Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

scorecardresearch.com logs

NolanHerring
Kind of a big deal
‎Jan 15 2019 10:59 AM
‎Jan 15 2019 10:59 AM

scorecardresearch.com logs

Just randomly happened to notice a large amount of security appliance event logs for content filtering, from guest and corp devices, for the following. Also several different sites (different MX) showing the same.

 

I kind of feel like I would have noticed this before but I think it just started within the last day or so.

 

Anyone else seeing this?

 

2222.JPG

Nolan Herring | nolanwifi.com
TwitterLinkedIn
11 Replies 11
BEagle
Here to help
‎Jan 15 2019 11:19 AM
‎Jan 15 2019 11:19 AM

I'm noticing it on many of my sites as well:

 

 1-15-2019 2-16-35 PM.jpg

DavidLinda
Conversationalist
‎Jan 24 2019 7:47 AM
‎Jan 24 2019 7:47 AM

Same here. We are getting several thousand hits a day from this site. Looking up information on this domain shows that it is an advertisement supplier. Why is Meraki all of the sudden marking these as phishing?

0 Kudos
In response to DavidLinda
NolanHerring
Kind of a big deal
‎Jan 24 2019 7:55 AM
‎Jan 24 2019 7:55 AM

Yuuuuup

I opened up a case on it, mostly to 'make someone at Meraki aware' because this really does not seem normal.

Response I got back was basically 'if it isn't hurting the network, why does it matter'. So I closed the case.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
In response to NolanHerring
BEagle
Here to help
‎Jan 24 2019 8:32 AM
‎Jan 24 2019 8:32 AM

My concern is just how many events my appliances are recording now.  Surely it's got to affect the performance.

 

I'm going to put in a case as well.  The number of times I've heard in my career "this is the first I've heard of it" means the more who question this the better.

In response to BEagle
egc-dickie
New here
‎Jan 24 2019 10:43 AM
‎Jan 24 2019 10:43 AM

I suspect it has recently been tagged as a "dodgy" site but now makes checking your logs far more difficult as they are full of these records. A quick Google suggests these cookies are used on multiple sites hence the number of hits it gets, $64k question is should it really be flagged as an issue?

0 Kudos
In response to BEagle
BEagle
Here to help
‎Jan 24 2019 11:31 AM
‎Jan 24 2019 11:31 AM

I put in a case and here's the response I got.

Greetings,

Thank you for contacting Cisco Meraki Technical Support!

Cisco Talos is reporting this domain as neutral so this may be a false positive.

https://talosintelligence.com

Surprisingly, I've seen this across thousands of MX's and you're the first customer has asked about it. That said, I'm going to reach out to our vendor who manages these categories to to report this as being a false positive. The vendor name is BrightCloud and I will let you know once I hear back from them.

https://www.brightcloud.com/tools/url-ip-lookup.php

If you have any questions or additional clarification is needed, please let me know and I'll be happy to help.

Regards,

Casey Keller
Cisco Meraki Technical Support

 

  Like I indicated, I got the "its the first I've heard of this being reported".  I'll post more once the case gets updated.

 

 

In response to BEagle
NolanHerring
Kind of a big deal
‎Jan 24 2019 11:35 AM
‎Jan 24 2019 11:35 AM

Well that is a much better response than I got lol

Hopefully they'll fix the glitch 😃

Thank you for contributing !
Nolan Herring | nolanwifi.com
TwitterLinkedIn
0 Kudos
In response to BEagle
DavidLinda
Conversationalist
‎Jan 24 2019 11:40 AM
‎Jan 24 2019 11:40 AM

That's weird. I was going to brightcloud to see if it was bad or not. Brightcloud was saying it wasn't.

 

 

 

 

0 Kudos
In response to BEagle
BEagle
Here to help
‎Jan 29 2019 11:43 AM
‎Jan 29 2019 11:43 AM

Heard this back from Meraki Support today:

 

 

I heard back from Brightcloud. Here's what they said: 

"Upon review, https://sb.scorecardresearch.com has been reclassified to the Business and Economy category and assigned a trustworthy reputation. Please allow 24 to 48 hours to see this change, as it will be available in the nextdatabase update."

 

Hope this is helpful to others.

 

In response to BEagle
NolanHerring
Kind of a big deal
‎Jan 29 2019 11:45 AM
‎Jan 29 2019 11:45 AM

Awesome !

Give your support rep a +1 from me because the guy I got was not helpful. Glad to see this being resolved because event log was useless with all that spam
Nolan Herring | nolanwifi.com
TwitterLinkedIn
0 Kudos
In response to NolanHerring
NolanHerring
Kind of a big deal
‎Feb 1 2019 7:24 AM
‎Feb 1 2019 7:24 AM

Just got my monthly report today

 

And ya....lots of spam in my logs which makes it almost useless to try and dig through

 

 

44444.JPG

Nolan Herring | nolanwifi.com
TwitterLinkedIn
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.