cancel
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

allot.com trying to intercept my Internet traffic

WhiteKnight
3: Seeker
3: Seeker

Hi

 

allot.com is trying to man-in-the-middle attack me from your network. Please could you address this. I need to use NordVPN to for work. Every time I open the application it asks me if I want to trust this certificate. I, like the rest of the world, do not trust this certificate and will not select trust. I do not have Secure Net enabled on my account.

 

NordVPN_ZS0ofz6wNs.png

Thank you

1 ACCEPTED SOLUTION

WhiteKnight
3: Seeker
3: Seeker

For future reference the problem domain was zwyr157wwiu6eior.com. auth.zwyr157wwiu6eior.com redirects to nordaccount.com, so it is theirs. However they don't seem to want to confirm this. Vodafone seems to have resolved this given that it is now working as expected, although they seemed to fail to understand the issue. Essentially when the NordVPN starts on Windows 10 it loads various domains, including the above. If the prompt appears, selecting "Don't trust" allows you to continue to the app and use the VPN without issue. However the auto-update feature may be trying to use the above address and so fail if it is being attacked like this.

View solution in original position

13 REPLIES 13

Farai
Moderator (Retired)
Moderator (Retired)

We'd be more than happy to look into this for you @WhiteKnight 👍 so we can get the ball rolling, please drop us a message via Twitter or Facebook here 

WhiteKnight
3: Seeker
3: Seeker

For future reference the problem domain was zwyr157wwiu6eior.com. auth.zwyr157wwiu6eior.com redirects to nordaccount.com, so it is theirs. However they don't seem to want to confirm this. Vodafone seems to have resolved this given that it is now working as expected, although they seemed to fail to understand the issue. Essentially when the NordVPN starts on Windows 10 it loads various domains, including the above. If the prompt appears, selecting "Don't trust" allows you to continue to the app and use the VPN without issue. However the auto-update feature may be trying to use the above address and so fail if it is being attacked like this.

Juliianadiniz
2: Seeker
2: Seeker

I am getting exactly the same, and it started out of the blue. How do you actually solve it?

Its amazon.com.

It brings all the traffic back from your destination.  All the crappy Content delivery network junk (CDN) it brings back.
Vodafone use too many 3rd party dns addresses for all their services. Just like BT.

Thats why they havnt got a clue when anything goes wrong. Because it could be anything down the line, literally.

If you run Internet Explorer 11, and prompt for all cookies whilst browsing, you'll see exactly how many websites are cross site scripted and bringing all the junk and crap back.

Thats why Internet Explorer doesnt work anymore. It was a very powerful web browser with more options and settings than you get on any web browser today.

Internet Explorer could tell you the hidden websites (trackers) that are attacking your machine, all by the cookies that were being prompted. It really did work.

RIP IE. You were the best 🙂

Prompt for Cookies whilst browsing ? 
You dont get that on any web browsers today.

I say block the lot and only allow the websites you need, via java script, images, and cookies. 
Otherwise block the lot.  Its not needed.  Save ya bandwidth.

Saying that, youtube still doesnt work

@Pluginz I don't know what you are on about. This issue is about Secure Net intercepting traffic but failing to do it transparently even when the service is disabled. I don't want someone listening to all my traffic without my permission.

Thats exactly right, nobody wants that.

This thread is titled allot.com, which is coming from amazon.  You can have 100's of addresses on one domain.
Vodafone use 3rd party dns's for their services.  Its as simple as that.
Find out your own IP address.  Search where it comes from.  Use whois tools inconjunction with the addresses youve also found.  Match the domain. Theres your answer.

Interception from various addresses onto your computer is done via what?  Cross site scripting tracking works like this. Via cookies.  Otherwise it has no reference.
Internet Explorer used to have settings like a XSS filter.

Best thing you can do is block all Javascript, as thats how most of it works.

Good luck 🙂

I actually found 5 addresses associated with alott.com.

cloudflare.com

amazon.com

akamai.com

markmonitor.com

amazonaws.com

Last destination was the data centre in Amsterdam

176.0.0.0 - 176.255.255.255