Results 1 to 4 of 4
  1. #1
    Untanglit
    Join Date
    Nov 2018
    Posts
    19

    Default Malware Distribution Point - False Positive?

    I am assuming this is likely a false positive. I'm getting quite a lot of these most all from my Amazon Fire TV:

    I would not think it is visiting a Malware site.

    Malware Distribution Point website visit detected:
    Web Filter logged http://52.216.16.240/kindle-wifi/wifistub.html (Malware Distribution Point)

    Causal Event: WebFilterEvent
    {
    "timeStamp": "2019-07-11 09:22:31.9",
    "reason": "PASS_CLIENT",
    "flagged": false,
    "blocked": false,
    "appName": "web_filter",
    "requestLine": "GET http://52.216.16.240/kindle-wifi/wifistub.html",
    "category": "Malware Distribution Point",
    "sessionEvent": {
    "entitled": true,
    "hostname": "amazon-3870a4e19",
    "CServerPort": 80,
    "protocol": 6,
    "protocolName": "TCP",
    "localAddr": "/192.168.1.179",
    "serverLatitude": 39.0481,
    "SServerAddr": "/52.216.16.240",
    "remoteAddr": "/52.216.16.240",
    "serverIntf": 1,
    "CClientAddr": "/192.168.1.179",
    "serverCountry": "US",
    "sessionId": 102389037832719,
    "SClientAddr": "/97.92.210.202",
    "clientCountry": "XL",
    "CClientPort": 43078,
    "policyRuleId": 0,
    "timeStamp": "2019-07-11 09:22:31.787",
    "serverLongitude": -77.4728,
    "clientIntf": 2,
    "policyId": 1,
    "SClientPort": 21915,
    "bypassed": false,
    "SServerPort": 80,
    "CServerAddr": "/52.216.16.240",
    "username": "video",
    "tagsString": ""

    Thanks in advance.

  2. #2
    Newbie
    Join Date
    May 2019
    Posts
    6

    Default

    I'm getting the same alert on my Amazon Alexa Show but not on the firestick.

    Not the first time this has come up https://forums.untangle.com/web-filt...ud-emails.html

    Miscategorized IP again? Amazon AWS IP with a bad reputation?
    miles267 likes this.

  3. #3
    Master Untangler
    Join Date
    Jun 2015
    Posts
    162

    Default

    I too have been getting these with my Amazon kindle device. The IP being accessed turns out to be their AWS server. Incidentally my ISP’s abuse filter also thinks they’re Malware attempts so they must be using same categorization.


    Sent from my iPhone using Tapatalk

  4. #4
    Master Untangler f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    993

    Default

    We Don't Know What We Don't Know
    If one wrongheadedly assumed the risk of allowing such instruments into their protected domain, simply 'bypass' the unmanaged device(s) and allow its unhindered ambiguous communication with their malevolent macrocosm. Huh?
    Ask A-Z, I'm sure they'll explain their intent is strictly for your benefit. :-J
    Move along, nothing to see here... #CreatingMonstersThatRuleUs
    Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2