Over the last few days three workstations running Avast Business Pro have alerted on this, as URL-Blacklist:
https://www.virustotal.com/gui/url/50462e8d4a7db80323a6fd6b2dae81baffe8643779c76003d86ded90235b7d71This is a subdomain of workers.dev, according to Subdomain Finder.
The only thing in common among those three workstations is access to a group email account--but every other workstation here (nearly 100 of them) also has access to that account and they have not alerted.
I looked at one of the workstations. User reported seeing the alert while using a map website, either Google Maps or MapQuest. Browser (Firefox) history indicates extensive use of Google Maps but does not list the above-reported URL.
Avast is blocking this successfully but I'd like to know more about how this thing works. How does the browser hit that URL without logging it into History?
Thanks for any help.
Avast Business Pro
On-Premises Console 7.29.968
Endpoint program 23.5.2755
Definitions 230711-4
