This is a question regarding 22.214.171.124, not a domain you are serving via Cloudflare, right?
Can you reproduce that issue? On which page did it happen?
Yes this is concerning the consumer 126.96.36.199 DNS service - I have it set up using IPv4 and IPv6 on my Netgear router at home.
I’m not hosting anything, just using it as my preferred DNS service at home.
It’s happened a few times, just now I captured the URL… I can’t reproduce it but grabbed the URL from my browser when it just happened a few minutes ago.
The site I was on was https://www.independent.co.uk - it had loaded and I was reading the headlines when all of a sudden the page was redirected to the URL above. You can see it contains lots of information about the fact I’m using Cloudflare, knows I’m on a desktop and has the original URL contained also.
This really is concerning me…
I am pretty confident this is not Cloudflare related, but its difficult to impossible to say without being able to reproduce it. I’d first run some malware scanner to rule out any local issues. I’d also check the browser for any extensions that shouldnt be there.
I’m on a clean install of Mojave with no extensions… it was literally installed yesterday so there’s nothing on it at all.
What makes you so certain it’s not Cloudflare related? It’s never, ever happened before and I started using Cloudflare about 2 days ago and this is about the 3rd time it’s happened - twice on my MacBook Pro and just now on my iMac.
Cloudflare is also referenced in the URL I was redirected to.
Would like to note independent has an ads.txt https://www.independent.co.uk/ads.txt
My guess is that a rogue ad was on the page that used the ad space to redirect to one of these fake microsoft domains. Fake windows/apple/etc alerts and scams is a huge market, and most of the time it’s done via google’s own adwords service.
The file above should mean only trusted ads run on their pages, but sometimes even bad ads can be served via these providers.
It’s probably not a Cloudflare issue, you probably just happened to be
lucky enough to get one of these scam ads that redirected you to the scam page.
I am not certain, I am pretty confident
This is not something a DNS provider would usually have control over, unless they hijack an entire domain which I’d be once again pretty confident we could rule out in this case.
Again, if you can reproduce it it would be easy to check where that originates from. In this case it is pretty difficult though. Even though I would have ruled out it originated from the Independent I guess @Judge made a good point here.
Thanks for the explanation. I’m wondering why this has never happened before… I’ll stay away from that site for a while and see if it happens again on another site.
Makes sense to me… so it would seem Independent is hosting some dodgy adverts… I will remove them from my favourites.
Again, without being able to tell what exactly is going on I would not blame them either.
Best advice in this context probably, install an ad-blocker
This topic was automatically closed after 14 days. New replies are no longer allowed.