Author Topic: False detection at https://amazon.com.mx (Read 2424 times)

ogrfnkl · « **on:** June 01, 2022, 10:39:41 PM »

I've reported this problem directly to Avast several times before (the first time about 2 years ago), and it's still not solved: the Amazon Mexico site, www.amazon.com.mx, is being OCCASIONALLY detected as a malicious page and blocked. This probably has something to do with the fact that Amazon is using a legitimate caching/acceleration service, Fastly.net. The page actually being reported by Avast is: httpx://www-amazon-com-mx.customer.fastly.net/. This only happens sporadically, but often enough for it to be a major headache. Adding an exception for the Fastly page doesn't help at all; the only workaround is to disable the Avast Web Shield, or else just wait 30-60 minutes and the problem spontaneously resolves itself (until the next time it happens). Amazon.com.mx is a major site with tens of millions of users, but for some reason, Avast seems completely uninterested in addressing the issue... What the heck is up with this, guys?

DavidR · « **Reply #1 on:** June 02, 2022, 12:21:41 AM »

You aren't getting an alert at amazon.com.mx but customer.fastly.net

I visited amazon.com.mx and no alert, see attached image.

Your images shows customer.fastly.net trying to look like amazon.com.mx but failing badly amazon-com-mx as a sub folder of customer.fastly.net.

Something in your Opera browser is trying to connect or a site you visited redirected to this link.

EDIT:
Please break active links to suspect site.

Even trying the link you gave and the one in your image amazon-com-mx.customer.fastly.net has Firefox warning about it see second image. And Avast alerts whilst I was doing a screen capture.

Also if you were reporting amazon.com.mx or amazon-com-mx.customer.fastly.net to avast ?

ogrfnkl · « **Reply #2 on:** June 02, 2022, 08:59:10 AM »

Quote from: DavidR on June 02, 2022, 12:21:41 AM

You aren't getting an alert at amazon.com.mx but customer.fastly.net

I visited amazon.com.mx and no alert, see attached image.

Your images shows customer.fastly.net trying to look like amazon.com.mx but failing badly amazon-com-mx as a sub folder of customer.fastly.net.

Something in your Opera browser is trying to connect or a site you visited redirected to this link.

EDIT:
Please break active links to suspect site.

Even trying the link you gave and the one in your image amazon-com-mx.customer.fastly.net has Firefox warning about it see second image. And Avast alerts whilst I was doing a screen capture.

Also if you were reporting amazon.com.mx or amazon-com-mx.customer.fastly.net to avast ?

Thank you for replying, but I wonder if you've actually read all the text of my original message. There is nothing nefarious or even suspect about fastly.net -- as I stated in my message, it is a web caching/accelerator service, similar to CloudFlare. Amazon contracts it to accelerate its page delivery, and as such, all requests to amazon.com.mx have a transparent DNS redirect to fastly.net, which loads the final content. The only issue here is that Avast is failing to understand what's happening and falsely assumes that this is a DNS hijack. I've already gone through one round of dealing with Avast Support on this problem about a year and a half ago, and they recognized the issue and supposedly fixed it, but lo and behold, it was back a few months later. And the latest report I made two weeks ago has been completely ignored...

EdAgee · « **Reply #3 on:** June 02, 2022, 09:29:01 AM »

It seems that if Avast isn't taking the matter seriously enough, then informing Amazon about your previous work to fix this and the present thread you have started, would be a good idea. I don't think Avast can afford to ignore Amazon. Just a thought.

ogrfnkl · « **Reply #4 on:** June 02, 2022, 10:29:41 AM »

Quote from: EdAgee on June 02, 2022, 09:29:01 AM

It seems that if Avast isn't taking the matter seriously enough, then informing Amazon about your previous work to fix this and the present thread you have started, would be a good idea. I don't think Avast can afford to ignore Amazon. Just a thought.

Thanks for the suggestion, I suppose I could do that.

r@vast · « **Reply #5 on:** June 02, 2022, 12:40:03 PM »

Quote from: ogrfnkl on June 01, 2022, 10:39:41 PM

I've reported this problem directly to Avast several times before (the first time about 2 years ago), and it's still not solved: the Amazon Mexico site, www. amazon.com.mx, is being OCCASIONALLY detected as a malicious page and blocked. This probably has something to do with the fact that Amazon is using a legitimate caching/acceleration service, Fastly.net. The page actually being reported by Avast is: httpx://www-amazon-com-mx.customer.fastly.net/. This only happens sporadically, but often enough for it to be a major headache. Adding an exception for the Fastly page doesn't help at all; the only workaround is to disable the Avast Web Shield, or else just wait 30-60 minutes and the problem spontaneously resolves itself (until the next time it happens). Amazon.com.mx is a major site with tens of millions of users, but for some reason, Avast seems completely uninterested in addressing the issue... What the heck is up with this, guys?

Hi,

Even though the detection seems to occur on www. amazon.com.mx the actual URL and type of detection can be different (as it is in this case). It is best to report it as a false positive via https://www.avast.com/false-positive-file-form.php so that an Avast Virus Specialist can look into it.

ogrfnkl · « **Reply #6 on:** June 03, 2022, 09:09:12 AM »

Quote from: r@vast on June 02, 2022, 12:40:03 PM

Quote from: ogrfnkl on June 01, 2022, 10:39:41 PM
I've reported this problem directly to Avast several times before (the first time about 2 years ago), and it's still not solved: the Amazon Mexico site, www. amazon.com.mx, is being OCCASIONALLY detected as a malicious page and blocked. This probably has something to do with the fact that Amazon is using a legitimate caching/acceleration service, Fastly.net. The page actually being reported by Avast is: httpx://www-amazon-com-mx.customer.fastly.net/. This only happens sporadically, but often enough for it to be a major headache. Adding an exception for the Fastly page doesn't help at all; the only workaround is to disable the Avast Web Shield, or else just wait 30-60 minutes and the problem spontaneously resolves itself (until the next time it happens). Amazon.com.mx is a major site with tens of millions of users, but for some reason, Avast seems completely uninterested in addressing the issue... What the heck is up with this, guys?

Hi,

Even though the detection seems to occur on www. amazon.com.mx the actual URL and type of detection can be different (as it is in this case). It is best to report it as a false positive via https://www.avast.com/false-positive-file-form.php so that an Avast Virus Specialist can look into it.

I just reported this issue again via the form you mentioned, for the THIRD time! Let's see if Avast takes it seriously this time (I am not holding my breath...). $:-\$

polonus · « **Reply #7 on:** June 03, 2022, 01:39:33 PM »

Not flagging unsafe content per se as such, but quite some users may like to avoid some of what the amazon.com.mx site is contacting (ping).

What users actually should block on -amazon.com.mx = -s.amazon-adsystem.com

This is not about unsafe content, but about third party coookie tracking,
where also inevitably markmonitor is being involved.

So it is al about consumer-end-user.tracking and your personal privacy as a consumer/end-user.
Know for instance that Privacy Badger extension blocks it inside your browser of choice.

How that particular third party coookie solution is being advertised towards ad-marketeers,
and that is why I present it here, but not as a live link:
hxtps://confection.io/third-party-cookies/amazon-adsystem-com/

polonus

ogrfnkl · « **Reply #8 on:** June 04, 2022, 02:05:36 AM »

Quote from: polonus on June 03, 2022, 01:39:33 PM

Not flagging unsafe content per se as such, but quite some users may like to avoid some of what the amazon.com.mx site is contacting (ping).

What users actually should block on -amazon.com.mx = -s.amazon-adsystem.com

This is not about unsafe content, but about third party coookie tracking,
where also inevitably markmonitor is being involved.

So it is al about consumer-end-user.tracking and your personal privacy as a consumer/end-user.
Know for instance that Privacy Badger extension blocks it inside your browser of choice.

How that particular third party coookie solution is being advertised towards ad-marketeers,
and that is why I present it here, but not as a live link:
hxtps://confection.io/third-party-cookies/amazon-adsystem-com/

polonus

Thanks for the information, I'll look into this. I do have third-party cookies blocked at the browser level, so I don't think that'll be of much concern. Do you think that Amazon only does this on its Mexican site, though? My guess would be that it'll have the same ad tracking scheme on all of its sites.

Anyway, I just got a reply from Avast Support to the false positive report I made, and they said they had cleared the detection from the database, so it shouldn't happen again. We'll see... Hope this time it sticks.

polonus · « **Reply #9 on:** June 05, 2022, 01:29:49 PM »

Detection apparently was a FP.
Sometimes cloud services may kick up such mishaps.

polonus

Author Topic: False detection at https://amazon.com.mx (Read 2424 times)

ogrfnkl

False detection at https://amazon.com.mx

DavidR

Re: False detection at https://amazon.com.mx

ogrfnkl

Re: False detection at https://amazon.com.mx

EdAgee

Re: False detection at https://amazon.com.mx

ogrfnkl

Re: False detection at https://amazon.com.mx

r@vast

Re: False detection at https://amazon.com.mx

ogrfnkl

Re: False detection at https://amazon.com.mx

polonus

Re: False detection at https://amazon.com.mx

ogrfnkl

Re: False detection at https://amazon.com.mx

polonus

Re: False detection at https://amazon.com.mx