This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Website Blocked

Hi,

 

All of a sudden, we are facing issue with several websites. No change been applied but the the problem started itself.

Any advice for bellow issue.

Regards

 

Website Blocked
  • Location: www-01.ibm.com/support/docview.wss
  • Your organization's policy prohibits access to websites categorized as Phishing & Fraud.
  • Return to the page you were previously viewing.
 


This thread was automatically locked due to age.
  • ++Gowtham Mani,

    Please find below the sorted few sites list.

    Date/time URL Action Reason Referring URL
    16/10/2017 16:04 allied.direct.abl.com.pk Block Phishing & Fraud
    16/10/2017 14:10 ci3.googleusercontent.com Block Phishing & Fraud
    09/10/2017 10:07 dsf4t5jfds34j.com/1346346.css Block Phishing & Fraud mrelhlawany.com/pr/1774
    09/10/2017 10:07 dsf4t5jfds34j.com/1346346.html Block Phishing & Fraud mrelhlawany.com/pr/1774
    15/10/2017 23:15 js.bestquickcontentfiles.com/dl.min.js Block Phishing & Fraud check.theforeverlasting2upgrade.club
    14/10/2017 9:59 lh6.googleusercontent.com Block Phishing & Fraud
    15/10/2017 17:17 lh6.googleusercontent.com/-KU7jOCN-kUQ/AAAAAAAAAAI/AAAAAAAAABA/MODiIuk698c/s35-c/photo.jpg Block Phishing & Fraud pics2islam.blogspot.com/2010/12/blog-post_7799.html
    16/10/2017 16:26 out.easycounter.com Block Phishing & Fraud
    15/10/2017 17:40 r1.res.office365.com Block Phishing & Fraud
    15/10/2017 23:16 www.yourreliablupgrades.bid/bl.php Block Phishing & Fraud linkshrink.net/7Yuysb
    15/10/2017 14:26 www-01.ibm.com Block Phishing & Fraud
    15/10/2017 14:24 www-01.ibm.com/support Block Phishing & Fraud
    15/10/2017 14:48 www-01.ibm.com/support/docview.wss Block Phishing & Fraud
    15/10/2017 10:15 www-01.ibm.com/support/search.wss Block Phishing & Fraud www-01.ibm.com/support/docview.wss

  • Latest web events Date/time User URL Action Reason Referring URL Reference ID
    10/16/2017 9:12:19  use-tor.adsrvr.org    Block Spyware
    10/16/2017 9:12:10 use-tor.adsrvr.org    Block Spyware
    10/16/2017 9:00:32 use-tor.adsrvr.org    Block Spyware
    10/16/2017 8:56:20 use-tor.adsrvr.org    Block Spyware
    10/16/2017 8:54:33 use-tor.adsrvr.org    Block Spyware
    10/16/2017 8:54:33 geo-um.btrll.com        Block Spyware
    10/16/2017 8:54:29 use-tor.adsrvr.org    Block Spyware
    10/16/2017 8:54:24 geo-um.btrll.com        Block Spyware
    10/16/2017 8:53:25 o.aolcdn.com         Block Spyware
    10/16/2017 8:53:18 o.aolcdn.com         Block Spyware

  • Hi  &  

    Thanks for the input ,we have already re-categorized few of the mentioned sites and working on the rest. I will keep the thread updated once all the reported sites are verified and sorted.

    Note: It might up-to 2 hours for the changes to take effect.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • These too please. This issue seems rooted at a higher level then re-categorization per domain. Also, this is from a user opening an email on OWA. Clicking a link inside the email won't let them in. But if they copy paste the URL in the browser they have access w/o issue. Please advise.

     

    10/16/2017 1:57:31    download.bleepingcomputer.comBlock         Spyware                                   
                                               10/16/2017 1:52:38    nam04.safelinks.protection.outlook.com  Block         Spyware                                   
                                               10/16/2017 1:52:26    nam04.safelinks.protection.outlook.com  Block         Spyware                                   
                                               10/16/2017 1:52:19    nam04.safelinks.protection.outlook.com  Block         Spyware                                   
                                               10/16/2017 1:51:27    nam04.safelinks.protection.outlook.com  Block         Spyware                                   
                                               10/16/2017 1:48:55    nam04.safelinks.protection.outlook.com  Block         Spyware                                   
                                               10/16/2017 1:47:54    nam04.safelinks.protection.outlook.com  Block         Spyware                                   
                                               10/16/2017 1:44:58    nam04.safelinks.protection.outlook.com  Block         Spyware                                   
                                               10/16/2017 1:40:02    nam04.safelinks.protection.outlook.com  Block         Spyware                                   
                                               10/16/2017 1:38:27    nam04.safelinks.protection.outlook.com  Block         Spyware

  • It looks like it stopped flagging these sites for a while, but has started up again this afternoon. Are these sites supposed to be blocked?

     

  • Hi Everyone,

    The reported issue with website categorization is now resolved from our end. Please do report us if any of the known legitimate sites that are still getting blocked. 

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • api.ning.com Spyware
    www.ashcroftpark.co.uk Weapons
    raw.githubusercontent.com Spyware
    forms.office.com Phishing & Fraud
    4.bp.blogspot.com Spyware
    2.bp.blogspot.com Spyware
    rtb.nativeads.com/user-sync Spyware
    1.bp.blogspot.com Spyware
    www.sepusnoordmans.com Adult/Sexually Explicit
    match.rundsp.com Spyware
    exchange.adtrue.com Spyware
    geo-um.btrll.com Spyware
    gallery.mailchimp.com Spyware
    em.licasd.com Spyware
    o.aolcdn.com/ads/adswrappermsni.js Spyware
    m.skybet.com Gambling
    farm8.staticflickr.com Spyware
    1039206484.rsc.cdn77.org Spyware
    api.ipify.org Spyware
    dmp.adform.net Spyware
    i0.wp.com Spyware
    launch.newsinc.com/js/embed.js Spyware
    cdn.salesfire.co.uk

    Criminal Activity

  • This is still not resolved. Here is one more.

     

    10/17/2017 9:16:31 touchstone.rprgonline.com    Block         Gambling

  • Hi  &

    Most of the above mentioned websites are not being blocked from our end, please try clearing the local browser cache and re-try it.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • Hi,

     

    They don't appear to be blocked this end either now.

    My list was taken from across the company ( Reporting Interface Log ). I like many others didn't actually get blocked while actually trying to visit the pages, while working on other things with a browser window open in the background, the Sophos alert box popped up a few time in a row with the blocked sites being those reported. There would be a flurry of 4-6 sites(sometime the same URL multiple times) blocked then nothing for a few hours.

    All systems report free from malware when scanned.

    Regards,

     

    Paul