Author Topic: False detection at https://amazon.com.mx  (Read 1145 times)

0 Members and 1 Guest are viewing this topic.

Offline ogrfnkl

  • Newbie
  • *
  • Posts: 9
False detection at https://amazon.com.mx
« on: June 01, 2022, 10:39:41 PM »
I've reported this problem directly to Avast several times before (the first time about 2 years ago), and it's still not solved: the Amazon Mexico site, www.amazon.com.mx, is being OCCASIONALLY detected as a malicious page and blocked. This probably has something to do with the fact that Amazon is using a legitimate caching/acceleration service, Fastly.net. The page actually being reported by Avast is: httpx://www-amazon-com-mx.customer.fastly.net/. This only happens sporadically, but often enough for it to be a major headache. Adding an exception for the Fastly page doesn't help at all; the only workaround is to disable the Avast Web Shield, or else just wait 30-60 minutes and the problem spontaneously resolves itself (until the next time it happens). Amazon.com.mx is a major site with tens of millions of users, but for some reason, Avast seems completely uninterested in addressing the issue... What the heck is up with this, guys????
« Last Edit: June 04, 2022, 02:05:59 AM by ogrfnkl »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86832
  • No support PMs thanks
Re: False detection at https://amazon.com.mx
« Reply #1 on: June 02, 2022, 12:21:41 AM »
You aren't getting an alert at amazon.com.mx but customer.fastly.net

I visited amazon.com.mx and no alert, see attached image.

Your images shows customer.fastly.net trying to look like amazon.com.mx but failing badly amazon-com-mx as a sub folder of customer.fastly.net.

Something in your Opera browser is trying to connect or a site you visited redirected to this link.

EDIT:
Please break active links to suspect site.

Even trying the link you gave and the one in your image amazon-com-mx.customer.fastly.net has Firefox warning about it see second image.  And Avast alerts whilst I was doing a screen capture.

Also if you were reporting amazon.com.mx or amazon-com-mx.customer.fastly.net to avast ?
« Last Edit: June 02, 2022, 12:27:32 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline ogrfnkl

  • Newbie
  • *
  • Posts: 9
Re: False detection at https://amazon.com.mx
« Reply #2 on: June 02, 2022, 08:59:10 AM »
You aren't getting an alert at amazon.com.mx but customer.fastly.net

I visited amazon.com.mx and no alert, see attached image.

Your images shows customer.fastly.net trying to look like amazon.com.mx but failing badly amazon-com-mx as a sub folder of customer.fastly.net.

Something in your Opera browser is trying to connect or a site you visited redirected to this link.

EDIT:
Please break active links to suspect site.

Even trying the link you gave and the one in your image amazon-com-mx.customer.fastly.net has Firefox warning about it see second image.  And Avast alerts whilst I was doing a screen capture.

Also if you were reporting amazon.com.mx or amazon-com-mx.customer.fastly.net to avast ?

Thank you for replying, but I wonder if you've actually read all the text of my original message. There is nothing nefarious or even suspect about fastly.net -- as I stated in my message, it is a web caching/accelerator service, similar to CloudFlare. Amazon contracts it to accelerate its page delivery, and as such, all requests to amazon.com.mx have a transparent DNS redirect to fastly.net, which loads the final content. The only issue here is that Avast is failing to understand what's happening and falsely assumes that this is a DNS hijack. I've already gone through one round of dealing with Avast Support on this problem about a year and a half ago, and they recognized the issue and supposedly fixed it, but lo and behold, it was back a few months later. And the latest report I made two weeks ago has been completely ignored...
« Last Edit: June 02, 2022, 09:07:01 AM by ogrfnkl »

Offline EdAgee

  • Jr. Member
  • **
  • Posts: 60
Re: False detection at https://amazon.com.mx
« Reply #3 on: June 02, 2022, 09:29:01 AM »
It seems that if Avast isn't taking the matter seriously enough, then informing Amazon about your previous work to fix this and the present thread you have started, would be a good idea. I don't think Avast can afford to ignore Amazon. Just a thought.

Offline ogrfnkl

  • Newbie
  • *
  • Posts: 9
Re: False detection at https://amazon.com.mx
« Reply #4 on: June 02, 2022, 10:29:41 AM »
It seems that if Avast isn't taking the matter seriously enough, then informing Amazon about your previous work to fix this and the present thread you have started, would be a good idea. I don't think Avast can afford to ignore Amazon. Just a thought.

Thanks for the suggestion, I suppose I could do that.

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2518
Re: False detection at https://amazon.com.mx
« Reply #5 on: June 02, 2022, 12:40:03 PM »
I've reported this problem directly to Avast several times before (the first time about 2 years ago), and it's still not solved: the Amazon Mexico site, www. amazon.com.mx, is being OCCASIONALLY detected as a malicious page and blocked. This probably has something to do with the fact that Amazon is using a legitimate caching/acceleration service, Fastly.net. The page actually being reported by Avast is: httpx://www-amazon-com-mx.customer.fastly.net/. This only happens sporadically, but often enough for it to be a major headache. Adding an exception for the Fastly page doesn't help at all; the only workaround is to disable the Avast Web Shield, or else just wait 30-60 minutes and the problem spontaneously resolves itself (until the next time it happens). Amazon.com.mx is a major site with tens of millions of users, but for some reason, Avast seems completely uninterested in addressing the issue... What the heck is up with this, guys????

Hi,

Even though the detection seems to occur on www. amazon.com.mx the actual URL and type of detection can be different (as it is in this case). It is best to report it as a false positive via https://www.avast.com/false-positive-file-form.php so that an Avast Virus Specialist can look into it.
« Last Edit: June 02, 2022, 12:41:41 PM by r@vast »

Offline ogrfnkl

  • Newbie
  • *
  • Posts: 9
Re: False detection at https://amazon.com.mx
« Reply #6 on: June 03, 2022, 09:09:12 AM »
I've reported this problem directly to Avast several times before (the first time about 2 years ago), and it's still not solved: the Amazon Mexico site, www. amazon.com.mx, is being OCCASIONALLY detected as a malicious page and blocked. This probably has something to do with the fact that Amazon is using a legitimate caching/acceleration service, Fastly.net. The page actually being reported by Avast is: httpx://www-amazon-com-mx.customer.fastly.net/. This only happens sporadically, but often enough for it to be a major headache. Adding an exception for the Fastly page doesn't help at all; the only workaround is to disable the Avast Web Shield, or else just wait 30-60 minutes and the problem spontaneously resolves itself (until the next time it happens). Amazon.com.mx is a major site with tens of millions of users, but for some reason, Avast seems completely uninterested in addressing the issue... What the heck is up with this, guys????

Hi,

Even though the detection seems to occur on www. amazon.com.mx the actual URL and type of detection can be different (as it is in this case). It is best to report it as a false positive via https://www.avast.com/false-positive-file-form.php so that an Avast Virus Specialist can look into it.

I just reported this issue again via the form you mentioned, for the THIRD time! Let's see if Avast takes it seriously this time (I am not holding my breath...).  :-\

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33669
  • malware fighter
Re: False detection at https://amazon.com.mx
« Reply #7 on: June 03, 2022, 01:39:33 PM »
Not flagging unsafe content per se as such, but quite some users may like to avoid some of what the amazon.com.mx site is contacting (ping).

What users actually should block on -amazon.com.mx = -s.amazon-adsystem.com

This is not about unsafe content, but about third party coookie tracking,
where also inevitably markmonitor is being involved.

So it is al about consumer-end-user.tracking and your personal privacy as a consumer/end-user.
Know for instance that Privacy Badger extension blocks it inside your browser of choice.

How that particular third party coookie solution is being advertised towards ad-marketeers,
and that is why I present it here, but not as a live link:
hxtps://confection.io/third-party-cookies/amazon-adsystem-com/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline ogrfnkl

  • Newbie
  • *
  • Posts: 9
Re: False detection at https://amazon.com.mx
« Reply #8 on: June 04, 2022, 02:05:36 AM »
Not flagging unsafe content per se as such, but quite some users may like to avoid some of what the amazon.com.mx site is contacting (ping).

What users actually should block on -amazon.com.mx = -s.amazon-adsystem.com

This is not about unsafe content, but about third party coookie tracking,
where also inevitably markmonitor is being involved.

So it is al about consumer-end-user.tracking and your personal privacy as a consumer/end-user.
Know for instance that Privacy Badger extension blocks it inside your browser of choice.

How that particular third party coookie solution is being advertised towards ad-marketeers,
and that is why I present it here, but not as a live link:
hxtps://confection.io/third-party-cookies/amazon-adsystem-com/

polonus

Thanks for the information, I'll look into this. I do have third-party cookies blocked at the browser level, so I don't think that'll be of much concern. Do you think that Amazon only does this on its Mexican site, though? My guess would be that it'll have the same ad tracking scheme on all of its sites.

Anyway, I just got a reply from Avast Support to the false positive report I made, and they said they had cleared the detection from the database, so it shouldn't happen again. We'll see... Hope this time it sticks.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33669
  • malware fighter
Re: False detection at https://amazon.com.mx
« Reply #9 on: June 05, 2022, 01:29:49 PM »
Detection apparently was a FP.
Sometimes cloud services may kick up such mishaps.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!