Masamunnex 0 Posted May 3, 2020 Share Posted May 3, 2020 Since yesterday ESET started blocking this address "https://cognito-identity.us-east-1.amazonaws.com" and it happened when i was on twitch, i checked all the times it blocked it and with browsing history it matches up with me being on twitch watching a live stream, i wanted to know if this website really is malicious and why its being on twitch, i tried to look it up and everything comes out as its an amazon legit website. thanks in advance. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted May 3, 2020 Administrators Share Posted May 3, 2020 Please post the appropriate record from the Filtered websites or Detection log. Link to comment Share on other sites More sharing options...
Masamunnex 0 Posted May 3, 2020 Author Share Posted May 3, 2020 2 minutes ago, Marcos said: Please post the appropriate record from the Filtered websites or Detection log. Where do i get that information ? Link to comment Share on other sites More sharing options...
Tularis 0 Posted May 3, 2020 Share Posted May 3, 2020 Oh, I'm also getting this. Time;URL;Status;Application;User;IP address;SHA1 03/05/2020 14:40:34;https://cognito-identity.us-east-1.amazonaws.com;Blocked by PUA blacklist;C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Alexa.exe;TULARIS\Peter;52.206.238.184;2F68B63C94C6B45F627BC6494BA450617F1F349B 03/05/2020 14:41:39;https://cognito-identity.us-east-1.amazonaws.com;Blocked by PUA blacklist;C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Alexa.exe;TULARIS\Peter;52.206.238.184;2F68B63C94C6B45F627BC6494BA450617F1F349B 03/05/2020 14:45:33;https://cognito-identity.us-east-1.amazonaws.com;Blocked by PUA blacklist;C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Alexa.exe;TULARIS\Peter;52.206.238.184;2F68B63C94C6B45F627BC6494BA450617F1F349B 03/05/2020 14:46:36;https://cognito-identity.us-east-1.amazonaws.com;Blocked by PUA blacklist;C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Alexa.exe;TULARIS\Peter;52.206.238.184;2F68B63C94C6B45F627BC6494BA450617F1F349B 03/05/2020 14:51:36;https://cognito-identity.us-east-1.amazonaws.com;Blocked by PUA blacklist;C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Alexa.exe;TULARIS\Peter;52.206.238.184;2F68B63C94C6B45F627BC6494BA450617F1F349B 03/05/2020 14:56:36;https://cognito-identity.us-east-1.amazonaws.com;Blocked by PUA blacklist;C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Alexa.exe;TULARIS\Peter;52.206.238.184;2F68B63C94C6B45F627BC6494BA450617F1F349B 03/05/2020 15:01:36;https://cognito-identity.us-east-1.amazonaws.com;Blocked by PUA blacklist;C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Alexa.exe;TULARIS\Peter;52.206.238.184;2F68B63C94C6B45F627BC6494BA450617F1F349B 03/05/2020 15:06:36;https://cognito-identity.us-east-1.amazonaws.com;Blocked by PUA blacklist;C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Alexa.exe;TULARIS\Peter;52.206.238.184;2F68B63C94C6B45F627BC6494BA450617F1F349B Link to comment Share on other sites More sharing options...
itman 1,742 Posted May 3, 2020 Share Posted May 3, 2020 1 hour ago, Masamunnex said: Where do i get that information ? Open Eset GUI. Select Tools -> More Tools - Log Files. Link to comment Share on other sites More sharing options...
Masamunnex 0 Posted May 3, 2020 Author Share Posted May 3, 2020 (edited) 7 minutes ago, itman said: Open Eset GUI. Select Tools -> More Tools - Log Files. 1 hour ago, Marcos said: Please post the appropriate record from the Filtered websites or Detection log. do you mean to copy the PUA log ? does it have any personal information ? Edited May 3, 2020 by Masamunnex Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted May 3, 2020 Administrators Share Posted May 3, 2020 The FP will be fixed in a few minutes. The IP address has been blocked since 2018. Masamunnex and Aryeh Goretsky 2 Link to comment Share on other sites More sharing options...
Masamunnex 0 Posted May 3, 2020 Author Share Posted May 3, 2020 9 minutes ago, Marcos said: The FP will be fixed in a few minutes. The IP address has been blocked since 2018. If you need another Log Time;URL;Status;Application;User;IP address;SHA1 02-May-20 8:05:18 PM;https://cognito-identity.us-east-1.amazonaws.com;Blocked by PUA blacklist;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe;DESKTOP-OJGALTK\freec;52.206.238.184;4B6CB3A0794BEF967F8A5F593239446FA28EA74D Link to comment Share on other sites More sharing options...
Masamunnex 0 Posted May 3, 2020 Author Share Posted May 3, 2020 20 minutes ago, Marcos said: The FP will be fixed in a few minutes. The IP address has been blocked since 2018. So is this a false positive ? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted May 3, 2020 Administrators Share Posted May 3, 2020 2 minutes ago, Masamunnex said: So is this a false positive ? Yes. The domain in question has began to resolve to an IP address that was blocked 2 years ago due to malware. Aryeh Goretsky and Masamunnex 2 Link to comment Share on other sites More sharing options...
Masamunnex 0 Posted May 3, 2020 Author Share Posted May 3, 2020 6 minutes ago, Marcos said: Yes. The domain in question has began to resolve to an IP address that was blocked 2 years ago due to malware. Ok, thanks for the help. Link to comment Share on other sites More sharing options...
Recommended Posts