User profile for user: Bobm681
Bobm681 Author
User level: Level 1
4 points

My router's security is flagging access to some websites accessed with Safari

I am running a Synology RT2600AC and have an iphone 15 pro running ios 18.2. My router says SRM is up to date, though I can’t figure out how to find the SRM version. I also get the same message on my MacBook pro running Sonoma 14.7.2. 


My problem has started about 2 to 3 weeks ago when I started getting these alerts sent to me from my router: “the connection from Bobs-iPhone (<or my macbook>) to sync.1rx[.]io has been blocked for security reasons(Phishing).” I’m not sure what I am accessing to give me this message. I’ve deleted safari cookies and cache/website data and have restarted the phone and Mac numerous times.


As I've worked through this, I suspect that while my Synology router is flagging the situation, the problem lies with safari or malware on my phone and Mac.


(The following is a debug exercise I did today with my Mac.)


This morning I saw that I had some of the above alerts from last night, and I deleted them. I then checked my email and saw that a web site I frequent and some new postings and I clicked on them. Within 30 sec or so I received another of those alerts. I did it a few times and it seems fairly repeatable with this website, but some other websites don’t seem to result in a message.


The website with which I had the problem this morning is tractorbynet.com, a site that discusses small (farm/homeowner) tractors. The website sends and email with daily postings and upon looking at the link, it goes to a third party website that then resolves it to the the appropriate website.


For example, the link in question:

Which jumper cables. is actually to (https://imc-digital-universe-inc.sendybay.com/l/ttuUrgSTjbFj3m763DsKkySA/Bnl9XdqPjN9sUm9OpncfJQ/S9WNJDOZHk892YylskIwl71A)


This then resolves to the actual tractorbynet website (https://www.tractorbynet.com/forums/threads/which-jumper-cables.524509/?utm_source=trending&utm_medium=email#google_vignette)


Finally, if I go to the tractorbynet website, and find the post in question, I also get the same message.https://www.tractorbynet.com/forums/threads/which-jumper-cables.524509/


I am running Safari (V18.2) on my Mac and what is interesting is there is some code shown in an ad at the bottom of the web page that states "","native":{"asset":[{"data":{"value":"Learn more","type":12}}]},"event":[]},"ext":{"tlFormatId":10,"tlAdditionalData":{"pr":"3.26408","bc":"7.531","aid":"45869285046594256930480","bmid":"2662","biid":"6806","sid":"193974","did":"52276","brid":"62","adid":"7504572","crid":"287660372","ts":"1735592231","bcud":"7531","ss":"20"},"payableEvent":1,"viewability":{"moat":0,"ias":0,"adelaide":0,"dv":0},"dealId":"52276","externalCreativeTypeId":4,"passedGpid":"\/15184186\/tract”


I think this is the crux of the problem but I don’t know what to do to get rid of it, or if the message is an SRM artifact. 


Any ideas?

Thanks ~Bob

MacBook Pro 14″, macOS 14.7

Posted on Dec 30, 2024 1:48 PM

Reply
7 replies
User profile for user: Bobm681
Bobm681 Author
User level: Level 1
4 points

Dec 31, 2024 6:39 AM in response to Bobm681

A couple of updates.

Thanks VikingOSX, the version of SRM I'm running is SRM 1.2.5-8227 Update 11, which is up to date for my router.


Thanks Etresoft and John Galt. I set up an exception in my router to not block sync.1rx.io and that seems to have eliminated the alert (I did it in SRM's Safe Access/Security/Exception List).


What I don't understand is why SRM thinks it is a phishing attempt. I will say been running SRM's Safe Access Network protection for years, and maybe sync.1rx.io is flagged in the associated threat database.



Unless anyone has any other insight, I'm going to call this good. Thanks again for the help.

Bob

Reply
User profile for user: John Galt
John Galt
User level: Level 10
156,458 points

Dec 30, 2024 5:15 PM in response to Bobm681

Some (most?) website URLs will result in redirects, often several of them, before the desired URL loads. It's all about "revenue enhancement" i.e. 💰


However, for what it's worth, none of the website examples you posted are redirecting to anything on the Mac I happen to be using at the moment. They all loaded directly with no intervening redirects. It's almost unusual.


If you determine your router is in fact not responsible for blocking content, the next step in my opinion would be to download and run EtreCheck. Instructions: How to use the Add Text Feature When Posting Large Amounts of Text, i.e. an Etrecheck Report - Apple Community. It often provides some helpful information.


Should you decide to avail yourself of it and would like others to come up with some suggestions, please follow those instructions with care.


Another thought: rule out your router as the cause by turning Wi-Fi "off" and using your iPhone's cellular data rather than wireless.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

My router's security is flagging access to some websites accessed with Safari

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up