Domain redirects to a scam like website

What happened:
When accessing this site / domain: https://3dhomebuildersassociation.com … it redirects to another page then redirects to another scam page look website.

I only have wordpress files installed at the moment, but it still redirects to another random lucky winner scam website even there’s nothing on it, like there’s no files in the hosting system.

My colleagues said to trace it here on Cloudflare, where the website is loading from to solve the issue.

Now the thing is, I need the Cloudflare support team to trace it on there end. No idea how to trace it out on my own…

Greetings,

Thank you for asking.

curl -I https://3dhomebuildersassociation.com returned with HTTP/2 403 status code, however while trying to access your Website via Web browser, I got ESET block page and information about some JavaScript Adware which you have got on your web content which does the redirects

I’d suggest you to contact your web hosting provider to troubleshoot and help you cleaning of this malicious code on your Website.

slika1025×555 27 KB

You could determine if this behaviour continues even by using a “Pause” option at Cloudflare as follows:

1. Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
2. The link is in the lower right corner of that page.
3. Give it five minutes to take effect, then make sure site is working as expected with HTTPS.

If yes, then I am afraid you have to troubleshoot this at the origin host/server as Cloudflare isn’t involved into those requests & redirects.

Hi I did reach out to my hosting provider before I got here and here’s the response I got:

The issue here doesn't actually appear to be a fault on our end. Currently when trying to visit the site with a hostfile to enforce this to load from our server, it appears to be a blank wordpress install caused by the database not actually being installed for this service.

When trying to visit this website without the use of a hostfile it appears to be hitting that redirect.

As such I would recommend ensuring that the A records for this are actually pointing to our webserver on IP 110.232.143.41. As currently you are running through a cloudflare proxy so I cannt see exactly what IP address you are actually using.

• My DNS records we’re fine and they also checked it, since I sent them a screenshot.

If it’s the website files, I highly doubt it, because when I removed all the files in the hosting. The redirects still persisted.

Then they suggested a temporary solution I guess?

No need to delete a host file, as you may need it down the track.

You can simply remove the text that references your website "3dhomebuildersassociation.com" when my colleagues were investigating the issue.

I'll leave our FAQ guide which provides you with more information about utilising your host file.

- https://ventraip.com.au/faq/article/testing-your-website-before-pointing-your-domain-to-our-servers/

Beyond that - it's best to reach out to Cloudflare to confirm where your website is loading from.

• So it’s via the host file I guess and reaching out to Cloudflare support.

Just need to know where the website is loading from, since my hosting provider can’t trace it.

Kindly, use the suggested “Pause” option.

Otherwise, make sure the A www and/or A 3dhomebuildersassociation.com are unproxied and set to (DNS-only).

Wait for a minute or two.

Refresh a page in your Web browser, otherwise try clearing your Web browser cache or use a different Web browser to test out again.

• Try using a different Web browser, or try clearing your Web browser cache
• Use a Private window (Incognito mode) or a VPN connection if possible
• Test if it’s the same on your mobile phone (4G LTE, mobile data, cellular)

I also disabled the Cloudflare in the said domain. I can’t see the HTTP 402 that you’ve seen, just the same like before

Ok will do that, please hold on for a moment

slika808×376 21.2 KB

Since you’re using WordPress, might be some plugin is the issue or jQuery or theme vulnerabillity.

takebest-prizes.life → the redirect goes to this website.

From Google, I found this and hope it helps in your case too:

It sounds like you just added your domain here, and it’s new at your host. Were you using a different host before this new setup?

Hi I did the ff:

• Disabled the Cloudflare on the domain/website
• unproxied the A record
• Cleared the browser cache and tried using different browsers to test and in incognito as well. (Chrome, Mozilla, Firefox, Brave)
• tried to access the site via my mobile.

I also deleted all the files in my hosting for this domain. So it should supposed to display nothing in there.

The problem still persisted. So it’s not a hosting issue.

It doesn’t look like you’ve paused your site, or grey-clouded your hostname(s).

Hi sdayman,

No, I just set up the hosting for this yesterday.

If you’ve unproxied the A record, then it is a hosting issue…except that A record is still proxied, so we can’t help you debug what’s going on here.

I did unproxied it. See the screenshot link here

cloudflare unproxied: https://prnt.sc/nnSLCR7D2kDB
Disabled the cloudflare: https://prnt.sc/sbCp22SvXXQv

Hi fritex, ok will check this out…will also put in the thread on how I fixed it. Just in case.

I unproxied the A record sdayman because that’s what I was suggested to do btw.

Please post a screenshot of those DNS A records. It’s still resolving to Cloudflare IPs.

Screenshot 2022-10-29 at 5.32.33 PM1034×1138 139 KB

Kindly, may I ask you to check out what option have you got selected by navigating to the Cloudflare dashboard → Caching → Configuration → find section “Browser Cache TTL” and make sure the selected option from the dropdown menu is “Respect Existing Headers”.

Furthermore, from the same menu, click on the blue button saying “Purge Everything” to flush the cache at Cloudflare Edge, just in case.