I. When I used the mitmproxy tool under kalinux to check the requests, I found a problem
Under the request there is a request for ss.symcd.com What exactly is this for?
Morning! Hope you are having a great weekend. I’ve been experimenting with some network monitoring of HTTP requests and responses in Mozilla Firefox. While playing around with one of the tools I’m evaluating I noticed a request togv.symcd.com:
I had not heard of thesymcd.comdomain before so I got curious. The request is a “application/ocsp-request“.OCSPis a abbreviation forOnline Certificate Status Protocoland it is an Internet protocolused for retrievethe revocation status of a digital certificate.
That’s what the symcd.comconnection is about: Checking therevocation state for some certificate. The tool I used to track the network traffic does not have any advanced features to decode the OSCP communicationso I don’t know exactly what information Firefox requests from symcd.com.
So,who owns symcd.com?The WHOIS database answer isSymantec Corporation:
RegistrantOrganization:SymantecCorporation
RegistrantStreet:350EllisStreet
RegistrantCity:MountainView
RegistrantState/Province:CA
RegistrantPostalCode:94043
RegistrantCountry:USSymcd.com was created on2013-12-12.
I did not find much information about gv.symdc.com, and the reason for that is probably because there’s a large number of subdomains used. I found thislist over at VirusTotal:
sm.symcd.com
gz.symcd.com
gp.symcd.com
tl.symcd.com
sn.symcd.com
tm.symcd.com
gq.symcd.com
sk.symcd.com
gw.symcd.com
si.symcd.com
gx.symcd.com
gk.symcd.com
s.symcd.com
sw.symcd.com
gu.symcd.com
sh.symcd.com
tf.symcd.com
t.symcd.com
tn.symcd.com
gv.symcd.com
ta.symcd.com
gd.symcd.com
st.symcd.com
tg.symcd.com
sr.symcd.com
sd.symcd.com
sf.symcd.com
sg.symcd.com
th.symcd.com
ga.symcd.com
gn.symcd.com
se.symcd.com
sv.symcd.com
tj.symcd.com
su.symcd.com
tb.symcd.com
ti.symcd.com
tc.symcd.com
sc.symcd.com
gm.symcd.com
sb.symcd.com
gb.symcd.com
ss.symcd.com
sj.symcd.com
gj.symcd.com
td.symcd.com
sa.symcd.com
tk.symcd.com
I checked a few of the domains, and they all resolved to the23.43.139.27 IP address.
Thanks for reading!
Similar Posts:
- [tran] tunnel to… 443 appears when Fiddler grabs packets
- The XPath tool plug-in for Firefox browser (not supported by advanced versions of Firefox)
- Mac VMware fusion private network shut down DHCP
- What does HTTP status code 304 mean
- Interface automation (8): an error is reported during interface testing sslerror: Certificate verify failed
- Solutions to nsurlsession / nsurlconnection HTTP load failed in IOS 9
- Postman Error: Could not get any response [How to Solve]
- Bash: lspci: command not found solution
- Failed to restart network.service: Unit network.service not found
- python requests [Errno 104] Connection reset by peer