Has my internet connection been hijacked?
Thread Starter
Join Date: Feb 2000
Location: asia
Posts: 542
Likes: 0
Received 0 Likes
on
0 Posts
Has my internet connection been hijacked?
Am currently in Thailand, a country known for its various attempts to censure/control the internet.
Am using a domestic ordinary adsl connection. Sometimes the connection seems to freeze when loading web pages, and when i check with tcpview, i find that there a a number of connections from IE to a server run by the ISP. The server name varies, but is always <something>.tttmaxnet.com
I cannot find out why these connections are being made. Have run exhaustive spywarechecks/virus checks that have found nothing.
I have no idea why this should happen when i am loading pages from, for example, BBC News.
I have tried blocking by putting entries in the hosts file, but that doesn't stop it.
Is it adverstising downloading (not that i can see any advertising that is Thai based) or is it more sinister?
Any ideas on how to progress?
Am using a domestic ordinary adsl connection. Sometimes the connection seems to freeze when loading web pages, and when i check with tcpview, i find that there a a number of connections from IE to a server run by the ISP. The server name varies, but is always <something>.tttmaxnet.com
I cannot find out why these connections are being made. Have run exhaustive spywarechecks/virus checks that have found nothing.
I have no idea why this should happen when i am loading pages from, for example, BBC News.
I have tried blocking by putting entries in the hosts file, but that doesn't stop it.
Is it adverstising downloading (not that i can see any advertising that is Thai based) or is it more sinister?
Any ideas on how to progress?
Join Date: Aug 2007
Posts: 647
Likes: 0
Received 0 Likes
on
0 Posts
Hijacking web pages.
Assuming that you are using IE 7 - have a look a the very top Box, i.e the one that displays the actual domain name of the site that you are visiting, e.g http://www.pprune.org/forums/newreply and see if the result is actually what you are expecting. It's possible to spoof web pages, but as far as I know domain names are unique. Check you home page domain as well - Are you using a phishing filter ?. copy those domain names into google and see if anything comes up
CATIII-NDB.
Thanks
CATIII-NDB.
Thanks
Thread Starter
Join Date: Feb 2000
Location: asia
Posts: 542
Likes: 0
Received 0 Likes
on
0 Posts
Thanks for the ideas
Bit more info - I am using IE6, and already have spoofstick installed, so I know i am not going to any phishing or false pages.
The ISP uses a normal transparent proxy, but you normally don't see that in the TCP/VIEW.
One worrying thing is that some of the connections are when i am accessing a site like paypal with https.
Have double checked everything with AV, Spybot and hijack this, nothing found.
The ISP uses a normal transparent proxy, but you normally don't see that in the TCP/VIEW.
One worrying thing is that some of the connections are when i am accessing a site like paypal with https.
Have double checked everything with AV, Spybot and hijack this, nothing found.