Blocked Links - Websites Won't Open

Software & Web Applications
1

One of our customers is having some issues accessing various websites, and we’re having trouble isolating the issue. I’ve included some details below, including some of the steps we’ve tried so far, and some screenshots. I’d sincerely appreciate some help from the community!

Specs:
· Dell PowerEdge R440 rackmount server running as a domain controller:
o Windows Server 2019 Essentials x64, Version 1809, OS Build 17763.5936
o SQL Server 2019 Essentials installed and running
o Threatdown Endpoint Detection and Response on Server
o Running DHCP
o Running DNS
o Running ADDS
· Network Equipment:
o Ubiquiti Dream Machine Pro, UniFi OS version 4.0.21, UniFi Network version 8.6.9, not running DHCP
o Ubiquiti 24-port PoE Switch (USW-24-POE)
· Workstation(s)
o Windows 10 Pro x64, with 22H2 installed, Build 19045
o Threatdown Endpoint Detection and Response on each workstation
· Network Type: Domain
· Browsers:
o Chrome (latest version)
o Edge (latest version)

Two related issues:

  1. Links in Emails:
    a. When you click on a link in several different emails (just a select few from various senders, NOT every email), it opens up a browser with the following error message (see screenshot)
  2. Websites in Browsers:
    a. When you navigate to a website (some require that you log in, some do not), it returns the following error message (see screenshot)
    b. When you click on a Sponsored search result in Google, it returns the following error message (see screenshot)

What we’ve done regarding both issues above:

  1. Reconfigured Threatdown Endpoint agent running on that computer
  2. Removed Threatdown Endpoint agent from computer
  3. Disabled Malwarebytes Browser Guard and Adblock Plus extensions along with any other browser extensions that could be causing an issue.
  4. Temporarily disabled all security settings in Chrome
  5. Temporarily turned off UAC
  6. Removed said browser extensions
  7. Restarting computer several times
  8. Ran each of the following commands:
    a. DISM /online /cleanup-image /scanhealth
    b. sfc /scannow
    c. netsh winsock reset
    d. net stop winmgmt then press Y, then press Enter,
    e. winmgmt /resetrepository press Enter, Restart PC
    f. netsh advfirewall reset
    g. ipconfig /flushdns > Restart PC
  9. Confirmed IP is dynamically assigned.
  10. Left DNS 1: 192.168.x.x (our server), but changed DNS 2 from 8.8.8.8 to 1.1.1.1, flushed DNS, tried again
  11. Cleared SSl within Internet Options in Control Panel
  12. Checked Outlook settings to make sure the link options are set to open with default browser
  13. Used Whois Lookup to see if the links are bad players, they look legit

PEPPER PALACE LINK
PEPPER PALACE LINK1131×829 39.2 KB

2

I would try bypassing your local DNS completely. Use quad9 or something just to test.

If you left your primary at your local DNS then it was still going to your primary. Setting your secondary to something else didn’t do anything.

3

Sounds like a tricky issue. Thanks for the detailed info. From what you’ve shared (and the screenshot), it could be related to DNS filtering or SSL inspection. Even though you’ve reinstalled the Threatdown agent, check if any web filtering or DNS policies are still active from the management portal. On the UDM-Pro, review any active security features like content filtering or IDS/IPS that might be interfering with HTTPS traffic, especially for sponsored or email-tracked links. Make sure the domain controller is resolving DNS correctly upstream nslookup for affected sites directly from the server. It’s also worth checking browser Dev Tools (F12 > Network) for failed requests, and inspecting SSL certificates for errors. A packet capture (Wireshark or tcpdump) during one of the failures could give more clues, especially if there’s a DNS or handshake failure. Lastly, confirm there’s nothing in the local hosts file or GPOs that might be redirecting or blocking traffic.