Banking.postbank.de/rai/login is not working

chiliseek · September 2, 2018, 2:21pm

hey,

sorry... but i dont get this.. even if i whitelist the scammer URL as said by don_misu It does not load the webpage for me. Also from what Mcat12 has written i take that the url "http://postbank.de.kundenkonto-postbank-6756370708-postbank.ru" which seems to be on the "gravity.list" should not block postbank.de ... but it does block it... I've tested this on three devices... (PC, MAC and iphone)

I guess I've tried everything... restarted DNS, deleted local cache... even added this scamm URL to the whitelist but it still refuses to load the page...

here is my debug token: 3ljku23is6

for now.. i just have to change DNS server if i want to do some online banking...

/e: added debug token

don_misu · September 2, 2018, 4:31pm

sorry, it is not ok on my side. on my test i forgot the running vpn.

postbank.de is working but not

banking.postbank.de
meine.postbank.de

Mcat12 · September 2, 2018, 4:35pm

postbank.de.kundenkonto-postbank-6756370708-postbank.ru != postbank.de

Did you whitelist the first domain, or the second? They are not the same domain.

don_misu · September 2, 2018, 5:13pm

yes i did it, but it is not working

don_misu · September 2, 2018, 5:20pm

i am on a mac. and no postbank in my hosts file

nslookup meine.postbank.de
Address: 192.168.1.19#53

Non-authoritative answer:

Name: meine.postbank.de

Address: 185.157.34.21

nslookup banking.postbank.de

Non-authoritative answer:

*** Can't find banking.postbank.de: No answer

nslookup www.postbank.de

Address: 192.168.1.19#53

Non-authoritative answer:

Name: www.postbank.de

Address: 160.83.8.182

don_misu · September 2, 2018, 5:34pm

vpn is vpn from f-secure and there dns server. with vpn on, all on postbank is working.

i removed the bad url from my whitelist. but with this, i can not enter the site postbank. the main url is not working

chiliseek · September 2, 2018, 6:02pm

hey,

ofc i've tried to whitelist the second domain first... I've only whitelisted the scammer url for testing once and removed it directly when i noticed it does not help.

If i enter "pihole -q postbank.de" it shows:

Match found in Whitelist
postbank.de
www.postbank.de
banking.postbank.de
meine.postbank.de
Match found in list.31.hosts-file.net.domains:
postbank.de.kundenkonto-postbank-6756370708-postbank.ru
www.postbank.de.kundenkonto-postbank-6756370708-postbank.ru

If i just enter "pihole -q postbank" it shows:

Match found in Whitelist
postbank.de
www.postbank.de
banking.postbank.de
meine.postbank.de
Match found in list.0.raw.githubusercontent.com.domains:
postbank.ssl-zertifikat.mobi
Match found in list.26.v.firebog.net.domains:
postbank.488-s8.usa.cc
Match found in list.31.hosts-file.net.domains:
postbank-secure.com
postbank.de.kundenkonto-postbank-6756370708-postbank.ru
www.postbank.de.kundenkonto-postbank-6756370708-postbank.ru
Match found in list.36.v.firebog.net.domains:
postbank-de.net
postbank-deutschland.com
postbanklondon.com
Match found in list.39.v.firebog.net.domains:
postbank.ssl-zertifikat.mobi

Now the nslookup for postbank.de (on the pihole)

Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
*** Can't find postbank.de: No answer

Now the nslookup for www.postbank.de (on the pihole)

Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
*** Can't find www.postbank.de: No answer

Now the nslookup for banking.postbank.de (on the pihole)

Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
*** Can't find banking.postbank.de: No answer

Now the nslookup for meine.postbank.de (on the pihole)

Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
*** Can't find meine.postbank.de: No answer

.. its the same for all if them....

chiliseek · September 2, 2018, 6:22pm

nslookup pi-hole.net

Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
Name: pi-hole.net
Address: 206.189.252.21

nslookup flurry.com

Server: 127.0.0.1
Address: 127.0.0.1#53

Name: flurry.com
Address: 0.0.0.0

I'm using 1.1.1.1 as DNS service for a while now and it worked well so far.
/e: it was working well with postbank.de too :>

/etc/resolve.conf content:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1

chiliseek · September 2, 2018, 6:29pm

also i've noticed that in the query log it does not show anything getting piholed.. if i try to load postbank.de it loads for a while and fails but it shows nothing in the query log...
but it showed this:
2018-09-02 20:13:42 A banking.postbank.de OK (cached) NODATA (2.3ms)

what confuses me, it says "NODATA" <- maybe thats a useful information?

/e: but its not shown all the time.. if i try to load the page 10 times it maybe shows it once... I'm really confused why the query log does not show everything

/e2:

2018-09-02 20:31:12	A	www.postbank.de		OK (cached)	NODATA (9.1ms)
2018-09-02 20:31:07	A	postbank.de		OK (cached)	NODATA (1.1ms)

chiliseek · September 2, 2018, 6:40pm

yes, that works perfectly fine:

nslookup postbank.de 1.1.1.1

Server: 1.1.1.1
Address: 1.1.1.1#53

Non-authoritative answer:
Name: postbank.de
Address: 160.83.8.182

chiliseek · September 2, 2018, 6:44pm

I've tried that before and i've done it yet againbut it unfortunately it does not help:

[✓] Restarting DNS service

*** Can't find meine.postbank.de: No answer

don_misu · September 2, 2018, 6:52pm

hmmm does your Pi-hole run? Try nslookup pi-hole.net and flurry.com

Which DNS sever do you have selected in Pi-hole?

What is the content of your /etc/resolv.conf?

same what chiliseek wrote

i changed to quad9 and the same problems

chiliseek · September 2, 2018, 6:56pm

$ netstat -tulpen | grep :53

(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      999        477060     -
tcp6       0      0 :::53                   :::*                    LISTEN      999        477062     -
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           108        10420      -
udp        0      0 0.0.0.0:53              0.0.0.0:*                           999        477059     -
udp6       0      0 :::5353                 :::*                                108        10421      -
udp6       0      0 :::53                   :::*                                999        477061     -

chiliseek · September 2, 2018, 6:59pm

tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      999        477060     3996/pihole-FTL
tcp6       0      0 :::53                   :::*                    LISTEN      999        477062     3996/pihole-FTL
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           108        10420      275/avahi-daemon: r
udp        0      0 0.0.0.0:53              0.0.0.0:*                           999        477059     3996/pihole-FTL
udp6       0      0 :::5353                 :::*                                108        10421      275/avahi-daemon: r
udp6       0      0 :::53                   :::*                                999        477061     3996/pihole-FTL

chiliseek · September 2, 2018, 7:05pm

@anon55913113, thanks a lot for your support and time! How do i make a new official support request? Just open a new topic?

my new debug token is: zq28aoqitq

chiliseek · September 2, 2018, 7:28pm

thanks again. I've now created a new topic for this issues: Pihole blocking whitelisted domain/none blocked domain

don_misu · September 3, 2018, 9:03pm

a strange thing. the url

Kartenlimit anpassen | Postbank

is working. the url

https://www.postbank.de

not

grimmet · September 4, 2018, 12:11pm

This might be the solution: Postbank and Cloudflare have problems with each other.

don_misu · September 4, 2018, 1:37pm

thxs. i changed to opendns and all is working

system · September 25, 2018, 1:38pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.