Forum Discussion
What is the domain "nrb.footprintdns.com"??
Hello Everyone
From 3/2/2018, when I access my SharePoint site the following certificate site? is displayed.
https://37CFD84CE79EF6104C98E018AE6ABD10.nrb.footprintdns.com
And request me to type account and pw.. Although I entered my PW I cant access my sharepoint site. I want to know why? And how can I access my site.
So I want to ask the following questions:
1.When I access the above URL Office 365 sign in page is appeared what is the relationship between Microsoft?
2.Since today Microsoft is beginning to use the [nrb.footprintdns.com] domain?
3. What is the purpose that Microsoft use the [nrb.footprintdns.com]?
4. I googled and I found the following site. And I can also search the domain [37CFD84CE79EF6104C98E018AE6ABD10.nrb.footprintdns.com] in there.
I really don’t understand why microsoft use the thteats? Site for what purpose DNS?
I did not have this situation previous to 3/2/2018.
Can anyone tell me how to resolve this situation..
I do not have any certificate knowledge so I will very appreciate if anyone can tell me the reason simply.
Thanks.
The domain nrb.footprintdns.com is owned by Microsoft and represents servers in Microsoft datacenters. It is used for telemetry purposes that comply with Microsoft privacy commitments that you can read about at: https://products.office.com/en-us/business/office-365-trust-center-privacy. Data sent to this domain is used to identify network connectivity and performance issues and to support improvements to the service. We have plans to rename it to be more descriptive, and to publish it at the Office 365 IP Address and URL publishing site at http://aka.ms/o365ip. If you have any problems using Office 365 related to this, please raise a support incident so that we can assist at https://support.office.com/
- Dennis-ScherrerBrass Contributor
Well it´s about 3 months ago now. Microsoft missed to add FQDN to Office 365 endpoints list (https://docs.microsoft.com/en-us/office365/enterprise/office-365-endpoints), but confirmed that this one is added to the code for service improvements.
For me as a customer, I expect that Microsoft becomes active much faster.
- Editor52Copper Contributor
I cannot comment on Sharepoint, Word, Excel etc etc etc but I did notice it when using Outlook 365. Noticing this certificate issue for myself on my computer, I did some research and discovered that if you turn off the "Coming Soon" button in the top right corner of Outlook, the "Invalid Certificate" issue went away.
It seems to me that by activating this part of office, it is allowing Microsoft to send adverts about their products. I am lucky that I am using Windows 7 where that OS was never designed to be one large advertising platform where Windows 10 is.
I haven't investigated too deeply but after seeing this thread, I though I would give my 2 cents worth. I hope it helps some people out.
Cheers.
- PaulAndrewMicrosoft
The domain nrb.footprintdns.com is owned by Microsoft and represents servers in Microsoft datacenters. It is used for telemetry purposes that comply with Microsoft privacy commitments that you can read about at: https://products.office.com/en-us/business/office-365-trust-center-privacy. Data sent to this domain is used to identify network connectivity and performance issues and to support improvements to the service. We have plans to rename it to be more descriptive, and to publish it at the Office 365 IP Address and URL publishing site at http://aka.ms/o365ip. If you have any problems using Office 365 related to this, please raise a support incident so that we can assist at https://support.office.com/
- Peter86PLCopper Contributor
It's been 5 years and there is nothing about this domain on official microsoft documentation websites. Better yet, I've started seeing this coming not from office, but from Windows Search. Here's a screenshot from ESET Protect report from one of our computers.
- Menno555Brass Contributor
Over here the same with Outlook now. I did add *.*.footprintdns.com to KAV which did not stop the Certificate pop-up warning ... but in the block logs of Parental Control this shows up numerous times:
https://*.nrb.footprintdns.com/apc/trans.gif (the * is a random batch of numbers and letters).I presume this is a tracking pixel of some kind? And presume it is embedded in the GUI of Outlook?
Anyway, it all is very strange to say the least .... - precisepcsCopper Contributor
This domain was detected as part of a peice of software called password viewer. this peice of software is malware that sends all trafic to a godaddy server.
You can protect yourself from this by removing it with malwarebytes.
However the trojan that installs it is removable with superantispyware.
I recommend running these before allowing the connection.
- sb_1962Copper Contributor
Well, for me Kasp takes care, by keeping that fellow incommunicado. But probably that may be a doubtful information, since these are the Microsoft servers domains, unless Microsoft itself is compromised or are deliberately compromising their official, licenced users.
- wond75Copper Contributor
Is nrb.footprintds.com safe - Kaspersky says no - if so, why is it not safe
wond75
- sb_1962Copper Contributor
Simple- Kasp says that the domain safety certificate is issued by some one, on whom either Kasp has no confidence on, or doesn't even know about it. In that case, the domain could be safe, could be unsafe (hackable), or could be even malicious by itself.
If I have Kasp on, I will go by its advice. Even if it is against MS' own domain (which it isn't, but is a sub-let domain). Let MS do its security analysis and ensure that the firewalls don't flag it down.
- BITEFIGHTCopper Contributor
Same here Kas blocking the request since two day
- David_LambertCopper Contributor
- djblueprintCopper Contributor
Hi there,
same here Kasperky is blocking the request since a few days.
- sb_1962Copper Contributor
Still no response from MS ? Till today it was silent, but now, all the computers are getting this message, and the firewall installed is blocking it (the security certificate is not from a known or approved agency) Anyway, it isn't affecting the operation, so I think it is immaterial, except the nuisance value. But which group of microsoft is tryying to fish here ? The Office 365 group or the windows ?
- NTS_0Copper Contributorhmm, last days my KAV starts to show me this warning with site nrb.footprintdns.com with invalid certificate...
But I'm not sure what exactly is trying to connect there...(and why)
MS, any reply ??
Thanks- sb_1962Copper Contributor
I wonder, are we all 'affected persons' under KAV protection?
I just checked up the log of KAV, and it seems quite interesting. It has blocked the footprint not only for outlook but for others too , like ms-excel. Probably if I open up other ms-office files it would do it the same for others.
The domain name "Foot-print" does not seem to be too innocuous.
In addition there is something else too.... probably you people could check up - KAV has blocked several other programs (all windows) - from data mining from other files !
I wonder is Microsoft illegally trying to acquire data ?
Is it the reason why they are silent on this topic ?
Things look too Phishy.
Despite the Russian connection, may be we have to be thankful to Kasp
- Fredrik LindebergCopper Contributor
It seems like the calls are made from a javascript called fp.js, which is downloaded from here:
https://r4.res.office365.com/footprint/v2.6/scripts/fp.js
(just click the link if you want to read the source code)
- George MurphyCopper Contributor
I want to report that I have seen this as well. I have multiple kiosk computers with traffic going to these *.nrb.footprintdns.com sites. All we are doing is logging into Office 365 and using Outlook Online and Online Office Apps on these kiosks. I have them locked down from browsing any websites except approved. Can someone please find out why Microsoft is directing traffic to these sites? They are not listed in the official Office365 URL list.
Attempts to visit blocked websites (2)
footprintdns.com
5:14 PM
Attempts: 66
9:20 AM
Attempts: 4
- Arthur YeeCopper Contributor
Any progress with knowing what this URL - nrb.footprintdns.com is for? Detecting it from user using o365 services.
- Julian KnightSteel ContributorNo, nobody from Microsoft has bothered to reply. I strongly recommend blocking the domain. I can't find anything it impacts.