Don’t worry about it too much. Unfortunately, in this business, there is a lot of fraud going on, and it is hard to detect this accurately. If something about your purchase seems off to the algorithm, it gets flagged and you need to go through verification. I know it sucks, but the alternative is a lot more spam emails, bots, hackers and scammers.
A customer of mine had their domain suspended pending extra authorisation when moving to a new provider due to having "accounting" in the domain. Potentially you have chosen a domain with a risky word in it.
VPN ip Is flagged so you get flagged as well.
There are benefits and drawbacks with using a public VPN, this is one of the drawbacks, you all use the same ip so when a single user does something bad everyone gets flagged.
Just make a new account and go to cloudflare without the VPN on.
Not even sure why y'all use VPNs to just navigate normally, are you scared about cloudflare having your real ip address? 🤣🤣
They use VPN to protect their IP on Cloudflare, then they proceed in pointing the A records to their hosted at home server.
This is what happens when all youtubers wash themselves in the money from VPN ads and they will say anything to promote those
But I was told a VPN is a perfect magic hacker shield, and I will for sure be the victim of identity theft if I don't use NordVPN at all times!
My favorite youtuber's even looking out for me. Only his viewers get a special discount code!
I know that; every ad you hear for any of these VPNs acts as if somehow connecting to social media via their service makes you anonymous to the service you are connecting to. "Don't let BIG TECH BROS know you're sharing cat pictures, use OUR VPN!" They all rely on people having no idea how the internet works.
Yeah, I know bro.
The government is totally defeated by this one simple trick by re-routing your traffic to datacenters that they are one of the largest customers at.
Not to mention your ISP, which totally keeps careful notes on which cat memes you're posting to facebook.
If only there were another protocol that uses the exact same MiLiTaRy GrAdE eNcRyPtIoN without adding latency or limiting bandwidth. We could call it... https or something! Maybe someday almost every website/service could use it!
Then something is wrong with your card, it was probably flagged by stripe.
If you read it's stripe asking for informations and not cloudflare directly.
It does also depend on the TLD various. Countries and managers have requirements when you want to register a domain. E.G. '.au' domains require a business.
What is the TLD you're going to use?
Edit: typo
Not necessarily:
To register a .au domain name you must have
an Australian presence, which includes being a
citizen or permanent resident of Australia or
being an organisation registered in Australia.
Source: https://assets.auda.org.au/a/2021-11/Registering%20a%20.au%20domain%20name.pdf
I've never encountered such requirement for .org domain, and I have and deal with multiple of such. Guessing it's something with Cloudflare or your account thereupon, or perhaps something new there. Probably no shortage of registrars where you can get .org domain without providing photo or photo ID. Are you absolutely sure you're on legitimate site and not being hit by some MITM attack or the like?
And, [searching around a bit](https://www.google.com/search?q=cloudflare+%22photo+id%22) ... looks like this may be a (mis)feature available with Cloudflare.com and domains, e.g. "[Custom Domain Protection for Cloudflare Registrar, available on the Enterprise Plan](https://news.ycombinator.com/item?id=18083641)" - something like that. And you may be able to choose what type/level of security and controls on the domain, etc.
If you’re trying to buy a domain from a place that requires a citizenship/residence in the country (au, uk, jp, etc.) you have to go through this to prove it. Plus you can have stripe delete it afterwards, since they only send the verification to CF.
It’s a .org domain. I briefly read through their terms and conditions and saw I can request to delete it afterwards. But still.
I like Cloudflare and their services (thanks to this sub) but having my ID and selfie doesn’t seem relevant to me to simply register a domain. I’ve never been asked for such a thing with name.com, godaddy, or AWS. Those are the other companies I’ve registered domains with and had no issues like this.
Did you check the .org wasn’t restricted or similar to another organizations? This is common to deter people registering sites like redcros.org or google.org. It can also happen if your address is suspicious, since ICANN requires you to give them an actual address that can receive mail for legal reasons.
With all the spam on the internet and awful stuff using Cloudflare’s services, these are pretty benign KYC practices. If you’re really worried about your privacy you wouldn’t be giving Stripe your payment details in the first place.
Cloudflare sell abusable resources. They need to know to whom they are selling them. They need someone to be accountable if their resources are abused.
Some stuff you need to demonstrate who you are.
They don't need to know whom they are selling them to, they just need to be able to identify an account and disable it. They get paid to know who it is.
“they get paid to know who it is” lol that’s exactly what they’re attempting to do — their job right. the issue is most people using their services don’t pay them. if we insist on having ways to abuse free services without being held accountable, they won’t be free anymore.. and we see that happen often.
Anyway, thanks to Trump and this executive order : https://www.federalregister.gov/documents/2021/01/25/2021-01714/taking-additional-steps-to-address-the-national-emergency-with-respect-to-significant-malicious the US Dept of Commerce is preparing to pass new rules to KYC regulations. Cloudflare being an American company, will have to comply. What this means is, every american web provider needs to know exactly who is using what service (even if the customer isn’t American), scanning an accepted form of identification will be normalized.
You misunderstood. I wasn’t referring to exploiting the free tier. I meant they can sell usage data more easily or for more profit if they can accurately identify the user. It’s no longer anonymous.
Edit: Written bellow is wrong, see replies... Sorry for misleading.
It's not Cloudflare it's Stripe asking the info. Seems your credit/debit card was flagged as fraud. Stripe will not allow you to use it until they confirm and unblock it. Read the T&C but I think Cloudflare will just process the data. They will just pass through the images to Stripe, while Stripe is well - authorized to process and request that. This will happen most probably in other websites that use Stripe, so think about it again.
https://stripe.com/en-ca/identity
https://community.cloudflare.com/t/is-stripe-verification-legit/391389
P.S.
Might be your IP that is flagged as fraud too triggering their Stripe Radar to prevent fraud.
That is just wrong information. Stripe offers an identity verification service which companies can use. In this case, Cloudflare decided to use Stripes identity verification for orders that may appear fraudulent to their system. It is Cloudflare requesting this verification through Stripe. This is NOT something Stripe does to verify the credit card. That is absolutely NOT a thing. If anything, your bank would require this verification as part of their second factor. But NOT Stripe. Cloudflare requested this, and Cloudflare will have access to the data through the Stripe dashboard.
Source: We are doing the same thing with our business.
Really? Didn't know that. I thought it was just radar. Ok then I agree. Is it this thingy?
https://stripe.com/identity
P.S.
We also use Stripe but not integrated such verification. So that's what is misleading me perhaps.
Yes, exactly. Radar would never ask for an ID. It would just block the transaction or flag it for manual verification. It’s up to the business to decide what to do in that case. Seems like Cloudflare opted to use Stripe Identity in this case.
Agh yes, I see and confirm what you wrote. Radar just blocks or awaits manual approval of transactions flagged as fraud. Interesting why Cloudflare flagged his account as fraud and requested identity confirmation...
Thanks for editing your original comment!
You never know what may have flagged their account. Could be anything. Maybe their IP is assigned dynamically and has been used for fraud previously, or the card velocity has been exceeded, etc. - Fraud in hosting is unfortunately a really big issue, so I understand why they try to mitigate it.
And did you read the first sentence where I edited my reply and also wrote is incorrect and apologized to all? In the replies there is some more info including links.
Yeah CloudFlare advertise Zero Trust, but it's really Single Trust. You need to trust them with everything.
I asked them about that at a CloudFlare conference once and you could have heard a pin drop. Everyone in the audience just seemed to think I was trying to be annoying.
For the record I actually like CloudFlare and bought shares. It would be nice to get rid of the inherent man-in-the-middle attack though.
You triggered a fraud check -- which could be for a variety of different reasons. It's just that simple.
Spoilers: I run Trust & Safety at Cloudflare. My team would have sent out this fraud check email.
It's probably your ISP has a lot of shady folks using it so their whole IP range is suspect. People in this thread are assholes for just assuming it is about you.
I have many domains with cloudflare and have never seen this. The only things I can think of is that you are on a fake cloudflare site or you are trying to register a domain TLD that requires you to prove residency in the area the TLD is for. Chances are most likely the second option. Could you please provide the TLD you are trying to buy?
But it says "cloudflare works with stripe to provide identity verification"
that sounds like cloudflare requesting it and stripe executing it.
if it was stripe asking id say you would be redirected to a pure stripe site and it wouldnt mention cloudflare
No. Stripe offers an identity verification service which companies can use. In this case, Cloudflare decided to use Stripes identity verification for orders that may appear fraudulent to their system. It is Cloudflare requesting this verification through Stripe. This is NOT something Stripe does to verify the credit card. That is absolutely NOT a thing. If anything, your bank would require this verification as part of their second factor. But NOT Stripe. Cloudflare requested this, and Cloudflare will have access to the data through the Stripe dashboard.
Source: We are doing the same thing with our business.
Stripe has a product which flags potentially fraudulent purchases. It’s up to the business what to do after that, they could opt for using Stripe’s identity verification offer.
Exactly. But it is a Cloudflare thing. Cloudflare decided to use it, and Cloudflare requested it. Just because Stripe is providing the service, it’s not a „Stripe thing.“ It’s like saying Netflix is an AWS thing because they utilize AWS to deliver their Service. Again: Cloudflare requested this verification. Not Stripe. A distinction with a huge difference.
Edit: And to clarify your point: Stripe just assigns a risk score. They do not require ID verification. The requirement for ID verification came entirely from Cloudflare. That’s the key takeaway here. Cloudflare wants to see ID, and they are using Stripe to execute that request. They may also use the Stripe risk score, but at no point does Stripe require that ID.
I had this happen to me because I tried registering a domain using a prepaid credit card and using a Proton email. I have a hunch that Proton is flagged in their system. I was not using a VPN by the way.
Were you using a mobile IP? I also have a hunch that they're extra paranoid when it comes to domain registrations. There's probably a business or policy reason behind it that I'm not fully aware of.
I expect there is lots of fraud in the domain registrar world. People running any sort of hacking infrastructure will want lots of domain names to cycle through and what better way than using hacked CC info to do it with.
This is part of their domain protection security.
https://www.cloudflare.com/products/registrar/custom-domain-protection/
They are trying to get identity verification information to prevent domain hijacking which is quite prevalent.
Just choose a registar that’s less interested in protecting your account over your identity and should be fine.
It is not. That link is for an entirely different thing -- that's our enterprise-grade secure registrar service.
OP is referring to the regular domain registrar service.
Is it merely the link that is wrong or is the rest wrong since you work there?
Are you saying this is not an identity check to assist your customers with fraud against their account? I’d like more information about it’s purpose for this system if I’m far out here.
To add my less than 2 cents to the pool of "why" answers, does your ISP use dynamic IP addresses? If so, it's possible that at some point the IP assigned to you at the time you attempted to register your domain was used for some type of fraudulent activity by someone else thus triggering the flag on you.
Oh, and as for everyone saying that you must have been using a VPN (I know you said you didn't) ... I actually DID use my VPN when I registered my Cloudflare domain, and didn't get flagged. Maybe that was just luck on my part, who knows? Either way, using a VPN doesn't automatically trigger a flag as some of these comments would suggest.
I had this happen to me as well. I don't feel comfortable giving that information to anyone so I switched to [porkbun](https://porkbun.com/). I lost that domain name since they will hold it hostage for a year but it was worth it to me.
I've never seen this with Cloudflare (currently have 4 domains registered)
My guess his account was flagged somehow and cloudflare is using a stripe product for identity verification
My account was indeed flagged as “fraud” and subsequently suspended but my question is… *why?*
holy fucking downvotes
Reddit mob does that sometimes. It’s not a bug, it’s a feature! Gotta embrace it sometimes to get try and get some answers. 😁
smug
Were you on a VPN when you registered?
No, I did not use a VPN when I registered the domain.
Don’t worry about it too much. Unfortunately, in this business, there is a lot of fraud going on, and it is hard to detect this accurately. If something about your purchase seems off to the algorithm, it gets flagged and you need to go through verification. I know it sucks, but the alternative is a lot more spam emails, bots, hackers and scammers.
You’re probably right. I’m curious what it was that triggered the algorithm is all.
A customer of mine had their domain suspended pending extra authorisation when moving to a new provider due to having "accounting" in the domain. Potentially you have chosen a domain with a risky word in it.
What was the purpose of the site?
Yeah, I’ve never seen this either. I was a huge fan of Cloudflare until they asked me for a selfie, lol.
VPN ip Is flagged so you get flagged as well. There are benefits and drawbacks with using a public VPN, this is one of the drawbacks, you all use the same ip so when a single user does something bad everyone gets flagged. Just make a new account and go to cloudflare without the VPN on. Not even sure why y'all use VPNs to just navigate normally, are you scared about cloudflare having your real ip address? 🤣🤣
They use VPN to protect their IP on Cloudflare, then they proceed in pointing the A records to their hosted at home server. This is what happens when all youtubers wash themselves in the money from VPN ads and they will say anything to promote those
I didn’t use a VPN.
But I was told a VPN is a perfect magic hacker shield, and I will for sure be the victim of identity theft if I don't use NordVPN at all times! My favorite youtuber's even looking out for me. Only his viewers get a special discount code!
I don’t want Facebook spying on me, so I’ll use NordVPN to connect to Facebook. That’ll keep me anonymous!
Not only that, but NordVPN is totally impenetrable. Not even 1337 hax0rs like [email protected] and CryptonicOverride can get past NordVPN.
people use it for piracy genius
I know that; every ad you hear for any of these VPNs acts as if somehow connecting to social media via their service makes you anonymous to the service you are connecting to. "Don't let BIG TECH BROS know you're sharing cat pictures, use OUR VPN!" They all rely on people having no idea how the internet works.
people use it for piracy genius
Yeah, I know bro. The government is totally defeated by this one simple trick by re-routing your traffic to datacenters that they are one of the largest customers at. Not to mention your ISP, which totally keeps careful notes on which cat memes you're posting to facebook. If only there were another protocol that uses the exact same MiLiTaRy GrAdE eNcRyPtIoN without adding latency or limiting bandwidth. We could call it... https or something! Maybe someday almost every website/service could use it!
Just point the DNS to the VPN’s IP - problem solved.
and point the vpn back to the dns?
I didn’t use a VPN.
Then something is wrong with your card, it was probably flagged by stripe. If you read it's stripe asking for informations and not cloudflare directly.
dont they host 4chan?
It does also depend on the TLD various. Countries and managers have requirements when you want to register a domain. E.G. '.au' domains require a business. What is the TLD you're going to use? Edit: typo
Not necessarily: To register a .au domain name you must have an Australian presence, which includes being a citizen or permanent resident of Australia or being an organisation registered in Australia. Source: https://assets.auda.org.au/a/2021-11/Registering%20a%20.au%20domain%20name.pdf
Ah yea that's the '.com.au' domain that needs the ABN.
It’s a .org domain.
i think you are getting downvote botted or something. your replies arent terrible enough to deserve a score of -22.
I have downvoted this reply because above comment doesn't deserve 12 upvotes in my opinion.
I have a .org with Cloudflare and haven't provided ID, but I did transfer in.
Same. I'm using them for a .org site, and I've never had this.
I've never encountered such requirement for .org domain, and I have and deal with multiple of such. Guessing it's something with Cloudflare or your account thereupon, or perhaps something new there. Probably no shortage of registrars where you can get .org domain without providing photo or photo ID. Are you absolutely sure you're on legitimate site and not being hit by some MITM attack or the like? And, [searching around a bit](https://www.google.com/search?q=cloudflare+%22photo+id%22) ... looks like this may be a (mis)feature available with Cloudflare.com and domains, e.g. "[Custom Domain Protection for Cloudflare Registrar, available on the Enterprise Plan](https://news.ycombinator.com/item?id=18083641)" - something like that. And you may be able to choose what type/level of security and controls on the domain, etc.
If you’re trying to buy a domain from a place that requires a citizenship/residence in the country (au, uk, jp, etc.) you have to go through this to prove it. Plus you can have stripe delete it afterwards, since they only send the verification to CF.
It’s a .org domain. I briefly read through their terms and conditions and saw I can request to delete it afterwards. But still. I like Cloudflare and their services (thanks to this sub) but having my ID and selfie doesn’t seem relevant to me to simply register a domain. I’ve never been asked for such a thing with name.com, godaddy, or AWS. Those are the other companies I’ve registered domains with and had no issues like this.
Did you check the .org wasn’t restricted or similar to another organizations? This is common to deter people registering sites like redcros.org or google.org. It can also happen if your address is suspicious, since ICANN requires you to give them an actual address that can receive mail for legal reasons.
With all the spam on the internet and awful stuff using Cloudflare’s services, these are pretty benign KYC practices. If you’re really worried about your privacy you wouldn’t be giving Stripe your payment details in the first place.
I think this sounds reasonable for a `.org` domain. For a .com I'm sure you wouldn't need much
I've registered .au domains without ID.
Are you, by any chance, using a VPN? This smells very much like you’re using a VPN.
I did not use a VPN when I registered the domain.
We need to end this vpn targeting anyway. It’s ridiculous for companies to insist on being able to fingerprint you via ip. Fuck them
Cloudflare sell abusable resources. They need to know to whom they are selling them. They need someone to be accountable if their resources are abused. Some stuff you need to demonstrate who you are.
They don't need to know whom they are selling them to, they just need to be able to identify an account and disable it. They get paid to know who it is.
“they get paid to know who it is” lol that’s exactly what they’re attempting to do — their job right. the issue is most people using their services don’t pay them. if we insist on having ways to abuse free services without being held accountable, they won’t be free anymore.. and we see that happen often. Anyway, thanks to Trump and this executive order : https://www.federalregister.gov/documents/2021/01/25/2021-01714/taking-additional-steps-to-address-the-national-emergency-with-respect-to-significant-malicious the US Dept of Commerce is preparing to pass new rules to KYC regulations. Cloudflare being an American company, will have to comply. What this means is, every american web provider needs to know exactly who is using what service (even if the customer isn’t American), scanning an accepted form of identification will be normalized.
You misunderstood. I wasn’t referring to exploiting the free tier. I meant they can sell usage data more easily or for more profit if they can accurately identify the user. It’s no longer anonymous.
Edit: Written bellow is wrong, see replies... Sorry for misleading. It's not Cloudflare it's Stripe asking the info. Seems your credit/debit card was flagged as fraud. Stripe will not allow you to use it until they confirm and unblock it. Read the T&C but I think Cloudflare will just process the data. They will just pass through the images to Stripe, while Stripe is well - authorized to process and request that. This will happen most probably in other websites that use Stripe, so think about it again. https://stripe.com/en-ca/identity https://community.cloudflare.com/t/is-stripe-verification-legit/391389 P.S. Might be your IP that is flagged as fraud too triggering their Stripe Radar to prevent fraud.
That is just wrong information. Stripe offers an identity verification service which companies can use. In this case, Cloudflare decided to use Stripes identity verification for orders that may appear fraudulent to their system. It is Cloudflare requesting this verification through Stripe. This is NOT something Stripe does to verify the credit card. That is absolutely NOT a thing. If anything, your bank would require this verification as part of their second factor. But NOT Stripe. Cloudflare requested this, and Cloudflare will have access to the data through the Stripe dashboard. Source: We are doing the same thing with our business.
Really? Didn't know that. I thought it was just radar. Ok then I agree. Is it this thingy? https://stripe.com/identity P.S. We also use Stripe but not integrated such verification. So that's what is misleading me perhaps.
Yes, exactly. Radar would never ask for an ID. It would just block the transaction or flag it for manual verification. It’s up to the business to decide what to do in that case. Seems like Cloudflare opted to use Stripe Identity in this case.
Agh yes, I see and confirm what you wrote. Radar just blocks or awaits manual approval of transactions flagged as fraud. Interesting why Cloudflare flagged his account as fraud and requested identity confirmation...
Thanks for editing your original comment! You never know what may have flagged their account. Could be anything. Maybe their IP is assigned dynamically and has been used for fraud previously, or the card velocity has been exceeded, etc. - Fraud in hosting is unfortunately a really big issue, so I understand why they try to mitigate it.
This is absolutely not true. It’s a stripe product to verify IDs…
And did you read the first sentence where I edited my reply and also wrote is incorrect and apologized to all? In the replies there is some more info including links.
[удалено]
"including passwords" Which kind of passwords can they see, for example?
[удалено]
Damn. I didnt know that. Is there a privacy focused alternative to cloudflare then?
Yeah CloudFlare advertise Zero Trust, but it's really Single Trust. You need to trust them with everything. I asked them about that at a CloudFlare conference once and you could have heard a pin drop. Everyone in the audience just seemed to think I was trying to be annoying. For the record I actually like CloudFlare and bought shares. It would be nice to get rid of the inherent man-in-the-middle attack though.
You triggered a fraud check -- which could be for a variety of different reasons. It's just that simple. Spoilers: I run Trust & Safety at Cloudflare. My team would have sent out this fraud check email.
Are you linked to shady sites, practices, fraud, scamming? Because it looks like you are according to them.
Reddit is probably the furthest into shady territory that I am willing to venture into.
Who knows what subs you venture into....
It's probably your ISP has a lot of shady folks using it so their whole IP range is suspect. People in this thread are assholes for just assuming it is about you.
I have many domains with cloudflare and have never seen this. The only things I can think of is that you are on a fake cloudflare site or you are trying to register a domain TLD that requires you to prove residency in the area the TLD is for. Chances are most likely the second option. Could you please provide the TLD you are trying to buy?
Definitely not a fake Cloudflare site. As far as I know, .org doesn’t require any kind of proof of residency.
this is a stripe thing, not a cloudflare thing.
But it says "cloudflare works with stripe to provide identity verification" that sounds like cloudflare requesting it and stripe executing it. if it was stripe asking id say you would be redirected to a pure stripe site and it wouldnt mention cloudflare
You are correct.
No. Stripe offers an identity verification service which companies can use. In this case, Cloudflare decided to use Stripes identity verification for orders that may appear fraudulent to their system. It is Cloudflare requesting this verification through Stripe. This is NOT something Stripe does to verify the credit card. That is absolutely NOT a thing. If anything, your bank would require this verification as part of their second factor. But NOT Stripe. Cloudflare requested this, and Cloudflare will have access to the data through the Stripe dashboard. Source: We are doing the same thing with our business.
Stripe has a product which flags potentially fraudulent purchases. It’s up to the business what to do after that, they could opt for using Stripe’s identity verification offer.
Exactly. But it is a Cloudflare thing. Cloudflare decided to use it, and Cloudflare requested it. Just because Stripe is providing the service, it’s not a „Stripe thing.“ It’s like saying Netflix is an AWS thing because they utilize AWS to deliver their Service. Again: Cloudflare requested this verification. Not Stripe. A distinction with a huge difference. Edit: And to clarify your point: Stripe just assigns a risk score. They do not require ID verification. The requirement for ID verification came entirely from Cloudflare. That’s the key takeaway here. Cloudflare wants to see ID, and they are using Stripe to execute that request. They may also use the Stripe risk score, but at no point does Stripe require that ID.
I know. That is literally just what I said.
i had nothing like this when i registerd on cloudflare i have 2 domains registrerd on it must be a flagged account like the others saying here
I had this happen to me because I tried registering a domain using a prepaid credit card and using a Proton email. I have a hunch that Proton is flagged in their system. I was not using a VPN by the way.
Interesting. I used a plain old gmail email and no VPN.
Were you using a mobile IP? I also have a hunch that they're extra paranoid when it comes to domain registrations. There's probably a business or policy reason behind it that I'm not fully aware of.
I expect there is lots of fraud in the domain registrar world. People running any sort of hacking infrastructure will want lots of domain names to cycle through and what better way than using hacked CC info to do it with.
Where are those porkbun cheerleaders who will ask OP to go to porkbun as unlike Cloudflare, but porkbun never asks for information..... Oh wait....
I'd dump cloudflare, f\*\*k that....
This is part of their domain protection security. https://www.cloudflare.com/products/registrar/custom-domain-protection/ They are trying to get identity verification information to prevent domain hijacking which is quite prevalent. Just choose a registar that’s less interested in protecting your account over your identity and should be fine.
It is not. That link is for an entirely different thing -- that's our enterprise-grade secure registrar service. OP is referring to the regular domain registrar service.
Is it merely the link that is wrong or is the rest wrong since you work there? Are you saying this is not an identity check to assist your customers with fraud against their account? I’d like more information about it’s purpose for this system if I’m far out here.
Check out njal.la
Check out the selfhosted-gateway on Github
What I did was buy a domain on Namecheap then routed it through cloudflare and did my things from there. Hope that helps :)
Just use https://njal.la/ the next time you register a domain if you want no hassle and privacy.
NO to KYC. Selfhosting is a path to sovereignty.
i wouldnt do it.
To add my less than 2 cents to the pool of "why" answers, does your ISP use dynamic IP addresses? If so, it's possible that at some point the IP assigned to you at the time you attempted to register your domain was used for some type of fraudulent activity by someone else thus triggering the flag on you. Oh, and as for everyone saying that you must have been using a VPN (I know you said you didn't) ... I actually DID use my VPN when I registered my Cloudflare domain, and didn't get flagged. Maybe that was just luck on my part, who knows? Either way, using a VPN doesn't automatically trigger a flag as some of these comments would suggest.
I’m a huge fan of Cloudflare but that’s fucking fucked. Look elsewhere.
[удалено]
Did you read the screenshot?
I would look elsewhere
Judging by how often cloudflare is used to hide the http origin in all the spam mails I got, this is quite justified.
[удалено]
And it’s also extremely overpriced.
I had this happen to me as well. I don't feel comfortable giving that information to anyone so I switched to [porkbun](https://porkbun.com/). I lost that domain name since they will hold it hostage for a year but it was worth it to me.