Nathe Posted October 5, 2018 ID:1273482 Share Posted October 5, 2018 I got this block notification earlier today Quote -Log Details- Protection Event Date: 10/4/18 Protection Event Time: 8:04 PM Log File: 2bc49374-c832-11e8-9ac9-7085c259446f.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.441 Update Package Version: 1.0.7187 License: Premium -System Information- OS: Windows 10 (Build 17134.285) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Fraud Domain: ocsp.usertrust.com IP Address: 40.136.60.65 Port: [59009] Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe Given that usertrust.com is owned by Comodo I'm not sure what's going on here. So I'm guessing it's the IP 40.136.60.65 that's the issue. The IP doesn't appear to be owned my Comodo. And in fact if I run an nslookup on the A record for ocsp.usertrust.com I get 104.104.244.11 back. So I'm curious as to what might be going on here. Is it a false positive or a deeper issue? Link to post Share on other sites More sharing options...
Solution MysteryFCM Posted October 5, 2018 Solution ID:1273486 Share Posted October 5, 2018 This is not an F/P. The IP is housing a plethora of malicious domains. Link to post Share on other sites More sharing options...
Recommended Posts