Incorrect Nameserver Leads to What Looks like a "Hacked" Site

Hi there,

We have sites that are added via the API to Cloudflare.

For most all of these sites (90% I would guess) their nameservers are the standard:

But occasionally they are:

When the nameservers are set as the amanda/andy and should be jule/leif the redirects happen (images attached of what is seen).

[type or paste code here](

To the customer it looks like this is some sort of hacked website, etc.

Can you help me understand what is happening? And why the site redirects to something so spammy?

Also, when I asked a similar question before about the 2 different sets of nameservers it was explained that as long as the sites are all added to the same account then the nameservers should all be the same. Is there a reason why these would be different at certain times and is there a way to detect that via the API?

Thank you!

There’s no guarantee that will be the case.

It is returned in the response when creating the account.

You’ve pointed the account to non-authoritative nameservers allowing someone else to control where the records point.


This is perfect information, thank you for the quick response and detailed reply.

Am I correct in understanding that the only way to ensure the nameservers will always be the same is by using custom nameservers which are only available on higher end Cloudflare plans?

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.