"I've tried various dns flushing commands on various machines (not to mention reboots, that are the ultimate flush!), with no joy."

Clearly heard and mostly understood/processed.

The ultimate 'flush' would surely be a new IP? (Excuse my momentary flippancy. I'm still cogitating.).

(aside - telnet to a specific port just tests the initial 3-way TCP handshake. After that you have to know how to 'speak' the protocol. Since you were receiving a 403 error the end-to-end handshake had already been established. Even tho tesco times out, the initial TCP level connection has been established.)

Is your browser using DoH (DNS over HTTPS) for DNS resolution?

@greygit1 re: DoH, I'm not at all familiar with this (I've just had to Google it), but I'm inclined to say not as I vaguely recall seeing connections to port 53 at the DNS server, before the http connection in the router logs...

It is a setting in the Firefox browser, if you are using Firefox. (about:preferences#privacy)

Most configured mobile devices won't be using Firefox as a browser (unless the browser has been changed/updated). You reported that using your mobile device didn't have the same symptoms.

Firefox may come as a browser as part of *ix installs.

Just a thought/opinion. Your DIG appears to be a Debian install.

@greygit1 no, firefox doesn't have DoH enabled.

Everything connected through the router and Plusnet is affected - all browsers, i.e. Google Chrome, Firefox, Chromium, Edge on all OSes i.e. Windows, Android, Debian, Mint, Raspbian

The phones don't work on the Akamai websites when connected over WiFi to the router and Plusnet. They work fine when WiFi is turned off and they use mobile data instead.

(The Debian boxes are headless, so they generally don't have browsers installed.)

I believe quite a number of large companies use Akamai to help provide security on their web sites, we used to years ago when I worked for a large American company in IT.

I think they front end the web servers of those companies and do things like dealing with DOS attacks to take some of the workload off the companies servers and provide a range of other web services.

It looks to me, at a guess, that the IP address you have has found its way onto a blacklisted.  - probably the best solution is to get a new IP.  It is either that or get Akamai to take it off it's blacklist - but suspect that may be more difficult.

Thanks @Ian06 for confirming that, that's exactly the conclusion I'd arrived at.

Previously, the Akamai reputation tool (https://www.akamai.com/us/en/clientrep-lookup/) had just been replying "The IP Address 80.229.xxx.xxx did not receive a bad risk score.", but today it has started reporting "Your IPv4 Address 80.229.xxx.xxx received a bad risk score. The IPv4 Address was associated with the following malicious activity: Web Scraper" - along with a button to "Request to investigate your IP address", which obviously I pressed and filled in my contact details on the resulting form. We'll see what comes of that (it said "We'll review your request and get back to you within 2 business days").

Obviously, I haven't been Web Scraping, but I suspect that all my curl and wget activity over the last few days, trying to fathom out what's going on, could easily be interpreted as attempting to web scrape the blocked sites! Well, at least that's succeeded in opening up another avenue to investigate!

I've succeeded in getting "put through" to escalating levels of Tesco IT Support, so hopefully they may be able to confirm there is some block against my IP address, it's just that everything is routed via their Customer Services (both ways), so the round trip time is several hours 🙄

Meanwhile, the list of sites denied to me now includes: tesco.com, tui.co.uk, ba.com, ebay (just transactions, searching/browsing are fine), argos.co.uk, superdrug.com, savers.co.uk - not surprisingly, they all resolve to various axxx-xxx-xxx-xxx.deploy.static.akamaitechnologies.com hosts.

Does anyone (@MisterW maybe?) know if Plusnet are able to assign a different/replacement Static IP address? If it's possible, what's the simplest/shortest route to request that?

Does anyone (@MisterW maybe?) know if Plusnet are able to assign a different/replacement Static IP address? If it's possible, what's the simplest/shortest route to request that?

AFAIK the only way is to remove the static IP component and then readd it. It will normally give a different IP but there no way to guarantee it

I can try and do that (What @MisterW said) for you if you want @adflyer ?

If this post resolved your issue please click the 'This fixed my problem' button

Will Cutforth  Plusnet Help Team

@willcutforth, yes please!

I'm not making any significant progress with getting the IP address off whichever block list it's ended up on...

I'm assuming you can see my Plusnet account name? (There are DNS records associated with the static IP address too.)

Thank you

I think you've managed to pre-empt all my further questions.

I'm left grasping at tenuous straws.

---

@adflyer wrote:

https://www.ipqualityscore.com/ip-reputation-check for my IP address says ...

80.229.xxx.xxx Risk Summary

Suspicious - This IP address is exhibiting questionable and suspicious behavior. We would recommend passing more user data through our API to produce a more accurate risk analysis of the user's quality.

---

I get the same report with my static IP address and a fraud report of 58.

I am taking this reputation check with a road-gritter-sized pinch of salt!  I suspect that the report is nothing more than scare tactics to get one to sign up for a (paid for?) "more accurate risk analysis of the user's quality".

If your STATIC IP address is really on a relevant** black list (and that is blocking your access) you need to understand why / how it got there - is there rouge software in your network?

If something untoward is happening on your LAN an new static IP address is likely to similarly become black listed.

Picking up a dirty DYNAMIC IP address abused by a previous user happens and is a tad inconvenient.  For a STATIC IP address to turn 'bad' the 'suspicious' activity has to be coming from your network, either one of your devices ... or an external party who has piggy-backed onto your WiFi.

If this is indeed a black listing issue ... I would be far more concerned about how the STATIC IP address became black listed than the fact that you cannot access certain sites.

** as @MisterW has noted, one of the black lists is irrelevant as it only applies to running MX servers on your home network.

Yes, @Townman I completely agree. I'd similarly dismissed the ipqualityscore.com result as scare-mongering, given that half the results only show as "sign up to see more".

I'm similarly conscious of why my IP Address may have become blocked, which is why I've been trying to find out (so far unsuccessfully) from Akamai, Tesco etc.

My working assumption is that Tui are responsible for adding me. For a few months I've been monitoring the price of a couple of flights, waiting for a price drop before buying. The usual way to obtain prices is to submit a form with route, dates, passengers etc to obtain the prices. However, the results page URL contains all those details as parameters, so "bookmark" those URLs and the prices can be obtained directly. I did this for both flights, and had these auto-open in my browser on start-up (which starts at least once per day). For a while, instead of displaying the results immediately, it's shown something like a "Challenge Validation" / "Holding" page that counts down from 10sec to zero, before the results are then shown. I suspect that's coming from some anti-scraping protection (or similar) on the website. Recently, that's started behaving oddly, e.g. the count reverting back to 10 before getting to zero a few times, or it just stopping and requires reloading. I wouldn't be surprised if not going through the form (and maybe picking up some new session ID / cookie etc?), combined with multiple re-loads, maybe more than once per day, has breached some "web-scraper!!" alarm threshold, which has then been fed back from Tui to Akamai as part of the protection package Akamai provides? Of course, this is all obvious with hindsight, after the wider Akamai block started. Clearly, when I get the new IP Address sorted, I'll stop doing this!!

I'm reasonably confident there isn't anything odd going on within my network. I have a variety of monitoring software running that (I assume...) will alert me to something odd happening. I continually see failed login attempts on the open (non-default!) ssh port, (mostly from Chinese or Russian IP Address ranges...) which is locked down to a single username and secured with a public-private key, rather than a password anyway. Successful non-local logins are specifically flagged up and I see these when I login remotely when out and about. This hasn't been triggered by anyone else.... (yet....?)

Anyway, I'm pinning my hopes on a new static IP address. If I stop doing the Tui thing, hopefully it will all be ok. If the new address gets blocked too, then i'll spend time going in search of what's going on in the network and make more effort with uncovering the root cause of the block.

It's like a circuit-breaker unexpectedly popping - you reset it once only; if it pops again, you go in search of the fault, if it doesn't - sorted, get on with life 🙂

Other blacklists referenced are related to running a proxy server.