That’s a weird one – the below is an exact copy of Firefox’ about:neterror page, but it’s apparently being served by (?) as a 404 page. It’s even using browser’s own scripts and styles which is rather dangerous since these could change. I fail to see the point…

· · Web · 2 · 1 · 3

I only noticed this page as a fake because of the language being wrong. And using Chrome, accessing the same page results in a convincingly looking Chrome error page. I’d expect some malicious activity here, but there doesn’t seem to be any scripts whatsoever.

Show thread

@WPalant it even redirects from https to http! i guess they don't want you to see the lock icon, which only appears after a connection has been established?

@leip4Ier That’s weird. I noticed plain HTTP but didn’t realize it was redirecting…

@WPalant Firefox is doing strange things nowadays, for example a few days ago (without config change) it tried to resolve DNS through other services than my local dnsmasq. I wonder what is going on...

@six Maybe DNS over HTTPS enabled? I think they are still running it as an experiment, enabling it only for some users. Not sure though, haven’t been following the development here.

@WPalant That might be a possibility, but in this case Mozilla did not give a notification about that. I should keep more traff dumps for such investigations.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.