malware – Intercept HTTP requests for invalid domains in Linux

I am using Ubuntu 18.04. When making a HTTP request to invalid domains, I get a HTML page with javascript code that redirects me to uniregistry a landing page.

More specifically, when trying to load, I get redirected to

This affects all HTTP clients. Even when I use the curl command line, a HTML page is returned.

This does not affect DNS lookups. Using the host command, I get “Host not found: 3(NXDOMAIN)”

My computer does not seem to have any VPN or proxy configured. I am using home wifi and this does not affect any other computers on the network.

How is this possible? Feels like I’m infected with malware but I can’t figure out how the malware is doing this.