From today when we activate Cloudflare our domain direct our users to forged page for download a file…why?
Can you please share your domain so we can debug easier.
May I ask you are running a WordPress website or? 
If yes, then there were the cases of “fake Cloudflare WAF pop-up” page and those topics could be found by using 
1 Like
Our website is: www.movie.live
Now Cloudflare is disabled
We are running our website on WordPress
The second part not clear for me.
That domain is not registered.
My mistake.
www.movix.live
I presume the unexpected page does not appear with Cloudflare disabled.
Could you share a screenshot of the unexpected page?
Sure,
When it activates, it’s show this page: [Here](https://prnt.sc/ViMDgT2z9sNt)
And this: [Preformatted text](https://prnt.sc/whPRNJUtimHI)
I was redirected to https://iplis.ru/2s8hU4.txt → malware/virus.
Contact your Web hosting provider and make sure to scan and clear your databse, themes, plugins, code, etc.
I have to admit this is not a Cloudflare issue to me. You could determine if this behaviour continues even by using a “Pause” option at Cloudflare as follows:
- Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
- The link is in the lower right corner of that page.
- Give it five minutes to take effect, then make sure site is working as expected with HTTPS.
It would be great for your hosting to scan your website with Imunify360 at least.
Consider changing your database and user password and your WordPress user credentials, also check the CHMOD over directories in wp-content folder including all of the plugins and uploads too.
Helpful articles:
Thank you.
Fixed by web hosting
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.