Can Ping websites. No internet when trying to access

justaguywithanmt · November 2, 2024, 10:14am

I really need help on what is wrong with this configuration. I can ping websites but cannot access them. Here is the configuration below. All help will be greatly appreciated. Thank you

PS : I have 3 ISP at home.

/interface bridge
add admin-mac=6C:3B:6B:42:85:33 auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/routing table
add disabled=no fib name=toISP1
add disabled=no fib name=toISP2
add disabled=no fib name=toISP3
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add comment=defconf interface=ether2 list=WAN
add comment=defconf interface=ether3 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add add-default-route=no interface=ether1 script=dhcp1 use-peer-ntp=no
add add-default-route=no interface=ether2 script=dhcp2 use-peer-ntp=no
add add-default-route=no interface=ether3 script=dhcp3 use-peer-ntp=no
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall address-list
add address=192.168.88.0/24 list=1LAN
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-connection chain=prerouting dst-port=\
    7000,8913,10003,30000-30150,5001-5059,5101-5105,9001,5501-5559,5601-5700 \
    new-connection-mark=ml-conn passthrough=yes protocol=tcp \
    src-address-list=1LAN
add action=mark-connection chain=prerouting dst-port=\
    7000,8913,10003,30000-30150,5001-5059,5101-5105,9001,5501-5559,5601-5700 \
    new-connection-mark=ml-conn passthrough=yes protocol=udp \
    src-address-list=1LAN
add action=mark-packet chain=prerouting connection-mark=ml-conn \
    new-packet-mark=ml-pkt passthrough=yes src-address-list=1LAN
add action=mark-routing chain=prerouting comment=\
    "Route Mobile Legends to ISP1" connection-mark=ml-conn new-routing-mark=\
    toISP1 passthrough=yes src-address-list=1LAN
add action=mark-connection chain=prerouting dst-port=3013,18082,65010,65050 \
    new-connection-mark=cod-conn passthrough=yes protocol=tcp \
    src-address-list=1LAN
add action=mark-connection chain=prerouting dst-port=7500-7999,20000-20002 \
    new-connection-mark=cod-conn passthrough=yes protocol=udp \
    src-address-list=1LAN
add action=mark-packet chain=prerouting connection-mark=cod-conn \
    new-packet-mark=cod-pkt passthrough=yes src-address-list=1LAN
add action=mark-routing chain=prerouting comment=\
    "Route Call of Duty Mobile to ISP1" connection-mark=cod-conn \
    new-routing-mark=toISP1 passthrough=yes src-address-list=1LAN
add action=mark-connection chain=prerouting dst-port=10000-10030 \
    new-connection-mark=roo-conn passthrough=yes protocol=tcp \
    src-address-list=1LAN
add action=mark-packet chain=prerouting connection-mark=roo-conn \
    new-packet-mark=roo-pkt passthrough=yes src-address-list=1LAN
add action=mark-routing chain=prerouting comment="Route ROO to ISP1" \
    connection-mark=roo-conn new-routing-mark=toISP1 passthrough=yes \
    src-address-list=1LAN
add action=mark-connection chain=prerouting dst-address-list=YouTube \
    new-connection-mark=youtube-conn passthrough=yes src-address-list=1LAN
add action=mark-packet chain=prerouting connection-mark=youtube-conn \
    new-packet-mark=youtube-pkt passthrough=yes src-address-list=1LAN
add action=mark-routing chain=prerouting comment="Route YouTube to ISP2" \
    connection-mark=youtube-conn new-routing-mark=toISP2 passthrough=yes \
    src-address-list=1LAN
add action=mark-connection chain=prerouting dst-address-list=Facebook \
    new-connection-mark=fb-conn passthrough=yes src-address-list=1LAN
add action=mark-packet chain=prerouting connection-mark=fb-conn \
    new-packet-mark=fb-pkt passthrough=yes src-address-list=1LAN
add action=mark-routing chain=prerouting comment="Route Facebook to ISP2" \
    connection-mark=fb-conn new-routing-mark=toISP2 passthrough=yes \
    src-address-list=1LAN
add action=mark-connection chain=prerouting dst-address-list=Instagram \
    new-connection-mark=insta-conn passthrough=yes src-address-list=1LAN
add action=mark-packet chain=prerouting connection-mark=insta-conn \
    new-packet-mark=insta-pkt passthrough=yes src-address-list=1LAN
add action=mark-routing chain=prerouting comment="Route Instagram to ISP2" \
    connection-mark=insta-conn new-routing-mark=toISP2 passthrough=yes \
    src-address-list=1LAN
add action=mark-connection chain=prerouting dst-address-list=Twitter \
    new-connection-mark=twitter-conn passthrough=yes src-address-list=1LAN
add action=mark-packet chain=prerouting connection-mark=twitter-conn \
    new-packet-mark=twitter-pkt passthrough=yes src-address-list=1LAN
add action=mark-routing chain=prerouting comment="Route Twitter to ISP2" \
    connection-mark=twitter-conn new-routing-mark=toISP2 passthrough=yes \
    src-address-list=1LAN
add action=mark-connection chain=prerouting dst-address-list=TikTok \
    new-connection-mark=tiktok-conn passthrough=yes src-address-list=1LAN
add action=mark-packet chain=prerouting connection-mark=tiktok-conn \
    new-packet-mark=tikok-pkt passthrough=yes src-address-list=1LAN
add action=mark-routing chain=prerouting comment="Route TikTok to ISP2" \
    connection-mark=tiktok-conn new-routing-mark=toISP2 passthrough=yes \
    src-address-list=1LAN
add action=mark-connection chain=prerouting dst-port=80,443 \
    new-connection-mark=surf-conn passthrough=yes protocol=tcp \
    src-address-list=1LAN
add action=mark-packet chain=prerouting connection-mark=surf-conn \
    new-packet-mark=surf-pkt passthrough=yes src-address-list=1LAN
add action=mark-routing chain=prerouting comment="Route Browsing to ISP3" \
    connection-mark=surf-conn new-routing-mark=toISP3 passthrough=yes \
    src-address-list=1LAN
add action=mark-connection chain=prerouting dst-port=443 new-connection-mark=\
    downloads-conn passthrough=yes protocol=udp src-address-list=1LAN
add action=mark-packet chain=prerouting connection-mark=downloads-conn \
    new-packet-mark=downloads-pkt passthrough=yes src-address-list=1LAN
add action=mark-routing chain=prerouting comment="Route Downloads to ISP2" \
    connection-mark=downloads-conn new-routing-mark=toISP2 passthrough=yes \
    src-address-list=1LAN
add action=mark-connection chain=prerouting dst-port=!80,443 \
    new-connection-mark=other-conn passthrough=yes protocol=tcp \
    src-address-list=1LAN
add action=mark-connection chain=prerouting dst-port=!443 \
    new-connection-mark=other-conn passthrough=yes protocol=udp \
    src-address-list=1LAN
add action=mark-packet chain=prerouting connection-mark=other-conn \
    new-packet-mark=nonmarked-pkt passthrough=yes src-address-list=1LAN
add action=mark-routing chain=prerouting comment="Route Others to ISP1" \
    connection-mark=other-conn new-routing-mark=toISP1 passthrough=yes \
    src-address-list=1LAN
add action=mark-routing chain=prerouting comment="Route No-Mark to ISP1" \
    connection-mark=no-mark new-routing-mark=toISP1 passthrough=yes \
    src-address-list=1LAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip firewall raw
add action=add-dst-to-address-list address-list=YouTube address-list-timeout=\
    1m chain=prerouting comment=YouTube content=.youtube.com \
    dst-address-list=!1LAN src-address-list=1LAN
add action=add-dst-to-address-list address-list=YouTube address-list-timeout=\
    1m chain=prerouting content=.googlevideo.com dst-address-list=!1LAN \
    src-address-list=1LAN
add action=add-dst-to-address-list address-list=YouTube address-list-timeout=\
    1m chain=prerouting content=youtu.be dst-address-list=!1LAN \
    src-address-list=1LAN
add action=add-dst-to-address-list address-list=YouTube address-list-timeout=\
    1m chain=prerouting content=.ytimg.com dst-address-list=!1LAN \
    src-address-list=1LAN
add action=add-dst-to-address-list address-list=YouTube address-list-timeout=\
    1m chain=prerouting content=youtube dst-address-list=!1LAN \
    src-address-list=1LAN
add action=add-dst-to-address-list address-list=Facebook \
    address-list-timeout=1m chain=prerouting comment=Facebook content=\
    .facebook.com dst-address-list=!1LAN src-address-list=1LAN
add action=add-dst-to-address-list address-list=Facebook \
    address-list-timeout=1m chain=prerouting content=facebook \
    dst-address-list=!1LAN src-address-list=1LAN
add action=add-dst-to-address-list address-list=Facebook \
    address-list-timeout=1m chain=prerouting content=.fbcdn.net \
    dst-address-list=!1LAN src-address-list=1LAN
add action=add-dst-to-address-list address-list=Facebook \
    address-list-timeout=1m chain=prerouting content=.fbsbx.com \
    dst-address-list=!1LAN src-address-list=1LAN
add action=add-dst-to-address-list address-list=Facebook \
    address-list-timeout=1m chain=prerouting content=fb.com dst-address-list=\
    !1LAN src-address-list=1LAN
add action=add-dst-to-address-list address-list=Facebook \
    address-list-timeout=1m chain=prerouting content=messenger.com \
    dst-address-list=!1LAN src-address-list=1LAN
add action=add-dst-to-address-list address-list=Instagram \
    address-list-timeout=1m chain=prerouting comment=Instagram content=\
    .instagram.com dst-address-list=!1LAN src-address-list=1LAN
add action=add-dst-to-address-list address-list=Instagram \
    address-list-timeout=1m chain=prerouting content=.cdninstagram.com \
    dst-address-list=!1LAN src-address-list=1LAN
add action=add-dst-to-address-list address-list=Twitter address-list-timeout=\
    1m chain=prerouting comment=Twitter content=twitter.com dst-address-list=\
    !1LAN src-address-list=1LAN
add action=add-dst-to-address-list address-list=Twitter address-list-timeout=\
    1m chain=prerouting content=.twitter.com dst-address-list=!1LAN \
    src-address-list=1LAN
add action=add-dst-to-address-list address-list=Twitter address-list-timeout=\
    1m chain=prerouting content=.twimg.com dst-address-list=!1LAN \
    src-address-list=1LAN
add action=add-dst-to-address-list address-list=TikTok address-list-timeout=\
    1m chain=prerouting comment=TikTok content=.tiktok.com dst-address-list=\
    !1LAN src-address-list=1LAN
add action=add-dst-to-address-list address-list=TikTok address-list-timeout=\
    1m chain=prerouting content=.tiktokv.com dst-address-list=!1LAN \
    src-address-list=1LAN
add action=add-dst-to-address-list address-list=TikTok address-list-timeout=\
    1m chain=prerouting content=.tiktokcdn.com dst-address-list=!1LAN \
    src-address-list=1LAN
add action=add-dst-to-address-list address-list=TikTok address-list-timeout=\
    1m chain=prerouting content=.byteoversea.com dst-address-list=!1LAN \
    src-address-list=1LAN
add action=add-dst-to-address-list address-list=TikTok address-list-timeout=\
    1m chain=prerouting content=.ibyteimg.com dst-address-list=!1LAN \
    src-address-list=1LAN
add action=add-dst-to-address-list address-list=TikTok address-list-timeout=\
    1m chain=prerouting content=.ibytedtos.com dst-address-list=!1LAN \
    src-address-list=1LAN
add action=add-dst-to-address-list address-list=TikTok address-list-timeout=\
    1m chain=prerouting content=.myqcloud.com dst-address-list=!1LAN \
    src-address-list=1LAN
/ip route
add check-gateway=ping comment=toISP2 distance=1 gateway=192.168.2.1 \
    routing-table=toISP2
add check-gateway=ping comment=toISP2 distance=2 gateway=192.168.2.1
add check-gateway=ping comment=toISP3 distance=1 gateway=192.168.3.1 \
    routing-table=toISP3
add check-gateway=ping comment=toISP3 distance=3 gateway=192.168.3.1
add check-gateway=ping comment=toISP1 distance=1 gateway=192.168.1.1 \
    routing-table=toISP1
add check-gateway=ping comment=toISP1 distance=1 gateway=192.168.1.1
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
    dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=time.android.com
/system script
add dont-require-permissions=no name=dhcp2 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="{\
    \r\
    \n:local rmark \"toISP2\"\r\
    \n:local count [/ip route print count-only where comment=\"toISP2\"]    \r\
    \n:if (\$bound=1) do={\r\
    \n:if (\$count = 0) do={\r\
    \n/ip route add distance=1 gateway=\$\"gateway-address\" check-gateway=pin\
    g routing-table=toISP2 comment=\"toISP2\"\r\
    \n/ip route add distance=2 gateway=\$\"gateway-address\" check-gateway=pin\
    g comment=\"toISP2\"\r\
    \n} else={\r\
    \n:if (\$count = 1) do={\r\
    \n:local test [/ip route find where comment=\"toISP2\"]\r\
    \n:if ([/ip route get \$test gateway] != \$\"gateway-address\") do={\r\
    \n/ip route set \$test gateway=\$\"gateway-address\"}\r\
    \n} else={\r\
    \n:error \"Multiple routes found\"\r\
    \n}\r\
    \n}\r\
    \n} else={\r\
    \n/ip route remove [find comment=\"toISP2\"]\r\
    \n}\r\
    \n}"
add dont-require-permissions=no name=dhcp1 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="{\
    \r\
    \n:local rmark \"toISP1\"\r\
    \n:local count [/ip route print count-only where comment=\"toISP1\"]    \r\
    \n:if (\$bound=1) do={\r\
    \n:if (\$count = 0) do={\r\
    \n/ip route add distance=1 gateway=\$\"gateway-address\" check-gateway=pin\
    g routing-table=toISP1 comment=\"toISP1\"\r\
    \n/ip route add distance=1 gateway=\$\"gateway-address\" check-gateway=pin\
    g comment=\"toISP1\"\r\
    \n} else={\r\
    \n:if (\$count = 1) do={\r\
    \n:local test [/ip route find where comment=\"toISP1\"]\r\
    \n:if ([/ip route get \$test gateway] != \$\"gateway-address\") do={\r\
    \n/ip route set \$test gateway=\$\"gateway-address\"}\r\
    \n} else={\r\
    \n:error \"Multiple routes found\"\r\
    \n}\r\
    \n}\r\
    \n} else={\r\
    \n/ip route remove [find comment=\"toISP1\"]\r\
    \n}\r\
    \n}"
add dont-require-permissions=no name=dhcp3 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="{\
    \r\
    \n:local rmark \"toISP3\"\r\
    \n:local count [/ip route print count-only where comment=\"toISP3\"]    \r\
    \n:if (\$bound=1) do={\r\
    \n:if (\$count = 0) do={\r\
    \n/ip route add distance=1 gateway=\$\"gateway-address\" check-gateway=pin\
    g routing-table=toISP3 comment=\"toISP3\"\r\
    \n/ip route add distance=3 gateway=\$\"gateway-address\" check-gateway=pin\
    g comment=\"toISP3\"\r\
    \n} else={\r\
    \n:if (\$count = 1) do={\r\
    \n:local test [/ip route find where comment=\"toISP3\"]\r\
    \n:if ([/ip route get \$test gateway] != \$\"gateway-address\") do={\r\
    \n/ip route set \$test gateway=\$\"gateway-address\"}\r\
    \n} else={\r\
    \n:error \"Multiple routes found\"\r\
    \n}\r\
    \n}\r\
    \n} else={\r\
    \n/ip route remove [find comment=\"toISP3\"]\r\
    \n}\r\
    \n}"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add disabled=no dns-server=8.8.8.8 down-script="/ip firewall mangle set [find \
    comment=\"Route YouTube to ISP2\"] new-routing-mark=toISP1\r\
    \n/ip firewall mangle set [find comment=\"Route Facebook to ISP2\"] new-ro\
    uting-mark=toISP1\r\
    \n/ip firewall mangle set [find comment=\"Route Instagram to ISP2\"] new-r\
    outing-mark=toISP1\r\
    \n/ip firewall mangle set [find comment=\"Route Twitter to ISP2\"] new-rou\
    ting-mark=toISP1\r\
    \n/ip firewall mangle set [find comment=\"Route TikTok to ISP2\"] new-rout\
    ing-mark=toISP1\r\
    \n/ip firewall mangle set [find comment=\"Route Downloads to ISP2\"] new-r\
    outing-mark=toISP1" host=google.com http-codes="" interval=30s name=\
    "Check ISP2" record-type=A src-address=192.168.2.2 test-script="" \
    timeout=500ms type=dns up-script="/ip firewall mangle set [find comment=\"\
    Route YouTube to ISP2\"] new-routing-mark=toISP2\r\
    \n/ip firewall mangle set [find comment=\"Route Facebook to ISP2\"] new-ro\
    uting-mark=toISP2\r\
    \n/ip firewall mangle set [find comment=\"Route Instagram to ISP2\"] new-r\
    outing-mark=toISP2\r\
    \n/ip firewall mangle set [find comment=\"Route Twitter to ISP2\"] new-rou\
    ting-mark=toISP2\r\
    \n/ip firewall mangle set [find comment=\"Route TikTok to ISP2\"] new-rout\
    ing-mark=toISP2\r\
    \n/ip firewall mangle set [find comment=\"Route Downloads to ISP2\"] new-r\
    outing-mark=toISP2"
add disabled=no dns-server=8.8.8.8 down-script="" host=google.com http-codes=\
    "" interval=30s name="Check ISP3" record-type=A src-address=192.168.3.2 \
    test-script="" timeout=500ms type=dns up-script=""

justaguywithanmt · November 2, 2024, 10:25am

Please help

justaguywithanmt · November 2, 2024, 11:48am

Anyone please take a look whats wrong

anav · November 2, 2024, 1:17pm

Impossible without knowing what the requirements are ( with no mention of config )
a. identify users
b. identify what traffic they need to execute.

jaclaz · November 2, 2024, 2:19pm

Let’s see how accurate is my crystal ball (I just got it back from the guy that tunes it, but sometimes he doesn’t set it right ):
a.
User 1: J***** K******, commonly called “dad”, age 48, Sagittarius
User 2: F**** G******, commonly called “mom” age 47, Gemini
User 3: R**** K******, commonly called “my princess”, age 15, Aries
User 4: K**** K******, commonly called “hey you, stop fiddling with my internet”[1], age 17, Taurus
b.
User 1: Browsing and Download (ISP3 and ISP2)
User 2: Same as above (ISP3 and ISP2) and Facebook and Instagram (still ISP2)
User 3: All of the above (ISP3 and ISP2) and Twitter and TikTok (still ISP2)
User 4: All of the above (ISP3 and ISP2) and Gaming (ISP1)

[1] sometimes also called “All your ISPs are belong to us”