Website gets forwarded to malicious website

Username epiz_30276383

I hosted my domain to point to the hosting here. It worked well for a few days, now, when anyone visits my website, it goes to a malicious website leostop

Then the user goes back and the website works fine.

Can anyone suggest what’s happening?

What is the domain name?

1 Like

Rule of thumb, no clear information results with nothing.

It is fine for me. Try clearing your cache. Some adverts redirect to suspicious sites, so remove any disreputable advertisers.


I just tried from a different laptop

typed website name
first it said it is going to a “non trusted” site, do you want to continue
when i click “Continue” it goes to homepage them immediately goes to

It then says “the site has been reported unsafe”

the same behavior was also reported by someone else whom I asked to visit the website

Try from a different network, such as a cellular network. Then does it work?


I’m pretty sure it’s not our hosting. A quick Google search for that domain doesn’t redirect a lot of results, but it does show a few sites which are not hosted with us.

So my money is on something like malicious code on your website (this can happen with outdated or pirated software), a virus on your computer or an malicious party in your network intercepting and redirecting traffic.


Thank you for your confirmation and inputs.


By this it turns out that your jquery is infected :slightly_smiling_face:
It is easily possible that someone pushed the obfuscated code inside or otherwise hid it

Request 27:

Error/Status Code: 301
Priority: Low
Protocol: http/1.1
Initiated By: line 1 column 82241
Request Start: 1.576 s
DNS Lookup: 70 ms
Initial Connection: 75 ms
Time to First Byte: 122 ms
Bytes In (downloaded): 0.0 KB
Bytes Out (uploaded): 0.9 KB

Request Headers:

Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 PTST/211207.195343
Accept: /
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response Headers:

HTTP/1.1 301 Moved Permanently
Date: Mon, 17 Jan 2022 22:05:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 17 Jan 2022 23:05:58 GMT
Report-To: {“endpoints”:[{“url”:“”}],“group”:“cf-nel”,“max_age”:604800}
NEL: {“success_fraction”:0,“report_to”:“cf-nel”,“max_age”:604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6cf2e356b85882f9-IAD
alt-svc: h3=“:443”; ma=86400, h3-29=“:443”; ma=86400

Or you use some demo or unpurchased software (pirated)
so the author checks if the host is valid (for which someone bought some software), and if not, then throw out the error and make a redirection.

And you should definitely do a jQuery script update if possible and if everything works

You are not the only one who has this problem


Thank you so much for this info

I am new for jquery. Can you please guie me if
I shall I just re-upload my files? or shall i remove those references in jquery file?

are there any resolutions steps somewhere ?

1 Like

You are better off using up-to-date CDN hosted jQuery.
I use JsDelivr CDN. Here’s how to include their jQuery:

<script src="[email protected]/src/core.min.js" crossorigin="anonymous"></script>

It depends on how the malware came to be there in the first place. So no, we have no step by step way to fix this, because there are a lot of variables to account for.

For starters, you should take a good look at the software you’re using:

  • Is the software being actively developed and maintained, and are you running the latest, or at least supported, version?
  • Is the software being developed by a reliable party? A well known company is a safer source than some random person on a forum.
  • Did you get the software from a reliable source? So a distribution channel linked to by the software author, not some random file sharing sites you found through Google.

If the software is outdated, built by someone with either bad intentions or someone who just isn’t good at writing safe code, or retrieved from an unreliable third party source, your best bet is to wipe the entire site and start over. And go for software which is safe if you do.

Replacing the infected jQuery can help, but not if it’s just one symptom of unsafe, malware infected software.


A post was split to a new topic: Website forwarded to malicious site

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.