I ask that you read the following carefully. First I will explain what I’ve been doing recently, what websites I went to that seem the most relevant and then ask my actual question. I want to be thorough.

I recently began using Google Chrome in a sandbox when I surf the web. The sandbox program I use is called Sandboxie. Not to insult anyone’s intelligence, but if you didn’t know, a sandbox is a separated area on your hard disk where you can run programs, and any malware or viruses from using those programs are basically contained inside of the sandbox and cannot make permanent changes to your computer. When you delete the contents of the sandbox, any malware or virus files during that session, contained in the sandbox, are supposed to be deleted. Sandbox programs are used for testing new software that may be malicious and for browsing the web more safely. I will admit, freely, that I used the sandboxed Chrome today to browse porn videos at this website: xnxx.com. Yes, I admitted that, but I thought it was important to mention for obvious reasons, as porn websites are notorious for viruses. Again, when I did this, I was using a sandboxed Google Chrome. Again, please read everything carefully to ensure you don’t overlook anything.

Now, moving on. I have an account with www.imvu.com. For those who don’t know, IMVU is a virtual 3D chatting client where you use an avatar to instant message other people, basically a virtual chatting universe. While in sandboxed Google Chrome, I tried to go to www.imvu.com. This address does not usually give you a secure, encrypted connection. In other words, there is no https before the address. However, when I typed in www.imvu.com, I was getting re-directed to a website which read something like this (do NOT actually try going here): https://secure.imvu.com/landing/next. This page looked as if someone had rigged it to look like the actual imvu.com page. I got very suspicious. So, I called my sister on Skype and had her try to go to imvu.com on her computer, and when she went to www.imvu.com, she reached the actual homepage with the proper background. The page she reached was very different from the one I reached, and it seemed obvious that I was on a fake site. This was all contained in a sandboxed Google Chrome. I ran a Malwarebytes scan hours ago, before any of this, as well as one after this, and both came back clean.

However, I have noticed something strange. After terminating the sandboxed Google Chrome and deleting the contents, I went to www.imvu.com again, on another sandboxed Google Chrome, and this time I reached the actual IMVU page. After a while of being on the actual site, maybe a couple of minutes, however, I received this notification from Avast!. The image is below (on tinypic.com):

http://tinypic.com/view.php?pic=6yjpdc&s=8#.VfljsN9Viko

Just in case the link doesn’t work, the Avast! notification read exactly as follows:

Avast Web Shield has blocked access to this page because the following certificate has been revoked: *.lijit.com

I received this notification from Avast! while I was on the actual IMVU website. I also received this same notification once earlier, but I can’t remember what website I was on the first time it appeared. This all happened while browsing in a sandboxed Google Chrome. What is this notification and should I worry about it? I have seen it twice, so that’s a bit disturbing. Both times I received this notification, I was never actually “on” this website (*.lijit.com). What is this notification all about and what should I do about it? I do not even know what lijit.com is and certainly have never tried to intentionally access this website!

Avast Web Shield has blocked access to this page because the following certificate has been revoked: *.lijit.com

it seems lijit.com redirect to sovrn.com = sovrn | Publisher Network Online Advertising Technology

see info here http://urlquery.net/report.php?id=1442414008977 click pic in top right corner for big pic

Hello, well I have just started getting this exact same message. No sandboxes, just normal web (if there is such a thing).

This concerns me since it is ephemeral and leaves no trace.

May I ask if anyone has determine what this thing is>

avast web shield has blocked access to this page because the following certificate has been revoked: *.lijit.com

Thank you to all who read this!

Just to add another notice that I’m also getting the “Avast Web Shield has blocked access to this page because the following certificate has been revoked: *.lijit.com”

This message comes up almost every time I access my Facebook page. I have never accessed any site with the lijit.com domain, to the best of my knowledge.

I run an Avast quick scan and a Malwarebytes scan every night and am not coming up with any malware issues from either program. I also have all the Avast shields running, and always keep the program and malware definitions up to date.

So, what’s the problem?

as posted above … most websites have ads, those ads are often located under another url

lijit.com ==> sovrn.com = sovrn | Publisher Network Online Advertising Technology

you can see here what they work with http://www.sovrn.com

so my guess is this is related to ads on the site you enter, and the website certificate for the ad url is not valid for whatever reason

please unblock this web http://www.bengkelbola88.com/

OK, sorry, I didn’t pick up on the likelihood that there are ads on Facebook that are tied to the lijit.com domain.

I think it’d be a big help if the Avast popup message window could include something like a “for more info, go here” link to a FAQ page of some sort on the Avast site, if that’s possible, to explain what’s going on. Right now, the popup message is very terse and is kind of confusing, because it seems to say that the site you’re on is part of the lijit.com domain in this example, whereas the user sees only that they’re on a different domain (facebook.com in my case, above). So, the reaction is “well, I’m not on an lijit.com domain, I’m on Facebook, so what does this message mean?”

Yup, lijit.com still redirects sovrn.com. I am not able to get the message now though - do you guys still get the popup about revoked cert?

@toko2: bengkelbola88.com is not blocked.

I’ve been watching this thread form the start since I’m having the exact same issue.

Yes, it’s still happening. Checked pathofexile.gamepedia.com and I get the message every time. This is just one of a handful of websites I’ve gotten it on. Some places don’t use lijit.com so I don’t get the message from those ones.

I would like to know, is this a problem with lijit.com its owners and not my PC?

I’ve run countless scans and even had an friend that works in IT look things over. She didn’t find anything wrong on my end but I’m paranoid when it comes to stuff like this.

This is definitely NOT a problem with your PC - no need to worry. It is wither a problem with lijit.com using invalid certificate (which might happen) or with Avast incorrectly recognizing lijit’s certificate as invalid (which might happen).
Could you update Avast, then restart the PC, then visit the sites as usual? I am visiting pathofexile.gamepedia.com without adblock and still cannot trigger connection to lijit.com…

Updated and restarted. It still happens.

https://i.gyazo.com/50b8565519f49acebed1ebba865ddfd1.png

DNS resolves ‘lijit.com’ to 192.155.228.109

Protocol Support

SSL 3, TLS 1.0, TLS 1.1, TLS 1.2

SSL 3.0 is an outdated protocol version with known vulnerabilities. How can I fix this?

SSL certificate

Common Name = *.lijit.com
Subject Alternative Names = *.lijit.com, lijit.com
Issuer = Go Daddy Secure Certificate Authority - G2
Serial Number = 8C69D83C50FF98ED
SHA1 Thumbprint = 26B08C801B89D600B7758BE15866AC560DFD0093
Key Length = 2048 bit
Signature algorithm = SHA256 + RSA (excellent)
Secure Renegotiation: Supported
This certificate does not use a vulnerable Debian key (this is good)

SSL Certificate has not been revoked

OCSP Staple:
OCSP Origin:
CRL Status:

SSL Certificate expiration

The certificate expires May 10, 2016 (230 days from today)

Certificate Name matches lijit.com

Subject *.lijit.com
Valid from 08/Sep/2015 to 10/May/2016
Issuer Go Daddy Secure Certificate Authority - G2

Subject Go Daddy Secure Certificate Authority - G2
Valid from 03/May/2011 to 03/May/2031
Issuer Go Daddy Root Certificate Authority - G2

Subject Go Daddy Root Certificate Authority - G2
Valid from 01/Jan/2014 to 30/May/2031
Issuer The Go Daddy Group, Inc.

Subject
Valid from 29/Jun/2004 to 29/Jun/2034
Issuer The Go Daddy Group, Inc.
SSL Certificate is correctly installed

So what else could this be? TLS randomness does not represent time.
Well uMatrix also blocks it: uMatrix has prevented the following page from loading:
Just the job of an adblocker.

polonus

This message from Avast came up when I opened www.Hilton.com and repeats each time I move to a new page on the site.

I did some testing today with Firefox, MS Edge and Opera browser. (uninstalled Chrome)

MS Edge: I see lijit.com domain name pop up in the bottom left corner as the page loads 1 times. No message from Avast.

Firefox: See lijit.com domain pop up in bottom left once as pages loads. No message from Avast.

Opera browser: See lijit.com domain pop up in bottom left 2-3 times as page loads. Avast blocks it.

I will do this simple test again in a day or two and see what happens. I don’t know if that helps but there it is.

I’m having this issue to, I just noticed the popups… :

I noticed it when I went to a page on http://prntscr.com/

I’ve got the same thing happening and it started right after my latest update about a wk ago. About a third of the sites I go to it’s happening on… sites that I’ve been going to for a decade or so. Is there a way to override this? Most AV’s will give the option to proceed anyway, but not this one. I’ve had it pop up about 20 times so far today. I’m a pushing 60 grandma using very basic sites, Target, a few home blogs, pinterest, etc. Looking up wallpapers/tiles today and it’s popping up on those sites.

I am getting this every day now as well, even in places where there are no ads (logged into my Trello account). Have latest Avast and latest definitions…

You can’t spell “Illijitimate” without “lijit”

From my research, it appears that lijit.com is part of an ad network. Whenever you connect to a website that serves ads, you also connect to their advertising partners.

This specific ad network has had its SSL certificate revoked because one of its advertisers was serving malware.

This error message is actually a good thing, because avast is informing you that it’s blocking a website that may be serving malware through its ads. You can completely ignore the message because it just means you’re already being protected.

Are you sure about this? Because it’s doing it to totally benign websites that I’ve been visiting for over a decade. Including Target.com when I was trying to look at some wallpaper on their website.
But you can spell illegitimate without it. ;D

I have visited web pages that were fine before to see if I still get the warning messages.

When visiting the path of exile gamepedia I used to get it every time the page loaded. Over the past couple days I’ve been getting the notice less and less using MS edge browser. I haven’t tried it with firefox or Opera yet but I was getting the message on all 3 browsers a few days ago.

Still, it’d be nice if this was no longer an issue at all.