Jump to content

54.230.140.57

LBates

By LBates
in Website Blocking

 Share

Recommended Posts

LBates

LBates

Posted
Posted

My company is receiving complaints from users who are seeing issues with search results and content being blocked by Malwarebytes Anti-Malware, specifically the Real-Time Protection module in the Premium edition:

 

Detection, 9/10/2015 2:26 PM, SYSTEM, W8E209013, Protection, Malicious Website Protection, Domain, 54.230.140.57, csr.inspsearchapi.com, 26933, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

 

 The IP addresses being blocked are part of the range used by our Amazon CloudFront CDN and so all of our hosted and partner sites that are being served content from the CDN are not returning results and/or have missing content and images.

 

This can be reproduced by browsing to  ​hxxp://search.pch.com and entering a search term (i.e. "Tigers"). The site appears to be blocked and no results are returned. Another example is hxxp://www.dogpile.com where images and content are not shown.

 

Any assistance resolving this issue in a timely manner would be greatly appreciated.

 

Thanks.

 

Lawrence Bates | Sr. DevOps Engineer – InfoSpace LLC

lawrence.bates@infospace.com | +1.425.709.8122

 

Link to post
Share on other sites
Snorky

Snorky

Posted
Posted

I too am receiving blocked notices (just appear out of the blue)-started yesterday-

 

Detection, 9/10/2015 8:23 AM, SYSTEM, VALUEDCUSTOMER, Protection, Malicious Website Protection, Domain, 54.192.38.47, cdn4.inspsearchapi.com, 49556, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

 

see below:

 

I do use Dogpile (which is Infospace I believe).

What's going on?

Link to post
Share on other sites
icetiger

icetiger

Posted
Posted

snorkys screenshots mirror my own, and this just started this afternoon.

 

 

the initial part varies between cdn1, cdn2, cdn3, and cdn4

 

and i also get it from using dogpile, which has been fine for over a decade

 

and yes, thanks for looking into this, i will be keeping this page open to see if you update it

Link to post
Share on other sites
LBates

LBates

Posted
  • Author
Posted

To clarify, it's not the AWS CDN IP addresses themselves that aren't blocked, it's anything that references *.inspsearchapi.com, which is used to serve content to pages.

 

Adding *.inspsearchapi.com to "Web Exclusions" in Malwarebytes Anti-Malware allows content and search results to be returned and displayed as expected.

 

Lawrence Bates | Sr. DevOps Engineer – InfoSpace LLC

lawrence.bates@infospace.com | +1.425.709.8122

Link to post
Share on other sites
LBates

LBates

Posted
  • Author
Posted

To clarify, it's not the AWS CDN IP addresses themselves that aren't blocked, it's anything that references *.inspsearchapi.com, which is used to serve content to pages.

 

Adding *.inspsearchapi.com to "Web Exclusions" in Malwarebytes Anti-Malware allows content and search results to be returned and displayed as expected.

 

Lawrence Bates | Sr. DevOps Engineer – InfoSpace LLC

lawrence.bates@infospace.com | +1.425.709.8122

 

Typo: that should read "it's not the AWS CDN IP addresses themselves that are blocked"

Link to post
Share on other sites
Snorky

Snorky

Posted
Posted

snorkys screenshots mirror my own, and this just started this afternoon.

 

 

the initial part varies between cdn1, cdn2, cdn3, and cdn4

 

and i also get it from using dogpile, which has been fine for over a decade

 

and yes, thanks for looking into this, i will be keeping this page open to see if you update it

Thanks icetiger-I too am seeing the multiple cdn #s. The pop-ups come rapid fire like 15-20 or so then stop.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.