Chas4 11 Posted November 30 Posted November 30 visit https://rumourskaraokecafe.com/order Looks like a TLS filtering bug due to expired cert ESET has, ESET is updated as of this post Tested in Vivaldi & Edge Quote
Administrators Marcos 5,466 Posted November 30 Administrators Posted November 30 One of the servers uses an expired SSL certificate: https://www.ssllabs.com/ssltest/analyze.html?d=rumourskaraokecafe.com&s=174.138.124.187&latest Valid until: Sun, 07 Jul 2024 15:13:43 UTC (expired 4 months and 22 days ago) EXPIRED The other server uses a valid one: https://www.ssllabs.com/ssltest/analyze.html?d=rumourskaraokecafe.com&s=162.120.94.90 Quote
Chas4 11 Posted November 30 Author Posted November 30 3 hours ago, Marcos said: One of the servers uses an expired SSL certificate: https://www.ssllabs.com/ssltest/analyze.html?d=rumourskaraokecafe.com&s=174.138.124.187&latest Valid until: Sun, 07 Jul 2024 15:13:43 UTC (expired 4 months and 22 days ago) EXPIRED The other server uses a valid one: https://www.ssllabs.com/ssltest/analyze.html?d=rumourskaraokecafe.com&s=162.120.94.90 Is it not the ESET one since it has ESET as who it was issued by? Quote
Chas4 11 Posted November 30 Author Posted November 30 (edited) Checked on macOS Looks like the new cert is 4 days ago Edited November 30 by Chas4 Quote
itman 1,807 Posted November 30 Posted November 30 No problem here on my Win 10 ESSP 18.0.12 installation; Quote
itman 1,807 Posted November 30 Posted November 30 (edited) Review above ssllabs.com output for the two certs.. Notice that the IP addresses are different. For some reason, you are being redirected to the web site server using an expired cert.. Also, your browser should be warning and blocking this connection; Edited November 30 by itman Quote
Swamp Yankee 8 Posted November 30 Posted November 30 Something has changed for me overnight, 10 minutes after the OP posted last night I was getting the same result as @itman just posted with the double Cert header at the top, but not anymore. Firefox for me is now flagging the Cert as bad and I have to add an exception to get to the website. All I get now for the Cert is this: Quote
itman 1,807 Posted November 30 Posted November 30 On my Firefox, uBlock Origin is blocking; amplitude.com sentry.io Suspect the redirect activity is originating from one of those domains. Quote
itman 1,807 Posted November 30 Posted November 30 (edited) Confirmed is Sucuri is also picking up the redirect which appears to be originating from a JavaScript; Quote Quote Expiration date: 7 Jul 2024 Issuer: R3 Please update your TLS certificate. Redirects to https://rumourskaraokecafe.com/.git/HEAD Edited November 30 by itman Quote
Swamp Yankee 8 Posted November 30 Posted November 30 Their webmaster/host needs to look into to it. This website is not configured correctly or something, it's running 2 Certs, a good one and a bad one, and going back and forth between the 2?? Now Firefox, 2 hours later, is telling me the Cert is OK again, I didn't do anything different. It's also protected by CloudFlare. It won't scan for me on Sucuri as it did for @itman (Scan failed 403 Forbidden) but says the TLS Cert is bad, and other URL scanners can't reach it. CloudFlare? Quttera found nothing bad. It gets flagged as malicious by 1 on VirusTotal (BforeAI) Quote
itman 1,807 Posted November 30 Posted November 30 (edited) 5 hours ago, Swamp Yankee said: It's also protected by CloudFlare. Same here if I try to access https://rumourskaraokecafe.com/.git/HEAD which had an expired cert.. Appears to me whatever the issue was, it has been resolved. -EDIT- Well, I guess it isn't resolved. Accessing: https://rumourskaraokecafe.com/order again throwing Firefox Potential Security Risk warning - expired cert.. I would just stay away from the web site. Edited December 1 by itman Quote
Swamp Yankee 8 Posted December 1 Posted December 1 15 hours ago, Chas4 said: Is it not the ESET one since it has ESET as who it was issued by? You need to read how some Anti Virus programs scan / decrypt TLS / SSL traffic for Malware, they do it, and act like, a MitM (Man-In-The-Middle) and there is a school of thought that they should not be doing that, though the article is almost 10 years old.....I'm just saying that's why you see ESET Certs listed for a lot of the sites you visit....ESET is 'Injecting' their Cert, it's not the actual Cert issued for the website.......and ESET Certs are not recognized by Mozilla (Firefox). Now if you look at the Cert for eBay or the Cert for the 'school of thought' link above (SecurityWeek) ESET does not 'Inject' on either of those websites and you'll see the actual Certs issued for those websites.....complicated stuff.......I'm no expert, just a little info. Quote
itman 1,807 Posted December 1 Posted December 1 (edited) Refer to the below screen shot. The confusion by some when reviewing web site cert. details where Eset is monitoring HTTPS traffic centers on Issuer Name details. Since Eset's SSL Filter root CA cert. data is shown, some are assuming the details shown in the Validity section apply to Eset's certificate. They do not. What is shown in the Validity section applies to cert. being used by the web site. Edited December 1 by itman Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.