Question about approach to identifying possible false positive

[hedders]

Hello,

I'm a pretty new user of Zenarmor, having only recently upgraded from a consumer-grade home router to an OPNsense box (which I'm very happy with).

I am seeing a lot of blocks of outgoing connections from my phone to a host called "prod-mobile-api.jn3cx6xo36.net", which Zenarmor seems to be categorising as "Malware/Virus". I suspect it is a false positive, but it is obviously concerning and I am struggling to find any info on what it is, or why Zenarmor might be categorising it as malware.

Googling for that hostname leads to a few auto-generated "we've scanned this host for viruses and found nothing" type pages, which tell me very little.

The regular posters in this forum seem to be pretty experienced and knowledgeable, and I wondered if anyone can give me some pointers in tracking down what's going on here please? For example, do any of you know what databases Zenarmor draws its blocklists from?

If the mods think this is OT then my apologies, and do feel free to bin.

Thank you all in advance for any help you're able to give.

[Meg]

If your quite sure its a false positive you can submit here (https://www.zenarmor.com/site-classification) to have it checked to see if it should be reclassified.

[hedders]

If your quite sure its a false positive

Thanks. I guess the issue is I'm not sure if it is or not, and I'm struggling to find any useful info to help me find out. Do you happen to know if there is anywhere I can look up why it was matched?

[sy]

Hi,

Thanks for the report. It seems a false positive classification. Its category is changed and published to the servers.

[hedders]

Thank you!