Results 1 to 7 of 7
  1. #1
    Untanglit
    Join Date
    Nov 2018
    Posts
    25

    Default Malware Distribution Point - False Positive?

    I am assuming this is likely a false positive. I'm getting quite a lot of these most all from my Amazon Fire TV:

    I would not think it is visiting a Malware site.

    Malware Distribution Point website visit detected:
    Web Filter logged http://52.216.16.240/kindle-wifi/wifistub.html (Malware Distribution Point)

    Causal Event: WebFilterEvent
    {
    "timeStamp": "2019-07-11 09:22:31.9",
    "reason": "PASS_CLIENT",
    "flagged": false,
    "blocked": false,
    "appName": "web_filter",
    "requestLine": "GET http://52.216.16.240/kindle-wifi/wifistub.html",
    "category": "Malware Distribution Point",
    "sessionEvent": {
    "entitled": true,
    "hostname": "amazon-3870a4e19",
    "CServerPort": 80,
    "protocol": 6,
    "protocolName": "TCP",
    "localAddr": "/192.168.1.179",
    "serverLatitude": 39.0481,
    "SServerAddr": "/52.216.16.240",
    "remoteAddr": "/52.216.16.240",
    "serverIntf": 1,
    "CClientAddr": "/192.168.1.179",
    "serverCountry": "US",
    "sessionId": 102389037832719,
    "SClientAddr": "/97.92.210.202",
    "clientCountry": "XL",
    "CClientPort": 43078,
    "policyRuleId": 0,
    "timeStamp": "2019-07-11 09:22:31.787",
    "serverLongitude": -77.4728,
    "clientIntf": 2,
    "policyId": 1,
    "SClientPort": 21915,
    "bypassed": false,
    "SServerPort": 80,
    "CServerAddr": "/52.216.16.240",
    "username": "video",
    "tagsString": ""

    Thanks in advance.

  2. #2
    Newbie
    Join Date
    May 2019
    Posts
    8

    Default

    I'm getting the same alert on my Amazon Alexa Show but not on the firestick.

    Not the first time this has come up https://forums.untangle.com/web-filt...ud-emails.html

    Miscategorized IP again? Amazon AWS IP with a bad reputation?
    miles267 likes this.

  3. #3
    Master Untangler
    Join Date
    Jun 2015
    Posts
    169

    Default

    I too have been getting these with my Amazon kindle device. The IP being accessed turns out to be their AWS server. Incidentally my ISP’s abuse filter also thinks they’re Malware attempts so they must be using same categorization.


    Sent from my iPhone using Tapatalk

  4. #4
    Untangle Ninja f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    1,069

    Default

    We Don't Know What We Don't Know
    If one wrongheadedly assumed the risk of allowing such instruments into their protected domain, simply 'bypass' the unmanaged device(s) and allow its unhindered ambiguous communication with their malevolent macrocosm. Huh?
    Ask A-Z, I'm sure they'll explain their intent is strictly for your benefit. :-J
    Move along, nothing to see here... #CreatingMonstersThatRuleUs
    Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

  5. #5
    Untangle Ninja f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    1,069

    Default

    Idiocracy! Normalizing complete surveillance, total collection, unmanaged devices, and trying to embrace the lack of security in an environment where the physical control of assets can't exist...Huh? Clown world has encroached on our binary environment which once was black and white, right vs wrong. This won't end well...I see this attempt failing everywhere today which will only get worse and we should refuse to accept 'their' answer to a problem voluntarily created to desperately solve. D'oh!
    Wake up, Neo...
    The Smart Grid has you...

    "How IT, Security Teams Can Protect the New Perimeter"
    https://tinyurl.com/y3dke9yt
    Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

  6. #6
    Untanglit
    Join Date
    Feb 2019
    Posts
    21

    Default

    I am getting the same warning and it is frustrating. I went through the previous thread and attempted some of the suggestions, but still getting regular warnings. One suggestion is to turn off notifications, but I want to be notified of other threats. Has anyone come up with a solution to stop the annoying alerts for this. Any help would be greatly appreciated.

    [I]The following event occurred on the Untangle Server @ 2019-08-02 21:29:01.215

    Malware Sites website visit blocked:
    Web Filter blocked http://52.217.37.252/kindle-wifi/wifistub.html (Malware Sites)

    Causal Event: WebFilterEvent
    {
    "reason": "BLOCK_CATEGORY",
    "appName": "web_filter",

  7. #7
    Master Untangler
    Join Date
    Jun 2015
    Posts
    169

    Default

    No, but I too would appreciate a better solution to this issue rather than ignoring alerts. For the same reason you’ve mentioned.


    Sent from my iPhone using Tapatalk

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2