China Car Forums banner
1 - 10 of 10 Posts

·
Super Moderator
Joined
·
7,684 Posts
Discussion Starter · #1 ·
I am getting a Malware alert whenever I am accessing this site today, 23-Dec-2016. Never happened before. This is not happening with any other site that I am visiting, so does not look like a malware in my computer.

The Alert reads:

"Harmful website accessed.
Detected: Blk/Domain.00.221200001
Website accessed: bam.nr-data.net
Action Taken: Blocked"

The Antivirus is Quick Heal Internet Security Version 16.00 (9.0.0.23), 32-bit.
 

·
Administrator
Joined
·
75 Posts
Hey there,

When this occurs, what browser and device are you using?
I tinkered around the site and was unable to come across this issue.

Have their been other reports of this?

Richard.
 

·
Super Moderator
Joined
·
7,684 Posts
Discussion Starter · #3 · (Edited)
Hey there,

When this occurs, what browser and device are you using?
I tinkered around the site and was unable to come across this issue.

Have their been other reports of this?

Richard.
Browser is Chrome ver 55.0.2883.87, device is desktop running 32-bit Windows 7. I haven't heard any other reports of this. The site "bam.nr-data.net" which is triggering the alert is mentioned 4 times in the HTML source of chinacarforums' homepage. e.g.

##b={beacon:"bam.nr-data.net",errorBeacon:"bam.nr-data.net",agent:"js-agent.newrelic.com/nr-998.min.js"}##

##<script type="text/javascript">window.NREUM||(NREUM={});NREUM.info={"beacon":"bam.nr-data.net","licenseKey":"0f2b0d60a0","applicationID":"2342980","transactionName":"YFMEZUdYCBADVRddVlkZM0NcFgAMEEMOG1BZUgNJG0kOEw==","queueTime":0,"applicationTime":158,"atts":"TBQHEw9CGx4=","errorBeacon":"bam.nr-data.net","agent":""}</script></body>##
 

·
Administrator
Joined
·
75 Posts
Browser is Chrome ver 55.0.2883.87, device is desktop running 32-bit Windows 7. I haven't heard any other reports of this. The site "bam.nr-data.net" which is triggering the alert is mentioned 4 times in the HTML source of chinacarforums' homepage. e.g.

##b={beacon:"bam.nr-data.net",errorBeacon:"bam.nr-data.net",agent:"js-agent.newrelic.com/nr-998.min.js"}##

##<script type="text/javascript">window.NREUM||(NREUM={});NREUM.info={"beacon":"bam.nr-data.net","licenseKey":"0f2b0d60a0","applicationID":"2342980","transactionName":"YFMEZUdYCBADVRddVlkZM0NcFgAMEEMOG1BZUgNJG0kOEw==","queueTime":0,"applicationTime":158,"atts":"TBQHEw9CGx4=","errorBeacon":"bam.nr-data.net","agent":""}</script></body>##
I believe your Antivirus is sending up a false flag. The site is clean as per virustotal - https://www.virustotal.com/en/url/7...5eb4d21c73b15d93f5da851569fae39b384/analysis/

I see you mentioned you dont believe it is malware but have you ran a scan just to be sure? (MalwareBytes is whats hot in the streets these days)

Can you also clear your cache and cookies?

If it happens again, can you provide the URL it is directing you to as well as a screenshot of it so we can look into it?

Thanks,
- JB
 

·
Super Moderator
Joined
·
7,684 Posts
Discussion Starter · #5 ·
The issue is not with chinacarforums.com but the site "bam.nr-data.net" as mentioned in my opening post, and the alert is being triggered when the chinacarforums' homepage is connecting to "bam.nr-data.net" for whatever purpose. There is Javascript code on chinacarforums' homepage (as shown in the HTML source) which makes CCF connect to bam.nr-data.net. Virustotal does show "bam.nr-data.net" to be a phishing site in 2/69 scans.

See screenshot attached.
Rectangle Font Parallel Screenshot Technology
 

·
Super Moderator
Joined
·
7,684 Posts
Discussion Starter · #7 ·
Funny, the virus warning is not occurring anymore, but here is a screenshot of the scan report shown on the 25th.

Product Operating system Screenshot Font Rectangle

Maybe they cleaned the site or it really was a false alarm!

Thanks for replying.
 
1 - 10 of 10 Posts
Top