I have a domain (let it be sample.test). I connected it to the Cloudflare platform. One day I decided to check Google Search Console and I found out there was another (completely unrelated to me) domain that redirected all requests from him to me.
Meaning that if you decide to go to (let it be) fraud.com, you will see the content of my web application (api requests are redirected to me as well).
I am using:
- ubuntu hosting
- asp.net app
- nginx for proxing requests from web to the app
- cloudflare (my server IP is set to DNS records of my website)
How can I stop it?
I would make sure to run some malware scans on the server to help find where you have been hacked. Use AI-BOLIT to remove any hacks and secure your code. https://www.ipserverone.info/knowledge-base/how-to-scan-for-malware-in-linux-using-ai-bolit/