Reported MITM on gitlab.torproject.org on Megafon in Russia

On tor-security, a user reports:

ISP Megafon uses the attached cert.

gitlab.torproject.org uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for 10.83.250.4 (Error code: sec_error_unknown_issuer)

certificate.crt

And then they reported:

GET / HTTP/1.1
Host: torproject.org
User-Agent:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive

HTTP/1.1 302 Found
Location: http://m.megafonpro.ru/rkn?channel=2m

I don't know how useful this is, so I'm passing it on. I'm not sure how sensitive this is, so I'm marking it confidential. Feel free to make it public if you determine that there's nothing private in the cert. I can give you the user's email on request offline, if you want to reach out to them.

Cheers!

Edited Jan 11, 2022 by David Fifield