Windows – Browsers redirect to level3.com if domain does not exist

browser-tabsipmalwarewindows

If I enter a URL incorrectly, my Firefox browser occasionally redirects me to http://searchguide.level3.com

  1. This occurs in Chrome too.
  2. I've restarted Firefox in safe mode, and it still happens
  3. I've restarted Windows 10 in safe mode, and it still happens
  4. I've installed Hitman Pro Alert. The scan found nothing, and could not prevent the redirect.
  5. My HOSTS file is clean.
  6. My ethernet settings IPv4 properties use Google's DNS: 8.8.8.8 and 8.8.4.4
  7. The only other issue I have is when visiting http://www.moneysavingexpert.com which produces numerous pop-up windows, unless I disable scripts.
  8. I have Comodo Internet Security (antivirus and firewall) installed, and it identifies nothing.

Any other suggestions?

Best Answer

It's also very likely that you're using free public DNS servers between 4.2.2.1 and 4.2.2.6. This range of IPs is operated by Level 3's network, so configuration of their DNS is basically redirecting you to their search engine. See: What is 4.2.2.2?

Here are simple *nix shell command lines to check:

$ dig non-existing.domain
        ︙
;; ANSWER SECTION:
non-existing.domain.    10  IN  A   104.239.213.7
non-existing.domain.    10  IN  A   198.105.254.11
        ︙

$ dig non-existing.domain | grep SERVER
;; SERVER: 4.2.2.1#53(4.2.2.1)

If that's the case, you can change your DNS server to

  • the one your ISP is providing for your network,
  • your local DNS, such as your gateway/router1,
  • Google Public DNS: 8.8.8.8 and 8.8.4.4, or
  • OpenDNS: 208.67.222.222 and 208.67.220.220

Note that some DNS servers will give you an answer, containing the IP address of a search engine, for nonexistent domain names.  Others won’t give you any answer.  Many people are annoyed to be redirected to a search engine, but this behavior is not intrinsically malicious.

Related: Non-existing URLs redirect to “searchguide - level 3” in Safari at Apple.SE
_______________
1 of course then you have to worry about what real DNS server your gateway/router is using

Related Question