malware – Intercept HTTP requests for invalid domains in Linux

I am using Ubuntu 18.04. When making a HTTP request to invalid domains, I get a HTML page with javascript code that redirects me to uniregistry a landing page.

More specifically, when trying to load axdv-invalid-domain.com, I get redirected to uniregistry.com/buy-domains/axdv-invalid-domain.com?src=uniregistry-lander

This affects all HTTP clients. Even when I use the curl command line, a HTML page is returned.

This does not affect DNS lookups. Using the host command, I get “Host axdv-invalid-domain.com not found: 3(NXDOMAIN)”

My computer does not seem to have any VPN or proxy configured. I am using home wifi and this does not affect any other computers on the network.

How is this possible? Feels like I’m infected with malware but I can’t figure out how the malware is doing this.