Just to weigh in: Here in Germany, the largest internet provider (Deutsche Telekom) did the same thing. It's basically just a "search guide", it redirects you to a search page and assumes you just had a typo in the URL.
Telekom stopped doing that in April, after a user reported them to the district attorney for supposed data manipulation, a misdemeanor. Am 18.11.2019 um 18:45 schrieb Marshall, Quincy: > This is mostly informational and may have already hit this group. My > google-foo failed me if so. > > > > I discovered that the CenturyLink/Level(3) public DNS (4.2.2.2, etc) are > spoofing all domains. If the hostname begins with a “w” and does not exist in > the authoritative zone these hosts will return two Akamai hosts. > > > > [root@localhost ~]# dig +short w3.dummydomaindoesntexist.gov @4.2.2.2 > > 23.202.231.167 > > 23.217.138.108 > > [root@localhost ~]# dig +short w3.dummydomaindoesntexist.net @4.2.2.2 > > 23.202.231.167 > > 23.217.138.108 > > [root@localhost ~]# dig +short w3.dummydomaindoesntexist.com @4.2.2.2 > > 23.202.231.167 > > 23.217.138.108 > > [root@localhost ~]# dig +short w3.dummydomaindoesntexist.org @4.2.2.2 > > 23.202.231.167 > > 23.217.138.108 > > > > My apologies if this is old news. > > > > *Lawrence Q. Marshall* > > > > > > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > This email has been scanned for email related threats and delivered safely by > Mimecast. > For more information please visit http://www.mimecast.com > <http://www.mimecast.com> > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
