This is quite strange. I was troubleshooting some networking issues in my data center using TigerShark while connected via VPN from my personal Mac. During the process, I utilized some AI analysis on the network packets, and something unusual surfaced. My Postman process was recorded reaching out to a TOR IP address, 162.247.243.29, which immediately caught my attention.
Digging further into Postman logs, I came across this peculiar log entry:
[auth][info][“Authentication~will-navigate:”,“https://erisedstraehruoytubecafruoytonwohsi.chromiumapp.org”]
When reversed, the URL seems to read: “I show not your face but your heart’s desire.” This phrase mirrors a reference to the Mirror of Erised from the Harry Potter series, where “Erised” is “Desire” spelled backward. In the story, the mirror shows a person’s deepest desires, not reality. The appearance of this phrase suggests some thematic reference, possibly a phishing attempt or a deceptive link.
What’s even more concerning is that no antivirus is flagging this, and when I search for this URL online, nothing comes up. This log entry seems to be connected to Postman’s authentication process, which raises several alarming questions:
- Could this reflect a potential vulnerability in Postman that has gone unnoticed?
- Why is the process reaching out to a TOR IP?
- What exactly is this cryptic URL, and what role does it play in Postman’s operations?
I’ve attached the full log trace below for further context. Any insight into what this could be would be greatly appreciated.
**cat renderer-auth.log
[23623][1728295349873][auth][info]["EventBus~initialize - Success"]
[23623][1728295350666][auth][info]["Authentication~did-navigate:","https://identity.getpostman.com"]
[23623][1728295364936][auth][info]["Authentication~handleAuthorizationResponse: Started handling authorization response.",{"code":"283245e8b3381bbd18e714e11846cd03eabb377549fa314bcc47159f2523a056"}]
[23623][1728295364939][auth][info]["Authentication~handleAuthorizationResponse: Successfully executed function to handle authorization response."]
[23623][1728295365272][auth][info]["Authentication~will-navigate:","https://erisedstraehruoytubecafruoytonwohsi.chromiumapp.org"]
[55359][1728703433425][auth][info]["EventBus~initialize - Success"]
[55359][1728703434282][auth][info]["Authentication~did-navigate:","https://identity.getpostman.com"]
[55359][1728703546671][auth][info]["Authentication~handleAuthorizationResponse: Started handling authorization response.",{"code":"a53cbff4eab55538c203bc80bca55ad0b602eccb21b5b75329ae98519bf27294"}]
[55359][1728703546679][auth][info]["Authentication~handleAuthorizationResponse: Successfully executed function to handle authorization response."]
[55359][1728703547034][auth][info]["Authentication~will-navigate:","https://erisedstraehruoytubecafruoytonwohsi.chromiumapp.org"]**
You need to sign in to view this answers
