Weird redirect after moving to cloudflare

Hi,
after I moved to Cloudflare, my website is redirecting to a strange url iplogger dot com/2LNux5
my domain is: ahlysport dot com

when I pause Cloudflare, the redirection is removed, when I enable it, it is back again.
I changed the server still the same issue
U suspended the hosting still the same issue

what could be the issue?

I cannot replicate. When I visit ahlysport.com the page loads fine.

can you test from desktop?
and test the response status
from httpstatus dot io

gives 301 redirect

I did test from a desktop.

Correct, a 301 redirect exists on the on-SSL (http://) to SSL, and apex to www.

But not to some strange URL that you see.

$ curl -I http://ahlysport.com
HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Aug 2023 12:15:07 GMT
Location: https://ahlysport.com/
$ curl -I http://www.ahlysport.com
HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Aug 2023 12:15:12 GMT
Location: https://www.ahlysport.com/
$ curl -I https://ahlysport.com
HTTP/2 301
date: Sat, 12 Aug 2023 12:16:05 GMT
location: http://www.ahlysport.com/

I don’t know why the above is redirecting httpshttp

$ curl -I https://www.ahlysport.com
HTTP/2 200
date: Sat, 12 Aug 2023 12:16:35 GMT

If your site is redirecting to an iplogger.com URL in some circumstances then it is possible your Cloudflare account has been compromised. There have been a few cases where malicious Redirect Rules have been added to accounts that trigger a redirect only with Windows user agents.

You should secure your account by resetting your password, configuring 2FA and rotating your API keys & tokens.

You should also review the audit log to see what malicious configuration has been added and revert it.

In previous cases it has been a Redirect Rule such as this that has been added:

2 Likes

thank you,
I found a redirect rule for some user agents

thank you, it was a redirect for 3 user agents I found them in Redirect Rules
the account was compromised

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.