topic Re: False positive High-Risk classification for legitimate healthcare SaaS (gmedic.co) in Next-Generation Firewall Discussions

False positive High-Risk classification for legitimate healthcare SaaS (gmedic.co)

gersonjohan — Thu, 14 May 2026 00:21:53 GMT

Hello,

https://gmedic.co is a legitimate healthcare SaaS platform used by healthcare professionals in Colombia.

The domain is correctly categorized as Health-and-Medicine, however it is currently flagged as High-Risk.

We already verified:
- no malicious content
- no phishing
- no malware
- clean reverse IP
- dedicated legitimate hosting

The issue seems related to ASN/IP reputation or an automated false positive.

Could someone from PAN-DB / URL Filtering team review this domain manually?

Thank you.
Gerson Samaniego
CEO & Lead Developer
https://www.linkedin.com/in/gerson-samaniego/

Re: False positive High-Risk classification for legitimate healthcare SaaS (gmedic.co)

kiwi — Fri, 15 May 2026 09:34:53 GMT

Hi @gersonjohan ,

Thank you for reaching out.

Please note that LIVEcommunity is a peer-to-peer forum and we do not have the ability to manually adjust domain risk scores here.

To have your domain reviewed and the 'High-Risk' flag reassessed by PANWs URL Filtering researchers, you must submit a formal request through our official portal:

Palo Alto Networks Test A Site

Enter your URL (https://gmedic.co).
Once the current category and risk appear, click on "Request Change."
In the comments section, I recommend including the points you mentioned above (specifically that this is a Healthcare SaaS platform and your clean reverse IP/hosting status).

Once submitted, the PAN-DB team reviews these requests. This is the only way to ensure the automated risk score is updated across the global database.

Kind regards,

Re: False positive High-Risk classification for legitimate healthcare SaaS (gmedic.co)

paul.barrett — Sat, 16 May 2026 16:56:06 GMT

I have a similar situation - my domain berksfhs.org was incorrectly classified as Malware, and submitting a dispute via urlfiltering.paloaltonetworks.com resulted in the category being corrected (from Malware to Reference-and-Research) but the Risk Level remained High-Risk.

I submitted a second dispute specifically asking for the Risk Level to be reviewed, with supporting evidence including the fact that my domain is now clean at every other major reputation database (Google, VirusTotal, BrightCloud, Symantec, Trellix, IBM X-Force, Kaspersky). The dispute form does not have a Risk Level field - only a category field - and the automated reply confirmed that only the category was reviewed. Risk Level was not addressed. My second submission produced exactly the same outcome as the first: a category response with no comment on the Risk Level despite the explanatory note in the comment field.

I am also a non-customer (volunteer webmaster for a UK registered charity) so the customer support channel is not available to me.

It would be very useful if a Palo Alto staff member could confirm what the actual process is for requesting Risk Level review when (a) the urlfiltering portal handles only category disputes in practice and (b) the affected domain owner does not have a customer support contract. Without that, it appears there is no functioning route to resolution,a nd we are stuck with a risk factor that was created based on erroneous info from a warning sent by Netcraft in December and which they retracted as an error in under 24 hours.

Paul Barrett

Volunteer Webmaster,

Berkshire Family History Society

Re: False positive High-Risk classification for legitimate healthcare SaaS (gmedic.co)

kiwi — Mon, 18 May 2026 08:13:21 GMT

Hi @gersonjohan ,

I wanted to follow up and provide an important clarification regarding my previous message.

Upon reviewing our PAN-DB technical documentation, I need to correct a point regarding how risk categories are managed: You cannot manually request a direct change or review for a URL's risk level (High, Medium, or Low Risk).

Because risk ratings are determined by dynamic Machine Learning (ML) models that continuously analyze a domain’s behavioral properties, historical data, and ASN/hosting reputation signals, they adapt automatically over time rather than via manual overrides. As noted in your initial message, if the rating is tied to recent ASN or IP reputation shifts, the system must observe a sustained period of benign activity to automatically lower that risk tier.

While the risk rating itself cannot be manually adjusted, you can still use the Palo Alto Networks Test A Site portal to verify or request a change to the content category (e.g., ensuring it is strictly categorized under Health-and-Medicine). Keeping the content categorization as accurate as possible helps the ML engine properly contextualize your domain's legitimate traffic patterns.

I hope this helps clarify how PAN-DB evaluates dynamic site risk.

Sources and additional info:

Best,