Serious Issue. My website is redirecting to malicious site even on attack mode enabled

My main domain and it’s subdomain is redirecting to malicious site.

I have a few more subdomain that I can’t disclose which I created using A record or CName.
Every Subdomain is pointing to separate hosting like the main domain is hosted on vercel and test one on Heroku.
But this redirect issue is same across all domain and subdomains. which means it’s very unlikely that it’s hosting or server problem. Still I checked the code to verify.

I even set page rule of attack mode for test site. It still redirected that only means something is happening before or on Cloudflare side.

When I debug little more, I found that when you send HTTP request with useragent set of windows then only it’s redirecting. On other devices it’s showing Cloudflare attack mode then showing correct page. but on windows straight away redirecting to malicious website.

I am sharing the HTTP code set Windows useragent
you can check yourself in HTML section that somehow it’s bypassing attack mode

Here is mobile useragent which working fine

If you guys think it’s not Cloudflare issue. Can you please fill me some information about what could be reason? I did some research and found it may also be hacked from domain registrar by dns hijacking. So I mailed Namecheap, their technical team were unable to help me. they said me to remove Wordpress plugins even though I said them multiple times I am not using Wordpress. Their response was very general and unable to understand my question.

There have been several reports in this Community of redirects which only happens with a Windows user agent. Please search this Community for “redirect windows”.

In all likelihood, your Cloudflare account has been compromised. Please visit your account Audit Log and delete all redirects added by users other than you or other authorized users, then follow this guide to secure your account:


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.