That's so weird, is the dns contaminated?

seele0oo.xyz The root domain resolves to the cloudflare Page, but why does it jump to https://www.hugedomains.com/ ?

I turned on HSTS directly, which helped alleviate the problem.
It can now no longer downgrade and jump past.

I’m not personally seeing anything pointing in a such direction from my end.

DNSSEC is also enabled for the mentioned domain, so you’re doing what you can in regards to DNS from the authoritative side, in regards to DNS spoofing / DNS cache poisoning.

However, if you for example use your ISP’s DNS resolver(s), and that they are not validating DNSSEC, then DNSSEC wouldn’t wouldn’t be doing anything, on that ISP, thanks to their (bad) decisions of not enabling DNSSEC validation on their resolver(s).

From time to time, it happens that (malicious) redirects are being created, when your Cloudflare account has been compromised.

I would therefore advice you to look through the following:

Log in to your Cloudflare account, change your password, and preferably also enable two-factor authentication (2FA).

Check the Audit Log page, to figure out who/what is making the changes:

https://dash.cloudflare.com/?to=/:account/audit-log

Check the "Members page, to see if you’re letting others access your account:

https://dash.cloudflare.com/?to=/:account/members

Check the “API Tokens” page, to see if there are any tokens you don’t use or otherwise know about:

https://dash.cloudflare.com/?to=/profile/api-tokens

Check the “Redirect Rules” page, and delete the bad one(s) from there:

https://dash.cloudflare.com/?to=/:account/:zone/rules/redirect-rules

I also suggest to go through the other kind of Rules your zone may have, and check for any potential malicious changes there as well.

I haven’t seen it with HugeDomains before though, - but I’d say rather be safe, than sorry.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.