Results 1 to 5 of 5
  1. #1
    Join Date
    Dec 2007

    Default Strange Phishing event?

    I was just installing a new CentOS 7 server, minimal install and went to install policycoreutils-python. Almost immediately after installation of the packages via Yum I get a notification from my Untangle 13 firewall that there was a phishing/fraud event:

    The following event occurred on the Untangle Server @ 2018-03-09 11:27:27.923

    Phishing/Fraud website visit detected:
    Web Monitor flagged (Phishing/Fraud)

    Causal Event: WebFilterEvent
    "timeStamp": "2018-03-09 11:27:27.923",
    "reason": "BLOCK_CATEGORY",
    "flagged": true,
    "blocked": false,
    "appName": "web_monitor",
    "requestLine": "GET",
    "category": "Phishing/Fraud",
    "sessionEvent": {
    "entitled": true,
    "hostname": "X.X.X.X",
    "CServerPort": 80,
    "protocol": 6,
    "protocolName": "TCP",
    "serverLatitude": 40.2181,
    "localAddr": "/X.X.X.X",
    "SServerAddr": "/",
    "remoteAddr": "/",
    "serverIntf": 4,
    "CClientAddr": "/X.X.X.X",
    "serverCountry": "US",
    "sessionId": 99556283477409,
    "SClientAddr": "/X.X.X.X",
    "clientCountry": "XL",
    "CClientPort": 53092,
    "policyRuleId": 0,
    "timeStamp": "2018-03-09 11:27:27.748",
    "serverLongitude": -111.6133,
    "clientIntf": 2,
    "policyId": 1,
    "SClientPort": 13267,
    "bypassed": false,
    "SServerPort": 80,
    "CServerAddr": "/",
    "tagsString": ""

    This is an automated message sent because the event matched the configured Event Rules.

    This is a little alarming to me considering this is obviously a dedicated CentOS7 repo. Can anyone elaborate on the meaning of this notice? Is this a warning about the domain or the file itself?

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    San Carlos, CA


    It means that url was blocked as malicious.

    If you believe this to be an error, you can submit a recategorization request through the UI using the button an the bottom and in the meantime add it to the pass list.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email

  3. #3
    Join Date
    Dec 2007


    It wasn't actually blocked. It was a warning. I don't know for certain as I have no association with that site. I also don't know how it would have arrived on the flag/block list which is why I am asking.

  4. #4
    Master Untangler
    Join Date
    Feb 2016


    To my knowledge, there is no way to know how that URL arrived on the phishing/fraud list. Untangle uses a third party service for the Web Filter lists (, so the report of that URL could have come from a variety of sources.

    Unless I'm mistaken, that URL is no longer categorized as phishing/fraud.

    EDIT: Sorry, I'm wrong, sort of. It is listed as spyware/malware now.
    Last edited by Sam Graf; 03-09-2018 at 12:41 PM.

  5. #5
    Join Date
    Dec 2007


    Thanks for all the help. Because it made me nervous I wiped this VM clean and started fresh. Didn't get the same warning the second time around. I paid more attention to what servers Yum was attaching to and that URL never came up.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

SEO by vBSEO 3.6.0 PL2