Jump to content
Sign in to follow this  
pentg

[RESOLVED] - bam.nr-data.net Help (New Malwarebytes User) ✅

Recommended Posts

Hi All,

This is my first post and i have just switched to Windows from Mac.  I was looking into protecting my computer with Malwarebytes and have just started to use the free trial.  Everytime I use chrome I consistently get a website block for "bam.nr-data.net" with the result of riskware.  I looked it up and it seems to be a common injection code thingy to gather data about loadtime by either the websites I am accessing or google chrome itself.  I was wondering if.. 1) I should be worried and 2) Should  figure out how to add this website to exclusions.

Thank you all for your help!

Share this post


Link to post
Share on other sites

I'm having this same issue. It also just started this morning and is this same domain. I tracked it down to some company named New Relic. It's only happening on specific webpages, including New Relic's. 

Share this post


Link to post
Share on other sites

Same here. They're popping up every 60 seconds or so. There's no way to stop the alerts from appearing and it's frustrating.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/3/18
Protection Event Time: 2:10 PM
Log File: 6f481e34-6759-11e8-a782-b8ca3a84019b.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.5342
License: Premium

-System Information-
OS: Windows 10 (Build 17134.48)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: RiskWare
Domain: bam.nr-data.net
IP Address: 162.247.242.21
Port: [49833]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(end)

Share this post


Link to post
Share on other sites

Same here...  Happens in both Chrome and Firefox.

Edited by Eupher

Share this post


Link to post
Share on other sites

It's been fixed for MB2 - 

v2018.06.03.05

It will take a couple of minutes more for MB3.

Share this post


Link to post
Share on other sites
4 minutes ago, Dashke said:

It's been fixed for MB2 - 

v2018.06.03.05

It will take a couple of minutes more for MB3.

Hi, thank you for the quick response, you guys are great!  Do I have to restart/redownload for the change to take effect?

Share this post


Link to post
Share on other sites
Just now, pentg said:

Hi, thank you for the quick response, you guys are great!  Do I have to restart/redownload for the change to take effect?

Hi pentg,

MB3 should update itself automatically, or you can update it manually if you prefer (right click on the MB3 tray icon > Check for Updates). :)

Share this post


Link to post
Share on other sites

The block was added because some malicious samples were connecting to a script on that domain, but now the block message shouldn't be occuring anymore -

MBAM2 Version: v2018.06.03.05
MBAM3 Version: 1.0.5344

Thanks everyone for your help!

Edited by Dashke

Share this post


Link to post
Share on other sites
5 minutes ago, Dashke said:

The block was added because some malicious samples were connecting to a script on that domain, but now the block message shouldn't be occuring anymore -

MBAM2 Version: v2018.06.03.05
MBAM3 Version: 1.0.5344

Thanks everyone for your help!

So are we still blocking the domain, just without a notification?  Or it's not malicious so the update just won't block it anymore?  Sorry if the question is nonsensical, just trying to wrap my head around it.  Thanks again!

Share this post


Link to post
Share on other sites
Just now, cohassetsteve said:

That seems to have done the trick - Thank You

Glad to hear that, thanks for checking!

1 minute ago, pentg said:

So are we still blocking the domain, just without a notification?  Or it's not malicious so the update just won't block it anymore?  Sorry if the question is nonsensical, just trying to wrap my head around it.  Thanks again!

It's not malicious at this point, but fortunately we are blocking the malicious samples so you should be safe. :)

 

Share this post


Link to post
Share on other sites

was it this?

happened around the same time...


Protection Event Date: 6/4/18
Protection Event Time: 2:20 AM

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

-Exploit Data-
Affected Application: Internet Explorer (and add-ons)
Protection Layer: Application Hardening
Protection Technique: Attempt to execute VBScript blocked
File Name: C:\Windows\SysWOW64\vbscript.dll
URL:

 

(end)

Share this post


Link to post
Share on other sites
3 minutes ago, hoppinhard said:

was it this?

happened around the same time...


Protection Event Date: 6/4/18
Protection Event Time: 2:20 AM

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

-Exploit Data-
Affected Application: Internet Explorer (and add-ons)
Protection Layer: Application Hardening
Protection Technique: Attempt to execute VBScript blocked
File Name: C:\Windows\SysWOW64\vbscript.dll
URL:

 

(end)

Not sure about that one. Do you know which URL you have tried to visit?

Are you getting multiple notifications or this occured only once?

Edited by Dashke

Share this post


Link to post
Share on other sites

I was on facebook, may have been when I clicked on a message from friends leaving a group. this popped up

 

Video - hiakomehey

 

I stupidly clicked & got dumped here

 

Attention Required! | Cloudflare

 

it only happened once, probably unrelated. if so, my apologies

Edited by Dashke
URL removed

Share this post


Link to post
Share on other sites
20 hours ago, hoppinhard said:

I was on facebook, may have been when I clicked on a message from friends leaving a group. this popped up

 


Video - hiakomehey

 

I stupidly clicked & got dumped here

 


Attention Required! | Cloudflare

 

it only happened once, probably unrelated. if so, my apologies

This was unrelated related, and we have identified a couple of services from these links that are malicious and blocked them. :)

Thank you very much hoppinhard for this information!

Edited by Dashke

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.