Raphael WimmerMay 13

You gotta be kidding me, Netlify.

I just wanted to report a fraudulent phishing website hosted on netlify.app but my email was classified as spam by their email provider, Google.
I guess that happened because the email contained suspicious URLs - which are surprisingly common in abuse reports.

Here's the URL in question, by the way. It forwards to a different website.
deutschebahnrewards.netlify.app

Show threadRaphael WimmerMay 13

The next page in the #phishing site chain is handmadeharbor.info. It shows an obviously fake #DeutscheBahn promotion offer That page then redirects you to a form where you are asked to put in credit card details.

As handmadeharbor.info is shielded by Cloudflare, I just submitted an abuse report to @cloudflare

Automated Cloudflare response: "We were unable to confirm phishing at the URL(s) provided"

Kindergarten, alle miteinander.

Show threadhisoldMay 14
@RaphaelWimmer @cloudflare Just reply again and say its obvious phishing. That helped when I reported them a site last year.
Show threadRaphael WimmerMay 14
@hisold @cloudflare
Thanks for the suggestion. I just sent them another email.
Show threadhisoldMay 14
@RaphaelWimmer @cloudflare If you go to the domain directly, you see a bad gateway error. You need the correct URL from the redirect. I hope you mentioned the netlify site as well.
Show threadRaphael WimmerMay 14
@hisold @cloudflare
I think I mentioned the netlify page. However, I forgot to mention that the site seems to return 502 if you visit it in Incognito mode. It still shows the fake page if one uses a normal browser. I guess this might also mean that Cloudflare's automated systems do not recognize the site.
Show threadRaphael Wimmer
@hisold
Update: https://handmadeharbor.info/ is gone.
The host in the background seems to have gone offline. The Cloudflare proxy is still active, so I doubt that Cloudflare did anything here.
May 15 at 7:04amWeb
Show threadhisoldMay 15
@RaphaelWimmer Alright, good job.
Lessons learned: Report to the hosters and registrars.
Show threadRaphael WimmerMay 15
@hisold But how do I identify the true hoster if the site is protected by Cloudflare?
Show threadhisoldMay 15
@RaphaelWimmer That's the neat part, you don't. I reported a online banking phishing site that also used multiple redirects across several providers. Reporting to them is much more effective than cloudflare.