All of a sudden I have started getting these avast alerts.

Avast Web Shield alert
Multiple web
We’ve blocked a threat URL:Phishing on https://dns.google/dns-query
from being downloaded.

Threat Name: URL:Phishing
Severity: Medium
Website: https://dns.google/dns-query
Process: /Applications/Google Chrome.app/Contests/Frameworks/…/Google Chrome Helper
Detected by: Web Sheild
Status: Threat blocked

I am going to hazard a guess, this is chrome making DNS queries over https.

I am getting numerous alerts every minute.

Due to lack of context and information about this supposed threat, I have assumed a false positive and allowed these requests just to stop the avast spam.

Flagged by just one vendor: https://www.virustotal.com/gui/url/b8f334f0e0a1e7bfd45032529d0eef7807fd2a5d77666b1d1c4bb62918d0dfcf

Connection errors - http - https 404 error

See: https://urlscan.io/result/7711d9d2-f284-420f-83ef-0d5493504975/

See initial request kicks-up a 404 error: https://urlscan.io/result/7711d9d2-f284-420f-83ef-0d5493504975/ (due to a malformed or illegal request)

See: https://sitereport.netcraft.com/?url=https://dns.google (dns.google = OK)

polonus

Confirmed. We also have a bunch of customers with detections like that.

From what I see here is that Avast Clients since end of feburary are blocking almost over all components (webshield, behavior shield, scan/fileshield) more than it used to be… See my other post regarding this…

You may also resolve in a direct manner, like: https://dns.google/resolve?name=
complete it with hostname etc. else it will also kick-up a 400 (Bad Request)!1

Random example, e.g.: https://dns.google/resolve?name=forum.avast.coml&type=A, resolving as:

{"Status":3,"TC":false,"RD":true,"RA":true,"AD":true,"CD":false,"Question":[{"name":"forum.avast.coml.","type":1}],"Authority":[{"name":".","type":6,"TTL":86398,"data":"a.root-servers.net. nstld.verisign-grs.com. 2023030300 1800 900 604800 86400"}]}

polonus