InformAction Forums

Hi all,

I am puzzled by this and was wondering if anyone was so kind as to have any ideas as to why I'm seeing what I'm seeing.

Windows 10. Firefox (104.0.1). Version 11.4.10 of NoScript.

When I visit paypal.com I am seeing only the expected domains in NoScript. However, on the login page, I am seeing expected domains but also the private IP of 192.55.233.1. This is NOT even my private network, so I have no idea where it's coming from?

This only happens on my Windows machine, and not on my Ubuntu machine (also running Firefox and NoScript).

I do have WSL2 installed and also have had VirtualBox in the past (now uninstalled) but neither of these use/have used the network mentioned above.

MBAM reports no malware on the PC.

EDIT: I have no other extensions in Firefox (and never have) other than multi-user containers and Snooze Tabs. I do not have the MBAM extension (Browser Guard) installed and MBAM was actually only installed after I noticed this PayPal issue. (Until then only Windows Defender has ever been active/installed on this machine.)

I have no proxy server.

Any thoughts would be much appreciated! Many thanks in advance.

That surely seems the doing of a browser extension, even though you say you've got none.
However 192.55.233.1 seems not to be a LAN IP but a public one belonging to Intel Corporation, if that rings any bell for you.

192.55.233.1. This is NOT even my private network

Just to point out the LAN range for 192.x.x.x is, 192.168.0.0 - 192.168.255.255.
(So 192.55.x.x is outside of that, so not local.)

bigkeefer wrote: ↑Tue Sep 06, 2022 12:39 pm multi-user containers and Snooze Tabs.

Are you sure neither of these are the culprit?

Could you please post the AMO links for these two addons? Searching finds no addons named "multi-user containers" and two different addons both named "Snooze Tabs".

EDIT
Does Netmon see the attempted request(s) to this IP? If so can you please post the full URLs (in code tags, so as not to post live links)?

Thank you both so much for your replies.

I think I saw 192... and my brain, out of habit I guess, instantly jumped to private IP address without thinking about it properly.

So, a public address makes more sense for sure (I really must get more sleep! ) , but no, I definitely have no other FF extensions running and I have no idea why Intel is trying to show up to the party (and why an IP addr instead of a domain name come to that).

It only appears to be on PayPal's login site as well (so far anyway). Although, having said that, I normally spend 99.9% of my time in Linux (wishing it could be 100%!) so I'll experiment some more to confirm this.

Many thanks again.

Many thanks barbaz for your reply.

I have just disabled both extensions and see the same problem with nothing but NoScript running in FF.

Containers is by Mozilla and Snooze Tabs is by Mozilla Test Pilots.

I'll look into NetMon and get back to you.

Many thanks!