NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Bitdefender blocking malicious host on iPads
Hello, I have an Orbi RBR40 with 3 satellites. Netgear Armor with bit defender/VPN installed on iPads. In the last 2 weeks, I’ve started getting warnings that ‘malicious host blocked on iPad’ f...
If you're getting the reports daily, shut off your devices and only use 1. Watch for the notices. That'll help you narrow it to a specific device.
From there you can work on seeing if something on it is causing it. It could be something on a site you go to or even an app that does have something nefarious in it. Tough to know with the info you've given.
I’ve done that. It seems it happens when either iPad is asleep and plugged in, usually within 10-25 mins. Infrequently, I get a message that ‘Page was blocked. The page you were trying to access was dangerous and was blocked for your protection.’ This is while the iPad was asleep and plugged in early this morning.
You can go into armor and see what sites are being blocked.
https://kb.netgear.com/000061032/NETGEAR-Armor-is-blocking-URLs-that-I-want-to-access-what-do-I-do
It also has more info on why it was blocked.
It could be an app in the background updating its connection and that being an issue
- I have looked at that in bitdefender (nighthawk not available for my router), the sites listed are classified as malicious (one in the Netherlands the other Iceland). I actually had one alert pop up while I was using the iPad. I’m testing now by having no email and no safari cache/websites on one iPad. Curious if it’s a spam email undeleted from junk and trash folders that may have some JavaScript or something triggering the call to these websites. I’ve also turned off background app update for all but a few key apps.
FYI and alert,
I received a private message from a new user with a spam link for WFH jobs. I forwarded it to the netgear team, without clicking their link, and deleted all instances of the email from my accounts. But I find it very interesting that a potential spam/hacker is trolling this community, particularly with the subject of malicious host blocking, and sends a PM to do potentially the very same thing.
I hope the netgear team traces the IP and discovers which existing users are trolling and creating fake accounts to perpetrate this fraudulent activity.