Story Detail of id 47317219 | Liveview Hacker News

thedatamonger3 hours ago | on: FreeBSD Capsicum vs. Linux Seccomp Process Sandboxing

$ dig vivianvoss.net A +short @ns11.infomaniak.ch.

78.46.78.181

$ curl -v https://vivianvoss.net/ 2>&1 | tail -3

* OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number

* Closing connection

curl: (35) OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number

$ curl -v http://vivianvoss.net/ 2>&1 | grep Location

< Location: https://www.safebrowse.io/warn.html?url=http://vivianvoss.ne...

$ whois 78.46.78.181 | grep -i netname

netname: HETZNER-RZ-NBG-NET

$ host 78.46.78.181

181.78.46.78.in-addr.arpa domain name pointer min2max.run.

The domain's authoritative nameserver (Infomaniak) points vivianvoss.net at 78.46.78.181 — a Hetzner box in Germany with rDNS min2max.run. That server redirects HTTP to SafeBrowse.io and responds to TLS handshakes with garbage. Not a local issue, not a DNS hijack — the A record itself is wrong.

craftkiller2 hours ago | parent

Hmm so oddly enough this works fine for me:

  $ curl -v https://vivianvoss.net/ 2>&1 | tail -3
        <script src="/assets/scripts/perf.js"></script>
    </body>
    </html>

And the logs show it is going to the same address:

  * Established connection to vivianvoss.net (78.46.78.181 port 443) from 172.16.245.55 port 36208

Any chance you're a comcast xfinity customer? Searching for safebrowse.io shows that xfinity "advanced security" does this whole redirect to safebrowse.io.

Unrelated, but the site also returns an AAAA record for an ipv6 address that does not work. So they've misconfigured their server in that regard.

  $ drill vivianvoss.net AAAA  @1.1.1.1
  [...]
  vivianvoss.net. 3600 IN AAAA 2a01:4f8:120:34ad::1
  [...]
  
  $ curl --header 'Host: vivianvoss.net' 'https://[2a01:4f8:120:34ad::1]:443'
  <hangs forever>

  $ curl https://ipv6.google.com
  <works immediately>

#visit	13,034,189
#session	74,665
#live-session	0