Malwarebytes' Blocking Update

Hello,
While trying to check for a update to SpywareBlaster, Mbam is blocking
IP-173.244.198.143
This issue has also been posted at the Mbam Forum in the "False Positives"
section HERE

Regards
Wide Glide

 

I have this problem as well - and posted the report on the MBAM Forum.
It would appear the update server used varies with geographic location and maybe local load.
So some people never see this problem - while others get it occassionally - and some most of the time.

MBAM support reports this IP is owned by an ISP (SoftLayer) that hosts malware and scam websites.
It seems odd that Javacool would have an update server on this type of network.

The update seems to work fine if this IP is unblocked - but obviously something needs to be done to resolve this issue.

An IP trace resolves this address as - 173.244.198.143.static.midphase.com
The SpywareBlaster program shows it accessing - updates1.spywareblaster.net
However this url has a totally different IP address - so is not really used.

A port monitor shows SpywareBlaster accessing the following address:
206-55-108-109.global11325.loc45.simplecdn.net
Not exactly sure what that means but it might be of some use in tracing the problem.

 

Thanks for reporting the issue and hopefully Mbam will unblock the ip address (if possible)

 

Hi,

Yup - SpywareBlaster uses a CDN (content distribution network) to serve the update content from the closest of many servers distributed worldwide, to ensure the fastest possible updates.

The specific IP address that you connect to will indeed vary depending upon your geographic location, ISP, and other factors. (Said IP address is a CDN "edge"/cache server, which caches + serves content for multiple users of our CDN provider. There's a seamless mapping from (a) our update server domain name, to (b) our cached update content on the CDN edge server that's closest to you.)

That happens to be the CDN edge server that you were directed to, based on the factors mentioned above (usually the fastest for your particular Internet connection at that particular time).

Thank you for reporting this issue to MBAM. It looks like they mistakenly caught a CDN edge/cache server in their IP blocks. It should be simple enough for them to fix.

Best regards,

-Javacool

 

MBAM support state that this IP address is in a block owned by a hosting company with a suspect reputation - midphase.com.
However, as stated here, this specific IP address appears to be a fixed IP for a legitimate CDN server
The server name for this IP comes back as - 173.244.198.143.static.midphase.com
Browsing to the IP - http://173.244.198.143/ gives a 404 server response with the following name: SimpleCDN Upload Bucket

MBAM at present seem unlikely to remove this IP from its standard blacklist - however the program does allow you to add individual blocked IP addresses to the Ignore List - so at present I have selected that option to get around this problem.

The risk posed by unblocking this single IP appears to be minimal - as it is a known CDN server used by a trusted security application.

The problem appears to be caused by a change within the network used by Javacool to supply updates - with the inclusion of a server hosted by a suspect company (midphase.com) - this is obviously not ideal for a security app designed to block suspect websites. A complaint to the CDN service would seem sensible, to get this server removed from the pool.