sp123 Posted August 11, 2023 ID:1582593 Share Posted August 11, 2023 I noticed the Substack redirect tracker is blocked as phishing: Example URL: https://link.sbstck.com/redirect/451866dc-e583-4cd5-8a7d-ebf67a70f827?j=eyJ1IjoiMmp0N2cxIn0.1WXwIAty60Ko7hZPZzBlv-HbFp6GqQ92bA_BTvq0Fgk I also noticed `3.223.55.35` was blocklisted as malware by Malwarebytes Web protection: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 8/11/23 Protection Event Time: 5:47 PM Log File: b4a723ea-3890-11ee-875f-0a0027000010.json -Software Information- Version: 4.6.0.277 Components Version: 1.0.2110 Update Package Version: 1.0.73869 License: Premium -System Information- OS: Windows 10 (Build 19045.3324) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Malware Domain: IP Address: 3.223.55.35 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end) I suspect these two detections are connected, as 3.223.55.35 is where link.sbstck.com is hosted. However (oddly) when I let Browser Guard continue, I did not get an IP block from MBAM. Likewise, sbstck[.]com is blocked via the IP blocker in MBAM, but not MBG. This domain is detected by several AVs on VT, and is listed in 1Hosts Xtra. However, I think these are false positives. The IP is clean. Thanks. Link to post
Solution thisisu Posted August 12, 2023 Solution ID:1582659 Share Posted August 12, 2023 Thanks for the report. The IP isn't blocked but the domain was. I am converting the block from phishing to adserver for now and we will continue to monitor the domain and adjust as necessary. Regards 1 Link to post
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now