ProxySG & Advanced Secure Gateway

Expand all | Collapse all

Requests by proxy not initiated by users

  • 1.  Requests by proxy not initiated by users

    Posted 06-12-2019 03:57 AM

    Dear All,

    good day to you.

    I've CAS alerts for blocked suspicious requests with unknown sources address like below.

    Server: 52.85.22.126

    Client: Unknown

     

    Virus/PUS: "Suspicious:Trojan.Script.Generic" found!

    URL: hxxps://d4n2lybtj245w.cloudfront.net/images/cashusso/javascript/bootstrap.min.js

     

    by investigation I found the request is initiated from the proxy itself not from any user.

    is there any clarification for that?

     

    Thanks in advance.



  • 2.  RE: Requests by proxy not initiated by users

    Posted 06-12-2019 04:16 AM

    Hi Maher,

     

                    Would like to know on how did you confirmed that the request is not initiated by a user? If there is no access-log associated with this, then it could be a cache refresh attempt by Proxy. Check whether this file is already in cache or not by following the article https://support.symantec.com/en_US/article.TECH241196.html .



  • 3.  RE: Requests by proxy not initiated by users

    Posted 06-20-2019 02:49 AM

    Hi Aravind,

    you are right, the url request was due to cache refresh on the proxy.

    I deleted it from the cache.

    many thanks for your response and usual support.