Ohter Cloudflare user is redirecting his domain to mine and using popunders to profit from it

I have a domain using Cloudflare’s free proxy and cache and another user in the same niche is using randomly created domains to redirect to mine (no matter if I ban one, he will create another).

He’s redirecting his DNS I’ve confirmed that, because if I change a file his file is updated but with his domain. Besides that he’s using someking of script to make popunders and all kind of trash advertising to profit from it.

I’ve used X-Frame options and confirmed that iframe clickjacking is working but his DNS redirect still works, also enabled DNSSEC, still no good. Any suggestion?
thanks in advance