Redirecting to "http://domain-error.com"

networking malware

I am having this issue since a few days.

The problems are:

  • Invalid domains are redirected to domain-error.com
  • Some domains are redirected to domain-error.com multiple times but after a few attempts I could reach the website.

I have got the same problem in Ubuntu, Archlinux, Windows(7 and 10). I am not saying that getting the same malware in all these operating system is impossible.

But What is impossible (nearly):
I downloaded a fresh copy of Ubuntu from the official website. Verified the integrity and live booted. Then I tried to reach an invalid URL.

Guess what happened!. I was again redirected tohttp://domain-error.com/

So the problem is with the Internet Service Provider(ISP)?

To confirm that I went to my friends apartment, who is using the same ISP and he is having the same problem.

I have blocked domain-error.com from loading (added entry to /etc/hosts) but the redirect still exist.

So I think that you are also having the same issue with the ISP.

SOLUTION:

Remove default DNS option from your router and set 8.8.8.8 and 8.8.4.4 as your DNS. It will work fine.

Note: My ISP is BSNL (India)

.


Check your router configuration at 192.168.X.Y, login and look for DNS servers setup, I had once some joker changing my DNS servers on my router because of my weak admin password, these DNS servers were resolving about 1/3 of my traffic to a certain page loaded with ads, rest of the traffic was resolved correctly. Bad guys also use this technique for phishing.


This seems to be what is known as ISP redirection, which is not uncommon. See https://en.wikipedia.org/wiki/ISP_redirect_page for more information. Quite a few ISP's have done this (I had it happen with Charter awhile back), and it's quite annoying. What worked for me was setting alternate DNS servers as another poster mentioned. You can also find how some others resolved it in the comments of this article: https://hackercodex.com/guide/how-to-stop-isp-dns-server-hijacking/


At first, please check your extensions enabled in browser and let us know if you find anything suspicious. Then check your search providers. After that check 

 /etc/hosts

for signs of a redirection. Unfortunately Google does not have records which could clearly show cases similar to yours yet.

What did you do exactly before you started to experience this behaviour?

When I last time experienced something like that it was because of a tricky extension.

Armand

Related

Where does Ubuntu store its library files?
How do I disable Ubuntu One?
What happened to the weather-app in the panel?
How can I get alt-tab to work in VirtualBox VM when in full screen?
Access Prompt keeps asking for GMail password
Can I log in with other user's account?
How can I install a Gsettings Schema without root privileges?
How could I mount an ext4 partition and have write permission?
How to set swap in /etc/initramfs-tools/conf.d/resume if I have two swap partitons?
Copy only folders not files?
hud-service is using 800 MB, is this necessary?
How to get OpenCL to work on an AMD GPU with Ubuntu 16.04?