Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: blocklisted (by comodo itself) - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free! blocklisted (by comodo itself)

Update:  Looks like Comodo fixed its classification of the site in an updated report [2]. The site still shows one suspicious scan, but the overall status is "safe". McAfee classifies the site as "minimal risk" but the history still shows a red high risk for web reputation as of today/yesterday.  [3]


A couple of readers have noticed that "" has been labeled as "suspicious" and distributing malware for the last couple of days. In particular Comodo's own site inspector service has been identifying the URL as suspect [1]

OCSP is a newer web service that allows clients to verify if an SSL certificate has been revoked. The older standard, CRL (Certificate Revocation List) required that browsers download the entire list. With OCSP, it is possible to query the status of an individual certificate. The certificate has to have the URL for the respective CRL or OCSP service embedded. 

Many browsers will accept a certificate, even if the OCSP service does not respond. They will only mark it as invalid, if the OCSP service responds with a result marking the certificate as revoked. However, for Extended Validation (EV) certificates, browsers tend to be more specific and require a positive OCSP response. appears to be the valid OCSP URL for Comodo. For example, the certificate used for uses this particular OCSP URL. uses a Comodo based certificate ("Usertrust") as well, and the OCSP URL used for our certificate, appears to be affected. 



Also a good article about this in Dutch can be found here:


Johannes B. Ullrich, Ph.D.
SANS Technology Institute

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022


4479 Posts
ISC Handler
Jul 3rd 2012

Sign Up for Free or Log In to start participating in the conversation!