Today I’ve had two URL:Blacklist alerts from on-premise-managed Avast Business Pro concerning a single js script from cloudfront.net on a single computer.
A complete URL is given; VirusTotal doesn’t see a problem with it.
The only websites I’ve visited on this computer today are this Avast forum, the Avast console, and my own organization’s website, which runs on WordPress.
I’m not sure I’m supposed to post full URLs here, so these are munged:
Alleged problematic cloudfront URL is:
[https:] … d275im4r3zngba[.]cloudfront[.]net/script.js
Our website is:
[http:] … www[.]stic-cil[.]org
The console URL is local.
Windows 7 Ultimate
Avast Business Pro Program Version 22.1.2687 (build 22.1.6921.715)
Virus Definition Version 220330-2
I’m not trying to claim that this is a false positive (though it would be amusing if this is generated by Avast’s forum website or its own on-premise console). I’d like to know what’s going on here.
Thanks for any help.
Nothing flagged here, but server kicks up a 403 error (website issue ): https://www.virustotal.com/gui/url/9a045c9920886b188acffe77411e03f5a89d8ca872648df08c1b60e43c8a0db7/detection
NET::ERR_CERT_COMMON_NAME_INVALID for that IP 13.32.192.14.
So you should hear it from the horse’s mouth, avast team that is, whether this is genuine.
Amazon S3 Cloudfront issue.
What MBAM had to report about such detections: https://blog.malwarebytes.com/detections/cloudfront-net/
See mentioned associated threats given there.
polonus
Huh? That detection is from four months ago. And I don’t see a 404 error anywhere there.
When I tried it the other day, I hit the refresh link to make sure it was fresh. It should have given you my much more recent results. I did the same again just now. On first try it gave the 4-month-old results–again. I hit the refresh link–again–and got results from “a moment ago”. Something is wrong over there…
Kicks up an x-cache error from Cloudfront on the AmazonS3 bucket server.
Via: 1.1 1026589cc7887e7a0dc7827b4example.cloudfront.net (CloudFront)
polonus