Morning! Hope you are having a great weekend. I’ve been experimenting with some network monitoring of HTTP requests and responses in Mozilla Firefox. While playing around with one of the tools I’m evaluating I noticed a request to gv.symcd.com:
I had not heard of the symcd.com domain before so I got curious. The request is a “application/ocsp-request“. OCSP is a abbreviation for Online Certificate Status Protocol and it is an Internet protocol used for retrieve the revocation status of a digital certificate.
That’s what the symcd.com connection is about: Checking the revocation state for some certificate. The tool I used to track the network traffic does not have any advanced features to decode the OSCP communication so I don’t know exactly what information Firefox requests from symcd.com.
So, who owns symcd.com? The WHOIS database answer is Symantec Corporation:
Registrant Organization: Symantec Corporation Registrant Street: 350 Ellis Street Registrant City: Mountain View Registrant State/Province: CA Registrant Postal Code: 94043 Registrant Country: US
Symcd.com was created on 2013-12-12.
I did not find much information about gv.symdc.com, and the reason for that is probably because there’s a large number of subdomains used. I found this list over at VirusTotal:
I checked a few of the domains, and they all resolved to the 18.104.22.168 IP address.
Thanks for reading!