Just randomly happened to notice a large amount of security appliance event logs for content filtering, from guest and corp devices, for the following. Also several different sites (different MX) showing the same.
I kind of feel like I would have noticed this before but I think it just started within the last day or so.
Anyone else seeing this?
Same here. We are getting several thousand hits a day from this site. Looking up information on this domain shows that it is an advertisement supplier. Why is Meraki all of the sudden marking these as phishing?
My concern is just how many events my appliances are recording now. Surely it's got to affect the performance.
I'm going to put in a case as well. The number of times I've heard in my career "this is the first I've heard of it" means the more who question this the better.
I suspect it has recently been tagged as a "dodgy" site but now makes checking your logs far more difficult as they are full of these records. A quick Google suggests these cookies are used on multiple sites hence the number of hits it gets, $64k question is should it really be flagged as an issue?
I put in a case and here's the response I got.
Thank you for contacting Cisco Meraki Technical Support!
Cisco Talos is reporting this domain as neutral so this may be a false positive.
Surprisingly, I've seen this across thousands of MX's and you're the first customer has asked about it. That said, I'm going to reach out to our vendor who manages these categories to to report this as being a false positive. The vendor name is BrightCloud and I will let you know once I hear back from them.
If you have any questions or additional clarification is needed, please let me know and I'll be happy to help.
Cisco Meraki Technical Support
Like I indicated, I got the "its the first I've heard of this being reported". I'll post more once the case gets updated.
Heard this back from Meraki Support today:
I heard back from Brightcloud. Here's what they said:
"Upon review, https://sb.scorecardresearch.com has been reclassified to the Business and Economy category and assigned a trustworthy reputation. Please allow 24 to 48 hours to see this change, as it will be available in the nextdatabase update."
Hope this is helpful to others.
Just got my monthly report today
And ya....lots of spam in my logs which makes it almost useless to try and dig through