We compiled this list by attempting a handshake with the Cloud Flare domains in our database.
The "standard" certificates on this page (with "ssl" in front of the number instead of "sni") mean that the domain has a paid account at Cloud Flare.
(Their "data centers" are typically a rack or two of equipment that Cloud Flare ships to a real data center, along with installation instructions.) We asked Cloud Flare to confirm that sniffing is possible at these so-called "data centers," but they didn't respond.
By now we're wondering if there's a plaintext Ethernet port at the back of their equipment rack that makes interception easy and convenient.
This page is an excellent imitation of the Bank of America pages he remembers, and there is also that nice little SSL padlock in the corner of the address bar. Probably, because he doesn't realize that he's at a subdomain of q4and is entering his old and new password into a fake page for the benefit of a phisher.
Every root domain also has a subdomain wildcard line (*.example.com), which we deleted to save space.This is why Cloud Flare will add a plaintext port to their own hardware someday, if they haven't already.The Cloud Flare certificates below encrypt the traffic only between the browser and Cloud Flare.The ISP replies that everything is encrypted, and Cloud Flare traffic cannot be intercepted.In other words, nothing can be done about the ISIS sites, carders, booters, gamblers, escorts, phishers, malware, and copyright infringers that Cloud Flare protects. It's fairly obvious you ask this ISP to block the Cloud Flare IP addresses used by the offending domains (this is already happening in Russia).