Jump to content
Stavros

dw3i9sxi97owk.cloudfront.net is a False Positive

Recommended Posts

Hi,

I am member of the team responsible for running https://www.peopleperhour.com and our users are telling us that our CloudFront domain ( dw3i9sxi97owk.cloudfront.net ) is being blocked by malwarebytes premium. This domain fronts a AWS S3 bucket where we upload "user generated content" such as profile avatar images and user portfolio items. Although we use a virus scanner, it is possible that a malicious user has uploaded malware to our CloudFront domain - we will be sure to remove anything suspicious immediately if you are aware of anything? It is in our interests this domain is clean and we certainly want to protect our users. The overwhelming majority of files will be safe so blocking the whole domain isn't necessary and makes our website ugly to malwarebytes users.

we had a similar problem in the past. ref. https://forums.malwarebytes.com/topic/247879-dw3i9sxi97owkcloudfrontnet-is-a-false-positive 

As we were mentioned in the previous case we had, most of the files reported are only marked as malware by 1 engine, "Yandex Safebrowsing" and seem to be false positive any other file that is reported from more malware engines are already removed from our internal AV system. 

ref. https://www.virustotal.com/gui/domain/dw3i9sxi97owk.cloudfront.net/relations

Please let me know if there is something more to do to become unblocked by your system.

 

Regards, 

Stavros F.

 

Share this post


Link to post
Share on other sites
2 hours ago, Stavros said:

Hi,

I am member of the team responsible for running https://www.peopleperhour.com and our users are telling us that our CloudFront domain ( dw3i9sxi97owk.cloudfront.net ) is being blocked by malwarebytes premium. This domain fronts a AWS S3 bucket where we upload "user generated content" such as profile avatar images and user portfolio items. Although we use a virus scanner, it is possible that a malicious user has uploaded malware to our CloudFront domain - we will be sure to remove anything suspicious immediately if you are aware of anything? It is in our interests this domain is clean and we certainly want to protect our users. The overwhelming majority of files will be safe so blocking the whole domain isn't necessary and makes our website ugly to malwarebytes users.

we had a similar problem in the past. ref. https://forums.malwarebytes.com/topic/247879-dw3i9sxi97owkcloudfrontnet-is-a-false-positive 

As we were mentioned in the previous case we had, most of the files reported are only marked as malware by 1 engine, "Yandex Safebrowsing" and seem to be false positive any other file that is reported from more malware engines are already removed from our internal AV system. 

ref. https://www.virustotal.com/gui/domain/dw3i9sxi97owk.cloudfront.net/relations

Please let me know if there is something more to do to become unblocked by your system.

 

Regards, 

Stavros F.

 

Hello, thanks for bringing this to our attention. We've reviewed the site again and have determined it no longer warrants being blocked so we've removed it from our database.

Removal should be reflected in the next database update going out in a few hours or so.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.