181.78.46.78.in-addr.arpa domain name pointer min2max.run.
The domain's authoritative nameserver (Infomaniak) points vivianvoss.net at 78.46.78.181 — a Hetzner box in Germany with rDNS min2max.run. That server redirects HTTP to SafeBrowse.io and responds to TLS handshakes with garbage. Not a local issue, not a DNS hijack — the A record itself is wrong.
And the logs show it is going to the same address:
* Established connection to vivianvoss.net (78.46.78.181 port 443) from 172.16.245.55 port 36208
Any chance you're a comcast xfinity customer? Searching for safebrowse.io shows that xfinity "advanced security" does this whole redirect to safebrowse.io.
--
Unrelated, but the site also returns an AAAA record for an ipv6 address that does not work. So they've misconfigured their server in that regard.
78.46.78.181
$ curl -v https://vivianvoss.net/ 2>&1 | tail -3
* OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number
* Closing connection
curl: (35) OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number
$ curl -v http://vivianvoss.net/ 2>&1 | grep Location
< Location: https://www.safebrowse.io/warn.html?url=http://vivianvoss.ne...
$ whois 78.46.78.181 | grep -i netname
netname: HETZNER-RZ-NBG-NET
$ host 78.46.78.181
181.78.46.78.in-addr.arpa domain name pointer min2max.run.
The domain's authoritative nameserver (Infomaniak) points vivianvoss.net at 78.46.78.181 — a Hetzner box in Germany with rDNS min2max.run. That server redirects HTTP to SafeBrowse.io and responds to TLS handshakes with garbage. Not a local issue, not a DNS hijack — the A record itself is wrong.