Skynet Help me track down this Skynet(?) mystery?

[AppleBag]

Heyas All,

I'll be the first to admit that I'm a n00b when dealing with Skynet, currently version 8.0.7 (don't have too much experience using it other than just installing it and going with the defaults) and when it's enabled I can't access this site. When I press 9 to temporarily disable Skynet, and hit the refresh button, the site loads up normally.

Now, after some Google-Fu/ChatGPT and such, I followed some commands to see whether or not that domain and/or it's resolved IP was blocked in Skynet's logs, and/or in it's ban list, and it's not. *scratches head* It didn't even show as being blocked (as far as I can tell; again, I'm not experienced with Skynet so may or may not be running the proper commands to see?), so that led me to think that perhaps it wasn't Skynet blocking the site; BUT since disabling Skynet suddenly allows the site to work again, my only conclusion is it HAS to be Skynet, no? I've even manually added the comed.com domain and IP to the whitelist as well as ran the unban domain command for that domain just to be sure; still gets blocked unless I disable Skynet.

Can anyone halp me root this lil bugger out?

P.S. I read some other threads here before posting and saw that it may help to also post all entware packages installed as well, so here goes:

List of installed Entware packages (51)

 bind-dig - 9.20.7-1             coreutils-dd - 9.6-5            glib2 - 2.82.0-1                libc - 2.27-11                  libgcc - 8.4.0-11               libncurses - 6.4-3              libpopt - 1.19-1                libssp - 8.4.0-11               locales - 2.27-9                syslog-ng - 4.7.1-2             zoneinfo-europe - 2025b-1
 bind-libs - 9.20.7-1            entware-opt - 227000-3          grep - 3.11-2                   libcurl - 8.12.1-2              libiconv-full - 1.18-1          libncursesw - 6.4-3             libpthread - 2.27-11            libstdcpp - 8.4.0-11            logrotate - 3.22.0-1            terminfo - 6.4-3
 ca-bundle - 20241223-1          entware-release - 2025.05-1     jq - 1.7.1-2                    libdbi - 0.9.0-5                libintl-full - 0.22.5-1         libnghttp2 - 1.63.0-1           librt - 2.27-11                 liburcu - 0.15.2-1              opkg - 2024.10.16~38eccbb1-1    zlib - 1.3.1-1
 column - 2.41-1                 entware-upgrade - 1.0-1         libatomic - 8.4.0-11            libedit - 20250104.3.1-1        libjpeg-turbo - 3.0.3-1         libopenssl - 3.5.0-1            libsmartcols - 2.41-1           libuuid - 2.41-1                p7zip - 16.02-3                 zoneinfo-asia - 2025b-1
 coreutils - 9.6-5               findutils - 4.10.0-1            libattr - 2.5.2-3               libffi - 3.4.7-1                libjson-c - 0.18-1              libpcre2 - 10.42-1              libsqlite3 - 3.49.1-2           libuv - 1.48.0-1                sqlite3-cli - 3.49.1-2          zoneinfo-core - 2025b-1

 Entware Apps installed in /opt/bin/ (27)

 7z                              ash                             dig                             fgrep                           jq                              loggen                          persist-tool                    slogkey                         syslog-ng-update-virtualenv
 7za                             column                          dqtool                          find                            locale.new                      netstat                         sh                              slogverify                      update-patterndb
 7zr                             dd                              egrep                           grep                            localedef.new                   pdbtool                         slogencrypt                     sqlite3                         xargs

 Non-Entware Scripts installed in /opt/bin/ (7)

 YazDHCP                 dn-vnstat               firewall (Skynet)       scmerlin                scribe                  spdmerlin               uiScribe

 Entware Apps installed in /opt/sbin/ (7)

 ifconfig                logread                 logrotate               route                   syslog-ng               syslog-ng-ctl           syslog-ng-debun

And my Malware Lists:

=============================================================================================================


[i] Downloading filter.list         | [0s]
[i] Refreshing Whitelists           | [22s]
[i] Start Blacklist Consolidation   |
[✔] Downloaded https://iplists.firehol.org/files/dyndns_ponmocup.ipset
[✔] Downloaded https://iplists.firehol.org/files/et_block.netset
[✔] Downloaded https://iplists.firehol.org/files/bds_atif.ipset
[✔] Downloaded https://iplists.firehol.org/files/cybercrime.ipset
[✔] Downloaded https://iplists.firehol.org/files/spamhaus_drop.netset
[✔] Downloaded https://iplists.firehol.org/files/et_compromised.ipset
[✔] Downloaded https://iplists.firehol.org/files/firehol_level3.netset
[✔] Downloaded https://iplists.firehol.org/files/firehol_level2.netset
[i] Finish Blacklist Consolidation  | [3s]
[i] Applying New Blacklist          | [1s]
[i] Refreshing AiProtect Bans       | [4s]
[i] Saving Changes                  | [1s]

[i] For Whitelisting Assistance -
[i] https://www.snbforums.com/threads/release-skynet-router-firewall-security-enhancements.16798/#post-115872


=============================================================================================================

 

[AppleBag]

Update!

ok, after some more advice from ChatGPT I ran the debug watch command and reloaded the comed page and it was blocking this IP: 13.107.246.51, which is a CDN. It's also a different IP from the one nslookup/dig shows me when looking up "comed.com".

After whitelisting that IP it's able to load the page when Skynet is enabled. So, my new question is, apparently after the initial dns look-up of that domain happens the site must hand the work off to the cdn in the background for the bulk of the work; is there a way to automatically have Skynet handle situations like that so we don't have to manually deal with these situations? I was thinking that when I whitelist a domain in Skynet it did that but I guess not? I'm asking now for the knowledge in the event it ever were to happen again in the future.

 

[Untried3868]

I can't access this site.

I'm running Skynet (default lists), and Pihole with some fairly aggressive lists and I can access that website.

Sorry I'm not able to help. Just wanted to put that out there.

 

[Ripshod]

I'm running Skynet (default lists), and Pihole with some fairly aggressive lists and I can access that website.

Sorry I'm not able to help. Just wanted to put that out there.

Fine here too, using the "Large" list currently.
@AppleBag with so many lists there's bound to be false positives, they can even happen with the shortest lists. Other than identifying which list is blocking that IP, and disabling it, the only option you have it whitelisting (that's what it's for).
Honestly, I don't see the need for so many lists, there's many lists that combine several into one.
It's not a skynet mystery, it's skynet doing what you're telling it to do.