X
Tippen Sie hierhin, um die Version dieser Website für Mobilgeräte aufzurufen.

Hilfeforum

I have a question about what might possibly be a bug || EDIT: I have posted this to the bugzilla and gotten a reply there. Thanks for your input guys!

Veröffentlicht

Hi there.

I typed in Win32.Adposhel.BS@487219106 in my browser (Firefox 66.0 (64-bits) and THIS ip was being connected: https://www.whois.com/whois/29.10.95.162

It is the The Departement of Defence in the US...

1. Its not even an ip. 2. When i type in @487219106 or 487219106 or www.Adposhel.BS or https://Adposhel.BS my computer does Not try to contact no damn US Government server thats for sure.

Is this a Firefox bug or can someone check it out to see if the ip blinks past/loads when you go to Win32.Adposhel.BS@487219106 ?

If it is a bug then its one hell of a weird one!

Ive i've scanned and didnt find any malware on my pc (ive used ~5 different scanners just to be sure theres nothing fishy on my end)

Is there any explanation as of Why that particular ip/government branch is being contacted when i type in "Win32.Adposhel.BS@487219106 " without the quotation marks?

Oh by the way the string itself is the name of a virus appearantly and i was going to investigate what type of virus it was, but when i typed it in the adressbar the weirdness above ensued.

I may ask the same question on Reddit if i dont get a valid answer here.

Edit: Seems to be the same thing if i type random shijt like fsssfadfds.fsfdsfs.BS@487219106 in the adress field.

Hi there. I typed in Win32.Adposhel.BS@487219106 in my browser (Firefox 66.0 (64-bits) and THIS ip was being connected: https://www.whois.com/whois/29.10.95.162 It is the The Departement of Defence in the US... 1. Its not even an ip. 2. When i type in @487219106 or 487219106 or www.Adposhel.BS or https://Adposhel.BS my computer does Not try to contact no damn US Government server thats for sure. Is this a Firefox bug or can someone check it out to see if the ip blinks past/loads when you go to Win32.Adposhel.BS@487219106 ? If it is a bug then its one hell of a weird one! Ive i've scanned and didnt find any malware on my pc (ive used ~5 different scanners just to be sure theres nothing fishy on my end) Is there any explanation as of Why that particular ip/government branch is being contacted when i type in "Win32.Adposhel.BS@487219106 " without the quotation marks? Oh by the way the string itself is the name of a virus appearantly and i was going to investigate what type of virus it was, but when i typed it in the adressbar the weirdness above ensued. I may ask the same question on Reddit if i dont get a valid answer here. Edit: Seems to be the same thing if i type random shijt like fsssfadfds.fsfdsfs.BS@487219106 in the adress field.

Geändert am von Focusrite

Mehr Details zum System

Anwendung

  • User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0

Weitere Informationen

jscher2000
  • Top 10 Contributor
8773 Lösungen 71727 Antworten
Veröffentlicht

I think Firefox is ignoring the @number part and sending the first part, which looks like a domain, for resolution, but I can't say for sure.

Believe it or not, .bs is the Bahamas domain, so it's possible their DNS is sending Firefox to the other site. However, I'm having a hard time figuring out how to trace it without installing a proxy.

I think Firefox is ignoring the @number part and sending the first part, which looks like a domain, for resolution, but I can't say for sure. Believe it or not, .bs is the Bahamas domain, so it's possible their DNS is sending Firefox to the other site. However, I'm having a hard time figuring out how to trace it without installing a proxy.
jscher2000
  • Top 10 Contributor
8773 Lösungen 71727 Antworten
Veröffentlicht

Hmm, scratch that. I get the same address if I submit

mail.google.com@487219106

so Firefox must be somehow taking that @number into account.

Back in the day, a username@password might be added to a URL, but there is nothing else in this case.

Someone with a proxy or detailed firewall log could take a closer look.

Hmm, scratch that. I get the same address if I submit mail.google.com@487219106 so Firefox must be somehow taking that @number into account. Back in the day, a username@password might be added to a URL, but there is nothing else in this case. Someone with a proxy or detailed firewall log could take a closer look.

Fragesteller

Edit: Seems to be the same thing if i type random shijt like fsssfadfds.fsfdsfs.BS@487219106 in the adress field. <----  :)

Back in the day it was possible to log in to certain sites with user:name@domain iirc but not user.name. Its been... well 20 years or so since i last used a login like that heh

Why would a domain in bahamas send me to the Department of Defence in the US? And why would 123123.123123@3123121423 also send me to the same ip in Bahamas/US Government?

Edit: Seems to be the same thing if i type random shijt like fsssfadfds.fsfdsfs.BS@487219106 in the adress field. <---- :) Back in the day it was possible to log in to certain sites with user:name@domain iirc but not user.name. Its been... well 20 years or so since i last used a login like that heh Why would a domain in bahamas send me to the Department of Defence in the US? And why would 123123.123123@3123121423 also send me to the same ip in Bahamas/US Government?

Fragesteller

I forgot to ad the screenshot that verifies that its actually sending me to the DoD owned ip for some reason.


I havent changed any local DNS settings or done anything out of the ordinary as of late.

Ive tried with and without all the Addons/Plugins and got the same result.

I Dont get an attempt to reach that ip no matter how hard i try without using the same WORD.WORD@NUMBER string

Also if this isn't a Firefox Issue then im not sure what type of issue it could be? I would run Wireshark but ever since i got a stroke i havent been able to comprehend all the network stuff i used to know so its a labyrinth to me to even set up a filter to sort out a specific ip.


Edit: It seems to connect to Different IPs whenever you change the string after the @, and if the string is long enough it just tries to find the string itself? Hmm


asdasads.dsfsdf@324324324 got me to 0.49.124.215 (?) and one string got me to 19.84.203.228 (ford motors?)

I forgot to ad the screenshot that verifies that its actually sending me to the DoD owned ip for some reason. I havent changed any local DNS settings or done anything out of the ordinary as of late. Ive tried with and without all the Addons/Plugins and got the same result. I Dont get an attempt to reach that ip no matter how hard i try without using the same WORD.WORD@NUMBER string Also if this isn't a Firefox Issue then im not sure what type of issue it could be? I would run Wireshark but ever since i got a stroke i havent been able to comprehend all the network stuff i used to know so its a labyrinth to me to even set up a filter to sort out a specific ip. Edit: It seems to connect to Different IPs whenever you change the string after the @, and if the string is long enough it just tries to find the string itself? Hmm asdasads.dsfsdf@324324324 got me to 0.49.124.215 (?) and one string got me to 19.84.203.228 (ford motors?)

Geändert am von Focusrite

jscher2000
  • Top 10 Contributor
8773 Lösungen 71727 Antworten
Veröffentlicht

Focusrite said

Back in the day it was possible to log in to certain sites with user:name@domain iirc but not user.name.

Thank you for the correction.

Do you want to file a bug? https://bugzilla.mozilla.org/

''Focusrite [[#answer-1207310|said]]'' <blockquote> Back in the day it was possible to log in to certain sites with user:name@domain iirc but not user.name. </blockquote> Thank you for the correction. Do you want to file a bug? https://bugzilla.mozilla.org/

Fragesteller

jscher2000 said

Focusrite said
Back in the day it was possible to log in to certain sites with user:name@domain iirc but not user.name.

Thank you for the correction.

Do you want to file a bug? https://bugzilla.mozilla.org/

Yeah i think i'll file a bug report because im genuinly scratching my head man :)

''jscher2000 [[#answer-1207314|said]]'' <blockquote> ''Focusrite [[#answer-1207310|said]]'' <blockquote> Back in the day it was possible to log in to certain sites with user:name@domain iirc but not user.name. </blockquote> Thank you for the correction. Do you want to file a bug? https://bugzilla.mozilla.org/ </blockquote> Yeah i think i'll file a bug report because im genuinly scratching my head man :)
FredMcD
  • Top 10 Contributor
4259 Lösungen 59635 Antworten
Veröffentlicht

Have you tried doing a web search for another link?

Have you tried doing a web search for another link?

Fragesteller

Yes im experimenting with the bug format and have found that it somtimes gives totally false ip adressed (such as ones starting with 0.0.*.*) and using a special set of strings it gives you a suggestion to visit a site that doesnt exist using the random.string@random.ip.adress.suggestion

Other terms and formats of random words leads me directly to google or the site im looking for

Im writing up a small bug report as we speak.

Yes im experimenting with the bug format and have found that it somtimes gives totally false ip adressed (such as ones starting with 0.0.*.*) and using a special set of strings it gives you a suggestion to visit a site that doesnt exist using the random.string@random.ip.adress.suggestion Other terms and formats of random words leads me directly to google or the site im looking for Im writing up a small bug report as we speak.

Geändert am von Focusrite

cor-el
  • Top 10 Contributor
  • Moderator
17537 Lösungen 158573 Antworten
Veröffentlicht

Hilfreiche Antwort

An Integer can be translated to a HEX number and that interpreted as an IP. 487219106 translates to http://29.10.95.162/

  • 487219106 = HEX:1D0A5FA2 = 1D.0A.5F.A2 = 29.10.95.162

So Win32.Adposhel.BS@487219106 would be interpreted as going to this IP with the username being the part before the @ sign, so this is expected behavior. 584753428 This website: 34.218.161.20 = HEX 22DAA114 = 584753428

  • https://584753428/ -> https://34.218.161.20/
An Integer can be translated to a HEX number and that interpreted as an IP. 487219106 translates to http://29.10.95.162/ *487219106 = HEX:1D0A5FA2 = 1D.0A.5F.A2 = 29.10.95.162 So Win32.Adposhel.BS@487219106 would be interpreted as going to this IP with the username being the part before the @ sign, so this is expected behavior. 584753428 This website: 34.218.161.20 = HEX 22DAA114 = 584753428 *https://584753428/ -> https://34.218.161.20/

Fragesteller

That is most likely it!

And my initial post here isnt as correct as i first thought. its NOT related to DoD. That was just an ip adress that popped up with the virusname string and in several other strings i tried. I didnt mean to come off as paranoid or some shit like that!

I have since experimented and found out that i can get several url suggestions using different strings etc.

By the way, is there a 10 or 11 character limit on that integer? I found out that the url suggestions stop being actual ip suggestions if i type in 11 characters hence my question :)

That is most likely it! And my initial post here isnt as correct as i first thought. its NOT related to DoD. That was just an ip adress that popped up with the virusname string and in several other strings i tried. I didnt mean to come off as paranoid or some shit like that! I have since experimented and found out that i can get several url suggestions using different strings etc. By the way, is there a 10 or 11 character limit on that integer? I found out that the url suggestions stop being actual ip suggestions if i type in 11 characters hence my question :)

Geändert am von Focusrite

cor-el
  • Top 10 Contributor
  • Moderator
17537 Lösungen 158573 Antworten
Veröffentlicht

Hilfreiche Antwort

This is the maximum: FF.FF.FF.FF = 4294967295

This is the maximum: FF.FF.FF.FF = 4294967295
jscher2000
  • Top 10 Contributor
8773 Lösungen 71727 Antworten
Veröffentlicht

I didn't take enough math classes to guess this!

Is it a desirable behavior? I'm not sure it's great from a "user expectations" perspective to do this kind of conversion automatically.

I didn't take enough math classes to guess this! Is it a desirable behavior? I'm not sure it's great from a "user expectations" perspective to do this kind of conversion automatically.

Fragesteller

Well ill be damned.

I wonder why it seems to require that you type in random.word@something when popcorn@1432432 doesnt do anything?

Well ill be damned. I wonder why it seems to require that you type in random.word@something when popcorn@1432432 doesnt do anything?
FredMcD
  • Top 10 Contributor
4259 Lösungen 59635 Antworten
Veröffentlicht

Focusrite said

I have posted this to the bugzilla and gotten a reply there. Thanks for your input guys!

Keep us posted. BTW; What is the bug number.

Focusrite said <blockquote> I have posted this to the bugzilla and gotten a reply there. Thanks for your input guys! </blockquote> Keep us posted. BTW; What is the bug number.

Fragesteller

FredMcD said

Focusrite said
I have posted this to the bugzilla and gotten a reply there. Thanks for your input guys!

Keep us posted. BTW; What is the bug number.

The number is 1538374 and is availible at https://bugzilla.mozilla.org/show_bug.cgi?id=1538374

Im sorry for my bad writeup, i dont even know if what i wrote makes any sense. i was about to go to sleep when i found this stuff and i dont get more alert as time pass lol. it felt as if i needed to report it asap instead of waiting and forgetting it

cheers

''FredMcD [[#answer-1207377|said]]'' <blockquote> Focusrite said <blockquote> I have posted this to the bugzilla and gotten a reply there. Thanks for your input guys! </blockquote> Keep us posted. BTW; What is the bug number. </blockquote> The number is 1538374 and is availible at https://bugzilla.mozilla.org/show_bug.cgi?id=1538374 Im sorry for my bad writeup, i dont even know if what i wrote makes any sense. i was about to go to sleep when i found this stuff and i dont get more alert as time pass lol. it felt as if i needed to report it asap instead of waiting and forgetting it cheers

Fragesteller

jscher2000 said

I didn't take enough math classes to guess this! Is it a desirable behavior? I'm not sure it's great from a "user expectations" perspective to do this kind of conversion automatically.

I think one of the threads that the bugzilla guy wrote something about it being a violation of an RFC (he wrote it literally 18 years ago. damn i miss Netscape!) but.. too much text. too little sleep. my brain went bye bye hours ago

''jscher2000 [[#answer-1207373|said]]'' <blockquote> I didn't take enough math classes to guess this! Is it a desirable behavior? I'm not sure it's great from a "user expectations" perspective to do this kind of conversion automatically. </blockquote> I think one of the threads that the bugzilla guy wrote something about it being a violation of an RFC (he wrote it literally 18 years ago. damn i miss Netscape!) but.. too much text. too little sleep. my brain went bye bye hours ago
FredMcD
  • Top 10 Contributor
4259 Lösungen 59635 Antworten
Veröffentlicht

In the bug report, Focusrite said;

I was trying to search for a virus named Win32.Adposhel.BS@487219106 and typed it in the adress bar.

If you use a period or certain other characters, the browser thinks it's a web address.

PS: https://www.bing.com/search?q=Win32.Adposhel.BS%40487219106

In the bug report, Focusrite said; <blockquote> I was trying to search for a virus named Win32'''.'''Adposhel'''.'''BS@487219106 and typed it in the adress bar. </blockquote> If you use a period or certain other characters, the browser thinks it's a web address. PS: https://www.bing.com/search?q=Win32.Adposhel.BS%40487219106

Geändert am von FredMcD