Dear All,
good day to you.
I've CAS alerts for blocked suspicious requests with unknown sources address like below.
Server: 52.85.22.126
Client: Unknown
Virus/PUS: "Suspicious:Trojan.Script.Generic" found!
URL: hxxps://d4n2lybtj245w.cloudfront.net/images/cashusso/javascript/bootstrap.min.js
by investigation I found the request is initiated from the proxy itself not from any user.
is there any clarification for that?
Thanks in advance.