[dmitra]

I am getting a Malware alert whenever I am accessing this site today, 23-Dec-2016. Never happened before. This is not happening with any other site that I am visiting, so does not look like a malware in my computer.

The Alert reads:

"Harmful website accessed.
Detected: Blk/Domain.00.221200001
Website accessed: bam.nr-data.net
Action Taken: Blocked"

The Antivirus is Quick Heal Internet Security Version 16.00 (9.0.0.23), 32-bit.

 

[Administrator]

Hey there,

When this occurs, what browser and device are you using?
I tinkered around the site and was unable to come across this issue.

Have their been other reports of this?

Richard.

 

[dmitra]

Hey there,

When this occurs, what browser and device are you using?
I tinkered around the site and was unable to come across this issue.

Have their been other reports of this?

Richard.

Browser is Chrome ver 55.0.2883.87, device is desktop running 32-bit Windows 7. I haven't heard any other reports of this. The site "bam.nr-data.net" which is triggering the alert is mentioned 4 times in the HTML source of chinacarforums' homepage. e.g.

##b={beacon:"bam.nr-data.net",errorBeacon:"bam.nr-data.net",agent:"js-agent.newrelic.com/nr-998.min.js"}##

##<script type="text/javascript">window.NREUM||(NREUM={});NREUM.info={"beacon":"bam.nr-data.net","licenseKey":"0f2b0d60a0","applicationID":"2342980","transactionName":"YFMEZUdYCBADVRddVlkZM0NcFgAMEEMOG1BZUgNJG0kOEw==","queueTime":0,"applicationTime":158,"atts":"TBQHEw9CGx4=","errorBeacon":"bam.nr-data.net","agent":""}</script></body>##

 

[Administrator]

Browser is Chrome ver 55.0.2883.87, device is desktop running 32-bit Windows 7. I haven't heard any other reports of this. The site "bam.nr-data.net" which is triggering the alert is mentioned 4 times in the HTML source of chinacarforums' homepage. e.g.

##b={beacon:"bam.nr-data.net",errorBeacon:"bam.nr-data.net",agent:"js-agent.newrelic.com/nr-998.min.js"}##

##<script type="text/javascript">window.NREUM||(NREUM={});NREUM.info={"beacon":"bam.nr-data.net","licenseKey":"0f2b0d60a0","applicationID":"2342980","transactionName":"YFMEZUdYCBADVRddVlkZM0NcFgAMEEMOG1BZUgNJG0kOEw==","queueTime":0,"applicationTime":158,"atts":"TBQHEw9CGx4=","errorBeacon":"bam.nr-data.net","agent":""}</script></body>##

I believe your Antivirus is sending up a false flag. The site is clean as per virustotal - https://www.virustotal.com/en/url/7...5eb4d21c73b15d93f5da851569fae39b384/analysis/

I see you mentioned you dont believe it is malware but have you ran a scan just to be sure? (MalwareBytes is whats hot in the streets these days)

Can you also clear your cache and cookies?

If it happens again, can you provide the URL it is directing you to as well as a screenshot of it so we can look into it?

Thanks,
- JB

 

[dmitra]

The issue is not with chinacarforums.com but the site "bam.nr-data.net" as mentioned in my opening post, and the alert is being triggered when the chinacarforums' homepage is connecting to "bam.nr-data.net" for whatever purpose. There is Javascript code on chinacarforums' homepage (as shown in the HTML source) which makes CCF connect to bam.nr-data.net. Virustotal does show "bam.nr-data.net" to be a phishing site in 2/69 scans.

See screenshot attached.

 

[Administrator]

Can you provide a screen of the virus warning that includes a URL of site site that is being affected.

Thank you,

~ Glenda

 

[dmitra]

Funny, the virus warning is not occurring anymore, but here is a screenshot of the scan report shown on the 25th.



Maybe they cleaned the site or it really was a false alarm!

Thanks for replying.

 

[Administrator]

Hey,

Could you please keep an eye on this and let us know if this pops back up for you.

~Sheena

 

[dmitra]

Sure, I will keep an eye.

 

[Administrator]

Thanks! Have a Happy New Year

~Sheena