You may come across a domain that should have its security classification reviewed. We welcome feedback on whether a domain should be reclassified as malicious or benign, and you can contact the Support team directly from the dashboard. The Security Research team reviews security classifications.
These scenarios might make you want to report a domain for reclassification:
- A False Positive—You may believe that a domain has been incorrectly categorized as malicious when it is not.
- A False Negative—You may believe that a domain is incorrectly categorized as benign when it is actually malicious.
How to Report a Domain
Reporting a domain through the Dashboard is easy if you have a couple that requires a review, but could be a hassle if you have more. You can also follow instructions in this article: Rapid No-Reply Umbrella Security Review Requests if you prefer to email our Security Team with one more more domains to review.
To proceed with submitting domains for reclassification on the Dashboard:
- Navigate to Reporting > Core Reports > <Activity Search>.
- Generate a report and click a domain.
- Click Suggest Security Categorization.
- In the Request Security Reclassification box, let us know why the domain should be reclassified. For example, "This domain should be blocked due to Command and Control Callback activity". Provide as much information as possible.
- Click Send.
Your request will open a ticket with us that will be reviewed as soon as possible.