Hello
Since a few months my browsers cannot reach a certain website with an error-message "Unable to connect".
I tried anything and wrote many questions in many forums.
With no avail.
Today I deactivate for 15 minutes the sofware firewall of McAfee SecurityCenter.
Lo and behold! Firefox can open the website again.
Why the blockage?
What/Where must I change in McAfee SecurityCenter to remove the blockage?
Thank you.
Solved! Go to Solution.
Well post the site or if you wish to be private PM me it and I will check. If it is the firewall i is probably netguard have a look and see if the site is listed in the blocked listing. ie firewall netguard.
Well post the site or if you wish to be private PM me it and I will check. If it is the firewall i is probably netguard have a look and see if the site is listed in the blocked listing. ie firewall netguard.
Hello
Thank you.
I've disabled the NetGuard.
It has 2 IP-addresses in the list:
193.107.17.166 -> myGully.com
74.121.138.232
Do you why (which criteria) NetGuard put them in the "verboten"-list .. without telling me!?
The word "porno" in the first website?
In the 2.website I can see only black color ...
Word not the trigger i think netguard takes its queue from trusted source
NetGuard uses data from McAfee Labs to determine whether to block an i/p address or not.
You can query the data about a given i/p address by visiting http://trustedsource.org
eg. http://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=74.54.82.209
So something is amiss on those sites try searching them via www.virustotal.com as well
Does siteadvisor now shown the sites as green or are they unrated (grey)
Peacekeeper wrote:
Word not the trigger i think netguard takes its queue from trusted source
NetGuard uses data from McAfee Labs to determine whether to block an i/p address or not.
Yes, that's correct. And SiteAdvisor also looks to TrustedSource.
Both those IP addresses are Red in TrustedSource but for different reasons.
The first one (193.107.17.166) is now apparently a server in the Seychelles but was previously - according to some of the scans - the address of a server in Russia which was in an address range blacklisted for involvement in spreading malware. The address range has been moved en masse, it seems, to a new location but is now blacklisted because many of the addresses are sending spam.
http://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=193.107.17.166®ion=us
This says Seychelles
http://whois.domaintools.com/193.107.17.166
Also says Seychelles
AS number is 58001 and the country of registration is Russia
http://www.tcpiputils.com/browse/as/58001
Hosting information | |
Number of domains hosted | 708 |
Number of adult domains hosted | 20 |
Number of name servers hosted | 93 |
Number of SPAM hosts hosted | 3 |
Number of open proxies hosted | 0 |
Number of malicious threats hosted | 13 |
Number of mail servers hosted | 8 |
http://www.spamhaus.org/sbl/query/SBL180482
http://www.ipvoid.com/scan/193.107.17.166 Still shows Russia
The following warning is from 2013. I don't know if it still applies but it will be picked up and used elsewhere as a guide to the safety of IP addresses and websites using that AS number.
2x4.ru/ideal-solution.org (AS58001) - massive cybercrime host
The website mygully.com was rated dangerous recently by AVG but now seems to be considered Safe. TrustedSource rates it Grey (unknown) and IPVoid gives it the all-clear; so does Google Safe Browsing.
https://www.google.com/safebrowsing/diagnostic?site=http://mygully.com
So that's why NetGuard blocks that IP address : it's in a block of addresses known to be used for illegal or unethical or dubious purposes.
TrustedSource indicates the risk is in the area of Email and Network rather than website reputation. The IP address is not in the McAfee list of top spam senders which you can see at http://www.mcafee.com/threat-intelligence/ip/spam-senders.aspx
The other IP address (74.121.138.232) conversely appears to be all about website reputation : TrustedSource marks it Red for Web, Grey (unknown) for email, Green for Network. That usually implies that a website on the server is or recently was infected by malware.
http://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=74.121.138.232
However, IPVoid passes it as clean, and I can find nothing untoward related to mediamath.com except warnings about ad tracking and cookies. That IP address does not host any websites.
http://www.tcpiputils.com/browse/ip-address/74.121.138.232
I can find nothing to account for the Red rating of this address.
Hello
Thank you for the detailed explanation.
But I would be happier when I was told "ontime" by SecurityCenter about the decision to block these websites.
Usually there is a popup from netguard At least there was when netguard came out 18 mths ago.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: