Sorry, no idea - *.io? Could you please be more precise?

freitasm:

 

Sorry, no idea - *.io? Could you please be more precise?

 

Eset popped up an invalid cert warning when logging on - ended in .io.    Expired 1 July. Looked like part of a chain from a CDN content provider or similar . 

I think freitasm might have been asking for the characters directly before the .io in order to chase this up.

I am thinking probably an external service as we do not directly use any .io domain.

nunz:

I got an expired cert message when logging in - *.io   Expired July 1. 

 

Aredwood:

nunz:

 

I got an expired cert message when logging in - *.io   Expired July 1. 

 

 

 

 

 

Definitely investigate this. As I'm guessing that *.io would be a wildcard certificate for every website that happens to have a .io domain. Such a certificate will almost certainly be fraudulent.

This is a very big red flag that someone is trying or has successfully completed a MITM attack on your internet connection or browser.

Note that some corporate devices have self signed certificates to allow the company to monitor what employees do online, including on secure websites.

I've run tests on all systems and my firewall  / outer system is pretty much invisible / closed.

browser passes all av checks from three AVs as well as malware etc checks.

It is bog standard firefox with almost all addins turned off / deleted.

It felt like a CDN message  - something from an advert or third party part of the page

my .io domains are fine?.. 

Sounds like a MITM attack imo, maybe just a poorly setup network with transparent injection?