I have a question about what might possibly be a bug || EDIT: I have posted this to the bugzilla and gotten a reply there. Thanks for your input guys!
Hi there.
I typed in Win32.Adposhel.BS@487219106 in my browser (Firefox 66.0 (64-bits) and THIS ip was being connected: https://www.whois.com/whois/29.10.95.162
It is the The Departement of Defence in the US...
1. Its not even an ip. 2. When i type in @487219106 or 487219106 or www.Adposhel.BS or https://Adposhel.BS my computer does Not try to contact no damn US Government server thats for sure.
Is this a Firefox bug or can someone check it out to see if the ip blinks past/loads when you go to Win32.Adposhel.BS@487219106 ?
If it is a bug then its one hell of a weird one!
Ive i've scanned and didnt find any malware on my pc (ive used ~5 different scanners just to be sure theres nothing fishy on my end)
Is there any explanation as of Why that particular ip/government branch is being contacted when i type in "Win32.Adposhel.BS@487219106 " without the quotation marks?
Oh by the way the string itself is the name of a virus appearantly and i was going to investigate what type of virus it was, but when i typed it in the adressbar the weirdness above ensued.
I may ask the same question on Reddit if i dont get a valid answer here.
Edit: Seems to be the same thing if i type random shijt like fsssfadfds.fsfdsfs.BS@487219106 in the adress field.
Được chỉnh sửa bởi Focusrite vào
Tất cả các câu trả lời (17)
I think Firefox is ignoring the @number part and sending the first part, which looks like a domain, for resolution, but I can't say for sure.
Believe it or not, .bs is the Bahamas domain, so it's possible their DNS is sending Firefox to the other site. However, I'm having a hard time figuring out how to trace it without installing a proxy.
Hmm, scratch that. I get the same address if I submit
mail.google.com@487219106
so Firefox must be somehow taking that @number into account.
Back in the day, a username@password might be added to a URL, but there is nothing else in this case.
Someone with a proxy or detailed firewall log could take a closer look.
Edit: Seems to be the same thing if i type random shijt like fsssfadfds.fsfdsfs.BS@487219106 in the adress field. <---- :)
Back in the day it was possible to log in to certain sites with user:name@domain iirc but not user.name. Its been... well 20 years or so since i last used a login like that heh
Why would a domain in bahamas send me to the Department of Defence in the US? And why would 123123.123123@3123121423 also send me to the same ip in Bahamas/US Government?
I forgot to ad the screenshot that verifies that its actually sending me to the DoD owned ip for some reason.
I havent changed any local DNS settings or done anything out of the ordinary as of late.
Ive tried with and without all the Addons/Plugins and got the same result.
I Dont get an attempt to reach that ip no matter how hard i try without using the same WORD.WORD@NUMBER string
Also if this isn't a Firefox Issue then im not sure what type of issue it could be? I would run Wireshark but ever since i got a stroke i havent been able to comprehend all the network stuff i used to know so its a labyrinth to me to even set up a filter to sort out a specific ip.
Edit: It seems to connect to Different IPs whenever you change the string after the @, and if the string is long enough it just tries to find the string itself?
Hmm
asdasads.dsfsdf@324324324 got me to 0.49.124.215 (?) and one string got me to 19.84.203.228 (ford motors?)
Được chỉnh sửa bởi Focusrite vào
Focusrite said
Back in the day it was possible to log in to certain sites with user:name@domain iirc but not user.name.
Thank you for the correction.
Do you want to file a bug? https://bugzilla.mozilla.org/
jscher2000 said
Focusrite saidBack in the day it was possible to log in to certain sites with user:name@domain iirc but not user.name.Thank you for the correction.
Do you want to file a bug? https://bugzilla.mozilla.org/
Yeah i think i'll file a bug report because im genuinly scratching my head man :)
Have you tried doing a web search for another link?
Yes im experimenting with the bug format and have found that it somtimes gives totally false ip adressed (such as ones starting with 0.0.*.*) and using a special set of strings it gives you a suggestion to visit a site that doesnt exist using the random.string@random.ip.adress.suggestion
Other terms and formats of random words leads me directly to google or the site im looking for
Im writing up a small bug report as we speak.
Được chỉnh sửa bởi Focusrite vào
An Integer can be translated to a HEX number and that interpreted as an IP. 487219106 translates to http://29.10.95.162/
- 487219106 = HEX:1D0A5FA2 = 1D.0A.5F.A2 = 29.10.95.162
So Win32.Adposhel.BS@487219106 would be interpreted as going to this IP with the username being the part before the @ sign, so this is expected behavior. 584753428 This website: 34.218.161.20 = HEX 22DAA114 = 584753428
- https://584753428/ -> https://34.218.161.20/
That is most likely it!
And my initial post here isnt as correct as i first thought. its NOT related to DoD. That was just an ip adress that popped up with the virusname string and in several other strings i tried. I didnt mean to come off as paranoid or some shit like that!
I have since experimented and found out that i can get several url suggestions using different strings etc.
By the way, is there a 10 or 11 character limit on that integer? I found out that the url suggestions stop being actual ip suggestions if i type in 11 characters hence my question :)
Được chỉnh sửa bởi Focusrite vào
This is the maximum: FF.FF.FF.FF = 4294967295
I didn't take enough math classes to guess this!
Is it a desirable behavior? I'm not sure it's great from a "user expectations" perspective to do this kind of conversion automatically.
Well ill be damned.
I wonder why it seems to require that you type in random.word@something when popcorn@1432432 doesnt do anything?
Focusrite said
I have posted this to the bugzilla and gotten a reply there. Thanks for your input guys!
Keep us posted. BTW; What is the bug number.
FredMcD said
Focusrite saidI have posted this to the bugzilla and gotten a reply there. Thanks for your input guys!Keep us posted. BTW; What is the bug number.
The number is 1538374 and is availible at https://bugzilla.mozilla.org/show_bug.cgi?id=1538374
Im sorry for my bad writeup, i dont even know if what i wrote makes any sense. i was about to go to sleep when i found this stuff and i dont get more alert as time pass lol. it felt as if i needed to report it asap instead of waiting and forgetting it
cheers
jscher2000 said
I didn't take enough math classes to guess this! Is it a desirable behavior? I'm not sure it's great from a "user expectations" perspective to do this kind of conversion automatically.
I think one of the threads that the bugzilla guy wrote something about it being a violation of an RFC (he wrote it literally 18 years ago. damn i miss Netscape!) but.. too much text. too little sleep. my brain went bye bye hours ago
In the bug report, Focusrite said;
I was trying to search for a virus named Win32.Adposhel.BS@487219106 and typed it in the adress bar.
If you use a period or certain other characters, the browser thinks it's a web address.
PS: https://www.bing.com/search?q=Win32.Adposhel.BS%40487219106
Được chỉnh sửa bởi FredMcD vào