« previous next »
Pages: [1]   Go Down

Author Topic: Cloudfront.net detections?  (Read 2684 times)

0 Members and 1 Guest are viewing this topic.

Offline KDibble

  • Sr. Member
  • ****
  • Posts: 229
Cloudfront.net detections?
« on: March 30, 2022, 07:03:11 PM »
Today I've had two URL:Blacklist alerts from on-premise-managed Avast Business Pro concerning a single js script from cloudfront.net on a single computer.

A complete URL is given; VirusTotal doesn't see a problem with it.

The only websites I've visited on this computer today are this Avast forum, the Avast console, and my own organization's website, which runs on WordPress.

I'm not sure I'm supposed to post full URLs here, so these are munged:

Alleged problematic cloudfront URL is:

[https:] ... d275im4r3zngba[.]cloudfront[.]net/script.js

Our website is:

[http:] ... www[.]stic-cil[.]org

The console URL is local.

Windows 7 Ultimate
Avast Business Pro Program Version 22.1.2687 (build 22.1.6921.715)
Virus Definition Version 220330-2

I'm not trying to claim that this is a false positive (though it would be amusing if this is generated by Avast's forum website or its own on-premise console). I'd like to know what's going on here.

Thanks for any help.


Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Cloudfront.net detections?
« Reply #1 on: March 30, 2022, 10:19:21 PM »
Nothing flagged here, but server kicks up a 403 error (website issue ): https://www.virustotal.com/gui/url/9a045c9920886b188acffe77411e03f5a89d8ca872648df08c1b60e43c8a0db7/detection
NET::ERR_CERT_COMMON_NAME_INVALID for that IP 13.32.192.14.

So you should hear it from the horse's mouth, avast team that is, whether this is genuine.

Amazon S3 Cloudfront issue.
What MBAM had to report about such detections: https://blog.malwarebytes.com/detections/cloudfront-net/
See mentioned associated threats given there.

polonus
« Last Edit: March 30, 2022, 10:24:12 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline KDibble

  • Sr. Member
  • ****
  • Posts: 229
Re: Cloudfront.net detections?
« Reply #2 on: March 31, 2022, 07:59:46 PM »
Quote from: polonus on March 30, 2022, 10:19:21 PM
Nothing flagged here, but server kicks up a 403 error (website issue ): https://www.virustotal.com/gui/url/9a045c9920886b188acffe77411e03f5a89d8ca872648df08c1b60e43c8a0db7/detection
NET::ERR_CERT_COMMON_NAME_INVALID for that IP 13.32.192.14.

Huh? That detection is from four months ago. And I don't see a 404 error anywhere there.

When I tried it the other day, I hit the refresh link to make sure it was fresh. It should have given you my much more recent results. I did the same again just now. On first try it gave the 4-month-old results--again. I hit the refresh link--again--and got results from "a moment ago". Something is wrong over there...

Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Cloudfront.net detections?
« Reply #3 on: March 31, 2022, 10:36:49 PM »
Kicks up an x-cache error from Cloudfront on the AmazonS3 bucket server.

Via: 1.1 1026589cc7887e7a0dc7827b4example.cloudfront.net (CloudFront)

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »