This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 49%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
I wish to know if the flagging of this address is a false positive from MS side or whether the entire CDN is truly malicious.
Issue can be reproduced on any box with network protection in block mode. Open browser, attempt to navigate to https[:]//cdn.js7k.com.
suddenly started getting a large number of Network Protection alerts related to cdn.js7k.com in M365.
like to know if this is a false positive or whether blocking the entire CDN is truly what is intended.
I am unsure if end users are noticing any impact, as I do not how they are actually ending up visiting that site. It appears to be related to Ad delivery, so it could be that the users are sitting on an entirely unrelated page and touching the site via Ads.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 67%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hi @JustinMicheal-7973
Here I would suggest yo openning a service request in O365 to get further support about whether the link is malicious or a false positive from Microsoft. This is more related to O365 backend and we do not have more information how Microsoft judged it. Thanks for your understanding!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 98%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
I see there is no content on the website https[:]//cdn.js7k.com and might be difficult to confirm whether the Alerts are FP or not, with out analyzing the actual content on the website.
I think if you can provide more information regarding the website, like - what content it used to host etc.. that might help Microsoft to investigate further.(not sure, these are my thoughts)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 28.999999999999996%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPG%3C/text%3E%3C/svg%3E)
We started getting the same behavior over the weekend, I've had one of my team submit a support case to ask what the root cause determination was. Will reply with whatever they come back with
Update, Microsoft still haven't been able to say exactly why but the blocking doesn't appear to be still in place, putting money on a CDN node accidentally being added to the block list instead of the ad network or other content it was serving
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 94%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
I suspect similar, as using the advanced threat hunting I can see plenty of successful connections before and since the blocked connections. I gave up on our support case as it was like pulling teeth.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 76%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Hello folks, did anyone got an answer from Microsoft? i got a lot of alerts about suspicious connection to that url.
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 76%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
We submitted a report case this morning, still waiting to hear back.
@Rocky254 It's a CDN so the content will be unlikely to be static, a single CDN user could have triggered blocking or the CDN itself is suspect, or of course FP. Still no word from MSFT on our ticket