I was testing a website of a customer and got this result:

This URL is known as a malware but which is not on our customers server:


Our devs assume that must be a malware on your server.

Forgive me if I am wrong.

Not quite sure why you think it’s Malware as it’s one of Symantec’s OCSP endpoints i.e. when the browser used OCSP to check a certificate hasn’t been revoked

If you click on the row and look at the response you’ll see it’s got content type of application/ocsp-response

Was referring to this thread

Yeh, afraid that’s a thread about Malware bytes incorrectly detecting a valid request as malware - if you read down the thread you’ll notice people say updates to Malware Bytes make the problem go away

(would be handy if someone had actually deleted that thread as it’s just misleading but…)