I opened firefox After about an hour of the system being in standby and in theSponsored Links row there were 2 new entries
http:/ /bom07s30-in-x03. 1e100. net/ (I dismantled the URLs to prevent accidental clicks)
pnbomb-ac-in-x0e.1e100
I right clicked and searched in Google and it showed up as this
pnbomb-ac-in-x0e.1e100 Sponsored
it disappeared after a while, just to be sure I ran
sudo lsof -i
and noticed firefox was connected to this url
maa05s15-in-x03.1e100.net
I am not sure if am infected or this is just a glitch(I obviously didn’t click on the links)
Others have answered your question. I would like to add that when you want to “dismantle” the URL, there is a practice in cyber security called URL Defanging. Protocols are escaped, such that http becomes hxxp. Other significant symbols that are :// becomes [://] and . becomes [.]
Combining these, your URL becomes: hxxp[://]bom07s30-in-x03[.]1e100[.]net/
Which will be safer for others to navigate. It will take an extra effort to revert it back to the functional URL. Tools like CyberChef can perform this action if you seek a more streamlined solution.
TIL. I didn’t know there was a standard, and I’ve never seen “hxxp”, although the rest is familiar looking.
1e100.net is google’s catch-all domain. Many of their services run under this domain.
Read more here : https://support.google.com/faqs/answer/174717
It is a geeky pun, 1e100 is scientific notation for 1 followed by a hundred zeroes. This number is called a googol, which is similar sounding to google.
Indeed Google is named after the googol
Search 1e100, it’s a google thing
Yes but why did it show up In the Sponsored links row?
From mozilla. I’m guessing that the links were hosted/owned/etc. by google. When your system resumed it only partially loaded the sponsored links and you were left with the text of the url.
Your system is fine security wise, but privacy wise pinging google servers everytime you open a new tab is not ideal. This type of stuff is why I use Librewolf. Of course it’s up to you how much it bothers you. You can disable alot in vanilla firefox too.
Thank you, but is there anyway I can check whether i am infected or not just for peace of mind?
Antivirus programs are generally the go-to method…
Note that anti-virus can only assert that you are infected, not the opposite.
You’re saying even if you’re not confirmed as infected, you’re not necessarily confirmed as not being infected. In other words, you’re talking about false positives.
Am I understanding you correctly?
The opposite. Not found negatives. Anti-virus software can only tell you that it didn’t find a virus, not that there aren’t any.
No. Peace of mind comes from trusting, not from knowing.
From what I’ve read 1e100.net belongs to Google, so yea it’s a virus.
wtf are Sponsored Links, and why do you need them?
@NOOBMASTER @Artemis_Mystique So google can make money.
