72.21.91.29??

pfcode

Hi, All

Just wondering each time when login to pfSense webUI, there will be a connection issued to 72.21.91.29:80, which currently was blocked by the one of pfBlockerNG's Malware rules.  Is this IP related to the pfSense Host Servers?  if so whats for??

kpa

Source: whois.arin.net
IP Address: 72.21.91.29
Name: EDGECAST-NETBLK-01
Handle: NET-72-21-80-0-1
Registration Date: 4/23/07
Range: 72.21.80.0-72.21.95.255
Org: MCI Communications Services, Inc. d/b/a Verizon Business
Org Handle: MCICS
Address: 22001 Loudoun County Pkwy
City: Ashburn
State/Province: VA
Postal Code: 20147
Country: UNITED STATES
Name Servers:

Look at the active states after login for matching address and you'll see what kind of connection it is.

pfcode

TCP:S?

johnpoz

I would say its related to digicert

https://www.virustotal.com/en/ip-address/72.21.91.29/information/

kpa

@pfcode:

TCP:S?

I meant look at the destination port number to figure out if it's a HTTP/HTTPS or something else.

pfcode

72.21.91.29:80

johnpoz

my guess would be its something pulling a crl for a digicert

http://crl3.digicert.com/sha2-ha-server-g5.crl

Is on that IP..

pfcode

@johnpoz:

my guess would be its something pulling a crl for a digicert

http://crl3.digicert.com/sha2-ha-server-g5.crl

Is on that IP..

Should I suppress it?  What is pfSense doing to issue a connection to this IP?

kpa

@pfcode:

@johnpoz:

my guess would be its something pulling a crl for a digicert

http://crl3.digicert.com/sha2-ha-server-g5.crl

Is on that IP..

Should I suppress it?  What is pfSense doing to issue a connection to this IP?

Like already noted it's pulling a certificate revocation list (CRL) to update it in case the certificate has been revoked for whatever reason. You should be able to make your own call if you want this to happen or not.