cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

5207
Views
0
Helpful
3
Replies
Beginner

How to investigate a blocked URL

My Ironport blocks the access to a site, saying;

Threat Type: Othermalware
Threat Reason: IP address is either verified as a bot or has misconfigured DNS.

These are two pretty different reasons to block a site! If it's just a misconfigured DNS I might allow the site anyway, if it's a verified bot-net I want to deny it. How on earth do I find out more about the reason why this URL has been categorized like this?? I have used the site lookup tool, all it says is "reputation poor", no details.

Everyone's tags (3)
3 REPLIES 3
Highlighted
Cisco Employee

How to investigate a blocked URL

Hello,

My name is Tery and I am a WSA Support Engineer. I will be happy to answer your questions.

If you will like to find out more about the site you can go to senderbase.org

Click on lookup.

For more information about the site click on the detail link.

Hope this information helps!

Tery

WSA Engineer

Beginner

How to investigate a blocked URL

Thanks for the reply. I have already been to the senderbase.org site, all it says is reputation "poor". There's no possible way to investigate the site, byggeregler.be.no, further. With an URL-filter forensics should be one of the basics? The threat reason, "IP address is either verified as a bot or has misconfigured DNS", leaves a lot to be desired. Who can I contact to find out the exact reason? What dns tools can I use to verify if it's a DNS problem?

Cisco Employee

How to investigate a blocked URL

Hi,

To investigate the site further you will have to open a case with WSA support team or you can give us a call

Toll-Free 1-877-641-IRON (4766) for International: www.ironport.com/support/contact_support.html

Have a great day!

Tery Le Febvere