Cloudflare Trust & Safety

@Namecheap phishing domain. Please suspend? sso-rbx (.) com

@r3trosteve @Cloudflare We’ll be replying on the ticket discussing the activity that trigger this warning interstitial.

@Cloudflare as a single point of failure for the domains you proxy, I would think a little more considered process should be enacted before marking a domain and an entire account as suspected of phishing. Wow.

@drb_ra This has been actioned, thank you for your report. Our abuse form is available at cloudflare.com/abuse ^HS

C2: HTTPS @ 154[.]222[.]230[.]138:443 C2 Server: blue-rice-1d8e[.]dropboxonline[.]workers[.]dev,/jquery/secrets/OT5N74ZOYE4 Host Header: blue-rice-1d8e[.]dropboxonline[.]workers[.]dev /cc @CloudflareAbuse (Short) #C2 #cobaltstrike

@IgnotumAliquis @Cloudflare If you want to report abuse, please file a verifiable report using our abuse form at abuse.cloudflare.com ^HS

@Cloudflare You are fronting for the scam web site perma[.]cc

@redanblacattack @EuromaidanPress It’s not hosted by Cloudflare. You’re welcome to file a verifiable report at cloudflare.com/abuse

Russian soldiers are refusing to redeploy to Ukraine, citing reasons including unwillingness to become ‘cannon fodder’ (photographic proof) euromaidanpress.com/2022/03/16/rus…

@AlvieriD @Cloudflare @CloudflareHelp @NYSE Please report it at cloudflare.com/abuse if you haven’t already.

New York Stock Exchange fake app websites need you to click and allow a download of your device profile configuration prior to fake app download. @Cloudflare #phishing #malware @CloudflareAbuse @CloudflareHelp #cybersecurity #infosec #nyse @NYSE

@Sortafreel @Cloudflare cloudflare.com/abuse is the correct place for a verifiable report.

@Cloudflare is protecting phishing savelife.pw website, copy of the actual SaveLife website. The site steals money from people who want to support Ukrainian refugees and forces. Stop protecting phishing and propaganda!

@RazoesSergio @Cloudflare Best place for verifiable reports is at cloudflare.com/abuse

@JCyberSec_ @illegalFawn @malwrhunterteam @JAMESWT_MHT @Bank_Security @dubstard @YourAnonRiots @andsyn1 @douglasmun @SwiftOnSecurity @ICANN @Hostinger Correct place for verifiable reports would be at cloudflare.com/abuse

@illegalFawn @malwrhunterteam @JAMESWT_MHT @Bank_Security @dubstard @YourAnonRiots @andsyn1 @douglasmun @SwiftOnSecurity Hey @CloudflareAbuse can you please stop protecting this malicious domain. preview-domain runs their own NS so who can take this down? @ICANN Registered with @Hostinger initally

watch out for /preview-domain.com as I can count more than 200 unique #phishing attacks targeting Italian banks last month @malwrhunterteam @JAMESWT_MHT @Bank_Security @JCyberSec_ @dubstard @YourAnonRiots @andsyn1 @douglasmun @SwiftOnSecurity #mwitaly

@JCyberSec_ That’s incorrect. We’re not the host. Correct place for a report would be at cloudflare.com/abuse

This phishing site is hosted by @CloudflareAbuse

Another live UK COVID SMS campaign 📱🇬🇧🧑‍⚕️ 🌐hxxps://get-nhs-pass.comName.php 📁This kit is known as the show kit due to its aggressive anti-VPN and IP blocks. #KITIntel Sadly they are not good enough as I still get access 😉

@dubstard @WalletConnect @Namecheap @ActorExpose @bunnymaid @CryptoPhishing @CryptoScamDB @JAMESWT_MHT @JCyberSec_ @PhishFort @phishunt_io @sniko_ @nullcookies @Spam404 @pedrouid Also took this out ^MG

@malwrhunterteam @bakery_swap @MetaMask Wow, this tweet really bought out the Google form phishing bots. I'm almost impressed, urlscan links here if anyone wants to take them out ^MG urlscan.io/result/9d54ebf… urlscan.io/result/44643a2…

@malwrhunterteam @bakery_swap @MetaMask Sorry, just saw this, should be interstitialed now ^MG

A @bakery_swap themed @MetaMask phishing: https://official-bakeryswap[.]org/index.html

@whale_it @Cloudflare ACK.

#Phishing Multiple Phishing sites Hiding behind @CloudflareAbuse @Cloudflare //sky-login-mobile.com/ //icy-mud-45aa.admin6854.workers.dev/ //ancient-lab-15b5.rhn21600.workers.dev/ //plain-bird-ee0e.jim-isaac10001.workers.dev/ //old-snow-2858.ar3a3fraq3.workers.dev/

@sinanaral Hello, we do not host the website in question. Please file a verifiable report at cloudflare.com/abuse if you have a report about the website.

THIS IS A SCAM. IF YOU WANT TO SEE A DEEPFAKE OF ME USED TO SELL A STOCK TRADING ALGORITHM, CLICK HERE. BUT DO NOT GIVE YOUR PERSONAL INFORMATION OR FINANCIAL DETAILS AS THIS IS A SCAM 👇🏽 manifestgrowth.space/3p1gqS2p

@JCyberSec_ Dead now ^MG

@JCyberSec_ On it! ^MG

This is a blast from the past... A Kr3pto #phishing kit targeting Allied Irish Banks Sent via SMS to users Admin panel on the back-end linked to #kr3pto 🌐hxxps://aibassistance-online.com 🔥Host @CloudflareAbuse

@bunnymaid @BushidoToken @Hermesparcels Sorry for the delayed ack, we took this out shortly after you pinged us, just forgot to reply. My bad. ^MG

@BushidoToken @Hermesparcels @CloudflareAbuse That is phish on @CloudflareAbuse They usually knobble those quite quickly!

#phishing SMS as @Hermesparcels targeting UK 🇬🇧 hermesuk-mytracking[.]com 104.21.91[.]196 (CLOUDFLARE) @CloudflareAbuse urlscan.io/result/ed720bc…

@BushidoToken @bunnymaid @Firebase They were done at the same time ^MG

@CloudflareAbuse @bunnymaid @Firebase Please can you also remove these Bazar stagers on CloudFlare: moigoran[.]space menoiras[.]space meshura[.]space vagenor[.]space

☣️ #BazarLoader ‘Stolen Images Evidence’ campaign persists New sender: Williamspix565[@]yahoo[.]com Same payload host morungato[.]space/nerkl23vhb4/ This campaign relies heavily on @Firebase & Google App Engine firebasestorage[.]googleapis[.]com files-d6e6c[.]appspot[.]com

@bunnymaid @BushidoToken @Firebase Should be dead now ^MG

@BushidoToken @Firebase Expecting @Firebase to care is extreme optimism, much like expecting to find any humans in google that can help. Domain by @CloudflareAbuse so maybe they can deal with their malware problem, phish problems get clubbed on the head really quickly.