Question
I’ve just realized that when I enter an URL in the browser and navigate there, if the site doesn’t exist I get redirected to a parking site full of ads. Confirmed that the site doesn’t exist after checking WHOIS information (domain is available, etc.).
My home setup is just a wifi-router with an ADSL service, and my devices going through that wifi connection.
My tests so far:
- Navigate to http://laksdkajsndkajndkasn.net >> get 302 redirect to malicious page
- Navigate to http://laksdkajsndkajndkasn.net (other browser) >> get 302 redirect to malicious page
- Navigate to http://laksdkajsndkajndkasn.net (mobile connected to same network) >> redirected to malicious page
- Navigate to http://laksdkajsndkajndkasn.net (mobile connected to 3G network) >> NOT redirected to malicious page
- Curl http://laksdkajsndkajndkasn.net >> resolves an IP address but get a 404 response with content-length 0. Go to that IP in the browser >> redirects to parking site.
- dnslookup http://laksdkajsndkajndkasn.net >> I see that IP under “Non-authoritative answer:”
I guess this could be something bad/malicious in my connection/setup/isp, but I would appreciate any directions to troubleshoot this issue.
Answer
That would be your ISP ‘helping’ you.
http://whatis.techtarget.com/definition/DNS-redirection
Or as was pointed out in the comments, your DNS server was compromised or your gateway’s DNS settings were changed to point to a malicious DNS server.
See http://www.dcwg.org/ for information on one example of DNS changing malware that targets SOHO routers and how to check/remove the problem.
Check more discussion of this question.
