AiTM Defender alert

We have received an alert from Defender suggesting a few of our users are attempting to reach an address associated with AiTM attacks.

Connection to adversary-in-the-middle (AiTM) phishing site on one endpoint is the actual error.
The URL being accessed it pub-b2a7679a35d14592bdd03d566ff4df62.r2.dev
IP: 104.18.2.35

I can’t seem to determine if this is a concern or I can safely ignore it.
Please can someone assist.

Thanks in advance

That URL is a public URL for an R2 bucket.
I mean if someone is hosting malware in their R2 bucket then it is a concern, but it could also litigate. Can’t really know unless you see the files being accessed. Same as if it was a public AWS S3 public.

1 Like

Ahh, I thought as much but without more information from defender I was kind of at a loss. Thank you! Really appreciate the response.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.