Amazon blocked

Avast is currently blocking access to Amazon, citing malware. What’s going on?

Monitor one of these topics:
https://forum.avast.com/index.php?topic=284118.0
https://forum.avast.com/index.php?topic=284076.0

These are also reporting the same issue, if you are getting an alert for d3ag4hukkh62yn.cloudfront.net when visiting amazon.com.

That’s it. What to do about it?

It looks like this is the problem–

Cloudfront.net is a legitimate and safe content delivery network owned by Amazon. However, cybercriminals are abusing this CDN to deliver malicious content.

So Avast is blocking Amazon as a potential threat. What to do about it?

ok, got some workarounds for the folks who dont feel safe messing with the exceptions list.

the mobile apps are unaffected, and can be used for most tasks on amazon.

if you have windows 10, there IS an amazon app available that has all the same features of the website and so far has NOT tripped avast’s web shield.

I’m using 8.1 on a PC.

they MIGHT have an app on the win8 app store but dont quote me on that. 8.1 was a basket case of an os.

I’ve been using 8.1 for a long time now–never had a problem with it.

I just talked to a friend who tried who was blocked on Amazon by Avast as well. So he switched to Komodo and no issues. So it has to be Avast.

I bounced this off the guys over at tenforums and one user ran a check here https://www.virustotal.com/gui/url/557ee3ca5f765ef99c3900580dac57fad08755e2283b6191bc109b06839753c2/detection and virus total says all clear…problem’s definitely on avast’s end.

Hi ye guys, when the going gets narrow, keep an eye on the sparrow,

Well report it back to avast team, as they are the only ones to come up with a final verdict and unblock eventually.

From the following analysis, we can state, that the issue has been around for quite some time now and this verdict here is clear as CLEAN-cut can be. info from VT:

Joe Sandbox Analysis:

Detection: CLEAN
Score: 1/100
Classification: -clean1.win@5/169@30/16
Domains: -crl.rootca1.amazontrust.com -s.ss2.us -o.ss2.us -ocsp.rootg2.amazontrust.com -ocsp.sca1b.amazontrust.com -d3ag4hukkh62yn.cloudfront.net -www.amazon.com -amazoncustomerservice.d2.sc.omtrdc.net -crl.rootg2.amazontrust.com -s.amazon-adsystem.com -ocsp.rootca1.amazontrust.com -fls-na.amazon.com -unagi-na.amazon.com -images-na.ssl-images-amazon.com -crl.sca1b.amazontrust.com -m.media-amazon.com -completion.amazon.com -x.ss2.us
Hosts: 52.85.69.152 52.85.69.133 52.85.69.82 34.232.204.33 52.94.232.195 52.85.69.85 54.239.17.86 52.85.67.161 52.94.232.32 52.85.69.127 52.85.69.124 52.85.69.247 54.192.1.210 52.85.69.38 66.117.29.225 52.85.69.187

HTML Report: -https://www.joesandbox.com/analysis/62197/0/html
PDF Report: -https://www.joesandbox.com/analysis/62197/0/pdf
Executive Report: -https://www.joesandbox.com/analysis/62197/0/executive
Incident Report: -https://www.joesandbox.com/analysis/62197/0/irxml
IOCs: -https://www.joesandbox.com/analysis/62197?idtype=analysisid

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

P.S. from what xraiderv18 reports, there could be a CloudFlare error fly in the pie (see x-cache details)
Also consider: https://dnssec-debugger.verisignlabs.com/d3ag4hukkh62yn.cloudfront.net

There is no alert from Avast when you visit the official Amazon Website.

I just notified them of the problem and they were not aware of it, but they said their technical team would start looking into it. Pretty hard to sell stuff if people can’t access your website!

add in the fact so many of us in different areas are seeing this, and intermittently at that…thats what really made me think false positive…that and three seperate url analysis websites say its clean…and as was pointed out, cloudfront could well have something going on too.

Why is it so hard to figure out that if you go to https://www.amazon.com/ there is no problem or blockage?

why is it so hard to understand that is EXACTLY what I(and everyone else seeing this) type in every single time? the problem with cloudfront was preventing ANY amazon site from loading, and as cloudfront is amazon owned…therefore its an amazon block.

also, as of this morning…

as reported in this thread https://forum.avast.com/index.php?topic=284118.msg1629518#msg1629518

I was right. false positive.

to quote so many video games and boardwalk crane games: thank you for playing, please try again.

I can only assume that you didn’t submit it as a possible false positive.

I did submit it to avast as a possible false positive (so it could be investigated) and I too got the same email response from the virus labs team.

False positive or not it isn’t something that should be assumed, adding it as an exception (at your own risk) and or submit is as a possible false positive.

actually…once I was aware of the reporting tool for false positives, thats EXACTLY what I did, I submitted a report.

under siege 2 dark territory, that maxim about assumptions.

In the absence of information it is easy to make an ‘ass’ out of ‘u’ and ‘me’ :wink:

Because different people experience different results (see my results below).