Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    72.21.91.29??

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 3 Posters 5.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      pfcode
      last edited by

      Hi, All

      Just wondering each time when login to pfSense webUI, there will be a connection issued to 72.21.91.29:80, which currently was blocked by the one of pfBlockerNG's Malware rules.  Is this IP related to the pfSense Host Servers?  if so whats for??

      Release: pfSense 2.4.3(amd64)
      M/B: Supermicro A1SRi-2558F
      HDD: Intel X25-M 160G
      RAM: 2x8Gb Kingston ECC ValueRAM
      AP: Netgear R7000 (XWRT), Unifi AC Pro

      1 Reply Last reply Reply Quote 0
      • K Offline
        kpa
        last edited by

        Source: whois.arin.net
        IP Address: 72.21.91.29
        Name: EDGECAST-NETBLK-01
        Handle: NET-72-21-80-0-1
        Registration Date: 4/23/07
        Range: 72.21.80.0-72.21.95.255
        Org: MCI Communications Services, Inc. d/b/a Verizon Business
        Org Handle: MCICS
        Address: 22001 Loudoun County Pkwy
        City: Ashburn
        State/Province: VA
        Postal Code: 20147
        Country: UNITED STATES
        Name Servers:
        
        

        Look at the active states after login for matching address and you'll see what kind of connection it is.

        1 Reply Last reply Reply Quote 0
        • P Offline
          pfcode
          last edited by

          TCP:S?

          Release: pfSense 2.4.3(amd64)
          M/B: Supermicro A1SRi-2558F
          HDD: Intel X25-M 160G
          RAM: 2x8Gb Kingston ECC ValueRAM
          AP: Netgear R7000 (XWRT), Unifi AC Pro

          1 Reply Last reply Reply Quote 0
          • johnpozJ Online
            johnpoz LAYER 8 Global Moderator
            last edited by

            I would say its related to digicert

            https://www.virustotal.com/en/ip-address/72.21.91.29/information/

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • K Offline
              kpa
              last edited by

              @pfcode:

              TCP:S?

              I meant look at the destination port number to figure out if it's a HTTP/HTTPS or something else.

              1 Reply Last reply Reply Quote 0
              • P Offline
                pfcode
                last edited by

                72.21.91.29:80

                Release: pfSense 2.4.3(amd64)
                M/B: Supermicro A1SRi-2558F
                HDD: Intel X25-M 160G
                RAM: 2x8Gb Kingston ECC ValueRAM
                AP: Netgear R7000 (XWRT), Unifi AC Pro

                1 Reply Last reply Reply Quote 0
                • johnpozJ Online
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  my guess would be its something pulling a crl for a digicert

                  http://crl3.digicert.com/sha2-ha-server-g5.crl

                  Is on that IP..

                  crl.png
                  crl.png_thumb

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • P Offline
                    pfcode
                    last edited by

                    @johnpoz:

                    my guess would be its something pulling a crl for a digicert

                    http://crl3.digicert.com/sha2-ha-server-g5.crl

                    Is on that IP..

                    Should I suppress it?  What is pfSense doing to issue a connection to this IP?

                    Release: pfSense 2.4.3(amd64)
                    M/B: Supermicro A1SRi-2558F
                    HDD: Intel X25-M 160G
                    RAM: 2x8Gb Kingston ECC ValueRAM
                    AP: Netgear R7000 (XWRT), Unifi AC Pro

                    1 Reply Last reply Reply Quote 0
                    • K Offline
                      kpa
                      last edited by

                      @pfcode:

                      @johnpoz:

                      my guess would be its something pulling a crl for a digicert

                      http://crl3.digicert.com/sha2-ha-server-g5.crl

                      Is on that IP..

                      Should I suppress it?  What is pfSense doing to issue a connection to this IP?

                      Like already noted it's pulling a certificate revocation list (CRL) to update it in case the certificate has been revoked for whatever reason. You should be able to make your own call if you want this to happen or not.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.