What ISP / provider, preferably their AS number?
I’m including screenshots from all 3 links above. I also use Xfinity mobile if you need that info. Want to point out that I get this error on 2 mobile devices that use Xfinity. The other mobile device that does not use this carrier has no issues.
Northern Georgia, United States
I switched to Cloudflare on 11/13/2024 (19:05)
I did not change any DNS records since the switch.
During the test here, all the DNS requests (shown as “DNS:”), they all originated from Comcast’s network.
Across many network communities, Comcast/Xfinity seems to be known to be blocking domains at random, at their DNS resolver, and allegedly (according to the victims, at least), with no reason at all.
Apparently, many of the issues seen appears to have been caused by “xFi Advanced Security”, which sounds to be enabled by default, at least for many Comcast/Xfinity customers.
This points towards a carrier issue, and not a Cloudflare (or otherwise, domain) issue.
I will therefore suggest you contact Comcast/Xfinity Support, and ask them for assistance, such as e.g. how to unblock your domain name on their DNS resolver, or within other security products of theirs.
The user hasn’t done anything to de-activate the security products from Comcast/Xfinity, e.g. “xFi Advanced Security”, meaning that it is in an enabled state at the moment.
Your domain has been blocked by the security products from Comcast/Xfinity (e.g. the aforementioned “xFi Advanced Security”).
Then they may likely be seeing the same (or at least, very similar) error messages.
But there are no guarantees of seeing the exact same error message, that would depend on what exactly is happening for the specific user, and how things (e.g. potential domain blocks, as suspected in this case) has been implemented.
Gotcha. I contacted Xfinity and it was indeed an issue on their end. I am trying to find out if all Xfinity mobile customers are affected as well. Do you know (or have you heard) what could make them block the site in the first place? The person I talked to didn’t seem very knowledgeable about it unfortunately.
Comcast/Xfinity may eventually be fetching reputation information about domain names from a third party, and afterwards feeding the data in to their systems, and as a result of that, Comcast/Xfinity could have been fed with bad data by the third party.
It could be all from your domain being flagged (even incorrectly, e.g. a false positive), as malware/phishing, adult content, or other “tags” that Comcast/Xfinity decide to filter away.
It seems like your domain name was registered on 2023-11-04, so likely not related, but domain age can also play a role from time to time.
In the email industry, to mention one example, it is a well-known practice to refuse email deliveries from recently registered domain names, to prevent spam, as many spammers over the years have been sending out their spam from newly registered domains (e.g. within the first 90 days, after the domain name’s registration date), to then abandon them afterwards.