Cloudflare Certficate Transparency Email - Strange Domains

ovaloore · January 6, 2022, 8:28pm

I got an email from Cloudflare, stating that my SSL was issued to a bunch of random sub-domains. I normally get the email when issuing the SSL to a new subdomain, and have not done that recently.

I pasted the relevant contents below. I only recognize 1 subdomain in the DNS names list and am using Firebase to host it (Not Cloudflare). Any ideas why I might have gotten this email? Any insight would be appreciated.

Log date: 2022-01-06 04:17:38 UTC
Issuer: CN=R3,O=Let's Encrypt,C=US
Validity: 2022-01-06 03:17:38 UTC - 2022-04-06 03:17:37 UTC
DNS Names: 48seconds.strv.com, admin-staging.bitmama.io, api.edhrec.com, app.foodat.ph, app.silo.nyc, app.thark.com.br, app.theallstar.io, app.theginclub.com.br, ara.prismcode.tech, arriendadirecto.com, beeldverhalen.staatsbosbeheer.nl, berkeleygroup.time-lapse-systems.co.uk, blog.boopathi.in, butt.mission.party, cartoon.payungsakpk.xyz, cgalivrobook.com.br, delikabeads.com, dev.mytrove.co.nz, dev.omnious.org, dev.talkaboat.online, diyet.online, donate.prideinlondon.org, droptaxi365.in, efirma.desique.mx, firebase.zooom.no, ggooooggllee.party, go.rgn.one, humblebees.in, instagram.getmega.com, instantrolley.com, knowtebook.in, l.tinka.nl, launcher.phoenixnetwork.net, link.cubebik.com, link.mindstone.com, maklab.com.ar, mayaralima.adv.br, message.romail.ml, midwest-insurance.aiinsurance.io, midwest-insurance.stg.aiinsurance.io, mijn.schoolblocks.nl, mytrove.co.nz, natha.nl, new.unjobs.org, noyd.page, noyd.us, portal.us.einride.tech, pramodpoudel.com.np, princerajroy.com, redkite.polkafondry.com, referral3.getmega.com, rtm.vnlp.ai, s1.apparca.online, s2.apparca.online, s3.apparca.online, s4.apparca.online, s5.apparca.online, schema.robocupjunior.nl, serorganico.ar, silke.vev.design, speeditdelivery.be, sphere-lpo-pro.bop-tech.com, staging.mytrove.co.nz, tulsicharitabletrust.org, valpay.valoore.com, winvic.time-lapse-systems.co.uk, wpl.apparca.online, www.arriendadirecto.com, www.bloktopia.in, www.cgalivrobook.com.br, www.codersblade.com, www.droptaxi365.in, www.humblebees.in, www.knowtebook.in, www.maklab.com.ar, www.oneenergyglobal.org, www.orbitalno11.me, www.rogerrocco.com, www.serorganico.ar, www.tafitizetu.com, www.xn--allesguterdi-mlb.com, www.xn--b1afknhdodrj.xn--p1ai, www.xn--berlebenmitklopapier-oec.de, www.xn--fravr-vra.nu, www.xn--rs8h72a.to, www.xn--sachverstndigenbro-schemuth-jkc71e.de, www.xn--vaskeklderen-cdb.dk, www.xn--vre-zna.no, www.xn--vreutstillingsplass-u7b.no, xn--1z2am01a.billcheng.dev, xn--42c1dta5cd.com, xn--9t4b29cmcb21sgvs.com, xn--grunnbelp-s8a.no, xn--ob0b443c.xn--24-972j38g.com, xn--rs8h72a.to, xn--sachverstndigenbro-schemuth-jkc71e.de, xn--trimtch-198d.ml, xn--vaskeklderen-cdb.dk, xn--vh3bn2h.xn--24-972j38g.com, ypbay.com

jvanasco · January 6, 2022, 9:47pm

Firebase does not partition domains on certificates by client. Those are other firebase customers that you are sharing the certificate with.

see My domain is on someone else's cert. Does that mean I'm compromised?

rg305 · January 6, 2022, 10:28pm

You actually left out all the relevant content.

ovaloore · January 6, 2022, 11:29pm

@jvanasco Thank you! I did not realize that. That really helps.

system · February 5, 2022, 11:29pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.