LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Very strange browser behaviour (firefox) -- probably security related (https://www.linuxquestions.org/questions/linux-general-1/very-strange-browser-behaviour-firefox-probably-security-related-4175602049/)

deleted23 03-18-2017 01:52 AM
Very strange browser behaviour (firefox) -- probably security related
 
Hello
I just noticed a very strange behaviour in my browser (Firefox).
It's probably not the correct forum to put this post in so Admin can feel free to put it somewhere else.

I tried to call a site (actually an invalid domainname so it seems) in Firefox and get linked to my localhost. I actually have a local LAMP-Sever to work on my website etcetera.
The site I tried to call was/is hmamail.com.
I supposed it to be the domainname of a disposible Email-Inbox but it is not.
I whether have this domain in Apache sites-enabled nor any clue how this can happen.
It's probably a security related affair so I post it here even if I usually try to avoid that.

If someone has an idea how that can happen I'd appreciate any help.
I have no history enabled in my browser.
I exclusively browse 'private'.

Greets
Gee

ondoho 03-18-2017 03:05 AM
Quote:
Originally Posted by bluntroller (Post 5685032)
If someone has an idea how that can happen I'd appreciate any help.
i still do not understand what actually happened.
it seems you missed the most important bit in your explanation.

deleted23 03-18-2017 04:04 AM
simply spoken...
I call the website hmamail.com (which is invalid, no DNS-Entry) and get returned the localhost hosted website.
Apologies if my English is ambiguous.

bathory 03-18-2017 04:26 AM
Quote:
Originally Posted by bluntroller (Post 5685071)
simply spoken...
I call the website hmamail.com (which is invalid, no DNS-Entry) and get returned the localhost hosted website.
Apologies if my English is ambiguous.
That's because hmamail.com resolves to localhost:
Code:
dig +short hmamail.com
127.0.0.1
Regards

deleted23 03-18-2017 04:55 AM
Solved
 
Quote:
Originally Posted by bathory (Post 5685073)
That's because hmamail.com resolves to localhost:
Code:
dig +short hmamail.com
127.0.0.1
Regards
Got it!
Will mark as solved.
Thanks for your elaboration.

ondoho 03-18-2017 06:28 AM
Quote:
Originally Posted by bathory (Post 5685073)
That's because hmamail.com resolves to localhost:
Code:
dig +short hmamail.com
127.0.0.1
Regards
i get the same.
but why?
this is so weird.
'whois hmamail.com' gives very elaborate output about it being some godaddy site in arizona...

Habitual 03-18-2017 07:37 AM
Quote:
Originally Posted by bluntroller (Post 5685071)
simply spoken...
I call the website hmamail.com (which is invalid, no DNS-Entry
Untrue. See below.


Quote:
Originally Posted by ondoho (Post 5685095)
i get the same.
but why?
this is so weird.
'whois hmamail.com' gives very elaborate output about it being some godaddy site in arizona...
"some GoDaddy site in Arizona" is the Domain Registry.

It makes sense that if you run a proxy anonymizer and want to send email from that same service,
that you as a network and system administrator, set hmamail.com to only resolve to a working
email host from a known host. Not resolvable from the outside. I think it's easily done too, eg:
Set A Records to 127.0.0.1 on the name servers, (theirs are in Amazon's Route 53) DNS service:
Code:
dig A +short hmamail.com @ns-1016.awsdns-63.net
feel free to try a couple more. :)


Code:
host -t ns hmamail.com
hmamail.com name server ns-1016.awsdns-63.net.
hmamail.com name server ns-1072.awsdns-06.org.
hmamail.com name server ns-166.awsdns-20.com.
hmamail.com name server ns-1839.awsdns-37.co.uk
Short version:
On their page/service, the site can resolve hmamail.com and likely authenticates to another email service
to process for delivery as (example) inbound@hmamail.com

Some DNS detective work can be used to make the same conclusion.
Code:
dig MX +short hmamail.com
0 inbound.hmamail.com.
shows us the mail server identifying host(s)
Code:
host inbound.hmamail.com
inbound.hmamail.com has address 96.44.163.218
and that turns out to be on QuadraNet, Inc

It is conceivable that inbound.hmamail.com will only receive mail from hidemyass.com and that via "Trusted Hosts".

Good stuff on a Saturday.

Habitual 03-18-2017 07:44 AM
What this has to do with Firefox I have no idea.

DNS.fu

ondoho 03-18-2017 01:18 PM
thanks for the clarification!
still somewhat hazy, but that is entirely my own fault...:o

Habitual 03-19-2017 05:44 AM
Go TeamLQ!

chrism01 03-24-2017 07:16 AM
Well, I admit I don't understand; I get
Code:
Buy this domain.
hnamail.com
2017 Copyright. All Rights Reserved.
..... I don't see how it resolves to 127.0.0.1 for others ...

bathory 03-24-2017 07:37 AM
Quote:
Originally Posted by chrism01 (Post 5687679)
Well, I admit I don't understand; I get
Code:
Buy this domain.
hnamail.com
2017 Copyright. All Rights Reserved.
..... I don't see how it resolves to 127.0.0.1 for others ...
Apparently it's fixed by now and points to a parking domains page:
Code:
dig hmamail.com +short
54.72.9.51


All times are GMT -5. The time now is 11:30 AM.