cancel
Showing results for 
Search instead for 
Did you mean: 
4nsicguy
Level 7

Same URL has two different categories?

Jump to solution

Hey All,

Came accross a host going to the same URL multiple times throughout the day and found MWG has two seperate categories (Malicious Sites/ Unknown). The only difference I am seeing is the http response (403 and 407(authentication required)), and the request with unknown category did not have a user associated with the request. Site doesn't appear to be malicious via VT just thought it was strange. Does anyone know the reason for this, or experiencing the same issue?

URL: hzzp://logs[.]spilgames[.]com/lg/pb/1/ut/

0 Kudos
1 Solution

Accepted Solutions
sroering
Level 13

Re: Same URL has two different categories?

Jump to solution

You should see that the 403/407 are always followed by the same request that includes a category and username.  What you are seeing is the first request is unauthenticated, and the client is redirected for authentication before doing categorization.  So the first request won't have a username or a category.  After being authenticated, they are redirected back to the original URL and your normal policy would be applied, including categorization.

For this reason, Web Reporter and CSR both drop 403/407 requests during log parsing.

0 Kudos
2 Replies
sroering
Level 13

Re: Same URL has two different categories?

Jump to solution

You should see that the 403/407 are always followed by the same request that includes a category and username.  What you are seeing is the first request is unauthenticated, and the client is redirected for authentication before doing categorization.  So the first request won't have a username or a category.  After being authenticated, they are redirected back to the original URL and your normal policy would be applied, including categorization.

For this reason, Web Reporter and CSR both drop 403/407 requests during log parsing.

0 Kudos
4nsicguy
Level 7

Re: Same URL has two different categories?

Jump to solution

Thank you very much for your quick response. Your information was very helpful.

0 Kudos