Jump to content

dw3i9sxi97owk.cloudfront.net is a False Positive


tomfotherby
Go to solution Solved by Zynthesist,

Recommended Posts

Hi,

I am responsible for running https://www.peopleperhour.com and our users are telling us that our CloudFront domain ( dw3i9sxi97owk.cloudfront.net ) is being blocked by malwarebytes premium. This domain fronts a AWS S3 bucket where we upload "user generated content" such as profile avatar images and user portfolio items. Although we use a virus scanner, it is possible that a malicious user has uploaded malware to our CloudFront domain - we will be sure to remove anything suspicious immediately if you are aware of anything? It is in our interests this domain is clean and we certainly want to protect our users. The overwhelming majority of files will be safe so blocking the whole domain isn't necessary and makes our website ugly to malwarebytes users.

Is there any chance of removing dw3i9sxi97owk.cloudfront.net from the blacklist? or helping us understand the offending file hosted under our domain?

Cheers,

Tom Fotherby

Link to post
Share on other sites

In a effort to get my domain un-blacklisted, I have deleted many of the files shown by https://www.virustotal.com/#/domain/dw3i9sxi97owk.cloudfront.net - They should now return a 403. I noticed virustotal only lists 100 files, so I wonder if there are more but I can only see the last 100? Although I noticed the files go back to 2017-12-03 which seems a large enough timeframe.

I noticed some of the files are only marked as malware by 1 engine, "Yandex Safebrowsing". I'm thinking maybe this engine has a very low threshold and might be marking my files simply because of the domain, not the actual contents. That's just a guess though. An example is https://www.virustotal.com/#/url/bce81cd104b72a1451467febd87641abddf3e849c00188e2d2622ab4200559f2/detection

We scan the files using ClamAV free version - it seems it does not detect malware as well as some other products. Shame.

@Zynthesist - Please can you let me know if more is required from me? Thank you for your help so far.

 

Edited by Zynthesist
remove links
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.