I think Firefox is ignoring the @number part and sending the first part, which looks like a domain, for resolution, but I can't say for sure.

Believe it or not, .bs is the Bahamas domain, so it's possible their DNS is sending Firefox to the other site. However, I'm having a hard time figuring out how to trace it without installing a proxy.

Hmm, scratch that. I get the same address if I submit

mail.google.com@487219106

so Firefox must be somehow taking that @number into account.

Back in the day, a username@password might be added to a URL, but there is nothing else in this case.

Someone with a proxy or detailed firewall log could take a closer look.

Edit: Seems to be the same thing if i type random shijt like fsssfadfds.fsfdsfs.BS@487219106 in the adress field. <----  :)

Back in the day it was possible to log in to certain sites with user:name@domain iirc but not user.name. Its been... well 20 years or so since i last used a login like that heh

Why would a domain in bahamas send me to the Department of Defence in the US? And why would 123123.123123@3123121423 also send me to the same ip in Bahamas/US Government?

I forgot to ad the screenshot that verifies that its actually sending me to the DoD owned ip for some reason.

I havent changed any local DNS settings or done anything out of the ordinary as of late.

Ive tried with and without all the Addons/Plugins and got the same result.

I Dont get an attempt to reach that ip no matter how hard i try without using the same WORD.WORD@NUMBER string

Also if this isn't a Firefox Issue then im not sure what type of issue it could be? I would run Wireshark but ever since i got a stroke i havent been able to comprehend all the network stuff i used to know so its a labyrinth to me to even set up a filter to sort out a specific ip.

Edit: It seems to connect to Different IPs whenever you change the string after the @, and if the string is long enough it just tries to find the string itself? Hmm

asdasads.dsfsdf@324324324 got me to 0.49.124.215 (?) and one string got me to 19.84.203.228 (ford motors?)

Focusrite said

Back in the day it was possible to log in to certain sites with user:name@domain iirc but not user.name.

Thank you for the correction.

Do you want to file a bug? https://bugzilla.mozilla.org/

jscher2000 said

Focusrite said

Back in the day it was possible to log in to certain sites with user:name@domain iirc but not user.name.

Thank you for the correction.

Do you want to file a bug? https://bugzilla.mozilla.org/

Yeah i think i'll file a bug report because im genuinly scratching my head man :)

Have you tried doing a web search for another link?

Yes im experimenting with the bug format and have found that it somtimes gives totally false ip adressed (such as ones starting with 0.0.*.*) and using a special set of strings it gives you a suggestion to visit a site that doesnt exist using the random.string@random.ip.adress.suggestion

Other terms and formats of random words leads me directly to google or the site im looking for

Im writing up a small bug report as we speak.

An Integer can be translated to a HEX number and that interpreted as an IP. 487219106 translates to http://29.10.95.162/

• 487219106 = HEX:1D0A5FA2 = 1D.0A.5F.A2 = 29.10.95.162

So Win32.Adposhel.BS@487219106 would be interpreted as going to this IP with the username being the part before the @ sign, so this is expected behavior. 584753428 This website: 34.218.161.20 = HEX 22DAA114 = 584753428

• https://584753428/ -> https://34.218.161.20/

That is most likely it!

And my initial post here isnt as correct as i first thought. its NOT related to DoD. That was just an ip adress that popped up with the virusname string and in several other strings i tried. I didnt mean to come off as paranoid or some shit like that!

I have since experimented and found out that i can get several url suggestions using different strings etc.

By the way, is there a 10 or 11 character limit on that integer? I found out that the url suggestions stop being actual ip suggestions if i type in 11 characters hence my question :)

This is the maximum: FF.FF.FF.FF = 4294967295

I didn't take enough math classes to guess this!

Is it a desirable behavior? I'm not sure it's great from a "user expectations" perspective to do this kind of conversion automatically.

Well ill be damned.

I wonder why it seems to require that you type in random.word@something when popcorn@1432432 doesnt do anything?

Focusrite said

I have posted this to the bugzilla and gotten a reply there. Thanks for your input guys!

Keep us posted. BTW; What is the bug number.

FredMcD said

Focusrite said

I have posted this to the bugzilla and gotten a reply there. Thanks for your input guys!

Keep us posted. BTW; What is the bug number.

The number is 1538374 and is availible at https://bugzilla.mozilla.org/show_bug.cgi?id=1538374

Im sorry for my bad writeup, i dont even know if what i wrote makes any sense. i was about to go to sleep when i found this stuff and i dont get more alert as time pass lol. it felt as if i needed to report it asap instead of waiting and forgetting it

cheers

jscher2000 said

I didn't take enough math classes to guess this! Is it a desirable behavior? I'm not sure it's great from a "user expectations" perspective to do this kind of conversion automatically.

I think one of the threads that the bugzilla guy wrote something about it being a violation of an RFC (he wrote it literally 18 years ago. damn i miss Netscape!) but.. too much text. too little sleep. my brain went bye bye hours ago

In the bug report, Focusrite said;

I was trying to search for a virus named Win32.Adposhel.BS@487219106 and typed it in the adress bar.

If you use a period or certain other characters, the browser thinks it's a web address.

PS: https://www.bing.com/search?q=Win32.Adposhel.BS%40487219106