I opened firefox After about an hour of the system being in standby and in theSponsored Links row there were 2 new entries

http:/ /bom07s30-in-x03. 1e100. net/ (I dismantled the URLs to prevent accidental clicks)

pnbomb-ac-in-x0e.1e100

I right clicked and searched in Google and it showed up as this

pnbomb-ac-in-x0e.1e100 Sponsored it disappeared after a while, just to be sure I ran sudo lsof -i and noticed firefox was connected to this url

maa05s15-in-x03.1e100.net

I am not sure if am infected or this is just a glitch(I obviously didn’t click on the links)

  • What's Delicious?
    link
    fedilink
    arrow-up
    51
    ·
    10 months ago

    Others have answered your question. I would like to add that when you want to “dismantle” the URL, there is a practice in cyber security called URL Defanging. Protocols are escaped, such that http becomes hxxp. Other significant symbols that are :// becomes [://] and . becomes [.]

    Combining these, your URL becomes: hxxp[://]bom07s30-in-x03[.]1e100[.]net/

    Which will be safer for others to navigate. It will take an extra effort to revert it back to the functional URL. Tools like CyberChef can perform this action if you seek a more streamlined solution.

    • BaumGeist
      link
      fedilink
      arrow-up
      3
      ·
      10 months ago

      TIL. I didn’t know there was a standard, and I’ve never seen “hxxp”, although the rest is familiar looking.