MBBG and MBAM blocking Substack redirect tracker & ip

[sp123]

I noticed the Substack redirect tracker is blocked as phishing:

Example URL:

https://link.sbstck.com/redirect/451866dc-e583-4cd5-8a7d-ebf67a70f827?j=eyJ1IjoiMmp0N2cxIn0.1WXwIAty60Ko7hZPZzBlv-HbFp6GqQ92bA_BTvq0Fgk

I also noticed `3.223.55.35` was blocklisted as malware by Malwarebytes Web protection:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/11/23
Protection Event Time: 5:47 PM
Log File: b4a723ea-3890-11ee-875f-0a0027000010.json

-Software Information-
Version: 4.6.0.277
Components Version: 1.0.2110
Update Package Version: 1.0.73869
License: Premium

-System Information-
OS: Windows 10 (Build 19045.3324)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Malware
Domain: 
IP Address: 3.223.55.35
Port: 443
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe



(end)

I suspect these two detections are connected, as 3.223.55.35 is where link.sbstck.com is hosted. However (oddly) when I let Browser Guard continue, I did not get an IP block from MBAM. Likewise, sbstck[.]com is blocked via the IP blocker in MBAM, but not MBG.

This domain is detected by several AVs on VT, and is listed in 1Hosts Xtra. However, I think these are false positives.

The IP is clean.

Thanks.

[thisisu]

Thanks for the report. The IP isn't blocked but the domain was. I am converting the block from phishing to adserver for now and we will continue to monitor the domain and adjust as necessary.

Regards