0/100

high Risk

complaints-dmca.report

https://complaints-dmca.report/

172.67.149.83 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

6 days ⚠

HTTP

403 · 34.1s

SSL

Valid· E8, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Suspected phishing site | Cloudflare"

Save

Domain Intelligence: complaints-dmca.report

Scanned 2 times since Apr 12, 2026, 11:07 PM UTC

✗ Critical (100)

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Scanner blocked by cloudflare

This scan likely captured a block/challenge page, so the AI analysis may not reflect the real site victims see.

ATO

Unknown

Technology · 4/15/2026

Summary

The domain ATO is a very new domain (6 days old) and is served behind Cloudflare. The page content captured is a Cloudflare blocking/notice page rather than the actual phishing content, indicating scanner blockage. External signals suggest potential phishing indicators (suspicious endpoints and Turnstile integration), but the visible page is a WAF block page rather than impersonation content. Based on non-page signals, the domain appears to be used in an abusive/obfuscated context, but the accessible content in the screenshot is not the phishing page itself.

Evidence Summary

▸Observed 2 capture stage(s); canonical stage is settled_render.

▸POST targets observed during capture: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/873024344:1776132958:X8b10MNkp0VQpEHvREHJ9gtnPLuPpVcXm7zyAosSxNI/9ebf8a28c821d5e0/oh6bMIfqlcaYwNJMusEYqgftSTWZ_ogK1nQKwy9jHqA-1776136459-1.2.1.1-RBEx.acgnBjhkcHdue_FW2V6w5Ctzv4e5fSJu8oguUH1dZlq5b3i9TXGAeLr8v48.

▸Distinctive asset clues: api.js, cf.errors.css, icon-exclamation.png, 1.

Capture

Stages: 2

Canonical: Settled Render

Changed: No

Credential Signals

Forms: 1

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 12

Hosts: 2

Domains: 2

Suspicious Endpoints

hxxps://complaints-dmca[.]report/cdn-cgi/phish-bypass

Attack Techniques (0)

Indicators of Compromise (1)

▸Off-domain endpoint: /cdn-cgi/phish-bypass referenced in the captured data

Risk AssessmentUsed in abuse reports

The site presents as a likely abuse-hosting domain used to surface phishing content, but the actual page loaded by the scanner is a Cloudflare block page, not the phishing UI. The combination of a new domain, Cloudflare proxy, references to phish-bypass endpoints, and Turnstile integration suggests anti-automation measures typical of phishing hosts attempting to evade scanners. The scanner was blocked by a WAF, and the page content available is not sufficient to confirm credential harvesting or impersonation on this domain. Recommend heightened monitoring and further domain intelligence gathering to determine if the domain hosts or links to phishing content.

Recommended Action

Monitor

Cross-Reference8

URL Intelligence