bobfandango
Occasional Visitor
This is likely unrelated to Asus routers, but I've been having stability issues with my AC66U, and have discovered some odd behavior that I'd like some opinions about....
I have been trying to figure out a stability issue with my router. I've posted about it elsewhere, but won't repeat that here. Suffice it to say, I've tried turning up logging everywhere I can to try and figure out what the problem may be.
To that end, I have setup dnsmasq to log all queries. I noticed in the logs a large number of queries for the following: www.facedestek.com
I can reproduce the query by simply entering www.google.com in the browser window and hitting return. Voila, the query to facedestak.com appears right then.
Browsing to that URL says the webpage is not available. An nslookup of www.facedestek.com returns no IP (a good thing in this case since it doesn't appear that lookups that hit the cache are logged).
Google searches for that domain yield almost nothing informative. The one useful google hit is here: https://www.virustotal.com/en/domain/facedestek.com/information/
It lists an IP that "has been seen to resolve to" the IP 94.23.240.36. A traceroute to that IP terminates after 30 jumps, with the last visible jump coming in France.
Note, google.com does apparently successfully resolve (or is returned from the cache) since it loads in the browser. But it is HIGHLY bizarre that the lookup is happening especially when I navigate to google, and I can find NO information.
Other devices on the LAN do not trigger this query. So, it must be the one machine... a mid 2011 iMac. iMac's are relatively unscathed in the spyware realm, and I don't willy nilly install things from unstrusted sources. So, I'm surprised, and I'd expect others to have seen this if it were spyware or some virus.
Ideas please anyone?
I have been trying to figure out a stability issue with my router. I've posted about it elsewhere, but won't repeat that here. Suffice it to say, I've tried turning up logging everywhere I can to try and figure out what the problem may be.
To that end, I have setup dnsmasq to log all queries. I noticed in the logs a large number of queries for the following: www.facedestek.com
I can reproduce the query by simply entering www.google.com in the browser window and hitting return. Voila, the query to facedestak.com appears right then.
Browsing to that URL says the webpage is not available. An nslookup of www.facedestek.com returns no IP (a good thing in this case since it doesn't appear that lookups that hit the cache are logged).
Google searches for that domain yield almost nothing informative. The one useful google hit is here: https://www.virustotal.com/en/domain/facedestek.com/information/
It lists an IP that "has been seen to resolve to" the IP 94.23.240.36. A traceroute to that IP terminates after 30 jumps, with the last visible jump coming in France.
Note, google.com does apparently successfully resolve (or is returned from the cache) since it loads in the browser. But it is HIGHLY bizarre that the lookup is happening especially when I navigate to google, and I can find NO information.
Other devices on the LAN do not trigger this query. So, it must be the one machine... a mid 2011 iMac. iMac's are relatively unscathed in the spyware realm, and I don't willy nilly install things from unstrusted sources. So, I'm surprised, and I'd expect others to have seen this if it were spyware or some virus.
Ideas please anyone?
