SOLVED

What is the domain "nrb.footprintdns.com"??

Brass Contributor

Hello Everyone

 

From 3/2/2018, when I access my SharePoint site the following certificate site? is displayed.

https://37CFD84CE79EF6104C98E018AE6ABD10.nrb.footprintdns.com

And request me to type account and pw.. Although I entered my PW I cant access my sharepoint site. I want to know why? And how can I access my site.

 

So I want to ask the following questions:

 

1.When I access the above URL Office 365 sign in page is appeared what is the relationship between Microsoft?

 

2.Since today Microsoft is beginning to use the [nrb.footprintdns.com] domain?

 

3. What is the purpose that Microsoft use the [nrb.footprintdns.com]?

 

4. I googled and I found the following site. And I can also search the domain [37CFD84CE79EF6104C98E018AE6ABD10.nrb.footprintdns.com] in there.

https://www.threatcrowd.org/

I really don’t understand why microsoft use the thteats? Site for what purpose DNS?

I did not have this situation previous to 3/2/2018.

 

Can anyone tell me how to resolve this situation..

 I do not have any certificate knowledge so I will very appreciate if anyone can tell me the reason simply.

 

Thanks.

 

40 Replies
Sorry, but I'm not following you here: when is that Url displayed?

Can someone explain the purpose of *.footprintdns.com domains? To be specific what *.nrb.footprintdns.com does? Something weird about this domain.

I'm also seeing network traffic for this domain and it seems to be loading a 1px .gif image to the page. 

The problem here is that the image takes multiple seconds to be loaded!

Why is there no response from Microsoft on this?

 

This domain is blocked by my adblocker under the category "Spyware filter" though it is clearly owned by Microsoft. 

 

We need an official explanation of what this is doing. Most importantly, we need to understand why this is not listed in the official URL list for Office 365.

 

We also need to know the impact of this domain being blocked which is clearly is being by some security tools.

Fiddler to my sharepoint site displays this: The server (0d255cb7441615dbb825de4d81cddac7.nrb.footprintdns.com) presented a certificate that did not validate, because it was issued to a different host.

Well since Microsoft have declined to respond. I recommend that everyone just blocks access to the domain.

I want to report that I have seen this as well.  I have multiple kiosk computers with traffic going to these *.nrb.footprintdns.com sites.  All we are doing is logging into Office 365 and using Outlook Online and Online Office Apps on these kiosks.  I have them locked down from browsing any websites except approved.  Can someone please find out why Microsoft is directing traffic to these sites?  They are not listed in the official Office365 URL list.

 

 

Attempts to visit blocked websites (2)

 

footprintdns.com

 
 

Any progress with knowing what this URL - nrb.footprintdns.com is for? Detecting it from user using o365 services. 

No, nobody from Microsoft has bothered to reply. I strongly recommend blocking the domain. I can't find anything it impacts.

It seems like the calls are made from a javascript called fp.js, which is downloaded from here:

https://r4.res.office365.com/footprint/v2.6/scripts/fp.js

(just click the link if you want to read the source code)

Still no response from MS ? Till today it was silent, but now, all the computers are getting this message, and the firewall installed is blocking it (the security certificate is not from a known or approved agency) Anyway, it isn't affecting the operation, so I think it is immaterial, except the nuisance value. But which group of microsoft is tryying to fish here ? The Office 365 group or the windows ?

hmm, last days my KAV starts to show me this warning with site nrb.footprintdns.com with invalid certificate...
But I'm not sure what exactly is trying to connect there...(and why)

MS, any reply ??
Thanks

My KAV is blocking access due to invalid certificate past 2 days now, too, saying, that these domains are accessed by Outlook. I saw the same in the past, but way less frequently.

Not sure if this is the place to post, but as others have identified Microsoft Office and Outlook as involved, I'll make my contribution.

 

My Kaspersky Total Security application is identifying an invalid certificate.  The source program is listed as Microsoft Office in the popup.  The certificate in question lists the related certificate site as outlook.live.com, and the detailed report lists the involved program as Microsoft Word!  I have attached the pertinent screenshots.  As you can see, the issue is very repetitive, with a different prefix for the url each time.  Comment would be appreciated.

 

PopupPopupCertificateCertificateDetailed reportDetailed report

 

I wonder, are we all 'affected persons' under KAV protection?

I just checked up the log of KAV, and it seems quite interesting. It has blocked the footprint not only for outlook but for others too , like ms-excel.  Probably if I open up other ms-office files it would do it the same for others.

The domain name "Foot-print" does not seem to be too innocuous.

In addition there is something else too.... probably you people could check up - KAV has blocked several other programs (all windows) - from data mining from other files !

I wonder is Microsoft illegally trying to acquire data ? 

Is it the reason why they are silent on this topic ?

Things look too Phishy.

Despite the Russian connection, may be we have to be thankful to Kasp 

 

I also decided to post on this in the Office 365 community, as all seems related to Office applications.

Apparently this domain is exclusively being used bij Microsoft to track your activity. That also explains why applications like Outlook and Excel both use it, but also website like Office365 and SharePoint. It looks like only authenticated users are being tracked, but I'm not totally sure. 

The reason why Kasperspy comes up with an issue about the authenticity of the domain is rather simple: some application is trying to access a domain (*.nrb.footprintdns.com) while the channel (outlook.office.com or live.com depending from the application you use) uses a certificate that does not match the url.

 

So why is Microsoft doing this? Well, that's (sort of) easy. Tracking your users' activity helps improving the product. Okay, that's the political/marketing way of saying it of course. But for business reasons Microsoft is also collecting data from their users, for all kinds of reasons. I would never expect a company like Microsoft to sell data like this (for it would mean their destruction). But using it for ads, improving their products, statistical data for having the best availability will be among the reasons. 

Also technically it's a good practise to use a separate service for this kind of activity. Being such a large company it's no surprise MSFT connected it to a different domain. Although it surprises me that they didn't use a microsoft.com domain. 

I do know that they try to track, but naturally I won't like to be tracked, even when I am not doing anything that "deserve" to be tracked 🙂

And doing it for the authentic (i.e. licenced) users, is something I won't even appreciate.

User Experience improvement ? I am old-timer, and I won't agree to, at the cost of invasion of privacy. Whether my data is being sold or not is immaterial. The raw data is collected, and I am sure is stored. The statistical report is next stage, and no one destroys raw data, even after the concise report is generated (at least as ex-student of Statistics, I won't, since these could be used for some further study, on some other aspect). 

By the way, the Kasp had, when I checked, blocked Chrome browser too. That was done without notifying me. I am thankful to Kasp, except that they shouldn't bother me by notifying, let them just block these. May be I would have to tell Kasp, that after a few "Disallow" s, they could as well black-list these domains, for my subscription at least. 

 

Came here for the same reason. Since yesterday KAV has been informing me about the SSL connection *.nrb.footprintdns.com

 

What really irks me is that I pay Microsoft for this software.

1 best response

Accepted Solutions
best response confirmed by David Sayer (Microsoft)
Solution

The domain nrb.footprintdns.com is owned by Microsoft and represents servers in Microsoft datacenters. It is used for telemetry purposes that comply with Microsoft privacy commitments that you can read about at: https://products.office.com/en-us/business/office-365-trust-center-privacy. Data sent to this domain is used to identify network connectivity and performance issues and to support improvements to the service. We have plans to rename it to be more descriptive, and to publish it at the Office 365 IP Address and URL publishing site at http://aka.ms/o365ip. If you have any problems using Office 365 related to this, please raise a support incident so that we can assist at https://support.office.com/ 

View solution in original post