Menu
In the last few days I've seen lots of POST requests to many of the domains I own hitting the following paths:
/ct/v1/sct-gossip
/ct/v1/sct-feedback
/.well-known/ct/v1/sct-feedback
/.well-known/ct/v1/sth-pollination
/.well-known/ct/v1/collected-sct-feedback
/.well-known/ct/v1/sct-gossip
/topleveldir/subdir/research-feedback
Is this someone trying to do something dubious?
I found the following document which suggests this might be something to do with certificate auditors although I am not sure what! All of my websites are fronted by Cloudflare which provides the SSL certs so I would really expect Cloudflare to handle any such requests.
https://datatracker.ietf.org/doc/html/draft-ietf-trans-gossip-00
Any thoughts would be appreciated :-)
651
After investigations, the requests comes from https://net.in.tum.de/projects/gino/index.html#internet-wide-scans
They are conducting Internet measurements to find Certificate Transparency Gossip Endpoints.
You can ask them to blacklist your domain/IP just by sending an email to [email protected]
Regards
130
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
