用kalinux 下面的mitmproxy 工具查看請求的時候會發現請求一個symcd.com

1、用kalinux 下面的mitmproxy 工具查看請求的時候發現一個問題

請求下面會有一個請求ss.symcd.com 這個究竟是幹什麼用的呢？？？

Morning! Hope you are having a great weekend. I’ve been experimenting with some network monitoring of HTTP requests and responses in Mozilla Firefox. While playing around with one of the tools I’m evaluating I noticed a request to gv.symcd.com:

I had not heard of the symcd.com domain before so I got curious. The request is a 「application/ocsp-request「. OCSP is a abbreviation for Online Certificate Status Protocol and it is an Internet protocol used for retrieve the revocation status of a digital certificate.

That’s what the symcd.com connection is about: Checking the revocation state for some  certificate. The tool I used to track the network traffic does not have any advanced features to decode the OSCP communication so I don’t know exactly what information Firefox requests from symcd.com.

So, who owns symcd.com? The WHOIS database answer is Symantec Corporation:

Registrant Organization: Symantec Corporation
Registrant Street: 350 Ellis Street
Registrant City: Mountain View
Registrant State/Province: CA
Registrant Postal Code: 94043
Registrant Country: US

Symcd.com was created on 2013-12-12.

I did not find much information about gv.symdc.com, and the reason for that is probably because there’s a large number of subdomains used. I found this list over at VirusTotal:

• sm.symcd.com

• gz.symcd.com

• gp.symcd.com

• tl.symcd.com

• sn.symcd.com

• tm.symcd.com

• gq.symcd.com

• sk.symcd.com

• gw.symcd.com

• si.symcd.com

• gx.symcd.com

• gk.symcd.com

• s.symcd.com

• sw.symcd.com

• gu.symcd.com

• sh.symcd.com

• tf.symcd.com

• t.symcd.com

• tn.symcd.com

• gv.symcd.com

• ta.symcd.com

• gd.symcd.com

• st.symcd.com

• tg.symcd.com

• sr.symcd.com

• sd.symcd.com

• sf.symcd.com

• sg.symcd.com

• th.symcd.com

• ga.symcd.com

• gn.symcd.com

• se.symcd.com

• sv.symcd.com

• tj.symcd.com

• su.symcd.com

• tb.symcd.com

• ti.symcd.com

• tc.symcd.com

• sc.symcd.com

• gm.symcd.com

• sb.symcd.com

• gb.symcd.com

• ss.symcd.com

• sj.symcd.com

• gj.symcd.com

• td.symcd.com

• sa.symcd.com

• tk.symcd.com

I checked a few of the domains, and they all resolved to the 23.43.139.27 IP address.

Thanks for reading!