I opened a ticket with TAC.  Grep accesslogs for this seems to think its a phishing site?  Wish this information was displayed back to us on our custom block screen.

1492097221.532 5 10.6.3.2 TCP_DENIED/403 0 GET http://www.wrigleysos.com/ "DIAMONDCU\marketinguser@windows" NONE/- - BLOCK_WBRS_12-Marketing-Authenticated_Users-DefaultGroup-NONE-NONE-NONE <C_Allo,-8.1,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_shop,-,"-","phishing","Unknown","Unknown","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-"> - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36"

1492098697.118 4 10.7.3.7 TCP_DENIED/403 0 GET http://www.wrigleysos.com/ "DIAMONDCU\ITuser@windows" NONE/- - BLOCK_WBRS_12-Information_Technology-Authenticated_Users-DefaultGroup-NONE-NONE-NONE <C_Allo,-8.1,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_shop,-,"-","phishing","Unknown","Unknown","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-"> - "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36"