Is there any way to contact someone to report more than one domain the the same time?
I found around 500 domains used for fake investing platforms scams. For some reason all of them uses cloudflare nameservers and have cloudflare issued ssl certificates. There is a form that I can use to report websites but it allows me to provide only one domain per report
68 Replies
?abuse
If you feel that a site is engaging in illegal or inappropriate activities, you can submit an abuse report at https://abuse.cloudflare.com/. The Trust and Safety team will review the details and reply if appropriate. You can also report the site to your relevant local authorities. Reports cannot be filed via Discord or with individual employees or Champs.
If this is the form you're actually referring to, then no, there is no other way.
but url's cannot be under different domains
for some reason
So if I'd report all these domains it would take me 500 times filling this one form? 🤦♂️
I can definitely understand your 🤦♂️-kind of feeling, and how devastating that it may eventually appear.
However, it is also important to understand, ... with:
-
banocean.example
- darkdevil.example
- test.example
They ARE three different domain names, and it MAY actually also be three different entities behind them, and as such, they are three different cases, not one single case to review.Those are actually normal domains registred massively with ai generated websites
Mixing all these three domains (and potentially three different cases) together, even if possible, will only just prolong the time it takes to review the (individual) case.
But it's like exact same scheme
and even forms on this websites work same way
"Like" is the key there.
As you said fake investment platforms, and as we're talking about reporting them to the abuse department, - I wouldn't have posted the screenshot though...
But the second and third, the .io and .digital looks similar, - yes.
The first and fourth ... doesn't.
(Based alone on your screenshot)
I have like 500 and all of them looks similar
I see a minimum of three different cases there, assuming we're combining the ones in the middle.
also all of them have registration form in login page
and no way to login
becouse they call you after you submit this form
to get you to send them money
Well, the first two lines (registration, no way to login) doesn't *necessarily sound ill, with such kind of "closed registrations", if we could call it that.
Third and forth does sound ill though...
It's using nameservers but not the registrar
But well, I'm not the one that have set the requirements.
So https://abuse.cloudflare.com/ is all I can suggest you to go through.
nope
It's just not finished website
I can provide you list of 500 websites like that
and some with videos used to advertise them
also most of them have something like "Official & Update Website 2024" in title
and I have fake article with fake comments on fake news website promoting on of them
like you can tell it's a set scam
Thats why maybe someone from official cloudflare support can offer some better way of resolving this
I'm not saying that what you are saying isn't true, or that I don't believe you.
I completely understand the issue from your side.
But that website address is the only way.
Cloudflare Support and Trust & Safety are two different department with no relation to each other.
And it is Trust & Safety from https://abuse.cloudflare.com/ that need the case(s).
corporate setup without any ability to handle exceptional cases :/
Cloudflare Support, Cloudflare Community, or the Discord community here CANNOT do anything about it.
ok, this form results also in site being blocked by cloudflare dns?
It claims to "protect [...] connections from malware" lol
The final judgement (and result) will be up to the Trust & Safety department to decide.
This one doesn't look to me, to be from https://abuse.cloudflare.com/ though.
Also claiming that using certain DNS can prtect your home itnernet connection from malware is atleast an overstatment
but the thing is can I report it even if it doesn't use cloudflare products
If you are running the resolver that people use to be able to translate
example.com to 192.0.2.80, then you can also filter the responses, or even give incorrect (0.1.2.3) responses, which will be able to defend at least some, or limit the exposure for at least non-tech savvy people.
So it probably depends on how deep you wish to go in to that kind of situation.Yes, but distributing malware can be done under the same domains as normal websites
Ik how does it work
If the website doesn't use any Cloudflare products at all (be it Cloudflare name servers, having their individual (sub-)domains Proxied through Cloudflare, ... or the like), then Cloudflare won't be able to do anything at all, ever.
In Poland CERT Polska takes care of this by maintaining list of websites that most of telecom oprator use to drop/overwrite dns packets with requests for them
So there, it wouldn't make sense to bother Cloudflare with something that is outside of Cloudflare.
Well, in that case both the malware and the website would go down at the same time.
Website owner wold only have themself to thank for that, for not having their security up to date, or whatever happened the made malware distribution be possible in the first place.
I mean you can use for example discord cdn and until someone reports it, it will work
and dns not gonna help you with that
and thats why I consider this overstatement
I believe that would be against the Disccord ToS to abuse their CDN like that.
But I'm also under the impression that wherever possible, nasty people will always try to find workarounds, - even if they are only working temporarily.
^ Like this one, I can add that Denmark does some of the same.
DNS filters in Denmark have been attempting to filter anything from CSAM material, to pirate sites, and what the state/gov considers illegal gaming sites.
But it's far from all of their lists that are public.
I'm not sure how I should interpret the strikethrough though...
I mean this CERT Polska thing is not related to DNS blocking requested by other goverment agencies that can do it
Like all of these corporations are doing nightmare from site reporting
like look at google safe browsing
report one max with no way to contact them later
microsoft nearly same
and some captcha system from 2012
cloudflare limit domains per report too
Nightmare in which direction actually?
Denmark's "DNS filters" ended up on blocking Facebook with allegations of CSAM in the past...
🤦♂️
Too lenient hitting the "block" button is a nightmare as well.
CERT Polska seems to be more organized
Everything I did and everyone I interacted from them
Not sure lenient is the right word though...
But given all the stuff, and people trolling with reports and whatsoever
I understand that such reporting forms may be a bit complicated
Such as in your case, requiring an individual report per domain.
gl reporting 500 domains
like cert polska allows me to do that
Such bulk reporting may lead to even more accidental errors as the Facebook case above.
and they had effort to reach out to hosting companies etc. to take them down but like everyone is making it impossible rn
And that's why maybe explaining what's wrong with these sites and whats unique about them can lead to easier scanning of them
and finding even more domains
How exactly are you bulk reporting to CERT Polska?
They allow report via [email protected] email and they have forms on tehir website
but those forms have limit of 50 urls
The only problem is that most of telecoms have that, but it's not like 3/4 of isp's that doesn't do anything else than being isp would care :/
The problem with emailing that way is that it doesn't ask for the appropriate details.
microsoft has other forms too? wtf
that would reach back to you if they need something more
also email isn't the recommended way, but I use it becouse of the 50 domains limit
If I were sitting with [email protected] or whatever, and received one single message / ticket, with 500 different domains, it would go two possible ways:
1. Arhived, invalid
2. Hello, please report individual domains as an individual case.
I mean they could
but I checked
and they didn't
Well, lucky for you I guess.
also I mean they aren't like average goverment agency and as far as ik people there are doing quite a grat job at this
Ticket systems and so often do not have good ways of splitting cases apart, such as if you send 500 domains at once as you indicate.
Just like it would be 💩 for you to report them individually, it would be 💩 for them to split them, even if possible.
Therefore, a such 500 domain message would likely go directly to the archive.
With no action at all.
I mean people answering those aren't average outsourced 3'rd world country support
so they could automate checking stuff like this prob
especially sucha repetetive stuff like I do report
Let's see if microsoft will do it
Not really, automating such stuff as you say with 500 domains at once, ... isn't possible.
If you have put references in your email to several different ones of them, ...
What reference is to what domain?
I mean they could have a tool that checks for this form for example and taking 10min to write it is faster than checking 500 doamins still
Well, we can easily add that things are better today than 25 years ago if you should do something like trying to automate such, ....
But it's still quite impossible...
this file
I sent them like 5 reports instead of this
file
I mean I was colleting this stuff
for like a 3 days
I suggest you remove that one again, and do not post such things publicly on any of the communities, if we're talking about scam websites like you initially posted...
Microsoft doesn't even write me explanation of my report 🤦♂️
I understand it is only meant as an example from your side, but it's literally spreading it around 😦
Whats wrong with that
I don't think it would change anything
like I sent only in places with converstation relevant to this
You aren't really a good Samaritan after all, if you're actually spreading what you're actually trying to get off the Internet?
It's a public place, where 40k others can see it...
no random person would search for this in random thread in random channel
also if you're using cloudflare you're probably not that dumb to go to random website that is wierd af and provide your details
recive phone call and send to someone your money
also there are like 3 people in this conversation
@DarkDeviL also I think you might want to look at this https://cert.pl/en/posts/2020/03/malicious_domains/
List of malicious domains
With the help of telecommunications operators, we are starting a war against phishing sites that target personal data, banking information and social media accounts. In response to the growing number of phishing incidents related to the coronavirus pandemic, we are launching a list of malicious domains targeting Polish users. It …
Regardless of the visibility of 3 people, or all the 40k+ people that can read it, it is still not a good idea to post such links publicly, if they are related to scam or malware, as you appear to have noted previously.
I think we are making bigger deal out of this than it's actually is
I could say the same about your 500 individual reports 🤔
not gonna solve captcha 500 times to report it for example to google safe browsing
Anyway, I also think we discussed the issue you came about originally though.