Start by uninstalling any extra antivirus software these just use the built-in windows antivirus systems and take up resources. Then go to https://www.grc.com/dns/benchmark.htm and download the DNS benchmark tool and on the Nameserver tab once it loads the list click Run Benchmark. When it finishes it will list the fastest servers, I would say go with ones such as Level 3 4.2.2.1 - 6, these are the servers your ISPs pull from so they should be the least screwed with and they provide the backend internet for lots of the US. Take the top ones or just the 4.2.2.1-6, 9.9.9.9 (security-focused), 1.1.1.1 (Cloudflare) and go to your router, should be able to get to it from your web browser at something like http://192.168.0.1 and in the DHCP settings put in the good DNS server IP addresses. VPNs don't protect your privacy just move your traffic to another place, and some keep logs or block some content. If you have the router from your ISP (not the cable or DSL medium converter box) you should get rid of it. Don't go for the hype of 9 antennas or "Gaming" as most of them phone home. I like the lower cost but features of the MikroTik routers and WiFi, not the easiest to set up but they are solid routers. The https://mikrotik.com/product/hap_ac3 hAP ac³ seems like a good start for an apartment or small house, make sure you put the router up on a shelf or higher up in the open and center of your house to help get better wireless coverage and speeds. Just some thoughts.
Long time lurker. Tried to post same on patriots.win only for auto-response: "You are banned from this community" only because I just joined I guess.
What happens: firefox, edge, brave, falkon kicks back: NET::ERR_CERT_COMMON_NAME_INVALID . Normally you can choose advanced and continue and will lead to this screen here ^^ which will allow you to continue. Sometimes not allowed to continue and have to fire up an alternative browser to convince modem is is a valid site by repeating same steps above.
It's pretty clear that McAffee is sending you to a block page, based on a custom blocking rule. Because Patriots.win connects securely, this block-page is refused by your browser.
The redirection probably affects all routers that have any "Secured by McAffee" features, not just CenturyLink.
Route your DNS to a recursive resolver that lives off-site, using DNS over HTTPS or DNS over TLS. I do this at home by running the unbound software on a Linux server and having it forward all queries to another unbound instance that I run in the public cloud, which does the actual recursive resolution. Another much-simpler way is to use Firefox’s DNS over HTTPS functionality to tunnel all DNS to Cloudflare, although may lose a little privacy this way. Bottom line, don’t send unencrypted DNS over the wire because all of these shitty ISPs will intercept it.
Use a VPN. Private Internet Access, Mullvad, etc.
If you’re not already, run your own router. Don’t use the shitty router that the ISP gives you. Run something decent like PFSense or OpnSense and set up a Wireguard VPN to one of the good VPN providers to route all of your home traffic out over the VPN.
Will need to do first part of option 1. Unfortunately the tunnel DNS to Cloudflare didn't work. Option 2 worked perfectly.
Option 3 for when I move. New accounts get 2 year lock at $20/mo.
If you build your own nameserver offsite, use port 443 to tunnel it and make sure you set it up to validate and pin certificates. 443 is almost never blocked by an ISP. Pinning and cert validation ensures that someone can’t replace your nameserver with something else without things breaking (and you noticing).
Some researching looks like it's a setting on CenturyLink modems. Apparently there is an "internet security" setting somewhere. Their site suggests you need to contact them to turn it off but I bet if you can get into the control panel for it you can disable it.
What I'm not sure about is how it blocks, though cert errors typically is because they're redirecting DNS. Are you using custom DNS servers or letting your device get them automatically? If the latter, switching to custom DNS servers might get around it too.
Custom DNS was no dice. From preliminary research myself it seems that McAfee sends out lists perhaps directly to the modem to update certain sites that might not work otherwise. I've been documenting this problem for a while; noticing certain sites that might be outlandish in their viewpoints (usually from one side of the spectrum) get flagged.
What's weird to me is that https://www.trustedsource.org suggests that patriots.win is "minimal risk", so it's definitely weird that it would be blocked. There's nothing odd about the cert pasted, it's just McAfee's block page, pretty much the same behavior I'd expect from a filter not running on your machine.
Your best bet is probably trying to get into the modem/router (is it a combo? I'm not familiar with CenturyLink) and disabling that feature if possible. Or contacting them to figure out how to get it disabled - say it's interfering with your work sites or something. Of course your VPN works for the time being as well so if nothing else you have that.
This is why I recommend everyone never use ISP equipment except for few circumstances. I know that technically even your own modem they can control certain things, but they have no room to install any of this BS.
Ya. Looking at their product page is great for normies (https://securehomeplatform.mcafee.com/), but all it takes is for someone to flip a bit and sites go unreachable. Once I move and get my own equipment the access will improve. Thanks for your help fren.
Start by uninstalling any extra antivirus software these just use the built-in windows antivirus systems and take up resources. Then go to https://www.grc.com/dns/benchmark.htm and download the DNS benchmark tool and on the Nameserver tab once it loads the list click Run Benchmark. When it finishes it will list the fastest servers, I would say go with ones such as Level 3 4.2.2.1 - 6, these are the servers your ISPs pull from so they should be the least screwed with and they provide the backend internet for lots of the US. Take the top ones or just the 4.2.2.1-6, 9.9.9.9 (security-focused), 1.1.1.1 (Cloudflare) and go to your router, should be able to get to it from your web browser at something like http://192.168.0.1 and in the DHCP settings put in the good DNS server IP addresses. VPNs don't protect your privacy just move your traffic to another place, and some keep logs or block some content. If you have the router from your ISP (not the cable or DSL medium converter box) you should get rid of it. Don't go for the hype of 9 antennas or "Gaming" as most of them phone home. I like the lower cost but features of the MikroTik routers and WiFi, not the easiest to set up but they are solid routers. The https://mikrotik.com/product/hap_ac3 hAP ac³ seems like a good start for an apartment or small house, make sure you put the router up on a shelf or higher up in the open and center of your house to help get better wireless coverage and speeds. Just some thoughts.
thank you for the tip. for a new to market router it looks pretty nice. I will look into it once I move. thanks again fren.
another pede with router reset, datahog1776
Thank God I just use open source software so I don't have to deal with this shit.
Long time lurker. Tried to post same on patriots.win only for auto-response: "You are banned from this community" only because I just joined I guess.
What happens: firefox, edge, brave, falkon kicks back: NET::ERR_CERT_COMMON_NAME_INVALID . Normally you can choose advanced and continue and will lead to this screen here ^^ which will allow you to continue. Sometimes not allowed to continue and have to fire up an alternative browser to convince modem is is a valid site by repeating same steps above.
Can bypass through VPN at least for the moment.
Thoughts?
It's pretty clear that McAffee is sending you to a block page, based on a custom blocking rule. Because Patriots.win connects securely, this block-page is refused by your browser.
The redirection probably affects all routers that have any "Secured by McAffee" features, not just CenturyLink.
I recommend you do a couple of things:
Will need to do first part of option 1. Unfortunately the tunnel DNS to Cloudflare didn't work. Option 2 worked perfectly. Option 3 for when I move. New accounts get 2 year lock at $20/mo.
If you build your own nameserver offsite, use port 443 to tunnel it and make sure you set it up to validate and pin certificates. 443 is almost never blocked by an ISP. Pinning and cert validation ensures that someone can’t replace your nameserver with something else without things breaking (and you noticing).
Thank you for the advice! Once things stabilize I will have to add that to my project list. Thanks fren.
Some researching looks like it's a setting on CenturyLink modems. Apparently there is an "internet security" setting somewhere. Their site suggests you need to contact them to turn it off but I bet if you can get into the control panel for it you can disable it. What I'm not sure about is how it blocks, though cert errors typically is because they're redirecting DNS. Are you using custom DNS servers or letting your device get them automatically? If the latter, switching to custom DNS servers might get around it too.
Custom DNS was no dice. From preliminary research myself it seems that McAfee sends out lists perhaps directly to the modem to update certain sites that might not work otherwise. I've been documenting this problem for a while; noticing certain sites that might be outlandish in their viewpoints (usually from one side of the spectrum) get flagged.
Error Code Context
https://patriots.win/
Unable to communicate securely with peer: requested domain name does not match the server’s certificate.
HTTP Strict Transport Security: true
HTTP Public Key Pinning: false
Certificate chain:
-----BEGIN CERTIFICATE-----
MIIGYjCCBUqgAwIBAgIRANvcPBrfb3ZZTHWLWx7pUuIwDQYJKoZIhvcNAQELBQAw
ZDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFy
YTEVMBMGA1UEChMMTWNBZmVlLCBJbmMuMRswGQYDVQQDExJNY0FmZWUgT1YgU1NM
IENBIDIwHhcNMjAxMjI5MDAwMDAwWhcNMjExMjI5MjM1OTU5WjCBtjELMAkGA1UE
BhMCVVMxDjAMBgNVBBETBTk1MDU0MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRQwEgYD
VQQHEwtTYW50YSBDbGFyYTEiMCAGA1UECRMZMjgyMSBNaXNzaW9uIENvbGxlZ2Ug
Qmx2ZDEVMBMGA1UEChMMTWNBZmVlLCBJbmMuMREwDwYDVQQLEwhDb25zdW1lcjEe
MBwGA1UEAwwVKi5kb2NrLnNocC5tY2FmZWUuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAyf5pRE67g9vqS8chyCgOzoF9PRyjzgTgn6doiqyH6YL4
3fEXbqNwfZBEE7ZMRqBaN6qfyTI4fkqxhQUGYP/wNZsc6652DkdTOqKvVCu51Nl4
YZj7EAo71LNiXrVZqCP7qz7sLeoNfNbygyWS/Zz+ppp7Ts/tRKiJqOw34ob8LClR
CxNYbqbvBM9Fy2Tj65iVxC5pEzkgKY07JRjjLPJeEqzEKubweERANLnm//Qwe4PS
sAgn74OpvFkxpL4wjNxsIAXZWQ5luPYXzP0YTEcqY2ZdftydPrXJ9jrrrAJ8WIRR
pGGDMOI2w2pG74phY2t/1D6Abp5OmpVKM/JrxglvXwIDAQABo4ICujCCArYwHwYD
VR0jBBgwFoAU0E4ixT1hcgq7J7SSNre6lZ8nMZwwHQYDVR0OBBYEFA07gZvwKFYj
9z/wHkYvj9p4vqo5MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBLBgNVHSAERDBCMDYGCysGAQQBsjEB
AgIrMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYG
Z4EMAQICMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwudXNlcnRydXN0LmNv
bS9NY0FmZWVPVlNTTENBMi5jcmwwbgYIKwYBBQUHAQEEYjBgMDcGCCsGAQUFBzAC
hitodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vTWNBZmVlT1ZTU0xDQTIuY3J0MCUG
CCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMDUGA1UdEQQuMCyC
FSouZG9jay5zaHAubWNhZmVlLmNvbYITZG9jay5zaHAubWNhZmVlLmNvbTCCAQMG
CisGAQQB1nkCBAIEgfQEgfEA7wB1AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqX
aJl+IvDXAAABdq2CdVgAAAQDAEYwRAIgWvbONBho/Soyg6u+eqULCUkcvhbrEfh/
v/gKfJC3uwcCIDfWgLxMDsBNson26pYF21TuqIlnYwdkd5NH3hGQgencAHYAlCC8
Ho7VjWyIcx+CiyIsDdHaTV5sT5Q9YdtOL1hNosIAAAF2rYJ2QQAABAMARzBFAiBd
+voeOzVhYBX1ZMoPDeE0xf2Ovj2yKlEddgiRnFk3tgIhALPmYuL+2bG1h50iZdLL
jb26uWfNgBYSUECVfiRPblBhMA0GCSqGSIb3DQEBCwUAA4IBAQCZDPbbqOPdRByY
Oas5YcQ8Ma9SZ10RSCqbbfcH+o6ltXzgucq0wkl19gf0bvKteB9SkZARuR/32/iP
AcQy1le1QsEz5r2RZdKv82YABBIEvhnRNJ0c48dV0YqlB2/7FMIOJ1qtEnbRrIYu
sCj/DQ0zWdsrBlHQlqOpzEcOFIVEYtzA2u5b/wSiHJA42QtbG3mD+X8an/wiSIRF
KnJsEDIpIFxZfo+p6cNqV0XKLa8PtQPlsr/BAB1jAZzX0RO2wO3hX7xy7t4OIB7j
GWEm5baiOPoo35FkrM4YOL9s3sy94BBv5Ztv4GAR/ny+sQulACJc6R4A5nUEzsCt
G+1e3YU4
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF7zCCA9egAwIBAgIRAK7/wlnFDcFqVcW8/s2KH2YwDQYJKoZIhvcNAQEMBQAw
gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE0
MTAyNzAwMDAwMFoXDTI0MTAyNjIzNTk1OVowZDELMAkGA1UEBhMCVVMxCzAJBgNV
BAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEVMBMGA1UEChMMTWNBZmVlLCBJ
bmMuMRswGQYDVQQDExJNY0FmZWUgT1YgU1NMIENBIDIwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDA00doqWgFgNDPHhzzMChcUf//pSjGE0eUpq1webf5
v1vVyw+PMTgQiFTbEVrFDUqymQ6pO1+gT8xQKcstluQhbRnS7D1bARcnnWPpGHTG
eBvHjpkQNTs+r3OiBrEVAQGyyTR6yhsiKxGpVEn/uCaNkkSuvFNwEVgMA3G5qFU2
n3RmzfCacWEHvf5tJYdxaPmIUx8afU+FQ8DaenwlkKttfXngP7i/ds2cv0YFlyHs
93pxX46fnra6ZZeCTre+umq6JnhETi03NuyPyY+qPWmKTbIf8UssKyojiHFAYRtg
wmiNM3q5VY9mPx1wmzir1BOdbHySbitGCloo93DOxYLhAgMBAAGjggF1MIIBcTAf
BgNVHSMEGDAWgBRTeb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQU0E4ixT1h
cgq7J7SSNre6lZ8nMZwwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8C
AQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCIGA1UdIAQbMBkwDQYL
KwYBBAGyMQECAiswCAYGZ4EMAQICMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9j
cmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9y
aXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQu
dXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEF
BQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOC
AgEAQfitIB2OQNHI9zyvxOrokB8yiGw2OqVhLX+kqSjHU4pXGIcpwONn+J5qShOr
pXJe2WLdp9S7U8nr3GvjuF/w+43arNYSiYys6j665sFkZRBV8/7smq2e+aAHK+Lw
AMIN0KXly2ilgV7AD9Ck5vMJBwe2f/vA5spFSDc74uPzL8NCT6f9FxJkMS1pGPTR
Oz+tCpiASck+OSTRdG2EbZw5ho+4iT+rv5SFQghPw2XpCwyA6giiPZBBABw8PBj2
MthbQBDP4AO4oVFg9tHealvpYBYcgUa+lN9OI8/GofXwH5FqMvXo5kL++2TzjBtt
LnJglcladdmOsUV0lfyqdj1mVoPWG+fpYjx+YJEfkykIk5dXkLKRh1spGj9GCmBx
DsywNiKCOWFaUO1kKTG//X5iCUVYBGiQhBnllqC6rsVRD50X+Zun8cRkzvKuGUO2
MbQwpFRif8kmzp6DikZ2iaADnORVx2DXaqkCFECxPSN7rYjAIwK6EZtS6sY2N198
PX9kOPeK79z1FZ10svRGFcrN231y29ejZH6utvJexqLrLjntE/G7hc8y6hcXTuLB
gn5V32VuPFpdiMK3evnLFrot4dKDMe6bM22YdvXctNPTsmnERIxFQd1YTnq9qnHB
BVZDj7BNt3tJWdGqP9iBBQUqaFofl7H1zwmFVCXV76ngqDE=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
vGp4z7h/jnZymQyd/teRCBaho1+V
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
-----END CERTIFICATE-----
End of Context
Private window + VPN says Cert is genuine so dunno.
What's weird to me is that https://www.trustedsource.org suggests that patriots.win is "minimal risk", so it's definitely weird that it would be blocked. There's nothing odd about the cert pasted, it's just McAfee's block page, pretty much the same behavior I'd expect from a filter not running on your machine.
Your best bet is probably trying to get into the modem/router (is it a combo? I'm not familiar with CenturyLink) and disabling that feature if possible. Or contacting them to figure out how to get it disabled - say it's interfering with your work sites or something. Of course your VPN works for the time being as well so if nothing else you have that.
This is why I recommend everyone never use ISP equipment except for few circumstances. I know that technically even your own modem they can control certain things, but they have no room to install any of this BS.
Ya. Looking at their product page is great for normies (https://securehomeplatform.mcafee.com/), but all it takes is for someone to flip a bit and sites go unreachable. Once I move and get my own equipment the access will improve. Thanks for your help fren.