AiProtection - Malicious Sites Blocking

[evrycard]

AiProtection is blocking https://www.rolexforums.com
How can I change the settings to unblock it?

 

[skeal]

AiProtection is blocking https://www.rolexforums.com
How can I change the settings to unblock it?

Disable "Malicious site blocking" in AI Protection settings.

 

[skeal]

But, one should ask one selves whether that is a good idea. Look up the domain on alienvault.

 

[adampk17]

Maybe it knows something you don’t. [emoji848] lol

 

[evrycard]

I have been a member of that forum for a long time and never had any problem until yesterday. And I didn't make any change to any setting. Unless the owner of the forum has made it a phishing site or is it MicroTrend?

 

[skeal]

I have been a member of that forum for a long time and never had any problem until yesterday. And I didn't make any change to any setting. Unless the owner of the forum has made it a phishing site or is it MicroTrend?

Could have been hi-jacked some how. It could be linked to phishing scams or look like it does.

 

[bitmonster]

Use TOR Browser to get to it instead - it has a natural level of protection against a few things. At least until you are sure. And TOR Browser will bypass the router protection too. Just read up on TOR Browser if you intend to use it much.

 

[agilani]

Or use vpn for devices or sites that you want to bypass without disabling aiprotect.

 

[bitmonster]

In other words TOR. It's free and works like a VPN although one should be careful about evil exit nodes.

Sent from my SM-G965F using Tapatalk

 

[RMerlin]

The site is listed as a phishing site by Trend Micro.

https://global.sitesafety.trendmicro.com

Sent from my P027 using Tapatalk

 

[bitmonster]

Thanks Merlin.

I had the same issue with a safelinking site. Nothing would work with Diversion and Skynet running so I just used the TOR Browser which should be fairly safe with these sites.

If one is very concerned they can use TAILS OS on a laptop or VM.

Don't bypass protection otherwise.

A VPN would do just that and is dangerous.

Sent from my SM-G965F using Tapatalk

 

[evrycard]

Is there a way to add the "unsafe" sites to an "allowed" list to bypass "Malicious site blocking"?

 

[adampk17]

Is there a way to add the "unsafe" sites to an "allowed" list to bypass "Malicious site blocking"?

I wouldn’t do that. Wait for the site to get fixed.

 

[bitmonster]

Is there a way to add the "unsafe" sites to an "allowed" list to bypass "Malicious site blocking"?

Just do as suggested.. Use TOR Browser..

Don't bypass protection it's there for a reason..

You may as well just switch it off completely if you want to do that.

Sent from my SM-G965F using Tapatalk

 

[RMerlin]

Is there a way to add the "unsafe" sites to an "allowed" list to bypass "Malicious site blocking"?

There's no whitelisting capability in AiProtection's Malicious Website blocking.

 

[mink]

I suspect I have a dns misconfiguration affecting AIProtection | Malicious site blocking. Huffingtonpost.com will not load unless AIProtection is turned off.
Trend Micro https://global.sitesafety.trendmicro.com/result.php reports as safe.
Should I turn off Ipv6 in the Windows client? is that the problem? I've turned off IPv6 in the router.
Or is it that the vEthernet adapter is showing as default instead of the regular ethernet?

LAN - DHCP Server | Basic Config
...
 Default Gateway           [routerIP]
LAN - DNS and WINS Server Setting
 DNS Server 1              [        ]
 DNS Server 2              [        ]
 Advertise router's IP in addition
 to user-specified DNS        Yes [No]
 Forward local domain queries
  to upstream DNS             Yes [No]
 Enable DNSSEC support        Yes [No]
 Enable DNS Rebind protection [Yes] No
 WINS Server                  [      ]
 Default Gateway              [      ]
...
WAN DNS Setting
 Connect to DNS
  Server automatically  Yes [NO]
 DNS Server 1           [1.1.1.1]
 DNS Server 2           [8.8.8.8]

from win10pro client (note hardwired ethernet in use):

c:>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-0N9B864
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : akgalitz

Ethernet adapter vEthernet (Default Switch):

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
   Physical Address. . . . . . . . . : 72-15-xxxxxx-23
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3cxxxxec21%6(Preferred)
   Autoconfiguration IPv4 Address. . : 169.xxx.33(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 939xx65
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-0xxxxxx-71-EC-5E-6A
   DNS Servers . . . . . . . . . . . : fec0xxxf::1%1
                                       fec0xxxxx2%1
                                       fec0:xxxx:3%1
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : akgalitz
   Description . . . . . . . . . . . : Intel(R) Ethernet Connection (2) I219-LM
   Physical Address. . . . . . . . . : 30-E1-71-EC-xx-xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80:xxxxxxx22(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.x.x(Preferred) (win10pro client IP)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, October 17, 2018 1:36:02 PM
   Lease Expires . . . . . . . . . . : Thursday, October 18, 2018 1:36:01 PM
   Default Gateway . . . . . . . . . : 192.168.x.x (router ip)
   DHCP Server . . . . . . . . . . . : 192.168.x.x(router ip)
   DHCPv6 IAID . . . . . . . . . . . : 535x89
   DHCPv6 Client DUID. . . . . . . . : 00-01-0xxxxE-6A
   DNS Servers . . . . . . . . . . . : 192.168.x.x(router ip)
   NetBIOS over Tcpip. . . . . . . . : Enabled
...

Thank you for any help! cheers

 

[agilani]

I suspect I have a dns misconfiguration affecting AIProtection | Malicious site blocking. Huffingtonpost.com will not load unless AIProtection is turned off.
Trend Micro https://global.sitesafety.trendmicro.com/result.php reports as safe.
Should I turn off Ipv6 in the Windows client? is that the problem? I've turned off IPv6 in the router.
Or is it that the vEthernet adapter is showing as default instead of the regular ethernet?

LAN - DHCP Server | Basic Config
...
 Default Gateway           [routerIP]
LAN - DNS and WINS Server Setting
 DNS Server 1              [        ]
 DNS Server 2              [        ]
 Advertise router's IP in addition
 to user-specified DNS        Yes [No]
 Forward local domain queries
  to upstream DNS             Yes [No]
 Enable DNSSEC support        Yes [No]
 Enable DNS Rebind protection [Yes] No
 WINS Server                  [      ]
 Default Gateway              [      ]
...
WAN DNS Setting
 Connect to DNS
  Server automatically  Yes [NO]
 DNS Server 1           [1.1.1.1]
 DNS Server 2           [8.8.8.8]

from win10pro client (note hardwired ethernet in use):

c:>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-0N9B864
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : akgalitz

Ethernet adapter vEthernet (Default Switch):

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
   Physical Address. . . . . . . . . : 72-15-xxxxxx-23
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3cxxxxec21%6(Preferred)
   Autoconfiguration IPv4 Address. . : 169.xxx.33(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 939xx65
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-0xxxxxx-71-EC-5E-6A
   DNS Servers . . . . . . . . . . . : fec0xxxf::1%1
                                       fec0xxxxx2%1
                                       fec0:xxxx:3%1
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : akgalitz
   Description . . . . . . . . . . . : Intel(R) Ethernet Connection (2) I219-LM
   Physical Address. . . . . . . . . : 30-E1-71-EC-xx-xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80:xxxxxxx22(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.x.x(Preferred) (win10pro client IP)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, October 17, 2018 1:36:02 PM
   Lease Expires . . . . . . . . . . : Thursday, October 18, 2018 1:36:01 PM
   Default Gateway . . . . . . . . . : 192.168.x.x (router ip)
   DHCP Server . . . . . . . . . . . : 192.168.x.x(router ip)
   DHCPv6 IAID . . . . . . . . . . . : 535x89
   DHCPv6 Client DUID. . . . . . . . : 00-01-0xxxxE-6A
   DNS Servers . . . . . . . . . . . : 192.168.x.x(router ip)
   NetBIOS over Tcpip. . . . . . . . : Enabled
...

Thank you for any help! cheers

northing stands out, did you try both huffingtonpost.com and www.huffingtonpost.com?

from a command prompt
ping www.huffingtonpost.com
Pinging cs593.adn.mucdn.net [152.195.54.95] with 32 bytes of data:
Reply from 152.195.54.95: bytes=32 time=14ms TTL=56
Reply from 152.195.54.95: bytes=32 time=14ms TTL=56
Reply from 152.195.54.95: bytes=32 time=16ms TTL=56

looks like its hosted on a cdn, maybe the cdn hosts other malicious sites and got blacklisted

What is the exact error you see in aiprotection?
http://192.168.1.1/AiProtection_HomeProtection.asp

look at the malicous sites blocking and two way ips and look for the ip address of www.huffingtonpost.com when its happening and post the error log here.

 

[mink]

The site link from protopage is
https://www.huffingtonpost.com/
as well as any of the other links there. I've found a few other sites that behave same.
Pinging Huff post just fine from this Win10pro client.
I have two way ips turned off.
Unfortunately, is see no errors in AIProtection or logs, just hung site loading with "about:blank" in the top URL window and "waiting for www.Huffingtonpost.com" at the bottom.
Thank you for the ideas! I may have to run with AIprotection off for a while because some of the sites not loading are important. (I can live without HuffPost<G>, its just an example).

 

[agilani]

The site link from protopage is
https://www.huffingtonpost.com/
as well as any of the other links there. I've found a few other sites that behave same.
Pinging Huff post just fine from this Win10pro client.
I have two way ips turned off.
Unfortunately, is see no errors in AIProtection or logs, just hung site loading with "about:blank" in the top URL window and "waiting for www.Huffingtonpost.com" at the bottom.
Thank you for the ideas! I may have to run with AIprotection off for a while because some of the sites not loading are important. (I can live without HuffPost<G>, its just an example).

if you have aiprotection turned off and its still happening, why do you think its aiprotection?
what browser are you using?
what av are you using?
Do you have skynet or any ad blockers?
If you can ping it, what ip did it resolve to?

Next step is to telnet to it over port 80

telnet www.huffingtonpost.com 80 (press ? or q after it connects)

 

[RMerlin]

Could be your ISP's WAN IP that's blacklisted by them.