SOLVED

What is the domain "nrb.footprintdns.com"??

Brass Contributor

Hello Everyone

 

From 3/2/2018, when I access my SharePoint site the following certificate site? is displayed.

https://37CFD84CE79EF6104C98E018AE6ABD10.nrb.footprintdns.com

And request me to type account and pw.. Although I entered my PW I cant access my sharepoint site. I want to know why? And how can I access my site.

 

So I want to ask the following questions:

 

1.When I access the above URL Office 365 sign in page is appeared what is the relationship between Microsoft?

 

2.Since today Microsoft is beginning to use the [nrb.footprintdns.com] domain?

 

3. What is the purpose that Microsoft use the [nrb.footprintdns.com]?

 

4. I googled and I found the following site. And I can also search the domain [37CFD84CE79EF6104C98E018AE6ABD10.nrb.footprintdns.com] in there.

https://www.threatcrowd.org/

I really don’t understand why microsoft use the thteats? Site for what purpose DNS?

I did not have this situation previous to 3/2/2018.

 

Can anyone tell me how to resolve this situation..

 I do not have any certificate knowledge so I will very appreciate if anyone can tell me the reason simply.

 

Thanks.

 

40 Replies

Well, it looks we are paying Microsoft to snoop on us 🙂 

(the silence of Microsoft team on this subject is speaking) 

Hi there,

 

same here Kasperky is blocking the request since a few days.

Same here Kas blocking the request since two daykas.PNG

Is nrb.footprintds.com safe - Kaspersky says no - if so, why is it not safe

 

wond75

Simple- Kasp says that the domain safety certificate is issued by some one, on whom either Kasp has no confidence on, or doesn't even know about it. In that case, the domain could be safe, could be unsafe (hackable), or could be even malicious by itself. 

If I have Kasp on, I will go by its advice. Even if it is against MS' own domain (which it isn't, but is  a sub-let domain). Let MS do its security analysis and ensure that the firewalls don't flag it down.

This domain was detected as part of a peice of software called password viewer. this peice of software is malware that sends all trafic to a godaddy server.

 

You can protect yourself from this by removing it with malwarebytes.

 

However the trojan that installs it is removable with superantispyware.

 

I recommend running these before allowing the connection.

Over here the same with Outlook now. I did add *.*.footprintdns.com to KAV which did not stop the Certificate pop-up warning ... but in the block logs of Parental Control this shows up numerous times:
https://*.nrb.footprintdns.com/apc/trans.gif (the * is a random batch of numbers and letters).

I presume this is a tracking pixel of some kind? And presume it is embedded in the GUI of Outlook?
Anyway, it all is very strange to say the least ....

Well, for me Kasp takes care, by keeping that fellow incommunicado.  But probably that may be a doubtful information, since these are the Microsoft servers domains, unless Microsoft itself is compromised or are deliberately compromising their official, licenced users.

I cannot comment on Sharepoint, Word, Excel etc etc etc but I did notice it when using Outlook 365. Noticing this certificate issue for myself on my computer, I did some research and discovered that if you turn off the "Coming Soon" button in the top right corner of Outlook, the "Invalid Certificate" issue went away.

It seems to me that by activating this part of office, it is allowing Microsoft to send adverts about their products. I am lucky that I am using Windows 7 where that OS was never designed to be one large advertising platform where Windows 10 is.

I haven't investigated too deeply but after seeing this thread, I though I would give my 2 cents worth. I hope it helps some people out.

Cheers.

best response confirmed by David Sayer (Microsoft)
Solution

The domain nrb.footprintdns.com is owned by Microsoft and represents servers in Microsoft datacenters. It is used for telemetry purposes that comply with Microsoft privacy commitments that you can read about at: https://products.office.com/en-us/business/office-365-trust-center-privacy. Data sent to this domain is used to identify network connectivity and performance issues and to support improvements to the service. We have plans to rename it to be more descriptive, and to publish it at the Office 365 IP Address and URL publishing site at http://aka.ms/o365ip. If you have any problems using Office 365 related to this, please raise a support incident so that we can assist at https://support.office.com/ 

How can I disable and/or opt-out of this service? 

 

Our SharePoint implementation is extremely slow. Hundreds of files are downloaded on every request, many of them unnecessary, and this represents a large portion of them. I'm trying to speed up the user experience. Please do not respond by saying it is a necessary feature, or that it doesn't affect our site, because both of those responses would be wrong and unhelpful.

 

Thank you.

If you are getting that kind of problem, it sounds like your caching policies aren't quite right.

 

I just did a quick test loading a SharePoint document library and I got just 83k transferred. A 100 or so requests.

 

The issue raised here wasn't a performance one but an identification and security issue which Microsoft have finally answered.

 

However, I can say that I blocked this domain for quite a long time and didn't see any issues.

Thanks! I will try blocking this domain.

 

Regarding caching, everything seems to be cached except for client-side web part queries (as expected), footprint activity (calls from fp.js), and a vast array of owa/o365 calls. It's the latter two that I'm trying to eliminate from my site. I don't need alerts from O365, and I don't want to participate in "customer improvement" programs.

Hi @Deleted, I will pass your question on to the team that owns this domain. Regarding your performance issue with SharePoint Online, I'd encourage you to ask Microsoft Support of you haven't already. 


Regards,

Paul

Well it´s about 3 months ago now. Microsoft missed to add FQDN to Office 365 endpoints list (https://docs.microsoft.com/en-us/office365/enterprise/office-365-endpoints), but confirmed that this one is added to the code for service improvements.

 

For me as a customer, I expect that Microsoft becomes active much faster.


@PaulAndrew wrote:

The domain nrb.footprintdns.com is owned by Microsoft and represents servers in Microsoft datacenters. It is used for telemetry purposes that comply with Microsoft privacy commitments that you can read about at: https://products.office.com/en-us/business/office-365-trust-center-privacy. Data sent to this domain is used to identify network connectivity and performance issues and to support improvements to the service. We have plans to rename it to be more descriptive, and to publish it at the Office 365 IP Address and URL publishing site at http://aka.ms/o365ip. If you have any problems using Office 365 related to this, please raise a support incident so that we can assist at https://support.office.com/ 


Therein lies the irony - to identify performance issues - when I am getting a timeout from said server / cert! And eventually blank screen (Chrome) Browser crash (IE 11), I don't even want to try in Edge!

Replicate on SharePoint online by switching a fairly substantial list between Modern and Classic view.

If it is performance this is trying to fix - then I recommend someone in MS switch it off first!

seems you are still using these kind of URLs ?

@PaulAndrew 
Responding to your old reply. has this url been updated on Microsoft allowed url list? I am still unable to find this listed in any of following article. https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worl...

https://learn.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-endpoints?view=o365-worldwi...

It's been 5 years and there is nothing about this domain on official microsoft documentation websites. Better yet, I've started seeing this coming not from office, but from Windows Search. Here's a screenshot from ESET Protect report from one of our computers.

Clipboard01.png