https://discord.cloudflare.com logo
Join Discord
Powered by
Suspicious redirect
# r2
e
Can you provide screenshots of those tabs? Page Rules, Redirect Rules (both Bulk and Single), Worker Routes?
v
ya
e
Page Rules?
v
just a sec
e
Okay now go to Caching > Configuration, select "Purge everything", then open a private browser window and try the page again, see if it still redirects
v
kk
should i wait?? like last time it took approx half-1hr then it was removed but the google flagged it maybe this time it goes away after and hr?
e
Okay so whatever it is is still active then, if purge didnt work Can you now try going to https://dash.cloudflare.com/?to=/:account/audit-log - enter your domain name into the box on the top right of the list, click "Search" and then screenshot the list and send it here
v
kk
e
Feel free to redact your email address with an image editor
v
na thats fine i will delete the screenshot
e
Looks like you didnt search for a specific domain, you can do that here
v
sorry my fault
e
Can you click to expand both of the "Rulesets update" entries?
v
kk
e
And see if theres anything interesting in them
v
wiered names
for thr websites there
i see this in the value
ooh its the same
damn
e
Interesting
For my own safety I'm not going to click that link
But its odd that it was deleted
Can you copy out the IP address shown? Then enter it into and see if the location/ISP is familiar
v
kk
@Erisa | Support Engineeri dont find any line saying ip there just the website
e
v
sorry
didnt see that
e
If thats not yours then its a clear sign your account is actively compromised and you should reset all auth methods and add 2FA before looking further
v
i dont live in delhi
need to update all of my details i guess
e
Are you in the same country or using the same ISP? City location sometimes isnt fully accurate
v
na
that dosnt relate my ip
e
Okay so, before you investigate further - If you have an antivirus or anti-malware, set it to run just in case - Reset your account password - Revoke ALL sessions, even your current one - Add 2FA to your account - Go to Global API Key, reset it - Go to API tokens, delete or "roll" them all - for the R2 ones you will need to do that from the R2 dashboard instead
Then once thats done, we can look closer into it
v
is that ok if i would update the thread in an hr since i need to go rn
e
Its fine, I'll be around
v
thx
it worked and the images are loading fine back to normal thx for thx help
e
Hooray
s
the urls there are behind CF
e
That may be the case but I have no intention to investigate them, if you believe they are malicious then please use the abuse report form as appropriate
s
still no idea what the angle is
e
The what
s
those CF pages are obviously fake
but why on earth are they talking to each other
PreviousNext
Powered by