I opened firefox After about an hour of the system being in standby and in theSponsored Links row there were 2 new entries

http:/ /bom07s30-in-x03. 1e100. net/ (I dismantled the URLs to prevent accidental clicks)

pnbomb-ac-in-x0e.1e100

I right clicked and searched in Google and it showed up as this

pnbomb-ac-in-x0e.1e100 Sponsored it disappeared after a while, just to be sure I ran sudo lsof -i and noticed firefox was connected to this url

maa05s15-in-x03.1e100.net

I am not sure if am infected or this is just a glitch(I obviously didn’t click on the links)

  • What's Delicious?
    link
    fedilink
    4611 months ago

    Others have answered your question. I would like to add that when you want to “dismantle” the URL, there is a practice in cyber security called URL Defanging. Protocols are escaped, such that http becomes hxxp. Other significant symbols that are :// becomes [://] and . becomes [.]

    Combining these, your URL becomes: hxxp[://]bom07s30-in-x03[.]1e100[.]net/

    Which will be safer for others to navigate. It will take an extra effort to revert it back to the functional URL. Tools like CyberChef can perform this action if you seek a more streamlined solution.

    • @[email protected]
      link
      fedilink
      311 months ago

      TIL. I didn’t know there was a standard, and I’ve never seen “hxxp”, although the rest is familiar looking.

      • @somethingsomethingidk
        link
        2611 months ago

        From mozilla. I’m guessing that the links were hosted/owned/etc. by google. When your system resumed it only partially loaded the sponsored links and you were left with the text of the url.

        Your system is fine security wise, but privacy wise pinging google servers everytime you open a new tab is not ideal. This type of stuff is why I use Librewolf. Of course it’s up to you how much it bothers you. You can disable alot in vanilla firefox too.

        • @[email protected]OP
          link
          fedilink
          111 months ago

          Thank you, but is there anyway I can check whether i am infected or not just for peace of mind?

          • @RadicalEagle
            link
            1311 months ago

            No. Peace of mind comes from trusting, not from knowing.

          • @somethingsomethingidk
            link
            411 months ago

            Install clamav and run a scan. You will probably get false positives.

            For instance the gnome polkit agent has a “malicious” image that it tries to load at start and if it succeeds it kills the program before it can run. This is to keep an actually malicious icon from being used. I spent days on that one lol

              • @[email protected]
                link
                fedilink
                211 months ago

                Depends on the malware database you use, but out of the box it’ll catch wide range of stuff, even linux malwares (which is rare but exists and mostly infect vulnerable web servers).

            • Atemu
              link
              fedilink
              9
              edit-2
              11 months ago

              Note that anti-virus can only assert that you are infected, not the opposite.

              • @[email protected]
                link
                fedilink
                111 months ago

                You’re saying even if you’re not confirmed as infected, you’re not necessarily confirmed as not being infected. In other words, you’re talking about false positives.

                Am I understanding you correctly?

                • @[email protected]
                  link
                  fedilink
                  211 months ago

                  The opposite. Not found negatives. Anti-virus software can only tell you that it didn’t find a virus, not that there aren’t any.

  • @breadsmasher
    link
    English
    311 months ago

    installed any extensions recently?

    • @StefanT
      link
      311 months ago

      Sponsored links: Mozilla gets money for AD links showing up below the search url on the new tabs page. If you do not disable them (they are on by default).