How to investigate a blocked URL

bvj197222 · ‎07-06-2011

My Ironport blocks the access to a site, saying;

Threat Type: Othermalware
Threat Reason: IP address is either verified as a bot or has misconfigured DNS.

These are two pretty different reasons to block a site! If it's just a misconfigured DNS I might allow the site anyway, if it's a verified bot-net I want to deny it. How on earth do I find out more about the reason why this URL has been categorized like this?? I have used the site lookup tool, all it says is "reputation poor", no details.

Tery Le Febvere · ‎07-06-2011

Hello,

My name is Tery and I am a WSA Support Engineer. I will be happy to answer your questions.

If you will like to find out more about the site you can go to senderbase.org

Click on lookup.

For more information about the site click on the detail link.

Hope this information helps!

Tery

WSA Engineer

bvj197222 · ‎07-08-2011

Thanks for the reply. I have already been to the senderbase.org site, all it says is reputation "poor". There's no possible way to investigate the site, byggeregler.be.no, further. With an URL-filter forensics should be one of the basics? The threat reason, "IP address is either verified as a bot or has misconfigured DNS", leaves a lot to be desired. Who can I contact to find out the exact reason? What dns tools can I use to verify if it's a DNS problem?

Tery Le Febvere · ‎07-18-2011

Hi,

To investigate the site further you will have to open a case with WSA support team or you can give us a call

Toll-Free 1-877-641-IRON (4766) for International: www.ironport.com/support/contact_support.html

Have a great day!

Tery Le Febvere