Homestead URL flagged by Meraki firewall as phishing

  • 0
  • 1
  • Problem
  • Updated 9 months ago
  • Acknowledged
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members.

Our cisco Meraki firewall is flagging the following URL as phishing: "url http://www.homestead.com/~site/Script..., server 108.167.135.50:80, category Phishing and Other Frauds" This is occurring about 12 times per day on average.
Photo of Chad4476

Chad4476

  • 170 Points 100 badge 2x thumb

Posted 9 months ago

  • 0
  • 1
Photo of Michelle C

Michelle C, Employee

  • 35,652 Points 20k badge 2x thumb
Hello,

I can recommend reaching out to cisco Meraki firewall and requesting they white list this URL. Unfortunately, this is their filtering settings that are marking it as phishing and we would not have a way to clear that on our end. 
Photo of Chad4476

Chad4476

  • 170 Points 100 badge 2x thumb
I opened the link from a computer not behind the firewall and it says it is a 1x1 GIF, which seems suspicious. Our security consultant says "Meraki uses Cisco Talos, the largest security investigation team in the industry. They are not above making mistakes, but I’d be more inclined to think this is legit that they are being tagged as phishing appropriately. "
Photo of Michelle C

Michelle C, Employee

  • 35,652 Points 20k badge 2x thumb
Understandable, I see the same 1x1 GIF also. What are you attempting to use this link for? 
Photo of Chad4476

Chad4476

  • 170 Points 100 badge 2x thumb
I don't know. The context of the Meraki log entry indicates that it is found in a script. The only thing I can think of is that it may be part of the website www.sunsetbuilderssupply.com hosted on Homestead and built using your SiteBuilder app. I know that 1x1 GIFs are often used in conjunction with tracking. The block occurs on several workstations on our network and it would be normal for them to visit www.sunsetbuilderssupply.com. Sorry I can't be more specific.
Photo of Elyzabeth

Elyzabeth , Official Rep

  • 48,072 Points 20k badge 2x thumb
Unfortunately, this means that the Meraki firewall is blocking us. They would need to whitelist that URL, as there is nothing we can do on our end to resolve this.
Photo of Chad4476

Chad4476

  • 170 Points 100 badge 2x thumb
We've now come full circle. I reported that Meraki is blocking you and you reported back that Meraki is blocking you. I had thought you might be interested to know that something (I provided a link) on your site is being flagged as phishing by a reputable organization, and a 1x1 GIF certainly raises a legitimate suspicion of phishing or at least tracking. The link looks like it points to something in a library that many might call. If that doesn't concern Homestead then we will just continue to ignore it.
Photo of Elyzabeth

Elyzabeth , Official Rep

  • 48,072 Points 20k badge 2x thumb
I totally understand, my point was that it is nothing that we have the control over to help resolve. To give clarification, that 1 x 1 GIF URL refers to an internal tracking tool for the builder. We tested and Sophos is not blocking it, so it is really something that is being blocked specifically on your work network. It is nothing to do with phishing and nothing that should raise a concern, but if you want that error to go away, your IT department would need to work on whitelisting that.
Photo of Chad4476

Chad4476

  • 170 Points 100 badge 2x thumb
OK, I'll take care of it. Thanks. I don't know if there is a ticket related to this but if there is you may close it.

This conversation is no longer open for comments or replies.