TPG Community

Get online support

MITM Attack - Possibly TPG network?

nick_h
Level 2

Hello,

 

I have experienced what I presume to be an attempted MITM attack while visiting an CDNS (Cloudflare) server.

 

This incident occurred while browsing a website using TPG internet (tethered mobile to what I believe to be a secure linux machine). I believe there is a possibility that this occurred somewhere upstream from my device, possibly in the TPG network.

 

I have attached a photo of the self-signed (fraudulent) certificate, for a HTTPS request made at approximately 2021-01-25 1514 AET.

 

I would greatly appreciate talking to somone from the technical team who has capacity to look into this. PM if necessary.

 

Thank you,

Nick

1 REPLY 1
david64
Level 10

Hi nick_h. How did you get to the URL in the photo?

www.cloudflare.com uses a certificate from Baltimore CyberTrust Root as Certification Authority.

The one in your photo is suspicious because it expires 270 years from now.    Chrome rejects it because it's not in the certificate store.    What was the error screen from Chrome?

You could try accessing cloudflare from your mobile phone using mobile data.

Check the DNS addresses in the wifi router. You could try different DNS, eg. Google or Microsoft.