I'm perplexed. An old Sony Android TV recently started triggering alerts every minute. I have tried blocking its MAC address in the firewall settings, disabling the Alert, allowing the domain and IP in the Filter... yet I still get sent these emails constantly. I searched for the domain nflxvideo.net, it's legitimate and only appears in the Filter List query under Streaming Video, not Phishing. What else can I try here? (Obviously I can unplug the TVs internet, but I'd rather a solution where it still retains internet access!)
(Edited http to hxxp to allow me to post this)Code:Event: WebFilterEvent Event Time: 2022-01-12 18:11:19.67. Event Summary: Web Filter blocked hxxp://ipv4-c003-lhr006-bt-isp.1.oca.nflxvideo.net/ (Phishing and Other Frauds) Event Details: app name = web_filter blocked = true category = Phishing and Other Frauds category id = 57 flagged = true reason = BLOCK_CATEGORY request line = GET hxxp://ipv4-c003-lhr006-bt-isp.1.oca.nflxvideo.net/ rule id = 57 session event bypassed = false c client addr = 192.168.0.145 c client port = 47334 c server addr = ###.###.###.### c server port = 443 client country = XL client intf = 1 entitled = true hostname = android-479d0b3b62cd7b3e local addr = 192.168.0.145 policy id = 1 policy rule id = 0 protocol = 6 protocol name = TCP remote addr = 81.130.98.37 s client addr = ###.###.###.### s client port = 47929 s server addr = ###.###.###.### s server port = 443 server country = GB server intf = 2 server latitude = 51.472 server longitude = -0.2204 session id = 107478987851235 tags string = time stamp = 2022-01-12 18:11:19.665 time stamp = 2022-01-12 18:11:19.67 This is an automated message sent because this event matched Alerts Rule "Phishing and Other Frauds website visit blocked".