You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Showing SSL error for genuine sites (links from google search results) and then getting routed to spam advertising sites.

I am facing this problem on both my iPhone and on my Macbook. The Safari is showing links for google search results as not having valid SSL certificates. When I click proceed to site, I get routed to this IP address always - http: //89.208.103.43.


From there, the browser automatically shows many spam Advertising sites. This happens simultaneously on my iPhone as well as on my Macbook. This is only on Safari. If I use Microsoft Edge, this problem vanishes. When I go back to Safari, the same problem is seen. I have tried resetting the Safari on Iphone and clearing website data and cookies on Safari, Macbook.


Still the problem somehow comes back. I am also worried about Malware or something like that installed in my devices. Please help.


[Link Edited by Moderator]

MacBook Pro 13″, macOS 13.1

Posted on Dec 26, 2022 7:07 AM

Reply

Similar questions

9 replies

Dec 27, 2022 1:15 AM in response to Grant Bennet-Alder

Hello,


Thank you for your quick response!


I was not able to capture the certificate on Macbook because the links kept changing fast and the certificate was not visible after that. On my iPhone (13 Pro), I captured the following screenshots of the SSL certificate.





Hope this helps. I have also Reset my iPhone, erasing all data and then backing up from iCloud. The problem haven't gone away.


Thanking you for the help,

Hashin

Dec 27, 2022 8:37 AM in response to hashinjithu

The IP address you listed appear to be registered in Amsterdam.


The iPhone is a closed device. Unless you did a deliberate "jailbreak" to allow it to load software from wherever you choose, nothing except signed, notarized App Store Apps can be installed.


¿are you an iPhone developer? if you are, you should reach out to developer support for help.


Your certificate for localhost is troubling in itself. Localhost is the current device. There is generally no certificate installed for localhost, and if there were one, I would expect it to point back to Apple, not to ospanel.


--------

Another possibility is that your Domain Name Server (DNS) Address in your phone and/or Mac is being provided by your Router automatically, and the address in you Router has been changed to point to a malicious DNS server. In general, you should be using the DNS provided by your Internet service provider, but the default is to use the address provided by your Router. (Your Router automatically gets its DNS server address from the next Router upstream, that belongs to your ISP.)


To just try some stuff, WRITE down the numbers you have now,

then you could deliberately use Google DNS numbers:


8.8.8.8

8.8.4.4


and see if anything changes


On your Mac, you can connect to your Router and check to be sure its DNS address is correct, by logging in to your Router as administrator and reading the settings.


This is a really complex problem, and you may need to contact Apple support for more help:


Official Apple Support



.

Dec 28, 2022 11:41 AM in response to hashinjithu

You also want to change the admin password of your router after you reset the router. In fact, it is even better if you can also change the actual "admin" name as well to make it more difficult for anyone to guess the login credentials of the router, but some routers don't allow it.


The UPnP feature of routers (enabled by default on most routers) are considered vulnerable especially if you have older routers that were never patched. Yes, consumer router vendors are very bad at updating router firmware to address security concerns since many of them stop supporting routers after a short period of time.


Also many consumer home routers and even other IoT devices (aka "Smart Devices", any device with network access like TV, refrigerator, etc.) have very poor security, it is best to keep their firmware updated if possible.


Here are just some articles regarding the numerous vulnerabilities of consumer home routers and other Smart Devices found in the home these days:

https://arstechnica.com/information-technology/2018/05/fbi-tells-router-users-to-reboot-now-to-kill-malware-infecting-500k-devices/


https://arstechnica.com/information-technology/2022/06/a-wide-range-of-routers-are-under-attack-by-new-unusually-sophisticated-malware/


https://arstechnica.com/information-technology/2018/11/mass-router-hack-exposes-millions-of-devices-to-potent-nsa-exploit/


https://arstechnica.com/information-technology/2017/11/rethinking-our-approach-toward-personal-threat-models-in-an-iot-world/



While macOS has great built-in security, it also require the user to do their part as well by practicing safe computing habits such as those mentioned in this excellent article written by a respected forum contributor:

Effective defenses against malware and other threats - Apple Community


Dec 27, 2022 1:55 AM in response to Grant Bennet-Alder

Comment 2


I got the following screenshots of certificates from the sites I was repeatedly routed to (the come back to back). I am also attaching a list of links I found from the browser history (Safari kept of taking me to them).






This is getting more and more annoying. Resetting the iPhone hasn't helped. My Macbook has also infected. I tried installing Malware Bytes, but it doesn't detect anything on scanning. What is the way forward?


Thanking you,

Hashin

Dec 28, 2022 3:09 AM in response to Grant Bennet-Alder

Thank you so much! The DNS was pointed to a malicious server as you have correctly diagnosed. Pointed it back to 8.8.8.8 and 8.8.4.4 and the issue went away completely!


Thank you so much for your time and patience. In fact, I had contacted Apple support, but they were also not able to figure this out. I just had to reset my iPhone as well as my MacBook. Thank you once again!

Dec 28, 2022 7:32 AM in response to hashinjithu

There is one more related detail your should check.


On your Router, the way you usually login to check things and make adjustments is as a LOCAL administrator (connecting from your network). This is a great feature, and may be needed from time-to-time.


Most Routers also allow REMOTE administration (connecting from anywhere on the Internet) . This is a security risk. Unless you know you MUST use it frequently, you should disable the ability to log in and make changes REMOTELY.

Feb 4, 2023 10:47 AM in response to hashinjithu

I am facing this problem too on both all my families iPhones. The Safari is showing links for google search results as not having valid SSL certificates. When I click proceed to site, I get routed to this IP address always - http: //89.208.103.43.


These are new iphones, they are not hacked, bought fresh from local Apple store. The issues started occurring when the iphones are connected to home WIFI, but now it occurs when using cell data too. The issue just started 0/01/2023. I've factory reset the WIFI. I've clears the safari's data and history, but the issue comes back.


I have not only cleared data & history, I closed all app tabs.


I did find that my DNS on my firewall was changed to 79.137.248.21 and 8.8.8.8. the 79.137.248.21 is in

Helsinki, Uusimaa, Finland, so might have been hacked, but oddly only the devices on wifi were affected, hardwired PCs were not affected.





Feb 4, 2023 11:53 AM in response to jsh80

jsh80-


DNS numbers are normally Provided DIRECTLY by your Router when you use DHCP to get a good local IP address and connect.


if the ones on your Router are manually deleted and you re-connect with your ISP's upstream router, the ISP Router will give your Router its DNS numbers.


... or you can intervene manually and place know good numbers in Your Router, then reconnect to get them on your devices.


This is not a Virus attack, defined as a spontaneous breaching of your Mac or phone without your intervention.


It may be caused by an attack, but not one that compromised your devices' integrity. Fix the DNS numbers and your device should be fine for now. Then make sure your Router does not allow administration remotely -- FROM the Internet -- and change the login-name and password away from the default.

Showing SSL error for genuine sites (links from google search results) and then getting routed to spam advertising sites.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.