Jump to content
MicLima

ANSWERED amazonaws blocked

Recommended Posts

Just started getting blocks to amazonaws domains.

s3-us-west-2.amazonaws.com

ubp-ubpextension-us-prod.s3-us-west-2.amazonaws.com

Are these legit blocks?  Happens just about every 10 minutes and I am not actively browsing Amazon at the time.

 

Thanks.

Share this post


Link to post
Share on other sites

Thank you very much for reporting this to us!
The domain got blocked for phishing page that was hosted there -

2019-11-08_16-15-00.thumb.png.5c4262d6caf97f6454007ee1428cc232.png

 

Block was removed and the updated DB should be out soon. :)

Share this post


Link to post
Share on other sites

I got one too, cyberpowersystems.com via aws.  Here is my log file:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/8/19
Protection Event Time: 10:04 AM
Log File: ffb08832-0238-11ea-a48d-902b345ac610.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.629
Update Package Version: 1.0.13239
License: Premium

-System Information-
OS: Windows 10 (Build 18362.449)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Phishing
Domain: cyber-power.s3-us-west-2.amazonaws.com
IP Address: 52.218.201.249
Port: [59542]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(end)

 

Share this post


Link to post
Share on other sites
3 minutes ago, Dashke said:

Thank you very much for reporting this to us!
The domain got blocked for phishing page that was hosted there -

2019-11-08_16-15-00.thumb.png.5c4262d6caf97f6454007ee1428cc232.png

 

Block was removed and the updated DB should be out soon. :)

Great, thanks for speedy response!

Share this post


Link to post
Share on other sites

Hello, I've been seeing this website blocked every few seconds from the time I logged in this morning. Here's the screenshot:

 

image.png.bfc34242eb534dab94cc43322347434b.png

 

I ran another Malwarebytes program ( to try to get rid of it but it didn't find anything so I'm not sure what to do about it. In my Browser Guard is shows this, not sure if it's related: www.googletagmanager.com

Thanks for your help.

Share this post


Link to post
Share on other sites

Mines happen every 10 minutes as well and as soon as I open up chrome

This is what my log says

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/8/19
Protection Event Time: 6:11 AM
Log File: 65571062-0242-11ea-b766-309c23a33db1.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.629
Update Package Version: 1.0.13241
License: Premium

-System Information-
OS: Windows 10 (Build 18362.449)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Phishing
Domain: ubp-ubpextension-us-prod.s3-us-west-2.amazonaws.com
IP Address: 52.218.234.1
Port: [55376]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(end)

 

That's one of them here's the other

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/8/19
Protection Event Time: 6:11 AM
Log File: 6515c738-0242-11ea-9f6b-309c23a33db1.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.629
Update Package Version: 1.0.13241
License: Premium

-System Information-
OS: Windows 10 (Build 18362.449)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Phishing
Domain: s3-us-west-2.amazonaws.com
IP Address: 52.218.236.16
Port: [55373]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(end)

 

I've tried to see if the IP addresses were similar to each other but they aren't. 

Here are some of them:

 

52.218.128.124

52.218.200.168

52.218.229.97

I've tried troubleshooting by closing all my chrome windows but it still pops up even while I'm typing this out on this website.

Share this post


Link to post
Share on other sites

The domain s3-us-west-2.amazonaws.com, is an AWS endpoint used by a lot of legitimate companies for access to S3, Malwarebytes should have know blocking this domain would cause a lot of issues due to how it is used.  To prevent this type of issue from happening they need to have the ability to block at the page level as well as the domain level.  

Share this post


Link to post
Share on other sites

I am waiting to chat with support about this, for now we created an exclusion for s3-us-west-2.amazonaws.com, stopped the pop up alerts almost immediately.

Share this post


Link to post
Share on other sites

I just checked my Malwarebytes for updates and it said there was a new version to install.  I installed it and haven't had a popup since.

 

Just thought I'd put that out there.

Share this post


Link to post
Share on other sites

The block has been modified and notifications shouldn't occur any more.

Thank you for reporting this to us.

As said previously, the block was put because there was a phishing page on s3-us-west-2.amazonaws.com.

Please keep in mind that if you are using Browser Guard, the phishing page will be blocked, but not the entire s3-us-west-2.amazonaws.com. :)

Edited by Dashke

Share this post


Link to post
Share on other sites

I'm still getting the popups:

During the time it shows no websites blocked (9:17 - 9:51), I was away from computer. I'm not sure if I have Browser Guard, I thought I had found it looking around for help within Malwarebytes. If I need to do something to stop all this, please let me know. I'm not  tech. savvy. Thank you.

image.png.5da0cfd0f9234c35f35c6db8b77f5239.png

Share this post


Link to post
Share on other sites
5 minutes ago, SoCalGrl said:

I'm still getting the popups:

During the time it shows no websites blocked (9:17 - 9:51), I was away from computer. I'm not sure if I have Browser Guard, I thought I had found it looking around for help within Malwarebytes. If I need to do something to stop all this, please let me know. I'm not  tech. savvy. Thank you.

image.png.5da0cfd0f9234c35f35c6db8b77f5239.png

You're still showing the old build.  Try updating to the new version and see if it doesn't make a difference.  It did for me right away.

Share this post


Link to post
Share on other sites
5 hours ago, EvilZoe said:

You're still showing the old build.  Try updating to the new version and see if it doesn't make a difference.  It did for me right away.

I saw there was a new version, 4.0, however when I went to my dashboard it said my system was up to date. Thanks for the info, I will install the later version. Thank you!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.