Did you just notice ocsp.comodoca4.com in Firefox’, Chrome’s, Internet Explorer’s or Safari’s status bar or in the network log and wonder where it came from?
You will see a connection to ocsp.comodoca4.com when the browser is using the Online Certificate Status Protocol (OCSP) to obtaining the revocation status for a COMODO certificate.
This is standard procedure and is nothing to worry about, with one exception that I ran into:
I noticed the connection to ocsp.comodoca4.com on one of my lab machines where I play around with some unwanted software. I noticed the connection to ocsp.comodoca4.com while doing a search at Google.com. Under normal circumstances, a visit to Google should not trigger a connection ocsp.comodoca4.com. Google’s certificate points the clients1.google.com OCSP server.
The lab machine had the SalePlus, YouTubeAdBlocke and IStart 5.3.7 software running. Most likely, one of these inserted some HTML code into Google’s page that triggered the OCSP connection. After removing these three potentially unwanted programs, the connections to ocsp.comodoca4.com no longer appeared when searching at the Google search engine.
What site did you visit when you noticed the connection to ocsp.comodoca4.com? Did you also see it while visiting Google? If so, what potentially unwanted software did you find on your machine?
So this one must be fraudulent.
I:\>tracert 178.255.83.1
Tracing route to ocsp.comodoca.com [178.255.83.1]
over a maximum of 30 hops:
1 8 ms <1 ms <1 ms 192.168.0.1
2 19 ms 9 ms 10 ms 11.5.0.1
3 29 ms 9 ms 10 ms rd3ht-tge0-4-0-1-12.ok.shawcable.net [64.59.170.17]
4 30 ms 18 ms 20 ms rc3no-be12.cg.shawcable.net [66.163.67.149]
5 19 ms 22 ms 26 ms rc3so-hge0-19-0-1.cg.shawcable.net [66.163.71.118]
6 35 ms 39 ms 39 ms rc1wt-be82.wa.shawcable.net [66.163.76.9]
7 40 ms 37 ms 29 ms ge-1-1-9-0.fiber.sea.edge.ccanet.co.uk [206.81.80.200]
8 43 ms 40 ms 39 ms ocsp.comodoca.com [178.255.83.1]
Yes…no…
regards,
stan