LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   url in browser redirecting to another adress (https://www.linuxquestions.org/questions/linux-networking-3/url-in-browser-redirecting-to-another-adress-4175440450/)

Midhato 12-07-2012 09:54 AM
url in browser redirecting to another adress
 
when i type in browser url that does not exist i get redirecting to some chines sites , isp say that they did not set anything to do that.Is my linux infected with virus :D.

some of the sites are
127.0.0.1 www5.1616.net
127.0.0.1 cache.soso.com
127.0.0.1 r.61658.com
127.0.0.1 st.5258.net
127.0.0.1 st.61658.com
127.0.0.1 static.5258.net
127.0.0.1 a.5258.net.cdn20.com
127.0.0.1 wsall.5258.net.wsdns.com
127.0.0.1 dr.soso.com

i blocked them in hosts but today i get to this site

http://www.2345.com/?k99031933


i am runing ubuntu 12.04,firefox,chrome,chromium and konq.. have same problem.

unSpawn 12-07-2012 10:25 AM
Select one "wrong" host name and tell us what it returns:
Code:
host [wrongaddress]
dig +trace [wrongaddress]

Midhato 12-07-2012 10:34 AM
midhat@midhat:~$ host www.sdfsdf.ba
www.sdfsdf.ba has address 218.93.250.18
;; Warning: Message parser reports malformed message packet.
ba has SOA record bosna.utic.net.ba. hostmaster.bosna.utic.net.ba. 2012120704 14400 3600 604800 86400
midhat@midhat:~$ dig +trace www.dsfsdfsd.ba

; <<>> DiG 9.8.1-P1 <<>> +trace www.dsfsdfsd.ba
;; global options: +cmd
. 153738 IN NS m.root-servers.net.
. 153738 IN NS b.root-servers.net.
. 153738 IN NS g.root-servers.net.
. 153738 IN NS d.root-servers.net.
. 153738 IN NS i.root-servers.net.
. 153738 IN NS j.root-servers.net.
. 153738 IN NS l.root-servers.net.
. 153738 IN NS f.root-servers.net.
. 153738 IN NS e.root-servers.net.
. 153738 IN NS k.root-servers.net.
. 153738 IN NS h.root-servers.net.
. 153738 IN NS c.root-servers.net.
. 153738 IN NS a.root-servers.net.
;; Received 244 bytes from 192.168.254.253#53(192.168.254.253) in 1567 ms

ba. 172800 IN NS auth03.ns.uu.net.
ba. 172800 IN NS ba.cctld.authdns.ripe.net.
ba. 172800 IN NS ns.ba.
ba. 172800 IN NS sava.utic.net.ba.
ba. 172800 IN NS munnari.oz.au.
;; Received 335 bytes from 192.203.230.10#53(192.203.230.10) in 923 ms

ba. 86400 IN SOA bosna.utic.net.ba. hostmaster.bosna.utic.net.ba. 2012120705 14400 3600 604800 86400
;; Received 95 bytes from 195.130.35.3#53(195.130.35.3) in 44 ms

midhat@midhat:~$ host sdfsdf.ba
sdfsdf.ba has address 218.93.250.18
;; Warning: Message parser reports malformed message packet.
ba has SOA record bosna.utic.net.ba. hostmaster.bosna.utic.net.ba. 2012120705 14400 3600 604800 86400
midhat@midhat:~$ host sdfsdf.ba



in 1st post i get redirected to www5.1616.net, but wireshark is reporting other adress

unSpawn 12-07-2012 11:09 AM
I bet 'host sdfsdf.ba 8.8.8.8' returns NXDOMAIN (or check here or here). Are you by any chance using a router with Mikrotik RouterOS?

Midhato 12-07-2012 11:16 AM
Yes i have mikrotik os and i am directly connected to him,for others it is hotspot wireless

Midhato 12-07-2012 11:21 AM
It can be any adress www.blablablalololif jdjfdancf.com or any other that is not registered

unSpawn 12-07-2012 11:33 AM
Quote:
Originally Posted by Midhato (Post 4844662)
Yes i have mikrotik os
Did you recently update your RouterOS?
From a non-Mikrotik source perhaps?

Midhato 12-07-2012 11:38 AM
I will ask my isp, router is only in my house and i dont have nothing with software he use.
I will mark this as solved because it is not my system problem.

unSpawn 12-07-2012 11:44 AM
Before you go please post output of
Code:
host sdfsdf.ba 8.8.8.8

unSpawn 12-07-2012 12:22 PM
So he didn't. Anyway. What the output of the last command should prove is that if there's redirection it's either in the router (in case of Mikrotik there's illegal firmware around that points to .cn TLD 218.93.250.18 specifically, also see the .mx/.br incident) or inside the Providers realm (some Wireless providers seem to be notorious for such practices) or inside TLDs authoritative Name Servers (there's a quite recent incident in another TLD where all authoritative Name Servers got redirected temporarily).

Midhato 12-07-2012 01:03 PM
host sdfsdf.ba 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

sdfsdf.ba has address 218.93.250.18
;; Warning: Message parser reports malformed message packet.
ba has SOA record bosna.utic.net.ba. hostmaster.bosna.utic.net.ba. 2012120705 14400 3600 604800 86400

topr 05-19-2013 10:25 AM
This topic is marked as sloved. I see no solution though (?)
I have the exact same case here. When I put some unexistent or incorrect URL in the browser's address bar (firefox), then I'm reaching the asian site with porn adds: www5.1616.net
I don't really like to going there.

Code:
$ host sdasda.ba
sdasda.ba has address 218.93.250.18
;; Warning: Message parser reports malformed message packet.
ba has SOA record bosna.utic.net.ba. hostmaster.bosna.utic.net.ba. 2013051710 14400 3600 604800 86400
Code:
$ dig +trace sdasda.ba

; <<>> DiG 9.8.1-P1 <<>> +trace sdasda.ba
;; global options: +cmd
.                        21446        IN        NS        i.root-servers.net.
.                        21446        IN        NS        f.root-servers.net.
.                        21446        IN        NS        b.root-servers.net.
.                        21446        IN        NS        g.root-servers.net.
.                        21446        IN        NS        c.root-servers.net.
.                        21446        IN        NS        d.root-servers.net.
.                        21446        IN        NS        a.root-servers.net.
.                        21446        IN        NS        k.root-servers.net.
.                        21446        IN        NS        h.root-servers.net.
.                        21446        IN        NS        m.root-servers.net.
.                        21446        IN        NS        l.root-servers.net.
.                        21446        IN        NS        j.root-servers.net.
.                        21446        IN        NS        e.root-servers.net.
;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 381 ms

ba.                        172800        IN        NS        ba.cctld.authdns.ripe.net.
ba.                        172800        IN        NS        ns.ba.
ba.                        172800        IN        NS        sava.utic.net.ba.
ba.                        172800        IN        NS        auth03.ns.uu.net.
ba.                        172800        IN        NS        munnari.oz.au.
;; Received 329 bytes from 192.203.230.10#53(192.203.230.10) in 177 ms

ba.                        86400        IN        SOA        bosna.utic.net.ba. hostmaster.bosna.utic.net.ba. 2013051710 14400 3600 604800 86400
;; Received 89 bytes from 193.0.9.60#53(193.0.9.60) in 30 ms
My router is TP-Link TL-WR841N. I haven't been updating firmware recently.
DNS settings are:
primary 8.8.8.8
secondary 194.187.52.5 (ISP's)

How can I get this asian crap redirection go away?


All times are GMT -5. The time now is 01:19 AM.