Cloudflare Resolver redirecting bank to virus/scam websites


Starting today, visiting is redirecting to virus/malware sites on every computer and phone that have been configured to use for DNS resolution. As soon as I changed each system’s DNS to (Google’s DNS service) and flushed the DNS cache, the issue was immediately resolved. Changing it back to and tdameritrade again begins redirecting to virus sites.

I attempted to call to report this, but the phone message said I had to email cloudflare support. I then e-mailed, but the autoreply said I had to post Resolver issues here. I then tried to post, and it kept rejecting my post because “new users can only post x-number of links.” This obviously looks like a major security issue, and besides being shockingly unexpected from a service like this, Cloudflare is making it unnecessarily cumbersome to simply report.

Is actually safe to use? Had I not discovered the issue before my less computer-literate family members, they likely would’ve fallen prey to one of the scam sites. Luckily I noticed it first, & was here to change all our systems back to an alternate DNS resolver service…


Something hinky might be going on with, but it doesn’t have anything to do with

Most of the nameservers produce:   300     IN      CNAME 21600 IN CNAME 20      IN      A

One produces (among other nonsensical records):   604800  IN      A

The domain’s nameservers – or at least one version of them – are:  (insecure)  3600  NS  (insecure)  3600  NS  (insecure)  3600  NS  (insecure)  3600  NS  (insecure)  3600  NS  (insecure)  3600  NS  (insecure)  3600  NS  (insecure)  3600  NS  (insecure)  3600  NS  (insecure)  3600  NS

Notice that the last one is a totally different domain. Maybe they got compromised, or made a mistake in their DNS records.


The issue has been identified and we are investigating the root cause. We are also reaching out to the domain owner to gain more insight.


I’d follow @mnordhoff ‘s finding.

The last nameserver is resolving anything else than the website. This is random. While,, my ISPs nameserver, and our resolvers at work seem to resolve correctly to a single IP, as well as the other nameservers for this domain.
The last one resolves to totally different IP addresses for *., www, web9 and one I don’t remember. Connecting to those IPs redirects you to a lot of different targets.

I had the results yesterday but someone flagged this thread and it was removed before I was able to reply. :frowning: