My main domain and it’s subdomain is redirecting to malicious site.
textart.me
test.textart.me
I have a few more subdomain that I can’t disclose which I created using A record or CName.
Every Subdomain is pointing to separate hosting like the main domain is hosted on vercel and test one on Heroku.
But this redirect issue is same across all domain and subdomains. which means it’s very unlikely that it’s hosting or server problem. Still I checked the code to verify.
I even set page rule of attack mode for test site. It still redirected that only means something is happening before or on Cloudflare side.
When I debug little more, I found that when you send HTTP request with useragent set of windows then only it’s redirecting. On other devices it’s showing Cloudflare attack mode then showing correct page. but on windows straight away redirecting to malicious website.
I am sharing the HTTP code set Windows useragent
you can check yourself in HTML section that somehow it’s bypassing attack mode
reqbin.com/9ycnhtmy
Here is mobile useragent which working fine
reqbin.com/memvpk8h
If you guys think it’s not Cloudflare issue. Can you please fill me some information about what could be reason? I did some research and found it may also be hacked from domain registrar by dns hijacking. So I mailed Namecheap, their technical team were unable to help me. they said me to remove Wordpress plugins even though I said them multiple times I am not using Wordpress. Their response was very general and unable to understand my question.