Results 1 to 2 of 2
  1. #1
    Untanglit
    Join Date
    Feb 2020
    Posts
    27

    Default requestLine": "GET http://travelocity.tlnk.io

    Have been getting hits on this site for several days, it's my wife's iPhone which she states isn't doing anything unusual.

    It's always the same site, but not sure what is trying to open it. I'm not sure how much of the error log I can include safely but this is the top portion:

    The following event occurred on the Untangle Server @ 2020-02-23 19:23:08.91

    Phishing and Other Frauds website visit blocked:
    Web Filter blocked http://travelocity.tlnk.io/ (Phishing and Other Frauds)

    Causal Event: WebFilterEvent
    {
    "reason": "BLOCK_CATEGORY",
    "appName": "web_filter",
    "requestLine": "GET http://travelocity.tlnk.io/",
    "sessionEvent": {
    "entitled": true,
    "protocol": 6,
    "hostname": "Marys-X",
    "CServerPort": 443,
    "protocolName": "TCP",



    I also got this from her computer:

    The following event occurred on the Untangle Server @ 2020-02-23 14:10:23.843

    Malware Sites website visit blocked:
    Web Filter blocked http://vps-1253210315.cos.ap-shanghai.myqcloud.com/ (Malware Sites)

    Causal Event: WebFilterEvent
    {
    "reason": "BLOCK_CATEGORY",
    "appName": "web_filter",
    "requestLine": "GET http://vps-1253210315.cos.ap-shanghai.myqcloud.com/",
    "sessionEvent": {
    "entitled": true,
    "protocol": 6,
    "hostname": "Marys-Air",
    "CServerPort": 443,
    "protocolName": "TCP",

    She does teach via VIPkid so does run an app that connects I assume to China directly. I want to make sure I'm not interfering with that app, but also that something nefarious is not going on.

    Everything seems to be working fine.

  2. #2
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,469

    Default

    It looks like everything is working, protection as designed!

    There is a lot of research that could be done, if you wanted to dig into it, but I suspect the first one has got nothing to do with Travelocity.

    typically, this stuff will be on a web page with third-party advertising.

    I would be concerned if there was a barrage of this with all apps and browsers closed.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2