scorecardresearch.com logs

NolanHerring
Kind of a big deal

scorecardresearch.com logs

Just randomly happened to notice a large amount of security appliance event logs for content filtering, from guest and corp devices, for the following. Also several different sites (different MX) showing the same.

 

I kind of feel like I would have noticed this before but I think it just started within the last day or so.

 

Anyone else seeing this?

 

2222.JPG

Nolan Herring | nolanwifi.com
TwitterLinkedIn
11 REPLIES 11
BEagle
Here to help

I'm noticing it on many of my sites as well:

 

 1-15-2019 2-16-35 PM.jpg

DavidLinda
Conversationalist

Same here. We are getting several thousand hits a day from this site. Looking up information on this domain shows that it is an advertisement supplier. Why is Meraki all of the sudden marking these as phishing?

Yuuuuup

I opened up a case on it, mostly to 'make someone at Meraki aware' because this really does not seem normal.

Response I got back was basically 'if it isn't hurting the network, why does it matter'. So I closed the case.
Nolan Herring | nolanwifi.com
TwitterLinkedIn

My concern is just how many events my appliances are recording now.  Surely it's got to affect the performance.

 

I'm going to put in a case as well.  The number of times I've heard in my career "this is the first I've heard of it" means the more who question this the better.

I suspect it has recently been tagged as a "dodgy" site but now makes checking your logs far more difficult as they are full of these records. A quick Google suggests these cookies are used on multiple sites hence the number of hits it gets, $64k question is should it really be flagged as an issue?

I put in a case and here's the response I got.

Greetings,

Thank you for contacting Cisco Meraki Technical Support!

Cisco Talos is reporting this domain as neutral so this may be a false positive.

https://talosintelligence.com

Surprisingly, I've seen this across thousands of MX's and you're the first customer has asked about it. That said, I'm going to reach out to our vendor who manages these categories to to report this as being a false positive. The vendor name is BrightCloud and I will let you know once I hear back from them.

https://www.brightcloud.com/tools/url-ip-lookup.php

If you have any questions or additional clarification is needed, please let me know and I'll be happy to help.

Regards,

Casey Keller
Cisco Meraki Technical Support

 

  Like I indicated, I got the "its the first I've heard of this being reported".  I'll post more once the case gets updated.

 

 

NolanHerring
Kind of a big deal

Well that is a much better response than I got lol

Hopefully they'll fix the glitch 😃

Thank you for contributing !
Nolan Herring | nolanwifi.com
TwitterLinkedIn
DavidLinda
Conversationalist

That's weird. I was going to brightcloud to see if it was bad or not. Brightcloud was saying it wasn't.

 

 

 

 

Heard this back from Meraki Support today:

 

 

I heard back from Brightcloud. Here's what they said: 

"Upon review, https://sb.scorecardresearch.com has been reclassified to the Business and Economy category and assigned a trustworthy reputation. Please allow 24 to 48 hours to see this change, as it will be available in the nextdatabase update."

 

Hope this is helpful to others.

 

NolanHerring
Kind of a big deal

Awesome !

Give your support rep a +1 from me because the guy I got was not helpful. Glad to see this being resolved because event log was useless with all that spam
Nolan Herring | nolanwifi.com
TwitterLinkedIn

Just got my monthly report today

 

And ya....lots of spam in my logs which makes it almost useless to try and dig through

 

 

44444.JPG

Nolan Herring | nolanwifi.com
TwitterLinkedIn
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels