right on the day since I installed (and uninstalled) Zoom, various URLs began to be forwarded to localhost
. Like:
$ traceroute -I googleadservices.com
traceroute to googleadservices.com (127.0.0.1), 64 hops max, 72 byte packets
1 localhost (127.0.0.1) 0.525 ms 0.061 ms 0.054 ms
Other sites and services are affected, too, so I had to grab the IPs behind the domains and hardcode things in the /etc/hosts
to be able to work, it looks like this now:
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
# Added by Docker Desktop
# To allow the same kube context to work on the host and the container:
127.0.0.1 kubernetes.docker.internal
# End of section
#manual quickfixes:
140.82.113.3 github.com
140.82.118.4 gist.github.com
151.101.52.133 gist.githubusercontent.com
104.28.28.240 coronazaehler.de
172.217.2.106 firebasestorage.googleapis.com
104.26.1.95 myairbridge.com
157.240.18.19 cdn.fbsbx.com
# BEGIN section for OpenVPN Client SSL sites
127.94.0.1 client.openvpn.net
127.94.0.2 openvpn-client.vpn.leondrino.com
# END section for OpenVPN Client SSL sites
Using NordVPN doesn't change anything, but with TOR I can access everything.
What could be wrong ?
Best Answer
Unbelievable, after months of digging around cluelessly, I seem to have found it out. Apparently, the IPs
are part of some malicious part, they appear here:
and this resolver #2 isn't shown in any DNS settings in the system config.
running
$sudo scutil
, I found these IPs in this entry:The top answer here showed me how to replace this entry with a proper one. After that, I ran:
What kind of crap could that have been ?