Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 23 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 42996 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Website Blocked

KAR AAR

Hi,

 

All of a sudden, we are facing issue with several websites. No change been applied but the the problem started itself.

Any advice for bellow issue.

Regards

 

Website Blocked
  • Location: www-01.ibm.com/support/docview.wss
  • Your organization's policy prohibits access to websites categorized as Phishing & Fraud.
  • Return to the page you were previously viewing.
 
sophos web protection


This thread was automatically locked due to age.
  • 0 in reply to Gowtham Mani

    ++Gowtham Mani,

    Please find below the sorted few sites list.

    Date/time URL Action Reason Referring URL
    16/10/2017 16:04 allied.direct.abl.com.pk Block Phishing & Fraud
    16/10/2017 14:10 ci3.googleusercontent.com Block Phishing & Fraud
    09/10/2017 10:07 dsf4t5jfds34j.com/1346346.css Block Phishing & Fraud mrelhlawany.com/pr/1774
    09/10/2017 10:07 dsf4t5jfds34j.com/1346346.html Block Phishing & Fraud mrelhlawany.com/pr/1774
    15/10/2017 23:15 js.bestquickcontentfiles.com/dl.min.js Block Phishing & Fraud check.theforeverlasting2upgrade.club
    14/10/2017 9:59 lh6.googleusercontent.com Block Phishing & Fraud
    15/10/2017 17:17 lh6.googleusercontent.com/-KU7jOCN-kUQ/AAAAAAAAAAI/AAAAAAAAABA/MODiIuk698c/s35-c/photo.jpg Block Phishing & Fraud pics2islam.blogspot.com/2010/12/blog-post_7799.html
    16/10/2017 16:26 out.easycounter.com Block Phishing & Fraud
    15/10/2017 17:40 r1.res.office365.com Block Phishing & Fraud
    15/10/2017 23:16 www.yourreliablupgrades.bid/bl.php Block Phishing & Fraud linkshrink.net/7Yuysb
    15/10/2017 14:26 www-01.ibm.com Block Phishing & Fraud
    15/10/2017 14:24 www-01.ibm.com/support Block Phishing & Fraud
    15/10/2017 14:48 www-01.ibm.com/support/docview.wss Block Phishing & Fraud
    15/10/2017 10:15 www-01.ibm.com/support/search.wss Block Phishing & Fraud www-01.ibm.com/support/docview.wss

  • 0 in reply to Gowtham Mani

    Latest web events Date/time User URL Action Reason Referring URL Reference ID
    10/16/2017 9:12:19  use-tor.adsrvr.org    Block Spyware
    10/16/2017 9:12:10 use-tor.adsrvr.org    Block Spyware
    10/16/2017 9:00:32 use-tor.adsrvr.org    Block Spyware
    10/16/2017 8:56:20 use-tor.adsrvr.org    Block Spyware
    10/16/2017 8:54:33 use-tor.adsrvr.org    Block Spyware
    10/16/2017 8:54:33 geo-um.btrll.com        Block Spyware
    10/16/2017 8:54:29 use-tor.adsrvr.org    Block Spyware
    10/16/2017 8:54:24 geo-um.btrll.com        Block Spyware
    10/16/2017 8:53:25 o.aolcdn.com         Block Spyware
    10/16/2017 8:53:18 o.aolcdn.com         Block Spyware

  • 0 in reply to Brian Rohllf

    Hi  &  

    Thanks for the input ,we have already re-categorized few of the mentioned sites and working on the rest. I will keep the thread updated once all the reported sites are verified and sorted.

    Note: It might up-to 2 hours for the changes to take effect.

  • 0 in reply to Gowtham Mani

    These too please. This issue seems rooted at a higher level then re-categorization per domain. Also, this is from a user opening an email on OWA. Clicking a link inside the email won't let them in. But if they copy paste the URL in the browser they have access w/o issue. Please advise.

     

    10/16/2017 1:57:31    download.bleepingcomputer.comBlock         Spyware                                   
                                               10/16/2017 1:52:38    nam04.safelinks.protection.outlook.com  Block         Spyware                                   
                                               10/16/2017 1:52:26    nam04.safelinks.protection.outlook.com  Block         Spyware                                   
                                               10/16/2017 1:52:19    nam04.safelinks.protection.outlook.com  Block         Spyware                                   
                                               10/16/2017 1:51:27    nam04.safelinks.protection.outlook.com  Block         Spyware                                   
                                               10/16/2017 1:48:55    nam04.safelinks.protection.outlook.com  Block         Spyware                                   
                                               10/16/2017 1:47:54    nam04.safelinks.protection.outlook.com  Block         Spyware                                   
                                               10/16/2017 1:44:58    nam04.safelinks.protection.outlook.com  Block         Spyware                                   
                                               10/16/2017 1:40:02    nam04.safelinks.protection.outlook.com  Block         Spyware                                   
                                               10/16/2017 1:38:27    nam04.safelinks.protection.outlook.com  Block         Spyware

  • 0 in reply to Gowtham Mani

    It looks like it stopped flagging these sites for a while, but has started up again this afternoon. Are these sites supposed to be blocked?

     

  • 0

    Hi Everyone,

    The reported issue with website categorization is now resolved from our end. Please do report us if any of the known legitimate sites that are still getting blocked. 

  • 0
    api.ning.com Spyware
    www.ashcroftpark.co.uk Weapons
    raw.githubusercontent.com Spyware
    forms.office.com Phishing & Fraud
    4.bp.blogspot.com Spyware
    2.bp.blogspot.com Spyware
    rtb.nativeads.com/user-sync Spyware
    1.bp.blogspot.com Spyware
    www.sepusnoordmans.com Adult/Sexually Explicit
    match.rundsp.com Spyware
    exchange.adtrue.com Spyware
    geo-um.btrll.com Spyware
    gallery.mailchimp.com Spyware
    em.licasd.com Spyware
    o.aolcdn.com/ads/adswrappermsni.js Spyware
    m.skybet.com Gambling
    farm8.staticflickr.com Spyware
    1039206484.rsc.cdn77.org Spyware
    api.ipify.org Spyware
    dmp.adform.net Spyware
    i0.wp.com Spyware
    launch.newsinc.com/js/embed.js Spyware
    cdn.salesfire.co.uk

    Criminal Activity
  • 0 in reply to Gowtham Mani

    This is still not resolved. Here is one more.

     

    10/17/2017 9:16:31 touchstone.rprgonline.com    Block         Gambling

  • 0 in reply to PaulNeale

    Hi  &

    Most of the above mentioned websites are not being blocked from our end, please try clearing the local browser cache and re-try it.

  • 0 in reply to Gowtham Mani

    Hi,

     

    They don't appear to be blocked this end either now.

    My list was taken from across the company ( Reporting Interface Log ). I like many others didn't actually get blocked while actually trying to visit the pages, while working on other things with a browser window open in the background, the Sophos alert box popped up a few time in a row with the blocked sites being those reported. There would be a flurry of 4-6 sites(sometime the same URL multiple times) blocked then nothing for a few hours.

    All systems report free from malware when scanned.

    Regards,

     

    Paul