way is emailing [email protected] (at least that is what they put in whois). However, it should show up as a valid Cloudflare domain? Do you have an example of one such domain that shows not on Cloudflare?

Sure, the malicious domain I was just trying was:


And yes, that is cloudflares listed abuse email, however they dont want you emailing it and you get a response saying to use the webform and that they dont take responsibility for any of the hosted content (although I would argue that as the registrar, if a domain exists solely for malicious purposes it is your responsibility to deactivate it)

I would argue that as the registrar, if a domain exists solely for malicious purposes it is your responsibility to deactivate it)

Not necessarily. Registrar’s are not Policeman of the world. If the site is for malicious purposes then you should report it to the authorities. Registrar’s can’t decide what is malicious and what is not.

So it looks like the domain isn’t through Cloudflare not being proxies but the domain is registered with Cloudflare. It should be submitted as a general registrar complaint and not a phishing one. I guess the non registrar ones are only for if the domain is proxied through Cloudflare.

1 Like

I get that registrars aren’t like the police and don’t make moral judgments, but they do have policies regarding how their domains are used. Most registrars have terms of service agreements that forbid using their services for malicious activity, including phishing. Registrars can, and should, take action if they find out one of their domains is being used for illegal or malicious activities.

Reporting a malicious site to the authorities is one option, however because of the amount of phishing sites they are not resourced to respond whereas registrars are able to act much faster to prevent harm. Also…it’s not just about protecting people from harm, but also about the registrar’s reputation - some are much better at this than others / some just don’t care.

Thanks - that makes sense I guess. I would be interested to get an actual response from Cloudflare about that / if they will actually take any action in instances where they are the registrar but arent serving the content

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.