We’ve noticed that when a user clicks on our organic results on the search engine result pages, it redirects to a gambling website! If you go to the url direct its fine. Its only when you click on the url on the Google result pages does it redirect you.
I cant figure out how this is happening. Theres no suspicious code/files on the website directory.
On the Google search result, when you hover over the link, does it show a legitimate URL at the bottom of the browser window? Or is it some URL that points to your domain, but to a page that doesn’t exist on your site? Can you provide us an example?
Your title says on Google, implying that Google is responsible for the website. That is different from the search engine results.
What is the difference between an organic result and an inorganic result?
One possibility to eliminate is that you might be using an address such as domain.com (called root domain and other things) and Google is using www.domain.com, or the reverse of that. Or there could be something else different in the URL. That is why the question from Martyr2 is important.
Something else to look at is your DNS. If your domain is using any type of redirection then that could be the vulnerability.