https://live.paloaltonetworks.com/t5/general-topics/botnet-report-full-of-cloud-typography-com-entries/m-p/72263#M41033 <P>One of the fine technicians at PaloAlto sent me this:</P> <P>&nbsp;</P> <P><STRONG><EM>Hi Chris</EM></STRONG><BR /> <BR /><STRONG><EM> I checked on this URL on my end and I can't find any information pertaining to it being a malware site either. I did find some mentioning of a reclassification request fairly recently so it is very possible that we simply have a caching issue on the firewall.</EM></STRONG><BR /> <BR /><STRONG><EM> Simply log into the CLI and issue the command</EM></STRONG><BR /><STRONG><EM> &gt;clear url-cache url <A href="http://cloud.typography.com" target="_blank">http://cloud.typography.com</A></EM></STRONG><BR /> <BR /><STRONG><EM> This will force the firewall to reach out to the cloud and refresh the verdict on this site.</EM> </STRONG><BR /> </P> <P>I'm happy to say, it seems to have done the trick. &nbsp;I'm looking at the traffic logs and the categorization has been corrected!! &nbsp;Yay!</P> <P>&nbsp;</P> <P>Chris</P> Fri, 05 Feb 2016 16:36:42 GMT holtcg 2016-02-05T16:36:42Z https://live.paloaltonetworks.com/t5/general-topics/botnet-report-full-of-cloud-typography-com-entries/m-p/72257#M41028 <P>My weekly botnet report is full of entries like:&nbsp;</P> <P>"Repeatedly visited (32) the same malicious URL cloud.typography.com/"</P> <P>&nbsp;</P> <P>I've checked this URL in the database and using the CLI, and it shows as computer-and-internet-info</P> <P>Several tools I've used to check the site show nothing malicous.</P> <P>I'm thinking maybe categorization is the wrong place to look.</P> <P>&nbsp;</P> <P>I feel like this must be some software that we use, downloading fonts because a visit to the site shows that it isn't something people would be casually browsing to.</P> <P>&nbsp;</P> <P>I'm not sure how to proceed, I hope someone can point me in the right direction.</P> <P>&nbsp;</P> <P>Thanks for any suggestions!</P> <P>Chris</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 05 Feb 2016 15:40:22 GMT https://live.paloaltonetworks.com/t5/general-topics/botnet-report-full-of-cloud-typography-com-entries/m-p/72257#M41028 holtcg 2016-02-05T15:40:22Z https://live.paloaltonetworks.com/t5/general-topics/botnet-report-full-of-cloud-typography-com-entries/m-p/72261#M41031 <P>URL Filtering profile.</P> <P>Settings tab.</P> <P>Check "Referer"</P> <P>&nbsp;</P> <P>Then URL log starts showing&nbsp;referer.</P> <P>Maybe this malicious site was included to some other site your users browse to.</P> Fri, 05 Feb 2016 16:06:48 GMT https://live.paloaltonetworks.com/t5/general-topics/botnet-report-full-of-cloud-typography-com-entries/m-p/72261#M41031 Raido_Rattameister 2016-02-05T16:06:48Z https://live.paloaltonetworks.com/t5/general-topics/botnet-report-full-of-cloud-typography-com-entries/m-p/72263#M41033 <P>One of the fine technicians at PaloAlto sent me this:</P> <P>&nbsp;</P> <P><STRONG><EM>Hi Chris</EM></STRONG><BR /> <BR /><STRONG><EM> I checked on this URL on my end and I can't find any information pertaining to it being a malware site either. I did find some mentioning of a reclassification request fairly recently so it is very possible that we simply have a caching issue on the firewall.</EM></STRONG><BR /> <BR /><STRONG><EM> Simply log into the CLI and issue the command</EM></STRONG><BR /><STRONG><EM> &gt;clear url-cache url <A href="http://cloud.typography.com" target="_blank">http://cloud.typography.com</A></EM></STRONG><BR /> <BR /><STRONG><EM> This will force the firewall to reach out to the cloud and refresh the verdict on this site.</EM> </STRONG><BR /> </P> <P>I'm happy to say, it seems to have done the trick. &nbsp;I'm looking at the traffic logs and the categorization has been corrected!! &nbsp;Yay!</P> <P>&nbsp;</P> <P>Chris</P> Fri, 05 Feb 2016 16:36:42 GMT https://live.paloaltonetworks.com/t5/general-topics/botnet-report-full-of-cloud-typography-com-entries/m-p/72263#M41033 holtcg 2016-02-05T16:36:42Z