Question about SOC105 - Requested T.I. URL address

Good afternoon!

I found another possible alert with the wrong status when we finalized it:

Could you help me? I think it is wrong because the user is trying to access a malicious file via URL.

EventID: 28
Event Time: Oct, 29, 2020, 07:34 PM
Rule: SOC105 - Requested T.I. URL address