--thanks everyone this has been resolved, see my answer below--
I created an Debian/OpenVPN server several months ago for private use but in the last two days I've noticed something extremely unsettling and strange.
It happens just with a single google search, but it can only be recreated while connected over OpenVPN. I've already tried changing DNS servers/different computers/etc...
This is what happens:
I go to news.google.com , search for the string 'russia syria'. When I click the link "Explore in Depth", a page of results comes up.
However, this page now seems to include links redirecting to "search.news.cn".
It only seems to do this for this particular search.
When I access the google page via wget on the server, it pulls down HTML including similar links.
The OpenVPN server is located in Canada, and I'm not in China.
Any ideas on what might be going on?
- I've also run rkhunter which detected no threats