4
I've just realized that when I enter an URL in the browser and navigate there, if the site doesn't exist I get redirected to a parking site full of ads. Confirmed that the site doesn't exist after checking WHOIS information (domain is available, etc.). My home setup is just a wifi-router with an ADSL service, and my devices going through that wifi connection.
My tests so far:
- Navigate to http://laksdkajsndkajndkasn.net >> get 302 redirect to malicious page
- Navigate to http://laksdkajsndkajndkasn.net (other browser) >> get 302 redirect to malicious page
- Navigate to http://laksdkajsndkajndkasn.net (mobile connected to same network) >> redirected to malicious page
- Navigate to http://laksdkajsndkajndkasn.net (mobile connected to 3G network) >> NOT redirected to malicious page
- Curl http://laksdkajsndkajndkasn.net >> resolves an IP address but get a 404 response with content-length 0. Go to that IP in the browser >> redirects to parking site.
- dnslookup http://laksdkajsndkajndkasn.net >> I see that IP under "Non-authoritative answer:"
I guess this could be something bad/malicious in my connection/setup/isp, but I would appreciate any directions to troubleshoot this issue.
welcome to superuser, now tell us More info :-) who is your ISP? what are the numbers shown for your DNS? What is your operating system? If its windows, what if anything is in the HOSTS file, other than the sample stuff. "Spyware blasters" evil activeX blockers (registry) and evil site lists restriction (IE security) Can filter out some of that stuff, Assembled Hosts blocking files can block out some of it too, all passivly (not running program) What is the browser(s) that your using? – Psycogeek – 2013-04-07T04:34:59.337
1@Psycogeek thank you. I use linux but there are other devices using windows connected to the network. After following guidance from the answer below I realized one of those computers was infected. – Matias – 2013-04-07T05:12:35.663