- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-23-2014 07:58 AM
Dumb question perhaps, but why is www.googletagservices.com/tag/js/gpt.js being flagged as a malicious URL? It doesn't come up that way in PA's URL filtering site.
It's created a considerable jump in my botnet list.
Thanks in advance...
//moe
09-23-2014 08:28 AM
I hope 6.0.3 is the PAN OS version, but what is the URL DB version. You will get this information from GUI dashboard > General Information > URL Filtering version. OR from CLI > Show system Info ---
Thanks
09-23-2014 08:30 AM
A good doc for your reference: How to Handle a URL Miscategorization
Thanks
09-23-2014 10:00 AM
Hi VSU_ITSEC,
I just did PAN-DB URL Lookup and its classified as Comp&Inter.
Best match | googletagservices.com |
Category | computer-and-internet-info |
Can you please provide me output for "test url googletagservices.com".
Regards,
Hardik Shah
09-23-2014 10:19 AM
googletagservices.com
Search Engine
Any yes, that was my PAN- OS version #, my bad... URLfiltering is 2014.09.22.470
09-23-2014 10:36 AM
Hi VSU,
Firewall is doing correct catagorization, hence its not issue of mis-categorization.
admin@93-PA-VM-200> test url-info-cloud googletagservices.com
BM:
googletagservices.com,9,5,search-engines
www.googletagservices.com/tag/js/gpt.js,1,5,search-engines
www.googletagservices.com,1,5,computer-and-internet-info
Can you put enlarged URL/Threat log here. That will help us to understand issue in detail.
Regards,
Hardik Shah
09-23-2014 10:39 AM
Hi VSU,
Please find virustotal analysis, its not a malware.
Hence provide us threat/URL log to confirm potential false positive.
Regards,
Hardik Shah
09-23-2014 10:41 AM
from the CLI
@PA-5020-P(active)> test url www.googletagservices.com/tag/js/gpt.js
www.googletagservices.com/tag/js/gpt.js search-engines (Base db) expires in 0 seconds
www.googletagservices.com/tag/js/gpt.js search-engines (Cloud db)
i'll get the URL/threat log in a few...
09-23-2014 10:58 AM
Hello VSU_ITSEC,
It seems currently the PAN firewall is categorized properly. The above mentioned logs is for 09/22/14. As i said before, we had an issue with prior version and that has been fixed now. That is why, you don't have logs for current date ( 09/23/14-Block-URL).
Hope this helps.
Thanks
09-23-2014 11:23 AM
HI VSU,
Thanks for providing URL Logs, its confirmed now that its yesterdays log.I agree with HULK. Today classification looks good. Let us know if issue still appears.
Regards,
Hardik Shah
09-25-2014 08:27 AM
Have a new site in today's list with the same issue: g.symcd.com. This is new for us (so is the device); how often does this happen?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!