Apparently on other browsers (only Chrome and Firefox passed the DDoS check) like Vivaldi, upon figuring out why I keep getting stuck in refresh loop during cloudfare DDoS test, I decided to open dev tools and keep seeing the page attempting to fetch something like https://www.example.com/cdn-cgi/challenge-platform/h/g/.. and it keep return 401 Unauthorized or 400 error.<p>I'm not really sure if these 401/400 error are relevant but I'll describe the behavior anyways.<p>The weird thing is that only Chrome and Firefox (both normal and incognito mode) passed the test while Vivaldi and Edge failed. Vivaldi's behavior will get 401 error on fetch-ing /cdn-cgi/challenge-platform/h/g/pat/xxx/xxx/xxx/xxx while Edge will get 400 error upon xhr-ing /cdn-cgi/challenge-platform/h/g/flow/ov1/xxx/xxx/xxx. I cannot investigate deeper than this since I don't have time and https://example.com/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1?ray=xxx JS file is obfuscated.<p>Honestly at this point I'm using Firefox at temporary solution whenever a site got stuck in this ridiculous refresh loop and I have no idea why.<p>I did have uBlock Origin installed on both Firefox and Vivaldi with same exact settings and filter lists (since I exported and imported them) and both success and fail cases have the extension enabled. There's also Adguard in the background disabled for both cases.<p>In some rare cases Cloudfare outright ONLY block my Vivaldi browser instead of having access to the DDoS test page. Usually clear site data will "fix" and it goes back to stuck in the same refresh loop.
Are you sure it's actually cloudflare pages you're seeing and not malware?<p><a href="https://www.bleepingcomputer.com/news/security/wordpress-sites-hacked-with-fake-cloudflare-ddos-alerts-pushing-malware/" rel="nofollow">https://www.bleepingcomputer.com/news/security/wordpress-sit...</a>