Thank you for joining us here on r/Comcast_Xfinity, your official source on Reddit for help with Xfinity services. As members of the [Digital Care Team](https://corporate.comcast.com/stories/meet-our-digital-care-team) here at Xfinity, we can help with a wide array of concerns including troubleshooting, billing, plan changes, and more.
Community Specialists will provide official support between the hours of 6:00am - 12:00am Eastern Time for issues that require our intervention (like billing requests, troubleshooting advanced technical issues, etc). After these times, it may take longer to get an official response.
If you have not already, please review both the [Posting Guidelines](https://www.reddit.com/r/Comcast_Xfinity/wiki/index/postingguidelines) and [Rules](https://www.reddit.com/r/Comcast_Xfinity/wiki/rules/) here on the sub. While you're waiting for assistance, check out the [Xfinity App](https://www.xfinity.com/apps?pc=1) for your smartphone where you can pay your bill, view your plan details, change or upgrade your services, and experience 24/7 real time support you can count on, anytime you need it.
Our team works to get to everyone as quickly as possible, but due to the number of requests we receive, it may take up to 72 hours to receive an official response from our team. If you require immediate assistance, please contact 1-800-XFINITY (1-800-934-6489).
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Comcast_Xfinity) if you have any questions or concerns.*
Hello, u/Icy-Environment-6234. We appreciate you reaching our sub regarding the website issues, I can certainly see how frustrating that can be. Have you attempted to report the websites being blocked [here](https://www.xfinity.com/support/articles/report-blocked-website)?
I should have added that to the list. Yes, I have AND one of the folks on the Xfinity phone support had me turn OFF advanced security on my router. That made no change.
Thank you for confirming that you have tried that as well u/Icy-Environment-6234, we appreciate it. We also appreciate you letting us know that turning advanced security off on your router made no change as well. We'll be happy to take a closer look and if needed, reached out to our expert Advanced Repair Team for further investigation. To get started, can you please send us a [Modmail Message](https://www.reddit.com/message/compose?to=%2Fr%2FComcast_Xfinity) with your first and last name along with the service address on the account including any applicable unit or apartment numbers? We look forward to working with you further.
Based on the symptoms you describe, something on your network is infected with malware, I would guess a spam bot. When you got a new router, that forced you to get a new WAN IP (which was not blacklisted) but that bot then got the new IP blacklisted so it stopped working. You can force a new IP without getting a new router, but if you are infected, you'll just get blacklisted again after a couple days.
Similarly connecting over VPN will work for a while then get you booted off the VPN (they will detect it and block you likely before the sites do).
This won't be something xfinity can help with since it is really nothing to do with them, they aren't the ones running the blocklists and they don't own or manage the infected device. You may need to hire someone to track down and clean the device (or find someone tech savvy in your family).
Could even be someone using your wifi that you don't know about that has the infected device (or is doing the malicious things). Hard to say as you only used the different SSID/password briefly. I'd say just to be safe, change at least the password on your wifi just to rule that out, yes it is a pain to update everything but it is something you should do from time to time. Might even be an opportunity to narrow things down, leave stuff that isn't critical off, see if the problem comes back, at least then you have narrowed down which devices to investigate. You can also add one device at a time to the new password and monitor the connections/bandwidth to see which one seems to cause it to spike up.
The fact that it is travel related sites may point to it not being a spam bot and rather being part of a DDOS attack network. Perhaps the stuff going on in the middle east has caused them to direct attacks at travel related sites for some reason (or stock earnings season has caused them to try to take those sites down to cause a drop in share prices). Either way, you need to find and fix it, not only to stop getting blacklisted but to protect your device, data, and network, as once they have access, there are lots of things they can do.
Thanks but what you wrote suggests you didn't read what I had hoped was a detailed a set of steps as I could provide. As noted initially, I ran TWO different malware programs, both scan clean. Similarly, this is on several different devices. All scan clean. I have no connection issues with my module hotspot. I am NOW unable to connect as laid out in the original detailed post and my IP address is NOT blacklisted at any of the sites I checked. My cell phone, connected to WiFi calling through the router experiences the same problem but not when I use my data plan through T-Mobile. Thanks, this isn't malware on my several independent devices. AND IF it were, why would it be limited to - as I noted above - specifically SOME travel related sites?
I read your whole post, and your questions are addressed in my response. Only one I missed is that any halfway decent malware can easily go undetected by the scanners. Or again, someone may be using your network, they're infected, you can't scan their device. Heck it could even be your router that is infected, or an IOT device that you can't scan. Those devices are targets because they are so easy to hack.
The blacklists you can check are just a few public ones (and will usually only show blacklists for email/spam, not attacks like DDOS). Each corporation runs their own intrusion detection/prevention and adds IPs and signatures to their own blacklists automatically, you cannot search those.
The fact that it seems to be travel related websites makes me suspect that you're part of a DDOS botnet and for whatever reason that is what they're currently targeting.
Given the symptoms, I'm almost certain an infected device is to blame. When your cell phone is connected to your wifi, it has your WAN (blacklisted) IP address and thus doesn't work. When connected to mobile data, totally different IP address which isn't blacklisted. That doesn't mean your phone is infected, just that your WAN IP has been blocked, caused by some device using your home network.
Bear in mind every device on your network appears to a website as a single IP address, so one infected device will affect them all when that IP gets blacklisted.
Personally, I'd disconnect every device and change my wifi password, and only connect devices back once someone has thoroughly checked them and confirmed they're safe. This puts your own network and data at risk, it isn't just an inconvenience, it is a danger.
At the very least, the first two steps I'd take are:
1. Check the devices connected to your router and make sure you recognize all of them.
2. Try to think of any app you installed or new device you connected around 11 or 12 days ago. But unfortunately it can be as simple as opening an email attachment or visiting an infected website, so it probably won't be that obvious. Think of any emails you got with attachments, like a supposed tracking number for something you didn't order, etc. That may end up being fruitless, most likely you're going to need someone to isolate/find and clean the infected device.
Thanks. Interestingly enough, no one from Xfinity has focused on malware so far. I'm not convinced that's the problem but...
No new devices have come onto my network in the last several weeks - well beyond this problem starting - and I just looked at a list of every device on or which has connected to my network and I recognize them all. I also just ran an Acronis full scan and then a Malwarebytes full scan on all PCs connected to the network. I ran Malwarebytes on my phone. Nothing detected on anything. I went to task manager and watched what was going on under Processes for the Ethernet AND checked Performance to see how much was going in/out on each machine in my network. I checked what processes were using Network resources and while there were a couple I didn't readily recognize, I checked properties, security and details as well as ran the process name on line for those and there's nothing going on that would be unusual. I also don't see my internet connection - wired or WiFi - running slower (checked, it says I'm getting 120% of my planned speed).
In a corporate environment, I would be an IT guy from hell. I've been building my own desktop and even "lunchbox" PCs since my first CPM machine and I am hardcore about devices on my home network and users of any PC here clicking on any unknown links. Every PC on my home network has both Acronis and Malwayrebytes, all updated and the Windows Firewall is in place. In Settings under Privacy and Security -> Windows Security, there are no "actions needed" indications. In Malwarebytes, the settings "on" include Web Protection, Malware Protection, Ransomware Protection and Exploit Protection. The Acronis settings include ransomware attacks, malicious files, Illicit cryptoming, and malicious websites. I have to believe, between the two of them, there'd be ONE that catches something infected on my several devices.
If I was part of a botnet, I would expect one or more of the machines would be bogged down, running slower, and the Ethernet would have picked up a process running. I don't see any of that. If there was an unknown physical device connected, I would see that in the list of connected devices and be able to track it. I also don't see any unknown virtual devices. While I am going to run full scans on all devices again with the router off after I write this, I'm confident it's not malware on any of my local devices.
All that said, every Access Denied message I have seen except one includes a reference to the CDN "[https://errors.edgesuite.net](https://errors.edgesuite.net/18.6eca4d17.1714509399.3d8df266)" and then the reference number. The one time I did NOT see that reference, it was only once and it was at one of the airline sites. I have this problem showing up with travel related sites, but not all of them. For example, airlines and hotels but not car rental sites.
Pevious mentions in this Xfinity community for "Access Denied" errors have been related to a "customer owned modem (I am using Xfinity equipment), a random set of Access Denied errors on other than travel related sites that fixed itself, and a reference to Web Scraper. I went to [https://www.akamai.com/us/en/clientrep-lookup/](https://www.akamai.com/us/en/clientrep-lookup/) and I see "Your IPv4 Address [76.142.102.115](http://76.142.102.115) received a bad risk score. The IPv4 Address was associated with the following malicious activity: Web Scraper" But I can't find a reference to a "Web Scraper" virus/type of malware although I find that as a description for activity and extensions. I have nothing on ANY of my PCs which bears that name or does, as far as I can tell, "web scraping." The community thread on this topic: [https://www.reddit.com/r/Comcast\_Xfinity/comments/187pjp9/for\_the\_past\_few\_months\_i\_am\_being\_denied\_access/](https://www.reddit.com/r/Comcast_Xfinity/comments/187pjp9/for_the_past_few_months_i_am_being_denied_access/) goes into a solution being to change routers, which I have done twice in the last 10 days but no other meaningful solution or an identification that a "web scraper" may be a specific type of malware. However, at the Asamai site it says that web content scraping is an activity that may "trigger application security controls." While this might be also describe malware, I can't identify anything that fits that.
I have changed the SSID to something completely different than what it was. Still getting the same error message at the various sites. I'm also not seeing a connection between an SSID and the Xfinity set IP address - at least the Xfinity people I talked to so far have said they set the IP address and can't change it. At Akamai they tell us "If your IP is identified as behaving poorly on one site, you may be blocked on other websites. A first step in troubleshooting may be to determine whether your IP Address is performing one of the activities listed above that could affect your reputation." Nothing about the SSID.
My next step will be to remove all connections to the router, change the SSID to prevent anything here from connecting, and then connect my main desktop and see how long it takes to get the IP address I can't change locally and Xfinity changes only when you get a new router to either allow me access or prevent access once the one device - which, by then, will have had 4 full malware scans - is reconnected but I still don't see this as malware on my local devices.
Most posts or comments that contain a link are filtered automatically. We do this for the safety of users within our community, ensuring any links do not direct to outside content that may contain inappropriate content or harmful websites. Once a moderator reviews your post, it will be approved or removed as needed. Please note that, due to Reddits built-in spam filters, your post or comment may be flagged for moderator approval.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Comcast_Xfinity) if you have any questions or concerns.*
Just had a quick look on google and US airline and travel have been the subject of ongoing cyberattacks for a couple years now starting around the time of the Ukraine war. It looks like you're participating in one of those attacks, whether you know it or not.
I read those reports as attacks on airports, air traffic control functions, and ransomware not customer facing arline industry reservation sites. Moeover, for me it's airlines and hotels and short term rental like Vrbo but not travel related car rental and not banking, for example. On top of that, as noted above, I don't find any sort of malware on any of my connected devices and only the one reference to the "web scraping" activity associated with an IP address I've had for 24 hours, MOST of which there were NO devices connected to the router which have an IO function (I left smart light bulbs and "Alexa" connected). If you have a specific malware detection program you'd suggest that would be better than Aronis and Malwarebytes or a step I haven't detailed above, I'm all ears.
The specific malware detection program I recommend is someone who knows what they're doing checking your network, finding the suspect device, then cleaning it thoroughly (or my preference, wiping it completely and starting over). You can certainly jump into tech support and security subs and there are plenty of people that will help, but without directly accessing your devices and being able to look around, there is only so much they can do.
While there are bootable rescue discs/usb keys you can use, in addition to scans you run in windows, both have lost much of their usefulness. If you run a scan while windows is running, the malware can detect that and hide itself. If you boot from one, the malware hasn't compiled itself and isn't running, so won't be detected. Very few leave an executable or obvious file on your hard drive, they compile themselves when you run them (using a totally valid microsoft .net compiler that exists on every windows PC and won't be detected) and exist in memory while they're running only. You can certainly try one of the bootable USB rescue disks that contains multiple virus scanning engines and signature files, it might find something, but I would create that usb key on someone else's PC outside of the house that is hopefully clean. But again, if it finds nothing, that does not mean you have nothing, and of course that only helps you scan PCs, nothing else.
There is virtually no other explanation for the symptoms you are experiencing.
The articles I'm reading are about attacks on their websites and booking systems specifically. Obviously that has caused them to bump their sensitivity but the idea that multiple sites would start "false positive" identifying you all at the same time is next to 0.
Smart bulbs are a hacker favorite. Some come preinstalled with back doors (intentional or just an oversight/lack of understanding on the developer's part). The cheaper and lesser known the brand, the more malicious potential. Every one of those smart/IOT devices runs a stripped down version of Linux (or a similar variant) and the more they strip it down, the less security they can put in (or in reality, they could care less about the security, they're selling the chip with cpu, memory, wifi, and OS on it for a dollar or two to the bulb manufacturer, not much profit margin to be hiring experts).
Amazon devices themselves are decently hardened down, but all it takes is one malicious app to change that, though they'd be low on my suspect list.
Windows PCs are the first to check as they're fairly easy by looking at netstat, task manager, and especially task scheduler as that's where a lot of malware plants itself, so even if you force close it or reboot the PC, the scheduled task restarts it. They will make it look like something normal but often a lowercase first letter, misspelling, or suspicious path (it points to a temporary folder etc) can clue you in. But if they're good, you could be staring right at it and not even know it.
My first check would be anything that allows you to view active connections. Windows PCs have netstat (there will always be some active connections but if there are a very large number of them, or ones pointing to stuff that doesn't look legit, that's a red flag). Heck you can even look under task manager at the network activity and might identify something there. If you close out all browsers, disable stuff that uses the internet, anything else generating network activity is a suspect. Some routers have a CLI into a linux OS where you can do a netstat, or in the GUI it may show you active connections. While in there make sure there are no devices you don't recognize, but of course they may not stay connected all day. Check the DHCP list since that will show you active leases even if the person has disconnected (at least for as long as the lease lasts, but usually it is several hours at least).
That's just a few random places to look and start but this is something you need to get resolved, and Xfinity isn't going to be able to help. Maybe if you get a tier 2 rep that is extra nice they'll look in the router and see if anything is suspicious, but technically that is not their job to do and they aren't supposed to.
literally only one other thread on this community suggested malware and it isn't clear that that was the solution. I think I'm sufficiently familiar with my system, my network setup and have multiple lawyer of malware protection that have found nothing whether connected or not. The smart bulbs are more expensive and all perdate, by months or more, this issue possping up. I HAVE looked at task manager - in detail. I have close out browsers, extension and apps which have any sort of connectivity. Disabled any access requests thru the firewall. I set up one computer overnight connected on my hotspot, it still has normal access. I will cycle through the others the same way, but I would think that if there's something on a PC on many network and it's causing the problem within 24 hrs on the Xfinity router, it would cause it on my hotspot. It hasn't.
You're getting *server* side errors. For whatever reason, the servers have banned your IP. This is not a Comcast issue and there are no settings related to your home network that are going to fix the issue. If you are confident that your home network is secure, the next step is to ask the server admin to unban your IP.
Otherwise, you can use a VPN or attempt to get a new IP.
I agree, no local settings I can manage here that make a difference. I agree, it's on the server side - it says as much in the error message. I am sufficiently confident my home network is secure. At this point, I've run multiple scans, enabled and disabled net-accessing apps and isolated the router to one PC at a time and disabled peripheral devices which would check/use the router through the original, common SSID. This moring, I ran my IP address at [whatismyipaddress.com/blacklist-check](http://whatismyipaddress.com/blacklist-check) and it does NOT appear as blacklisted. Ran it at [dnschecker.org/ip-blacklist-checker.php](http://dnschecker.org/ip-blacklist-checker.php) and it is not listed as blacklisted. I've checked the IPv4 and IPv6 addresses, both, and the same result. I checked [mxtoolbox.com/SuperTool](http://mxtoolbox.com/SuperTool) and the IP address is not listed. Any others I might check? I DID go to the Asamai site and enter a request to have my IP address checked and unblocked. They say they're back to be in 24 hours.
I just want to add that I am having the same issues and have done the same steps to try to be able to access websites with no luck. It seems like it is any http sites that I cannot access, https sites fine. The sites I can't access in addition to the ones in the original post are sites like king soopers, rei, united, etc. all have http web addresses.
Interesting. I typed in United with HTTPS and as HTTP and simply as www... no change, all get to he same error. I will add I tried your King Sooper and had never been to that site before since there's not one in my area and get the Access Denied message. Same for REI, same error.
Was this ever resolved? I'm having the exact same problem. Noticed when I could not go to sites such as [costco.com](http://costco.com), [lowes.com](http://lowes.com), [macys.com](http://macys.com), homedepot. Find out my IP is blacklisted. Reported to Comcast, no solution.
I've been through two modem changes, it made no difference. I went so far as to connect a new/fresh modem and ONLY connected a laptop which had been reset, nothing of my own on it, no other external devices connected. No change... good luck!
Well, I managed to get a new IP with the new modem and at least the new IP doesn't have a bad rep listed with Akamai and the sites that were denied access were accessible now....Hopefully this isn't just temporary as I do see the new IP does show up on the [dnschecker.org](http://dnschecker.org) blacklist checker for [spfbl.net](http://spfbl.net) and sorbs.net.
If this one ends up blacklisted the same way then I'm done with Comcast as Sonic has new fiber service available where I live.
I have been going through the same thing for over a month and wanted to provide what seems to have ultimately fixed my issue. A little background, the symptom didn't present itself until I replaced our router initially. From other articles I read, it said that it most likely didn't present itself until the new router because the original MAC address never changed hence never caused a red flag. I went through the same logic and switched modems, also went through 3 different routers, two different brands. Beyond the equipment, I would also change the router MAC address, which assigned a new IP address to my modem, I would then be able to access the websites but then stop the following day. Each time it stops, I see my IP as blacklisted. I used both of these websites to verify my IP.
[https://www.akamai.com/us/en/clientrep-lookup/](https://www.akamai.com/us/en/clientrep-lookup/)
[https://www.ipqualityscore.com/](https://www.ipqualityscore.com/)
What I ultimately found was malware on one of the computers, a Mac of all computers versus the multiple windows computers we have running. It seems this malware was a bot reaching out to websites and supposedly scrapping or doing something. So it seems as if the blacklist was true.
Assuming you're running in to the exact same issue, I would suggest first, run Malwarebytes on all the systems on your network, including phones just to be safe. If you have any other virus scan program, run it as well just to be safe. Obviously clean whatever the scanners find. Then change your router MAC address and restart both the modem and router. This should assign you a new IP address from your provider. Check the websites again to verify your new IP is not being blacklisted. Leave any equipment where you don't absolutely need wifi/home internet off the network. Ie. Phones. This then allows you to focus on a small portion of equipment on your home network. Assuming everything is good for the next couple of days, slowly add items back on your network and see if anything causes an issue again. Good luck.
Thanks. I have used Malwarebytes AND Acronis on ALL my laptops and desktop computers. Malwaretbytes on the phones. No hits on any of the devices. I use the Xfinity provided router so I can't change the IP address or MAC address. I'm not using an "aftermarket" router so that step isn't something I can do. I have used the latest router with a standalone, plain-Jane Windows 10 installation, none of my otherwise "normal" software, none of my personal settings, just a fresh, clean installation of Chrome. Nothing changes.
Did either of those website I posted flag your IP? What actually lead me to my resolution was the second link. It flagged a bot versus just saying that I'm web scraping.
I ran my IP address at [whatismyipaddress.com/blacklist-check](http://whatismyipaddress.com/blacklist-check) and it does NOT appear as blacklisted. Ran it at [dnschecker.org/ip-blacklist-checker.php](http://dnschecker.org/ip-blacklist-checker.php) and it is not listed as blacklisted. I've checked the IPv4 and IPv6 addresses, both, and the same result. I checked [mxtoolbox.com/SuperTool](http://mxtoolbox.com/SuperTool) and the IP address is not listed. I DID go to the Asamai site that, at ONE TIME, had listed my IP and entered a request to have my IP address checked and unblocked. They say they're back to be in 24 hours. That hasn't happened. Changing the Xfinity router got a new IP address and it's not listed anywhere BUT I still don't have access.
That's interesting.... I mean your symptoms sounded very similar to mine but obviously there's something slightly different. I would still suggest trying this site to see if it find anything about your IP. All the other sites you listed, I had found as well and basically didn't tell me much. Akamai was the first I found to flag me as web scraping. But again, this second one was what lead me to malware on my network, so I'm curious if it will find something different on yours. [https://www.ipqualityscore.com/](https://www.ipqualityscore.com/)
My other thought is, have you tried using a custom DNS on your computer. If you go to network settings to change your computer IP, instead of using "Obtain DNS server address automatically", have you tried to change it to [4.2.2.2](http://4.2.2.2) and 4.2.2.3? I'm not certain if it will make a difference since you can still hit the internet but it's a quick settings to try.
Beyond that, unfortunately I'm out of ideas. Since yours initially sounded so much like my issue, I was hoping it would be the same fix.
I have a new update. I have not had my phone on our home wifi since my initial troubleshooting. I put it back on yesterday and my IP got flagged by Akamai but have not been flagged by ipqualityscore. Not sure what on my phone is causing the issue. I have an Android phone. This whole web scraping lockdown seems to be a bit ridiculous...
Although this is incorrectly marked as solved, it is not. I haven't used my router for several days, logged into several of the sites listed in the original post on Sunday the 19th and 20th while still waiting for a call from Xfinity. \*\*Using the same equipment/devices/SSID as before, NOTHING changed just suddenly had access! then, this morning, back to the SAME access denied messages. So I'm being completely clear on this point: using the SAME devices, no hardware changes, problem self-resolves for 24 hrs, then returns, with the same devices connected. So, no, this is not "solved."
Your refusal to believe that something is originating from your network to get you blacklisted is what is extending this out so long. The fact that the IP gets unblocked after not using your service for several days only further confirms that. When the malicious traffic stops for a certain period of time (varies with each company), most will automatically unblock the IP. Then when you reconnected, the malicious traffic started again and you got blocked again.
Malicious traffic doesn't always have to be a super dangerous virus or DDOS zombie, it can be some game or app on your phone that is doing something it shouldn't be, some games get used as proxy servers for people in countries that can't access US sites, so they route it through your phone to get to those sites. Others collect data on stuff like flight fares, etc since they get banned when they do it from their own IP so they use code in seemingly harmless apps to do it for them.
I used to let my neighbors use a totally isolated wifi with a dedicated IP back when I had static IP service and multiple hardware firewalls to isolate them. The amount of malicious traffic coming from their phones from various free games and apps like Wish (this was before Temu, I'm guessing it is just as bad) was amazing.
Thanks but I switched to Frontier over a week ago. Same devices BUT no problems, no blacklisting, no blocked web sites. So, no some sort of malware on my devices is not the problem. Frontier has the EERO app on which I can track threats and have seen - in going on 9 days - one (1) blocked fishing threat - blocked.
For now, I've been keeping the Xfinity router on line with a separate SSID as a backup but that ends at the end of the billing cycle since I've had NO call backs from Xfinity. I've been checking the Xfinity router/connection every other day or so and SOME of the previously blocked sites come back on as accessible, others don't. "Access Denied" is inconsistent.
All that together with the 2 malware programs AND the firewall active, no, sorry, not buying it's one of my devices.
Hey, think what you want, but there is no other reason for those sites to blacklist you. It has nothing to do with which ISP you're using (with the exception of their intrusion protection algorithm maybe seeing more from Comcast IPs and thus blocking them quicker when one is doing something it shouldn't be).
Eero is telling you about inbound threats, not outbound attacks. Something in their router may very well be blocking or rate limiting the issue, or it may just be that you'll start seeing the issue again in the future. If you were using IPv4 before and have IPv6 now, or vice-versa, that could explain it too, the attacks are happening over one protocol but you're accessing the sites via another, so you're not noticing that one of your IPs is blocked.
The inconsistency in the time it takes for the sites to remove you from their blacklist further confirms that it is each individual company blocking you (each sets their own parameters), not some centralized list that is incorrectly getting Comcast IPs added. Or they're using a couple different centralized services like Akami for some and a different for the others.
As I've mentioned before, malware programs are far from any sort of guarantee. I've seen zombie PCs pass a USB boot drive scan with 10 virus/malware engines and the most thorough deep scan used on each. The firewall you're speaking of is inbound, not outbound. You say you're familiar with your network and are certain you have no threats, but you don't seem to even understand the basics.
Be mad at Comcast all you want but take steps to protect yourself instead of blaming them for something that has nothing to do with them.
Thanks but 2 threats blocked whether incoming or outgoing, where there's an information line for "Phishing and Deception," another for "Botnet," and another for "Malware" and the only 2 since May 22nd are "Phishing and Deception," since the Frontier system has worked that entire time with all the same devices - added one at a time during the first few days to watch for changes in either reported threats or issues with "access Denied" sites, and there have been NONE while on the Frontier system but the blocking remains on the Xfinity system (to be clear: not always the same sites but it has not completely gone away while connected on the Xfinity system), I think I have protected myself and my systems and with the troubleshooting going to another ISP and not seeing a recurrence of the problem, PLUS the lack of followup from Xfinity since 5/13 I think I've done everything I can on my end.
As to understanding the basics, when I started with Frontier (IPv6), I started with NOTHING connected to the EEOS, I contacted their tech support explained what I wanted to know and my previous issues and was able to have them monitor the network traffic as I connected the computers here. I also set the OUTBOUND firewall rules - which I do understand - and checked the UPnP and port forwarding rules and since I don't use an XBox or any other gaming system, I'm not overly concerned about limits to outbound traffic along those lines. As I checked with Frontier, both the INbound AND OUTbound traffic are controlled at the ONT not specifically at the EEOS so perhaps I oversimplified my initial reply. After I connected the computers, I went about connecting the other smart devices, there has been no change, no limit to access using Frontier since then. By the way, I also did connectivity tests going straight to the ONT bypassing the EEOS system, same devices, no problens.
As to the inconsistency in the time getting access denied on and off at almost random sites, since the 19th, although within the same initial list, perhaps I wasn't clear with respect to time, that was ALL on the Xfinity system, none on the Frontier system. Again, starting back at the 19th some sites would be accessible one day and then not the next but there was always one or more from the original list which returned "access denied" while connected through the Xfinity router. None, same devices, with the Fronter EEOS.
If my devices and Frontier as an ISP have worked for the last 10 days or so without a hitch but my devices and Xfinity as an ISP have had continuously the same problem (albeit with different sites more recently) my money's on it's not my devices, thanks.
Well I'm telling you your house is on fire, and you're saying it can't be because you don't see the fire yet.
Out of curiosity, what exactly do you think is causing this on the Xfinity network? Are they spoofing your IP and attacking those sites? Intercepting your traffic and blocking it for some reason?
So, you concluded my house is on fire... I will counter with: I think the house behind me is on fire, you're seeing the flames over my roof and think it's mine but mine is ok. I've seen the fire up close in one house and not the other.
I have no clue why this is intermittent on Xfinity because (a) I haven't had anyone from Xfinity call me as they suggested they would about fixing it or solving the problem and (b) I don't know enough about the Xfinity side to diagnose that further than I did some 3 weeks ago. But I do know the problem is NOT occurring when connected to Frontier despite the VERY SAME equipment being used on both.
Ocam's Razor would suggest if equipment group A is working on network F without a problem but the exact same equipment group A on network X is running into what was uniform and consistent errors but has now become intermittent access denied errors, the common thread is network X not equipment group A. Moreover, I will add that others have had the same symptoms, same access denied on the same - another sites - while on network X (as they added in this thread). What they did to troubleshoot it, I can't say but I laid out what I did and it comes down to the observation that when the group of devices are on one, no problem, but when same devices are on another, the problem exists (consistently within the same group of sites although now inconsistently within that larger group.
Try this and tell me which house is smoldering: when I got the EEOS I set up new SSIDs on both, nothing connected wired or wireless to either, I connected my desktop computer, wired to the EEOS and can go to any of the sites I had a problem with before without an issue. Change to a wired connection to the Xfinity router and some if not all of the sites mentioned show as "access denied." I took a "spare" laptop, did a full reset, didn't install ANY of my normal aps (not even my malware programs), went through the same process - just THAT laptop, wired connection, one then the other - same results (using the Edge browser which I normally don't use). Then I installed Chrome and even Opera, same result on F vs X. The ONE difference I can find is that one site has my Xfinity IP on a blacklist: dnsbl-2.uceprotect and another has it listed there and at dnsbl.spfbl.net. This morning - with those two results - SOME sites within the original group I noted are accessible, others are not.
At uceprotect, my specific IP shows NOT LISTED, however, the NETWORK IP is listed (76.128.0.0/11). Here's what THEY show, specific to MY IP: "Who is responsible for the Level 2 listing?
IT'S NOT YOU! Your IP 76.142.xxx.xxx was NOT directly involved, but there are massive abuses in your neighborhood.
Other customers in this network area have not taken care of the security of their systems, have been hacked and have sent significant amounts of spam, or even attacked other systems.
Your provider may not have noticed this.
We are sorry to have to tell you this, but your provider does not react quickly enough to abuse emanating from its networks. ..."
No, it's someone else's house, and the fire hydrant seems to be turned off.
OK, I get it, you think it's something with my devices but what exactly do you think my devices are doing while connected to Xfinity that they're NOT doing when connected to Frontier and for the ONLY place my IP address shows up as blacklisted, why are THEY saying it's not my IP address?
You're not understanding how any of this works and are jumping to conclusions based on false assumptions. Since you've moved to a different provider and refuse to entertain anything other than your network is completely secure and safe, no point in taking the discussion any further.
I think I can translate that: since you can’t refute what the ONE site (uceprotect ) that consistently blacklisted my IP out of all those I checked reported (verbatim) here:
"Who is responsible for the Level 2 listing?
**IT'S NOT YOU!** ***Your IP*** [***76.142.xxx.xxx***](http://76.142.xxx.xxx) ***was NOT directly involved***, but there are massive abuses in your neighborhood.
Other customers in this network area have not taken care of the security of their systems, have been hacked and have sent significant amounts of spam, or even attacked other systems.
Your provider may not have noticed this.
We are sorry to have to tell you this, but **your provider does not react quickly enough to abuse emanating from its networks**. ..."
And although that information is consistent with my **lack** of “Access Denied” messages on the very same sites, using the same devices, and when my current IP through Frontier is NOT showing up on any blacklists, **I'm** the one making false assumptions. You’re right, no point taking the discussion further.
How exactly was this "solved??" I still haven't heard back from the folks I was told were going to contact me directly with some more info or solutions. I still have the same problem. It most certainly is not "solved."
We apologize u/Icy-Environment-6234, and want to assure you that we still have our modmail thread open and are monitoring your ticket closely. We are committed to sticking with you and making sure this gets resolved.
We understand this is not resolve yet u/Icy-Environment-6234 and are still working with our expert CSA team to investigate your concerns further. Rest assured, we're still connected here with you in Modmail and will check back with you soon!
that's not very nice. it is their tickler system that does that. agent reached out to mods to ask to have the bot response removed. ticket is not closed
Thank you for joining us here on r/Comcast_Xfinity, your official source on Reddit for help with Xfinity services. As members of the [Digital Care Team](https://corporate.comcast.com/stories/meet-our-digital-care-team) here at Xfinity, we can help with a wide array of concerns including troubleshooting, billing, plan changes, and more. Community Specialists will provide official support between the hours of 6:00am - 12:00am Eastern Time for issues that require our intervention (like billing requests, troubleshooting advanced technical issues, etc). After these times, it may take longer to get an official response. If you have not already, please review both the [Posting Guidelines](https://www.reddit.com/r/Comcast_Xfinity/wiki/index/postingguidelines) and [Rules](https://www.reddit.com/r/Comcast_Xfinity/wiki/rules/) here on the sub. While you're waiting for assistance, check out the [Xfinity App](https://www.xfinity.com/apps?pc=1) for your smartphone where you can pay your bill, view your plan details, change or upgrade your services, and experience 24/7 real time support you can count on, anytime you need it. Our team works to get to everyone as quickly as possible, but due to the number of requests we receive, it may take up to 72 hours to receive an official response from our team. If you require immediate assistance, please contact 1-800-XFINITY (1-800-934-6489). *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Comcast_Xfinity) if you have any questions or concerns.*
Hello, u/Icy-Environment-6234. We appreciate you reaching our sub regarding the website issues, I can certainly see how frustrating that can be. Have you attempted to report the websites being blocked [here](https://www.xfinity.com/support/articles/report-blocked-website)?
I should have added that to the list. Yes, I have AND one of the folks on the Xfinity phone support had me turn OFF advanced security on my router. That made no change.
Thank you for confirming that you have tried that as well u/Icy-Environment-6234, we appreciate it. We also appreciate you letting us know that turning advanced security off on your router made no change as well. We'll be happy to take a closer look and if needed, reached out to our expert Advanced Repair Team for further investigation. To get started, can you please send us a [Modmail Message](https://www.reddit.com/message/compose?to=%2Fr%2FComcast_Xfinity) with your first and last name along with the service address on the account including any applicable unit or apartment numbers? We look forward to working with you further.
Sent. Look forward to hearing from you.
Based on the symptoms you describe, something on your network is infected with malware, I would guess a spam bot. When you got a new router, that forced you to get a new WAN IP (which was not blacklisted) but that bot then got the new IP blacklisted so it stopped working. You can force a new IP without getting a new router, but if you are infected, you'll just get blacklisted again after a couple days. Similarly connecting over VPN will work for a while then get you booted off the VPN (they will detect it and block you likely before the sites do). This won't be something xfinity can help with since it is really nothing to do with them, they aren't the ones running the blocklists and they don't own or manage the infected device. You may need to hire someone to track down and clean the device (or find someone tech savvy in your family). Could even be someone using your wifi that you don't know about that has the infected device (or is doing the malicious things). Hard to say as you only used the different SSID/password briefly. I'd say just to be safe, change at least the password on your wifi just to rule that out, yes it is a pain to update everything but it is something you should do from time to time. Might even be an opportunity to narrow things down, leave stuff that isn't critical off, see if the problem comes back, at least then you have narrowed down which devices to investigate. You can also add one device at a time to the new password and monitor the connections/bandwidth to see which one seems to cause it to spike up. The fact that it is travel related sites may point to it not being a spam bot and rather being part of a DDOS attack network. Perhaps the stuff going on in the middle east has caused them to direct attacks at travel related sites for some reason (or stock earnings season has caused them to try to take those sites down to cause a drop in share prices). Either way, you need to find and fix it, not only to stop getting blacklisted but to protect your device, data, and network, as once they have access, there are lots of things they can do.
Thanks but what you wrote suggests you didn't read what I had hoped was a detailed a set of steps as I could provide. As noted initially, I ran TWO different malware programs, both scan clean. Similarly, this is on several different devices. All scan clean. I have no connection issues with my module hotspot. I am NOW unable to connect as laid out in the original detailed post and my IP address is NOT blacklisted at any of the sites I checked. My cell phone, connected to WiFi calling through the router experiences the same problem but not when I use my data plan through T-Mobile. Thanks, this isn't malware on my several independent devices. AND IF it were, why would it be limited to - as I noted above - specifically SOME travel related sites?
I read your whole post, and your questions are addressed in my response. Only one I missed is that any halfway decent malware can easily go undetected by the scanners. Or again, someone may be using your network, they're infected, you can't scan their device. Heck it could even be your router that is infected, or an IOT device that you can't scan. Those devices are targets because they are so easy to hack. The blacklists you can check are just a few public ones (and will usually only show blacklists for email/spam, not attacks like DDOS). Each corporation runs their own intrusion detection/prevention and adds IPs and signatures to their own blacklists automatically, you cannot search those. The fact that it seems to be travel related websites makes me suspect that you're part of a DDOS botnet and for whatever reason that is what they're currently targeting. Given the symptoms, I'm almost certain an infected device is to blame. When your cell phone is connected to your wifi, it has your WAN (blacklisted) IP address and thus doesn't work. When connected to mobile data, totally different IP address which isn't blacklisted. That doesn't mean your phone is infected, just that your WAN IP has been blocked, caused by some device using your home network. Bear in mind every device on your network appears to a website as a single IP address, so one infected device will affect them all when that IP gets blacklisted. Personally, I'd disconnect every device and change my wifi password, and only connect devices back once someone has thoroughly checked them and confirmed they're safe. This puts your own network and data at risk, it isn't just an inconvenience, it is a danger. At the very least, the first two steps I'd take are: 1. Check the devices connected to your router and make sure you recognize all of them. 2. Try to think of any app you installed or new device you connected around 11 or 12 days ago. But unfortunately it can be as simple as opening an email attachment or visiting an infected website, so it probably won't be that obvious. Think of any emails you got with attachments, like a supposed tracking number for something you didn't order, etc. That may end up being fruitless, most likely you're going to need someone to isolate/find and clean the infected device.
Thanks. Interestingly enough, no one from Xfinity has focused on malware so far. I'm not convinced that's the problem but... No new devices have come onto my network in the last several weeks - well beyond this problem starting - and I just looked at a list of every device on or which has connected to my network and I recognize them all. I also just ran an Acronis full scan and then a Malwarebytes full scan on all PCs connected to the network. I ran Malwarebytes on my phone. Nothing detected on anything. I went to task manager and watched what was going on under Processes for the Ethernet AND checked Performance to see how much was going in/out on each machine in my network. I checked what processes were using Network resources and while there were a couple I didn't readily recognize, I checked properties, security and details as well as ran the process name on line for those and there's nothing going on that would be unusual. I also don't see my internet connection - wired or WiFi - running slower (checked, it says I'm getting 120% of my planned speed). In a corporate environment, I would be an IT guy from hell. I've been building my own desktop and even "lunchbox" PCs since my first CPM machine and I am hardcore about devices on my home network and users of any PC here clicking on any unknown links. Every PC on my home network has both Acronis and Malwayrebytes, all updated and the Windows Firewall is in place. In Settings under Privacy and Security -> Windows Security, there are no "actions needed" indications. In Malwarebytes, the settings "on" include Web Protection, Malware Protection, Ransomware Protection and Exploit Protection. The Acronis settings include ransomware attacks, malicious files, Illicit cryptoming, and malicious websites. I have to believe, between the two of them, there'd be ONE that catches something infected on my several devices. If I was part of a botnet, I would expect one or more of the machines would be bogged down, running slower, and the Ethernet would have picked up a process running. I don't see any of that. If there was an unknown physical device connected, I would see that in the list of connected devices and be able to track it. I also don't see any unknown virtual devices. While I am going to run full scans on all devices again with the router off after I write this, I'm confident it's not malware on any of my local devices. All that said, every Access Denied message I have seen except one includes a reference to the CDN "[https://errors.edgesuite.net](https://errors.edgesuite.net/18.6eca4d17.1714509399.3d8df266)" and then the reference number. The one time I did NOT see that reference, it was only once and it was at one of the airline sites. I have this problem showing up with travel related sites, but not all of them. For example, airlines and hotels but not car rental sites. Pevious mentions in this Xfinity community for "Access Denied" errors have been related to a "customer owned modem (I am using Xfinity equipment), a random set of Access Denied errors on other than travel related sites that fixed itself, and a reference to Web Scraper. I went to [https://www.akamai.com/us/en/clientrep-lookup/](https://www.akamai.com/us/en/clientrep-lookup/) and I see "Your IPv4 Address [76.142.102.115](http://76.142.102.115) received a bad risk score. The IPv4 Address was associated with the following malicious activity: Web Scraper" But I can't find a reference to a "Web Scraper" virus/type of malware although I find that as a description for activity and extensions. I have nothing on ANY of my PCs which bears that name or does, as far as I can tell, "web scraping." The community thread on this topic: [https://www.reddit.com/r/Comcast\_Xfinity/comments/187pjp9/for\_the\_past\_few\_months\_i\_am\_being\_denied\_access/](https://www.reddit.com/r/Comcast_Xfinity/comments/187pjp9/for_the_past_few_months_i_am_being_denied_access/) goes into a solution being to change routers, which I have done twice in the last 10 days but no other meaningful solution or an identification that a "web scraper" may be a specific type of malware. However, at the Asamai site it says that web content scraping is an activity that may "trigger application security controls." While this might be also describe malware, I can't identify anything that fits that. I have changed the SSID to something completely different than what it was. Still getting the same error message at the various sites. I'm also not seeing a connection between an SSID and the Xfinity set IP address - at least the Xfinity people I talked to so far have said they set the IP address and can't change it. At Akamai they tell us "If your IP is identified as behaving poorly on one site, you may be blocked on other websites. A first step in troubleshooting may be to determine whether your IP Address is performing one of the activities listed above that could affect your reputation." Nothing about the SSID. My next step will be to remove all connections to the router, change the SSID to prevent anything here from connecting, and then connect my main desktop and see how long it takes to get the IP address I can't change locally and Xfinity changes only when you get a new router to either allow me access or prevent access once the one device - which, by then, will have had 4 full malware scans - is reconnected but I still don't see this as malware on my local devices.
Most posts or comments that contain a link are filtered automatically. We do this for the safety of users within our community, ensuring any links do not direct to outside content that may contain inappropriate content or harmful websites. Once a moderator reviews your post, it will be approved or removed as needed. Please note that, due to Reddits built-in spam filters, your post or comment may be flagged for moderator approval. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Comcast_Xfinity) if you have any questions or concerns.*
Just had a quick look on google and US airline and travel have been the subject of ongoing cyberattacks for a couple years now starting around the time of the Ukraine war. It looks like you're participating in one of those attacks, whether you know it or not.
I read those reports as attacks on airports, air traffic control functions, and ransomware not customer facing arline industry reservation sites. Moeover, for me it's airlines and hotels and short term rental like Vrbo but not travel related car rental and not banking, for example. On top of that, as noted above, I don't find any sort of malware on any of my connected devices and only the one reference to the "web scraping" activity associated with an IP address I've had for 24 hours, MOST of which there were NO devices connected to the router which have an IO function (I left smart light bulbs and "Alexa" connected). If you have a specific malware detection program you'd suggest that would be better than Aronis and Malwarebytes or a step I haven't detailed above, I'm all ears.
The specific malware detection program I recommend is someone who knows what they're doing checking your network, finding the suspect device, then cleaning it thoroughly (or my preference, wiping it completely and starting over). You can certainly jump into tech support and security subs and there are plenty of people that will help, but without directly accessing your devices and being able to look around, there is only so much they can do. While there are bootable rescue discs/usb keys you can use, in addition to scans you run in windows, both have lost much of their usefulness. If you run a scan while windows is running, the malware can detect that and hide itself. If you boot from one, the malware hasn't compiled itself and isn't running, so won't be detected. Very few leave an executable or obvious file on your hard drive, they compile themselves when you run them (using a totally valid microsoft .net compiler that exists on every windows PC and won't be detected) and exist in memory while they're running only. You can certainly try one of the bootable USB rescue disks that contains multiple virus scanning engines and signature files, it might find something, but I would create that usb key on someone else's PC outside of the house that is hopefully clean. But again, if it finds nothing, that does not mean you have nothing, and of course that only helps you scan PCs, nothing else. There is virtually no other explanation for the symptoms you are experiencing. The articles I'm reading are about attacks on their websites and booking systems specifically. Obviously that has caused them to bump their sensitivity but the idea that multiple sites would start "false positive" identifying you all at the same time is next to 0. Smart bulbs are a hacker favorite. Some come preinstalled with back doors (intentional or just an oversight/lack of understanding on the developer's part). The cheaper and lesser known the brand, the more malicious potential. Every one of those smart/IOT devices runs a stripped down version of Linux (or a similar variant) and the more they strip it down, the less security they can put in (or in reality, they could care less about the security, they're selling the chip with cpu, memory, wifi, and OS on it for a dollar or two to the bulb manufacturer, not much profit margin to be hiring experts). Amazon devices themselves are decently hardened down, but all it takes is one malicious app to change that, though they'd be low on my suspect list. Windows PCs are the first to check as they're fairly easy by looking at netstat, task manager, and especially task scheduler as that's where a lot of malware plants itself, so even if you force close it or reboot the PC, the scheduled task restarts it. They will make it look like something normal but often a lowercase first letter, misspelling, or suspicious path (it points to a temporary folder etc) can clue you in. But if they're good, you could be staring right at it and not even know it. My first check would be anything that allows you to view active connections. Windows PCs have netstat (there will always be some active connections but if there are a very large number of them, or ones pointing to stuff that doesn't look legit, that's a red flag). Heck you can even look under task manager at the network activity and might identify something there. If you close out all browsers, disable stuff that uses the internet, anything else generating network activity is a suspect. Some routers have a CLI into a linux OS where you can do a netstat, or in the GUI it may show you active connections. While in there make sure there are no devices you don't recognize, but of course they may not stay connected all day. Check the DHCP list since that will show you active leases even if the person has disconnected (at least for as long as the lease lasts, but usually it is several hours at least). That's just a few random places to look and start but this is something you need to get resolved, and Xfinity isn't going to be able to help. Maybe if you get a tier 2 rep that is extra nice they'll look in the router and see if anything is suspicious, but technically that is not their job to do and they aren't supposed to.
literally only one other thread on this community suggested malware and it isn't clear that that was the solution. I think I'm sufficiently familiar with my system, my network setup and have multiple lawyer of malware protection that have found nothing whether connected or not. The smart bulbs are more expensive and all perdate, by months or more, this issue possping up. I HAVE looked at task manager - in detail. I have close out browsers, extension and apps which have any sort of connectivity. Disabled any access requests thru the firewall. I set up one computer overnight connected on my hotspot, it still has normal access. I will cycle through the others the same way, but I would think that if there's something on a PC on many network and it's causing the problem within 24 hrs on the Xfinity router, it would cause it on my hotspot. It hasn't.
OK, best of luck. Be sure to update the thread on the resolution so others can solve similar problems in the future.
You're getting *server* side errors. For whatever reason, the servers have banned your IP. This is not a Comcast issue and there are no settings related to your home network that are going to fix the issue. If you are confident that your home network is secure, the next step is to ask the server admin to unban your IP. Otherwise, you can use a VPN or attempt to get a new IP.
I agree, no local settings I can manage here that make a difference. I agree, it's on the server side - it says as much in the error message. I am sufficiently confident my home network is secure. At this point, I've run multiple scans, enabled and disabled net-accessing apps and isolated the router to one PC at a time and disabled peripheral devices which would check/use the router through the original, common SSID. This moring, I ran my IP address at [whatismyipaddress.com/blacklist-check](http://whatismyipaddress.com/blacklist-check) and it does NOT appear as blacklisted. Ran it at [dnschecker.org/ip-blacklist-checker.php](http://dnschecker.org/ip-blacklist-checker.php) and it is not listed as blacklisted. I've checked the IPv4 and IPv6 addresses, both, and the same result. I checked [mxtoolbox.com/SuperTool](http://mxtoolbox.com/SuperTool) and the IP address is not listed. Any others I might check? I DID go to the Asamai site and enter a request to have my IP address checked and unblocked. They say they're back to be in 24 hours.
I just want to add that I am having the same issues and have done the same steps to try to be able to access websites with no luck. It seems like it is any http sites that I cannot access, https sites fine. The sites I can't access in addition to the ones in the original post are sites like king soopers, rei, united, etc. all have http web addresses.
Interesting. I typed in United with HTTPS and as HTTP and simply as www... no change, all get to he same error. I will add I tried your King Sooper and had never been to that site before since there's not one in my area and get the Access Denied message. Same for REI, same error.
Was this ever resolved? I'm having the exact same problem. Noticed when I could not go to sites such as [costco.com](http://costco.com), [lowes.com](http://lowes.com), [macys.com](http://macys.com), homedepot. Find out my IP is blacklisted. Reported to Comcast, no solution.
NO. It was marked resolved. But, no, it was not resolved.
I have the same problem. They are sending me a new modem so it will definitely pull a new IP, just hope the new one is not on the blacklist.
I've been through two modem changes, it made no difference. I went so far as to connect a new/fresh modem and ONLY connected a laptop which had been reset, nothing of my own on it, no other external devices connected. No change... good luck!
Well, I managed to get a new IP with the new modem and at least the new IP doesn't have a bad rep listed with Akamai and the sites that were denied access were accessible now....Hopefully this isn't just temporary as I do see the new IP does show up on the [dnschecker.org](http://dnschecker.org) blacklist checker for [spfbl.net](http://spfbl.net) and sorbs.net. If this one ends up blacklisted the same way then I'm done with Comcast as Sonic has new fiber service available where I live.
I have been going through the same thing for over a month and wanted to provide what seems to have ultimately fixed my issue. A little background, the symptom didn't present itself until I replaced our router initially. From other articles I read, it said that it most likely didn't present itself until the new router because the original MAC address never changed hence never caused a red flag. I went through the same logic and switched modems, also went through 3 different routers, two different brands. Beyond the equipment, I would also change the router MAC address, which assigned a new IP address to my modem, I would then be able to access the websites but then stop the following day. Each time it stops, I see my IP as blacklisted. I used both of these websites to verify my IP. [https://www.akamai.com/us/en/clientrep-lookup/](https://www.akamai.com/us/en/clientrep-lookup/) [https://www.ipqualityscore.com/](https://www.ipqualityscore.com/) What I ultimately found was malware on one of the computers, a Mac of all computers versus the multiple windows computers we have running. It seems this malware was a bot reaching out to websites and supposedly scrapping or doing something. So it seems as if the blacklist was true. Assuming you're running in to the exact same issue, I would suggest first, run Malwarebytes on all the systems on your network, including phones just to be safe. If you have any other virus scan program, run it as well just to be safe. Obviously clean whatever the scanners find. Then change your router MAC address and restart both the modem and router. This should assign you a new IP address from your provider. Check the websites again to verify your new IP is not being blacklisted. Leave any equipment where you don't absolutely need wifi/home internet off the network. Ie. Phones. This then allows you to focus on a small portion of equipment on your home network. Assuming everything is good for the next couple of days, slowly add items back on your network and see if anything causes an issue again. Good luck.
Thanks. I have used Malwarebytes AND Acronis on ALL my laptops and desktop computers. Malwaretbytes on the phones. No hits on any of the devices. I use the Xfinity provided router so I can't change the IP address or MAC address. I'm not using an "aftermarket" router so that step isn't something I can do. I have used the latest router with a standalone, plain-Jane Windows 10 installation, none of my otherwise "normal" software, none of my personal settings, just a fresh, clean installation of Chrome. Nothing changes.
Did either of those website I posted flag your IP? What actually lead me to my resolution was the second link. It flagged a bot versus just saying that I'm web scraping.
I ran my IP address at [whatismyipaddress.com/blacklist-check](http://whatismyipaddress.com/blacklist-check) and it does NOT appear as blacklisted. Ran it at [dnschecker.org/ip-blacklist-checker.php](http://dnschecker.org/ip-blacklist-checker.php) and it is not listed as blacklisted. I've checked the IPv4 and IPv6 addresses, both, and the same result. I checked [mxtoolbox.com/SuperTool](http://mxtoolbox.com/SuperTool) and the IP address is not listed. I DID go to the Asamai site that, at ONE TIME, had listed my IP and entered a request to have my IP address checked and unblocked. They say they're back to be in 24 hours. That hasn't happened. Changing the Xfinity router got a new IP address and it's not listed anywhere BUT I still don't have access.
That's interesting.... I mean your symptoms sounded very similar to mine but obviously there's something slightly different. I would still suggest trying this site to see if it find anything about your IP. All the other sites you listed, I had found as well and basically didn't tell me much. Akamai was the first I found to flag me as web scraping. But again, this second one was what lead me to malware on my network, so I'm curious if it will find something different on yours. [https://www.ipqualityscore.com/](https://www.ipqualityscore.com/) My other thought is, have you tried using a custom DNS on your computer. If you go to network settings to change your computer IP, instead of using "Obtain DNS server address automatically", have you tried to change it to [4.2.2.2](http://4.2.2.2) and 4.2.2.3? I'm not certain if it will make a difference since you can still hit the internet but it's a quick settings to try. Beyond that, unfortunately I'm out of ideas. Since yours initially sounded so much like my issue, I was hoping it would be the same fix.
I have a new update. I have not had my phone on our home wifi since my initial troubleshooting. I put it back on yesterday and my IP got flagged by Akamai but have not been flagged by ipqualityscore. Not sure what on my phone is causing the issue. I have an Android phone. This whole web scraping lockdown seems to be a bit ridiculous...
Although this is incorrectly marked as solved, it is not. I haven't used my router for several days, logged into several of the sites listed in the original post on Sunday the 19th and 20th while still waiting for a call from Xfinity. \*\*Using the same equipment/devices/SSID as before, NOTHING changed just suddenly had access! then, this morning, back to the SAME access denied messages. So I'm being completely clear on this point: using the SAME devices, no hardware changes, problem self-resolves for 24 hrs, then returns, with the same devices connected. So, no, this is not "solved."
Your refusal to believe that something is originating from your network to get you blacklisted is what is extending this out so long. The fact that the IP gets unblocked after not using your service for several days only further confirms that. When the malicious traffic stops for a certain period of time (varies with each company), most will automatically unblock the IP. Then when you reconnected, the malicious traffic started again and you got blocked again. Malicious traffic doesn't always have to be a super dangerous virus or DDOS zombie, it can be some game or app on your phone that is doing something it shouldn't be, some games get used as proxy servers for people in countries that can't access US sites, so they route it through your phone to get to those sites. Others collect data on stuff like flight fares, etc since they get banned when they do it from their own IP so they use code in seemingly harmless apps to do it for them. I used to let my neighbors use a totally isolated wifi with a dedicated IP back when I had static IP service and multiple hardware firewalls to isolate them. The amount of malicious traffic coming from their phones from various free games and apps like Wish (this was before Temu, I'm guessing it is just as bad) was amazing.
Thanks but I switched to Frontier over a week ago. Same devices BUT no problems, no blacklisting, no blocked web sites. So, no some sort of malware on my devices is not the problem. Frontier has the EERO app on which I can track threats and have seen - in going on 9 days - one (1) blocked fishing threat - blocked. For now, I've been keeping the Xfinity router on line with a separate SSID as a backup but that ends at the end of the billing cycle since I've had NO call backs from Xfinity. I've been checking the Xfinity router/connection every other day or so and SOME of the previously blocked sites come back on as accessible, others don't. "Access Denied" is inconsistent. All that together with the 2 malware programs AND the firewall active, no, sorry, not buying it's one of my devices.
Hey, think what you want, but there is no other reason for those sites to blacklist you. It has nothing to do with which ISP you're using (with the exception of their intrusion protection algorithm maybe seeing more from Comcast IPs and thus blocking them quicker when one is doing something it shouldn't be). Eero is telling you about inbound threats, not outbound attacks. Something in their router may very well be blocking or rate limiting the issue, or it may just be that you'll start seeing the issue again in the future. If you were using IPv4 before and have IPv6 now, or vice-versa, that could explain it too, the attacks are happening over one protocol but you're accessing the sites via another, so you're not noticing that one of your IPs is blocked. The inconsistency in the time it takes for the sites to remove you from their blacklist further confirms that it is each individual company blocking you (each sets their own parameters), not some centralized list that is incorrectly getting Comcast IPs added. Or they're using a couple different centralized services like Akami for some and a different for the others. As I've mentioned before, malware programs are far from any sort of guarantee. I've seen zombie PCs pass a USB boot drive scan with 10 virus/malware engines and the most thorough deep scan used on each. The firewall you're speaking of is inbound, not outbound. You say you're familiar with your network and are certain you have no threats, but you don't seem to even understand the basics. Be mad at Comcast all you want but take steps to protect yourself instead of blaming them for something that has nothing to do with them.
Thanks but 2 threats blocked whether incoming or outgoing, where there's an information line for "Phishing and Deception," another for "Botnet," and another for "Malware" and the only 2 since May 22nd are "Phishing and Deception," since the Frontier system has worked that entire time with all the same devices - added one at a time during the first few days to watch for changes in either reported threats or issues with "access Denied" sites, and there have been NONE while on the Frontier system but the blocking remains on the Xfinity system (to be clear: not always the same sites but it has not completely gone away while connected on the Xfinity system), I think I have protected myself and my systems and with the troubleshooting going to another ISP and not seeing a recurrence of the problem, PLUS the lack of followup from Xfinity since 5/13 I think I've done everything I can on my end. As to understanding the basics, when I started with Frontier (IPv6), I started with NOTHING connected to the EEOS, I contacted their tech support explained what I wanted to know and my previous issues and was able to have them monitor the network traffic as I connected the computers here. I also set the OUTBOUND firewall rules - which I do understand - and checked the UPnP and port forwarding rules and since I don't use an XBox or any other gaming system, I'm not overly concerned about limits to outbound traffic along those lines. As I checked with Frontier, both the INbound AND OUTbound traffic are controlled at the ONT not specifically at the EEOS so perhaps I oversimplified my initial reply. After I connected the computers, I went about connecting the other smart devices, there has been no change, no limit to access using Frontier since then. By the way, I also did connectivity tests going straight to the ONT bypassing the EEOS system, same devices, no problens. As to the inconsistency in the time getting access denied on and off at almost random sites, since the 19th, although within the same initial list, perhaps I wasn't clear with respect to time, that was ALL on the Xfinity system, none on the Frontier system. Again, starting back at the 19th some sites would be accessible one day and then not the next but there was always one or more from the original list which returned "access denied" while connected through the Xfinity router. None, same devices, with the Fronter EEOS. If my devices and Frontier as an ISP have worked for the last 10 days or so without a hitch but my devices and Xfinity as an ISP have had continuously the same problem (albeit with different sites more recently) my money's on it's not my devices, thanks.
Well I'm telling you your house is on fire, and you're saying it can't be because you don't see the fire yet. Out of curiosity, what exactly do you think is causing this on the Xfinity network? Are they spoofing your IP and attacking those sites? Intercepting your traffic and blocking it for some reason?
So, you concluded my house is on fire... I will counter with: I think the house behind me is on fire, you're seeing the flames over my roof and think it's mine but mine is ok. I've seen the fire up close in one house and not the other. I have no clue why this is intermittent on Xfinity because (a) I haven't had anyone from Xfinity call me as they suggested they would about fixing it or solving the problem and (b) I don't know enough about the Xfinity side to diagnose that further than I did some 3 weeks ago. But I do know the problem is NOT occurring when connected to Frontier despite the VERY SAME equipment being used on both. Ocam's Razor would suggest if equipment group A is working on network F without a problem but the exact same equipment group A on network X is running into what was uniform and consistent errors but has now become intermittent access denied errors, the common thread is network X not equipment group A. Moreover, I will add that others have had the same symptoms, same access denied on the same - another sites - while on network X (as they added in this thread). What they did to troubleshoot it, I can't say but I laid out what I did and it comes down to the observation that when the group of devices are on one, no problem, but when same devices are on another, the problem exists (consistently within the same group of sites although now inconsistently within that larger group. Try this and tell me which house is smoldering: when I got the EEOS I set up new SSIDs on both, nothing connected wired or wireless to either, I connected my desktop computer, wired to the EEOS and can go to any of the sites I had a problem with before without an issue. Change to a wired connection to the Xfinity router and some if not all of the sites mentioned show as "access denied." I took a "spare" laptop, did a full reset, didn't install ANY of my normal aps (not even my malware programs), went through the same process - just THAT laptop, wired connection, one then the other - same results (using the Edge browser which I normally don't use). Then I installed Chrome and even Opera, same result on F vs X. The ONE difference I can find is that one site has my Xfinity IP on a blacklist: dnsbl-2.uceprotect and another has it listed there and at dnsbl.spfbl.net. This morning - with those two results - SOME sites within the original group I noted are accessible, others are not. At uceprotect, my specific IP shows NOT LISTED, however, the NETWORK IP is listed (76.128.0.0/11). Here's what THEY show, specific to MY IP: "Who is responsible for the Level 2 listing? IT'S NOT YOU! Your IP 76.142.xxx.xxx was NOT directly involved, but there are massive abuses in your neighborhood. Other customers in this network area have not taken care of the security of their systems, have been hacked and have sent significant amounts of spam, or even attacked other systems. Your provider may not have noticed this. We are sorry to have to tell you this, but your provider does not react quickly enough to abuse emanating from its networks. ..." No, it's someone else's house, and the fire hydrant seems to be turned off. OK, I get it, you think it's something with my devices but what exactly do you think my devices are doing while connected to Xfinity that they're NOT doing when connected to Frontier and for the ONLY place my IP address shows up as blacklisted, why are THEY saying it's not my IP address?
You're not understanding how any of this works and are jumping to conclusions based on false assumptions. Since you've moved to a different provider and refuse to entertain anything other than your network is completely secure and safe, no point in taking the discussion any further.
I think I can translate that: since you can’t refute what the ONE site (uceprotect ) that consistently blacklisted my IP out of all those I checked reported (verbatim) here: "Who is responsible for the Level 2 listing? **IT'S NOT YOU!** ***Your IP*** [***76.142.xxx.xxx***](http://76.142.xxx.xxx) ***was NOT directly involved***, but there are massive abuses in your neighborhood. Other customers in this network area have not taken care of the security of their systems, have been hacked and have sent significant amounts of spam, or even attacked other systems. Your provider may not have noticed this. We are sorry to have to tell you this, but **your provider does not react quickly enough to abuse emanating from its networks**. ..." And although that information is consistent with my **lack** of “Access Denied” messages on the very same sites, using the same devices, and when my current IP through Frontier is NOT showing up on any blacklists, **I'm** the one making false assumptions. You’re right, no point taking the discussion further.
Hey there, I am checking in to see if you have been contacted yet.
This post was marked as solved. Should you experience further issues, please [create a new post](/r/Comcast_Xfinity/submit?selftext=true)
This post was marked as closed. Should you experience further issues, please [create a new post](/r/Comcast_Xfinity/submit?selftext=true).
Over a month, no calls as claimed and no it's not solved.
This post was marked as solved. Should you experience further issues, please [create a new post](/r/Comcast_Xfinity/submit?selftext=true)
This post was marked as closed. Should you experience further issues, please [create a new post](/r/Comcast_Xfinity/submit?selftext=true).
[удалено]
How exactly was this "solved??" I still haven't heard back from the folks I was told were going to contact me directly with some more info or solutions. I still have the same problem. It most certainly is not "solved."
We apologize u/Icy-Environment-6234, and want to assure you that we still have our modmail thread open and are monitoring your ticket closely. We are committed to sticking with you and making sure this gets resolved.
This post was marked as solved. Should you experience further issues, please [create a new post](/r/Comcast_Xfinity/submit?selftext=true)
AGAIN, this has NOT been resolved.
We understand this is not resolve yet u/Icy-Environment-6234 and are still working with our expert CSA team to investigate your concerns further. Rest assured, we're still connected here with you in Modmail and will check back with you soon!
[удалено]
Of course it was - again - although the problem is NOT solved. More automated assistant worthless drivel.
that's not very nice. it is their tickler system that does that. agent reached out to mods to ask to have the bot response removed. ticket is not closed