Tag Archives: Symantec

Symcd.com – Online Certificate Status Protocol Server Owned By Symantec Corporation

Uncategorized,

Morning! Hope you are having a great weekend. I’ve been experimenting with some network monitoring of HTTP requests and responses in Mozilla Firefox. While playing around with one of the tools I’m evaluating I noticed a request to gv.symcd.com:

gv.symcd.com connection

I had not heard of the symcd.com domain before so I got curious. The request is a “application/ocsp-request“. OCSP is a abbreviation for Online Certificate Status Protocol and it is an Internet protocol used for retrieve the revocation status of a digital certificate.

That’s what the symcd.com connection is about: Checking the revocation state for some  certificate. The tool I used to track the network traffic does not have any advanced features to decode the OSCP communication so I don’t know exactly what information Firefox requests from symcd.com.

So, who owns symcd.com? The WHOIS database answer is Symantec Corporation:

Registrant Organization: Symantec Corporation
Registrant Street: 350 Ellis Street
Registrant City: Mountain View
Registrant State/Province: CA
Registrant Postal Code: 94043
Registrant Country: US

Symcd.com was created on 2013-12-12.

I did not find much information about gv.symdc.com, and the reason for that is probably because there’s a large number of subdomains used. I found this list over at VirusTotal:

  • sm.symcd.com
  • gz.symcd.com
  • gp.symcd.com
  • tl.symcd.com
  • sn.symcd.com
  • tm.symcd.com
  • gq.symcd.com
  • sk.symcd.com
  • gw.symcd.com
  • si.symcd.com
  • gx.symcd.com
  • gk.symcd.com
  • s.symcd.com
  • sw.symcd.com
  • gu.symcd.com
  • sh.symcd.com
  • tf.symcd.com
  • t.symcd.com
  • tn.symcd.com
  • gv.symcd.com
  • ta.symcd.com
  • gd.symcd.com
  • st.symcd.com
  • tg.symcd.com
  • sr.symcd.com
  • sd.symcd.com
  • sf.symcd.com
  • sg.symcd.com
  • th.symcd.com
  • ga.symcd.com
  • gn.symcd.com
  • se.symcd.com
  • sv.symcd.com
  • tj.symcd.com
  • su.symcd.com
  • tb.symcd.com
  • ti.symcd.com
  • tc.symcd.com
  • sc.symcd.com
  • gm.symcd.com
  • sb.symcd.com
  • gb.symcd.com
  • ss.symcd.com
  • sj.symcd.com
  • gj.symcd.com
  • td.symcd.com
  • sa.symcd.com
  • tk.symcd.com

I checked a few of the domains, and they all resolved to the 23.43.139.27 IP address.

Thanks for reading!