Redirecting to "http://domain-error.com"

I am having this issue since a few days.

The problems are:

  • Invalid domains are redirected to domain-error.com
  • Some domains are redirected to domain-error.com multiple times but after a few attempts I could reach the website.

I have got the same problem in Ubuntu, Archlinux, Windows(7 and 10). I am not saying that getting the same malware in all these operating system is impossible.

But What is impossible (nearly):
I downloaded a fresh copy of Ubuntu from the official website. Verified the integrity and live booted. Then I tried to reach an invalid URL.

Guess what happened!. I was again redirected tohttp://domain-error.com/

So the problem is with the Internet Service Provider(ISP)?

To confirm that I went to my friends apartment, who is using the same ISP and he is having the same problem.

I have blocked domain-error.com from loading (added entry to /etc/hosts) but the redirect still exist.

So I think that you are also having the same issue with the ISP.

SOLUTION:

Remove default DNS option from your router and set 8.8.8.8 and 8.8.4.4 as your DNS. It will work fine.

Note: My ISP is BSNL (India)

.


Check your router configuration at 192.168.X.Y, login and look for DNS servers setup, I had once some joker changing my DNS servers on my router because of my weak admin password, these DNS servers were resolving about 1/3 of my traffic to a certain page loaded with ads, rest of the traffic was resolved correctly. Bad guys also use this technique for phishing.


This seems to be what is known as ISP redirection, which is not uncommon. See https://en.wikipedia.org/wiki/ISP_redirect_page for more information. Quite a few ISP's have done this (I had it happen with Charter awhile back), and it's quite annoying. What worked for me was setting alternate DNS servers as another poster mentioned. You can also find how some others resolved it in the comments of this article: https://hackercodex.com/guide/how-to-stop-isp-dns-server-hijacking/


At first, please check your extensions enabled in browser and let us know if you find anything suspicious. Then check your search providers. After that check

 /etc/hosts

for signs of a redirection. Unfortunately Google does not have records which could clearly show cases similar to yours yet.

What did you do exactly before you started to experience this behaviour?

When I last time experienced something like that it was because of a tricky extension.

Armand