Unexpected and weird Defender lock outs

The admin of one of the sites on multisite reported that he’s getting banned from visiting the site (front end) by Defender. Further investigation showed that it happens when visiting the site via short URL in browser incognito mode: http://www.****4kidz.com/418

It is not easy to replicate as it doesn’t happen each time. There’s a lot of “short URLs” of this type on the multisite and they seem to be working fine except this one. However, there are hundreds of them so not all were checked. What can be a cause of this?