hi
I’ve just had an alert involving certificate authorities oscps.ssl, but I don’t know what site I was visiting that triggered the alert.
It seems strange to me, what should I think?
On the other hand, while searching on the net, I came across a similar subject with an alert at about the same time as my alert, but with AVG (same engine as avast).
It’s in Turkish, so I’m not sure of my translation.
Here’s the link:
hxxps://www.technopat.net/sosyal/konu/avg-phishing-uyarisi-veriyor.3432586/
Could it be a false positive following the latest VPS update “240919-8”?
Yes OCSPs dot com has been identified/reported as a site with phishing activity as an abuse. Do not click suspicious mail links and do not share PII (personal identifiable information) with -ocsps dot com.
The only information I have is that this alert occurred mid-September for several avast/AVG users and was probably a false positive.
From: Reddit
By the way, no one has had this alert since, and nothing from me.
[quote=“chris…, post:1, topic:848117”]
/wXw.technopat.net/sosyal/konu/avg-phishing-uyarisi-veriyor.3432586/
[/quote] Well, the general IP here, 172.67.5.248, is a Cloudflare whitelisted IP address, but that does not mean there could not be abuse on it. So be cautious,
you already made the mistake here a month ago when you gave me information about the “technopat” site, even though the alert had nothing to do with this site but with “ocsps.ssl”, which is not browsable by the way, it’s just a certificate check native to windows by the svhosts process.
“Technopat” is just the site where an identical alert was reported…There were several others in the days that followed (see my link to reddit).
The fact that you are repeating the error is certainly due to the fact that our exchanges (in which you acknowledged the error) have been deleted.
They were deleted because they fell within the timing of the transition from the old to the new forum, and we had been warned that all messages posted at the end of September would not be included.
So that thread fell between Scylla and Charybdis of the forum-transition. Was it a certification-related PHISHing problem? How did you evaluate the problem at hand? Could you find something through VT? Because of the methodology that Avast and AVG share under certain circumstances, these general detections are rather false-positive-prone.
an alert not related to certificates but rather related to the module/link built into windows that checks all the certificates of the sites you visit.
an alert for a dozen AVG/Avast users in the space of a day … and nothing since.
… leaves little doubt that this was a false positive, certainly resolved with one of the subsequent VPS updates.
What’s more, this OCSP request may not be enabled on the browser (at least in the case of firefox), so perhaps only those with it enabled received the alert.
traduc:Ask the OSCP responder to confirm the validity of your certificates.
Our automated scan found an issue on some pages of your website. There is always a possibility of a hack.
So we can state it could be qualified as "suspicious.
Consider this from the VT community: e.g. Joe Sandbox Analysis:
I think you’ve misunderstood my explanation.
The alert was not made on the technopat site but on the site linked to the certificates: ocsps.ssl . com, (although I was sure I had attached a screenshot :-[, I’ll give it again. https://www.abuseipdb.com/check/100.24.223.135
Regards to technopat site, that’s where I saw that the person who posted there had had the same alert as me and at the same time as me.
Except that the alert occurred with AVG, which has the same engine as avast.
ps:Of course ocsps.ssl can’t be tested because it’s not really a browsable site but obviously a certificate verification step, that’s what I find strange.