Results 1 to 9 of 9

Thread: What is this

  1. #1
    Join Date
    Dec 2011
    Location
    East Coast, USA
    Posts
    4,231
    Mentioned
    112 Post(s)
    Quoted
    1869 Post(s)

    Default What is this

    https://94-23-148-96.ovh.net/

    Found it while Googling for stuff relevant to SRL. Thought it was a phish of some sort but everything links to the legit site.
    GitLab projects | Simba 1.4 | Find me on IRC or Discord | ScapeRune scripts | Come play bot ScapeRune!

    <BenLand100> we're just in the transitional phase where society reclassifies guns as Bad™ before everyone gets laser pistols

  2. #2
    Join Date
    Jan 2010
    Posts
    18
    Mentioned
    0 Post(s)
    Quoted
    3 Post(s)

    Default

    chrome gave me a message saying it "could" be a website trying to steal your passwords ect. but it looks legit and said the security is from "villavu.com". the staff team might know what it is.

  3. #3
    Join Date
    Dec 2011
    Location
    East Coast, USA
    Posts
    4,231
    Mentioned
    112 Post(s)
    Quoted
    1869 Post(s)

    Default

    Quote Originally Posted by nicky101 View Post
    chrome gave me a message saying it "could" be a website trying to steal your passwords ect. but it looks legit and said the security is from "villavu.com". the staff team might know what it is.
    Firefox gave me the same message. The IP of villavu.com matches the string of numbers in the URL which I rightly guessed to be an IP address...

    GitLab projects | Simba 1.4 | Find me on IRC or Discord | ScapeRune scripts | Come play bot ScapeRune!

    <BenLand100> we're just in the transitional phase where society reclassifies guns as Bad™ before everyone gets laser pistols

  4. #4
    Join Date
    Jan 2012
    Posts
    1,596
    Mentioned
    78 Post(s)
    Quoted
    826 Post(s)

  5. #5
    Join Date
    Dec 2011
    Location
    East Coast, USA
    Posts
    4,231
    Mentioned
    112 Post(s)
    Quoted
    1869 Post(s)

    Default

    Quote Originally Posted by Turpinator View Post
    *clap*
    I'm confused! I don't even websites. Is what I found a direct link to the website's host server ... or something?
    GitLab projects | Simba 1.4 | Find me on IRC or Discord | ScapeRune scripts | Come play bot ScapeRune!

    <BenLand100> we're just in the transitional phase where society reclassifies guns as Bad™ before everyone gets laser pistols

  6. #6
    Join Date
    Jan 2010
    Posts
    18
    Mentioned
    0 Post(s)
    Quoted
    3 Post(s)

    Default

    Quote Originally Posted by KeepBotting View Post
    I'm confused! I don't even websites. Is what I found a direct link to the website's host server ... or something?
    lol you found the webhost i-p

  7. #7
    Join Date
    Mar 2013
    Location
    Argentina
    Posts
    758
    Mentioned
    27 Post(s)
    Quoted
    365 Post(s)

    Default

    l33t hacker!
    Formerly known as Undorak7

  8. #8
    Join Date
    Feb 2007
    Location
    Colorado, USA
    Posts
    3,716
    Mentioned
    51 Post(s)
    Quoted
    624 Post(s)

    Default

    Quote Originally Posted by KeepBotting View Post
    Firefox gave me the same message. The IP of villavu.com matches the string of numbers in the URL which I rightly guessed to be an IP address...

    The message you guys got was just a "self signed" certificate, majority of the time.. 90% of the time dare I say, they're working, good certificates, villavu had one for quite the few years as far as I remember.
    this just enables https and it "maybe works or maybe doesn't"
    you do NOT want a "maybe works or maybe doesn't" if you're putting credit card info etc in..
    so they made this thing for sites to pay other security sites that validate their security and say "yes that's working, you can be registered with blah blah blah so your shit is 'legit' "
    so when that pops up, you maybe aren't encrypted or you maybe are encrypted.. if you don't care if you're encrypted or not, then it doesn't matter

    And WHY this pops up for the specific site you can see as the very last part of my post


    That's the "numbers" in the subdomain of the URL https://94-23-148-96.ovh.net/

    ovh.net is the website / domain

    they can literally put anyhting they want in front of that ovh.net without spending a dime or asking anyone about it

    you want to look at the nslookup of the entire url

    first you grab villavu info
    >windows

    notice the 4.2.2.2 this is tier1 DNS server, you can use 8.8.8.8 which is googles, but 4.2.2.2 pushes updates to googles.. googles is more of "public" one verizon gets pissed if you use 4.2.2.2 for your main one but they don't notice little hits from some house and don't care either
    I use 4.2.2.2 cuz it's easier to type than 8.8.8.8 since I can use the period button and numbers with two different hands without moving my hands.. vs moving my left hand to 8 and using period with right
    (excluding number pad)
    and I'm typing here waiting for dnsutils to install on debian so I can show you that too, as dig is much more powerful of a tool to lookup stuff

    >gnu/linux



    >windows
    here we use nslookup for ovh.net, notice I don't put the 4.2.2.2 in this time & it uses my default dns which happens to be 8.8.8.8, so you can choose a specific dns IF YOU WANT, but don't have to


    >gnu/linux



    and finally we lookup the URL in question:
    >windows


    >gnu/linux



    so you see it is the same IP as villavu, so it's directing to villavu, you can do the same things and embed the website to be fake and go phishing.. there you click on the link and you can be at the actual villavu forum site.
    it's actually bad practice villavu webserver virtualhosts even allows other sites to route to their website while on a different domain name.
    Which is understandable when compared with them using the worst registrar ever to exist on top of the most memory leaking web server ever to exist http://who.is/domain-history/villavu.com


    DON DON DON


    anyway ovh.net looks like it's the provider of which hosts villavu.com, hence why the security certificate pops up because it's only "registered" for villavu.com.. not their IP address and not a subdomain of any site
    http://94.23.148.96
    https://94.23.148.96
    as seen there, which is literally 100% villavu's site
    The only true authority stems from knowledge, not from position.

    You can contact me via matrix protocol: @grats:grats.win or you can email me at the same domain, any user/email address.

  9. #9
    Join Date
    May 2014
    Posts
    633
    Mentioned
    8 Post(s)
    Quoted
    322 Post(s)

    Default

    Isn't this a kind of bad security issue... (not a webdev myself, but there is usually a good reason for everything including using the domain name instead of the host ip to access the site)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •