0

CRL and OCSP showing up as blocked by a security option in last hour

Are these a false positive? Clearly the blocked domain is currently a CNAME on those CRL and OCSP subdomains by DigiCert and Verisign. These aren’t new subdomains, but them being blocked is new. The requests and details are reflected in the screenshot. Anyone else getting this? What is the source for this type of blocking?

 

It started showing up around 10 PM UTC on 2023-04-12.

6 replies

null
    • BigDargon
    • 1 yr ago
    • Reported - view

    Same issues!

    Temporarily fixed by whitelisting the domain name fp2e7a.wpc.2be4.phicdn.net

    • turtle
    • 1 yr ago
    • Reported - view

    Happening all of a sudden on my list as well. Would you recommend unblocking now or waiting for next dns to fix?

    • Trent
    • 1 yr ago
    • Reported - view

    Thanks for sharing this post. And also for reporting it as false positive.

     

    I think many are confused across various systems resulting in (seemingly) false positive behavior.

     

    Also relevant as supporting information:

    https://knowledge.digicert.com/alerts/new-dedicated-ip-addresses.html

     

    My personal conclusion leans towards this being a false positive rather than something else — especially if that is indeed the upstream for the cryptojacking security data.

    • p2imal
    • 1 yr ago
    • Reported - view

    Thank you for this!  I was trying to play Call of Duty Modern Warfare 2 on PC last night and it just hung as it tried to connect.  Dots did not connect until I saw this post and saw a bunch of blocked* DNS requests to verisign and digicert OCSP and CRL.

Login to reply

Content aside

  • 1 yr agoLast active
  • 6Replies
  • 375Views
  • 4 Following