Blocked Certificate only on specific site & computer

[high_tide1 1]

Hey everyone. Folks over at BleepingComputer.com sent me over here for some help with a problem I've been having recently. Whenever I visit reddit, or any subdomain, since 9/14/2017, I keep getting an untrusted certificate warning for sync.madnet.ru, which requires me to keep blocking every time. The certificate itself seems to be issued for madnetex.com, by the Let's Ecrypt Authority X3 from April to July-ish. This issue, though, only seems to appear on my laptop, while my desktop and phone, which both also use ESET, experience no such issues when visiting the same site. I'm unsure of what the exact issue is, but it only occurs on reddit, and it worries me if something else would be wrong on my laptop to trigger it so.

[itman 1,659]

On ‎9‎/‎17‎/‎2017 at 9:11 PM, high_tide1 said:

I keep getting an untrusted certificate warning for sync.madnet.ru, which requires me to keep blocking every time

The cert. for the domain noted expired 2 months ago. See below:

[itman 1,659]

Note reddit.com uses this cert., *.reddit.com, issued by Digicert.

[high_tide1 1]

Thanks for replying. I realize that reddit uses the *.reddit certificate, and I've validated that information is what reddit uses. I was confused as to why ESET only detected that certificate on reddit.com when it failed to do so on any other computer I had visiting reddit.com as well, nor had it done so until recently. The problem only occurs on reddit.com.

[itman 1,659]

13 minutes ago, high_tide1 said:

Thanks for replying. I realize that reddit uses the *.reddit certificate, and I've validated that information is what reddit uses. I was confused as to why ESET only detected that certificate on reddit.com when it failed to do so on any other computer I had visiting reddit.com as well, nor had it done so until recently. The problem only occurs on reddit.com.

I went to reddit.com and received no alerts. So you will have to provide more detail on what is going on.

1. Do you get the alert when initially entering the web site?

2. When you click on something at reddit,com?

In any case, please post a screen shot showing both the web page and the alert displayed. Appears to me your browser is being hijacked to a fake "redid.com" web page using the expired cert. in question.

Edited September 20, 2017 by itman

[nitrousoxide 0]

 

I have just now started getting the same thing. Doesn't happen every time I visit reddit but enough times for me to notice it.

 

Also it seems to happen more often if I refresh the page via CTRL+F5 

Edited September 23, 2017 by nitrousoxide

[itman 1,659]

I turned off all tracking protection I have and also enabled ActiveX in IE11. I then navigated to the reddit.com web page where the "Mass Evacuation" article was. Still no alert about the madnetex.com cert..

At this point, all I can say is it must have something to do with the certs. Chrome is using. Note that Chrome uses it own root cert. CA store and not the Windows one.

[nitrousoxide 0]

It stopped happening suddenly. Not sure what that was but hope it doesn't come back.