I’m reaching out in regard to 21 URLs abusing the R2.dev platform. For the last two months, our organization has reported these phishing pages to Cloudflare via the abuse form, yet no action is being taken. We typically get the standard response of “we’re only a pass-through service and these aren’t our responsibility”. The problem is, these appear to be using the Cloudflare R2 object storage service and look to fall under their scope.
Does anyone know how we can efficiently report these? The abuse form doesn’t seem to do the job and we’re seeing more of these daily. Seeing as we can only submit 1 hostname per abuse form, it’s not realistic to fill out the form 20+ times a day.
Here’s the list of URLs. Please note the URLs in question have not been restricted. When accessing the URLs, there is a warning for “Suspected phishing”, but a visitor can simply hit “ignore & proceed” to view the phishing pages.
The problem is, these appear to be using the Cloudflare R2 object storage service and look to fall under their scope.
I am unclear how you have determined this, but the correct Team to advise us is from Legal, Trust & Safety Team.
The T&S Team takes every report seriously and responds back on each report.
If the response is that: “we’re only a pass-through service and these aren’t our responsibility” then there really is nothing much to be done.
If you’d like you can open a Support ticket, which I can send to the T&S Team internally. But do note, Support Team (aka me and like me), do not have visibility on T&S tickets. Once the ticket is sent over, Support’s job is done.
Abuse reports are solely handled by the Cloudflare T&S Team.
Please do mention the impact you are being affected by, in the Support ticket.
Kindly provide the ticket number here.