bam.nr-data.net

Lotan · August 14, 2016, 9:09pm

while browsing tumblr i noticed that this site was listen in privacy badger so i searched it up with not alot of info so i decided to clock it, but privacy badger wont block it so i inspected the page i was on and it was a jscript so i ran it through virustotal https://virustotal.com/en/url/ab226619c4267420eb5befa2defcbab12cef610eedf007bb52805b295e5405d9/analysis/1471208396/

the downloaded file is a GIF thats 1x1 and has a negative vote. Im wondering if this is safe.

Lotan · August 14, 2016, 9:24pm

ok just did alot more digging and bam.nr-data.net is owned by New Relic which is an American software analytics company so maybe tumblr has recently started using it and i may have over reacted on my part with it been new and privacy badger not blocking it.

Pondus · August 14, 2016, 9:28pm

the downloaded file is a GIF thats 1x1 and has a negative vote. [b]Im wondering if this is safe[/b].

In your VT link click on > Go to downloaded file analysis > then click on > Analysis date: 2016-08-04 09:26:53 UTC ( 1 week, 3 days ago ) View latest

Lotan · August 14, 2016, 9:38pm

so its harmless then?

Pondus · August 14, 2016, 9:53pm

According to all engines at VT yes

First submission 2015-10-29 06:36:20 UTC ( 9 months, 2 weeks ago )

So i would conclude with safe

Lotan · August 17, 2016, 9:25pm

so ive been seeing this newrelic.com thing show up on a couple of other sites too thankfully i got it blocked by privacy badger
https://virustotal.com/en/url/61d37b982fcfc3a894dc42ba3f2c3b21fe7e1a6f86812f6b5b29bea704a9d462/analysis/1471468831/
this is the latest one ive run into.
its not something on my pc as its also on my laptop which i rarely use

polonus · June 23, 2017, 5:24pm

Update The links to this are still very active to-day, I detected it in the source code of surveymonkey…

https://urlscan.io/result/bfcca1fe-0e11-407d-a3b6-e9d231ae0fcf/dom/

Where I came accross this to better be blocked link:

Blocked for me by uMatrix: -https://bam.nr-data.net/1/750e9545e9?a=56423819&v=1039.bef6007&to=blABZhZZVkdUBhdbXVcaJUcKW0xdWgtMQktLVA5bABZKW0ARBkAIa1oWRgFKFmtqBgJeXmZq&rst=4312&ref=https://de.surveymonkey.com/&qt=2&ap=30&be=2758&fe=4270&dc=2929&af=err,xhr,stn,ins&perf={"timing":{"of":1498237922978,"n":0,"f":1781,"dn":1781,"dne":1782,"c":1782,"s":1945,"ce":2278,"rq":2278,"rp":2751,"rpe":2752,"dl":2752,"di":2928,"ds":2929,"de":2957,"dc":4270,"l":4270,"le":4276},"navigation":{}}&jsonp=NREUM.setToken

Good to have it blocked as “new relic” malcode, it is indirectly connected to cybercriminals.

Additional vulnerabilities: https://zonemaster.se/test/94725fa4fdaf1ebd → http://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fde.surveymonkey.com%2F
Excessive nameserver version proliferation for this exploitable particular BIND 9 version, read:
https://kb.isc.org/article/AA-00913/0/BIND-9-Security-Vulnerability-Matrix.html
(open since 2011 - Final matrix update 2011-09-09)

polonus (volunteer website security analyst and website error-hunter)

bam.nr-data.net

Announcements