There have been further findings... When I conduct test url-info-cloud "247fxtradeoption.com" BM: 247fxtradeoption.com,9,5,stock-advice-and-tools,low-risk 247fxtradeoption.com/4ee3f0492290c6f29384ec280a7bd715?usq=bwfyay5hbwvybhluy2tay2fzywnjb3vudgfudhmuawu=,9,6,malware so it appears that they categorised exact URL as Malware but not the main domain. yet, each time you click on the link in the phishing email it seems to generate unique BASE64 like looking string ! Each time I look at the firewall logs, it shows only 247fxtradeoption.com/ that is it. Yet, the browser shows the long string that is different each time you click on it (very smart by the way) Lastly, According to https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNx4CAG Additional Information The below commands do not work on OS 9.0.x but will work on prior OS versions: request url-filtering download paloaltonetworks region <region_name> > request url-filtering download status vendor paloaltonetworks
... View more