PPRuNe Forums

PPRuNe Forums (https://www.pprune.org/)
-   Computer/Internet Issues & Troubleshooting (https://www.pprune.org/computer-internet-issues-troubleshooting-46/)
-   -   Has my internet connection been hijacked? (https://www.pprune.org/computer-internet-issues-troubleshooting/333839-has-my-internet-connection-been-hijacked.html)

stickyb 5th Jul 2008 03:47
Has my internet connection been hijacked?
 
Am currently in Thailand, a country known for its various attempts to censure/control the internet.

Am using a domestic ordinary adsl connection. Sometimes the connection seems to freeze when loading web pages, and when i check with tcpview, i find that there a a number of connections from IE to a server run by the ISP. The server name varies, but is always <something>.tttmaxnet.com

I cannot find out why these connections are being made. Have run exhaustive spywarechecks/virus checks that have found nothing.

I have no idea why this should happen when i am loading pages from, for example, BBC News.

I have tried blocking by putting entries in the hosts file, but that doesn't stop it.

Is it adverstising downloading (not that i can see any advertising that is Thai based) or is it more sinister?

Any ideas on how to progress?

Guest 112233 5th Jul 2008 08:06
Hijacking web pages.
 
Assuming that you are using IE 7 - have a look a the very top Box, i.e the one that displays the actual domain name of the site that you are visiting, e.g http://www.pprune.org/forums/newreply and see if the result is actually what you are expecting. It's possible to spoof web pages, but as far as I know domain names are unique. Check you home page domain as well - Are you using a phishing filter ?. copy those domain names into google and see if anything comes up

CATIII-NDB.

Thanks:hmm:

BOAC 5th Jul 2008 08:21
If IE6 or earlier or an 'early' Firefox', check 'SpoofStick' which does the same and shows the ACTUAL site.

Gertrude the Wombat 5th Jul 2008 09:43
Are you absolutely certain that your ISP is not simply applying the bog standard practice of proxying HTTP requests?

stickyb 5th Jul 2008 12:57
Thanks for the ideas
 
Bit more info - I am using IE6, and already have spoofstick installed, so I know i am not going to any phishing or false pages.

The ISP uses a normal transparent proxy, but you normally don't see that in the TCP/VIEW.

One worrying thing is that some of the connections are when i am accessing a site like paypal with https.

Have double checked everything with AV, Spybot and hijack this, nothing found.

paxcommuter 7th Jul 2008 12:26
It maybe caused by a third party add-on.

Try Tools | Internet Options. Click the Programs Tab, then Manage Add-ons. You can disable any unwanted add-ons from there.

Bushfiva 7th Jul 2008 13:09
Are you using AVG 8.xx?


All times are GMT. The time now is 05:55.


Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.