1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Weird website issue - seem to be something with the router..

Discussion in 'Asuswrt-Merlin' started by ex313, Oct 23, 2019.

  1. ex313

    ex313 Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    60
    If I browse to this website:
    http://heroesforhire.us

    I get a page off this website:
    https://www.spiceoflifepharmacy.com

    1. It only happens on devices connected to the router.
    2. It happens on two different PC, all browsers and my android mobile
    3. If I engage the VPN on the PC or switch to Verizion data - I get the correct website.
    4. If I bypass the router and connect directly to Spectrum - I get the correct site.
    5. I have tried a power reset, changing DNS servers - nothing changes it.
    6. Cleared browser data, Windows DNS Cache - no effect.
    7. If I navigate to any subpage the correct site comes up. (ex: http://heroesforhire.us/?page_id=17)

    I am running an AC-1900P on 384.13. Did a full reset on the last firmware update, is there something I am missing?? Some routing table setting or cache that I have failed to clear?

    Thanks !
     
  2. doczenith1

    doczenith1 Very Senior Member

    Joined:
    Sep 19, 2014
    Messages:
    571
    Location:
    MI
    Website loads fine for me. I'm using cloudflare DoT.
     
  3. Makaveli

    Makaveli Very Senior Member

    Joined:
    Nov 4, 2016
    Messages:
    532
    Location:
    Canada
    Site loads find for me also.
     
  4. ex313

    ex313 Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    60
    This is what I get - but only through the router. The website is fine through any other connection.
    [​IMG]
     
  5. dave14305

    dave14305 Very Senior Member

    Joined:
    May 19, 2018
    Messages:
    1,481
    Location:
    USA
    Looks like your browser has been hijacked. Any unfamiliar extensions?
     
  6. ex313

    ex313 Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    60
    One the mobile - here is wifi:
    [​IMG]

    here is on 4G
    [​IMG]
     
  7. ex313

    ex313 Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    60
    It does it on multiple browsers, machines, multiple platforms. If I turn on my VPN the site comes up correct. Only variable is the router.
     
  8. dave14305

    dave14305 Very Senior Member

    Joined:
    May 19, 2018
    Messages:
    1,481
    Location:
    USA
    And your ISP.
     
  9. Treadler

    Treadler Senior Member

    Joined:
    Nov 9, 2017
    Messages:
    415
    Location:
    South Australia
    No issues/strangeness seen here with either of those sites.
     
  10. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,771
    Location:
    UK
    Do an nslookup on heroesforhire.us from each device (and check what DNS server you're going to). It's possible that the domain name entry has been poisoned on certain servers.
     
    heysoundude, martinr and Treadler like this.
  11. ex313

    ex313 Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    60
    My desktop is hardwired. If I unplug my machine from the router and directly in to the cable modem, the site comes up fine. Plug it back into the router and the anomaly occurs.
     
  12. ex313

    ex313 Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    60
    From the router:

    Server: 1.1.1.1
    Address 1: 1.1.1.1 one.one.one.one
    Name: heroesforhire.us
    Address 1: 184.168.139.84 ip-184-168-139-84.ip.secureserver.net

    From a website on the desktop:
    name class type data time to live
    heroesforhire.us IN A 184.168.139.84 3600s (01:00:00)
    heroesforhire.us IN NS ns01.domaincontrol.com 3600s (01:00:00)
    heroesforhire.us IN NS ns02.domaincontrol.com 3600s (01:00:00)
    heroesforhire.us IN SOA
    server: ns01.domaincontrol.com
    email: [email protected]
    serial: 2019030504
    refresh: 28800
    retry: 7200
    expire: 604800
    minimum ttl: 600
    3600s (01:00:00)
    heroesforhire.us IN MX
    preference: 10
    exchange: remote.heroesforhire.us
    3600s (01:00:00)
    heroesforhire.us IN TXT v=spf1 a mx ~all 3600s (01:00:00)

    From the PC
    Server: heroesforhire.us
    Address: 184.168.139.84
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    *** Request to heroesforhire.us timed-out
     
  13. dave14305

    dave14305 Very Senior Member

    Joined:
    May 19, 2018
    Messages:
    1,481
    Location:
    USA
    This is interesting.

    What DNS servers do you see configured if you run "ipconfig /all". Do you use DNSFilter at the router? If so, what settings?
     
  14. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,771
    Location:
    UK
    Looks like the DNS server your PC is using isn't working properly. Presumably it's using a DNS server on the router?
     
  15. ex313

    ex313 Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    60
    If I run ipconfig /all - I see the router ip 192.168.54.1 - no individual dns servers which are currently set as 1.1.1.1 and 1.0.0.1.
    If I manually set those address in windows - they will populate in the command prompt and I see the same result when I try to browse that URL.
     
  16. ex313

    ex313 Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    60
    I changed from cloudflare to google servers 8.8.8.8 and 8.8.4.4 and get the same result. Is it possible that there is some DNS filtering going on at the router?
     
  17. dave14305

    dave14305 Very Senior Member

    Joined:
    May 19, 2018
    Messages:
    1,481
    Location:
    USA
    I just realized your output shows heroesforhire.us as the Server not the Name. You may have mistyped your nslookup command.
     
  18. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,771
    Location:
    UK
    Are you using DoT, VPN or ad-blocking? If so try disabling those.
     
  19. ex313

    ex313 Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    60
    Here are two tests - one using the DNS from the router - the other from google dns servers - seems like same results.

    C:\Users\XXXX>nslookup -debug heroesforhire.us
    ------------
    Got answer:
    HEADER:
    opcode = QUERY, id = 1, rcode = NOERROR
    header flags: response, auth. answer, want recursion, recursion avail.
    questions = 1, answers = 1, authority records = 0, additional = 0
    QUESTIONS:
    1.54.168.192.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    -> 1.54.168.192.in-addr.arpa
    name = router.asus.com
    ttl = 0 (0 secs)
    ------------
    Server: router.asus.com
    Address: 192.168.54.1
    ------------
    Got answer:
    HEADER:
    opcode = QUERY, id = 2, rcode = NOERROR
    header flags: response, want recursion, recursion avail.
    questions = 1, answers = 1, authority records = 0, additional = 0
    QUESTIONS:
    heroesforhire.us, type = A, class = IN
    ANSWERS:
    -> heroesforhire.us
    internet address = 184.168.139.84
    ttl = 2421 (40 mins 21 secs)
    ------------
    Non-authoritative answer:
    ------------
    Got answer:
    HEADER:
    opcode = QUERY, id = 3, rcode = NOERROR
    header flags: response, want recursion, recursion avail.
    questions = 1, answers = 0, authority records = 1, additional = 0
    QUESTIONS:
    heroesforhire.us, type = AAAA, class = IN
    AUTHORITY RECORDS:
    -> heroesforhire.us
    ttl = 600 (10 mins)
    primary name server = ns01.domaincontrol.com
    responsible mail addr = dns.jomax.net
    serial = 2019030504
    refresh = 28800 (8 hours)
    retry = 7200 (2 hours)
    expire = 604800 (7 days)
    default TTL = 600 (10 mins)
    ------------
    Name: heroesforhire.us
    Address: 184.168.139.84
    Got answer:
    HEADER:
    opcode = QUERY, id = 1, rcode = NOERROR
    header flags: response, want recursion, recursion avail.
    questions = 1, answers = 1, authority records = 0, additional = 0
    QUESTIONS:
    8.8.8.8.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    -> 8.8.8.8.in-addr.arpa
    name = dns.google
    ttl = 21427 (5 hours 57 mins 7 secs)
    ------------
    Server: dns.google
    Address: 8.8.8.8
    ------------
    Got answer:
    HEADER:
    opcode = QUERY, id = 2, rcode = NOERROR
    header flags: response, want recursion, recursion avail.
    questions = 1, answers = 1, authority records = 0, additional = 0
    QUESTIONS:
    heroesforhire.us, type = A, class = IN
    ANSWERS:
    -> heroesforhire.us
    internet address = 184.168.139.84
    ttl = 2736 (45 mins 36 secs)
    ------------
    Non-authoritative answer:
    ------------
    Got answer:
    HEADER:
    opcode = QUERY, id = 3, rcode = NOERROR
    header flags: response, want recursion, recursion avail.
    questions = 1, answers = 0, authority records = 1, additional = 0
    QUESTIONS:
    heroesforhire.us, type = AAAA, class = IN
    AUTHORITY RECORDS:
    -> heroesforhire.us
    ttl = 599 (9 mins 59 secs)
    primary name server = ns01.domaincontrol.com
    responsible mail addr = dns.jomax.net
    serial = 2019030504
    refresh = 28800 (8 hours)
    retry = 7200 (2 hours)
    expire = 604800 (7 days)
    default TTL = 600 (10 mins)
    ------------
    Name: heroesforhire.us
    Address: 184.168.139.84
     
  20. ex313

    ex313 Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    60
    No - but if I turn the VPN on - the site loads properly.