attention required: cloud flare

There are spoofs of malicious webpages. What I would do is go into your browser security preferences and delete all cookies related to the cloud flare page after accessing just Google directly. Make sure you only have one window open, and no extra tabs other than Google. Then deleting all cookies from that site will help.

You could simply dump all the cookies, but you'll have to remember any websites that have passwords and what they are before doing so. You might just want to go to sites that automatically log you in, and give a new password first before dumping the cookies.

That will prevent any past websites from regenerating the info in question. Popups and popunder pages are notoriously bad for appearing not always on the site that generates them, but the site you visit afterwards!

"CloudFlare" is a legitimate content-distribution network. What you're seeing is the result of a misconfiguration of the web server, which may be intermittent and may depend on your geographic location. You might be able to clear it temporarily as follows.

From the Safari menu bar, please select

Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data...

and confirm. Test.

I doubt it is a malware per se. I think while as Linc says it is legitimate content-distribution network, it is possible they are using some outdated software to manage the network that does not work well with your installed operating system, or installed browsers. I would contact the CloudFlare people and ask them have they tested it with a particular browser in El Capitan or not. If not, you may need to use a different content distribution network that is not as sensitive. See my FAQ* on browsers:

http://www.macmaps.com/browser.html

And Adobe Flash does not work at all on iPads except with certain third party browsers that work only over WiFi.

* Links to my pages may give me compensation.

First, never use any kind of "anti-virus" or "anti-malware" software on a Mac. That's how you create problems, not how you solve them.

From the menu bar, please select

 ▹ System Preferences... ▹ Network ▹ Advanced... ▹ DNS

Under DNS Servers you should have one or more numerical addresses, such as “192.168.1.1” or “10.0.0.1”. What are those addresses?

What you're doing won't have any lasting effect.

Please back up all data.

Unlock the Network preference pane, if necessary, by clicking the lock icon in the lower left corner and entering your password. Cllck Advanced, open the DNS tab, and change the server addresses to the following:

8.8.8.8

8.8.4.4

That's Google DNS. Click OK, then Apply.

In Safari, select

Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data

and confirm. If you’re using another browser, empty the cache. Test. Any difference?

Notes:

1. If you lose Internet access after making the above change to your network settings, delete the Google servers in the Network preference pane, then select the TCP/IP tab and click Renew DHCP Lease. That should restore the original DNS settings; otherwise restore them yourself. Remember that you must click Apply in order for any changes to take effect.

2. I don't use Google DNS myself, though I have tested it, and I'm not recommending it or any other DNS provider; the server addresses are offered merely for testing purposes. There may be privacy and technical issues involved in using that service, which you should investigate personally before you decide whether to keep the settings. Other public DNS services exist.

Obviously the problem is not caused by anything on the Mac. You've made a strong case that it's an ISP issue. Some ISP's cache web content on their own servers. That's one way something like this could happen. Good luck.