https://live.paloaltonetworks.com/t5/advanced-threat-prevention/completely-puzzled-unique-threat-id-193986039/m-p/204869#M270 <P>&nbsp;The domain was found to be queried by malicious samples of explorer.exe</P> Mon, 12 Mar 2018 17:27:53 GMT mivaldi 2018-03-12T17:27:53Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/completely-puzzled-unique-threat-id-193986039/m-p/204599#M267 <P>hi,</P><P>&nbsp;</P><P>Did anyone had WildFire Threat events with the following Unique Threat ID: 193986039?</P><P>&nbsp;</P><P>Threat Vault provided me the following information:</P><P>Signature&nbsp;<SPAN>Release</SPAN>&nbsp;Domain Name&nbsp;Type&nbsp;</P><TABLE><TBODY><TR><TD><P class="">Name: generic:ecompassesfarringdon.com</P><P class="">Unique Threat ID: 193986039</P><P class="">Create Time: 2018-01-18 10:45:23 (UTC)</P></TD><TD><P class="tabbed-header Pre-71">Threat ID: 4035508</P><P class="tabbed-header Pre-71">Current Release: 2497 (2018-01-19 UTC)</P><P class="tabbed-header Pre-71">First Release: 2497 (2018-01-19 UTC)</P></TD><TD><A href="http://www.threecompassesfarringdon.com" target="_blank">www threecompassesfarringdon com</A></TD><TD>AntiVirus</TD></TR><TR><TD><P class="">Name: generic:ecompassesfarringdon.com</P><P class="">Unique Threat ID: 193986039</P><P class="">Create Time: 2018-01-18 10:45:23 (UTC)</P></TD><TD><P class="tabbed-header Pre-71">Threat ID: 3823708</P><P class="tabbed-header Pre-71">Current Release: 155829 (2018-01-18 UTC)</P><P class="tabbed-header Pre-71">First Release: 155829 (2018-01-18 UTC)</P></TD><TD><A href="http://www.threecompassesfarringdon.com" target="_blank">www threecompassesfarringdon com</A></TD><TD><P>WildFire</P><P>&nbsp;</P></TD></TR></TBODY></TABLE><P>&nbsp;</P><P>Being a Tucows domain (Domain Provider with a long story of Nefarious Activity) doesn't help, however the domain appears to be register under Squarespace Inc. which is a legite and known "website creation facilitator" type of company/software.</P><P>&nbsp;</P> Fri, 09 Mar 2018 17:17:11 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/completely-puzzled-unique-threat-id-193986039/m-p/204599#M267 Paulo_Henriques 2018-03-09T17:17:11Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/completely-puzzled-unique-threat-id-193986039/m-p/204619#M269 <P>Hello,</P><P>I dont have these on my PAN but dont think anyone in our company would go to that site. I checked a few sites to see if that one was malicious and they came up clean. You could always take some pcaps and have the PAN engineers take a look.</P><P>&nbsp;</P><P><A href="https://www.virustotal.com/en/url/1f0da1753dea79ab135de7a5abf3fd8a31b4446c2347d89300d33bd5355bed00/analysis/" target="_blank">https://www.virustotal.com/en/url/1f0da1753dea79ab135de7a5abf3fd8a31b4446c2347d89300d33bd5355bed00/analysis/</A></P><P>&nbsp;</P><P><A href="https://quttera.com/sitescan/www.threecompassesfarringdon.com" target="_blank">https://quttera.com/sitescan/www.threecompassesfarringdon.com</A></P><P>&nbsp;</P><P><SPAN><A href="https://sitecheck.sucuri.net/results/www.threecompassesfarringdon.com" target="_blank">https://sitecheck.sucuri.net/results/www.threecompassesfarringdon.com</A></SPAN></P><P>&nbsp;</P><P><SPAN>Regards,</SPAN></P> Fri, 09 Mar 2018 20:22:26 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/completely-puzzled-unique-threat-id-193986039/m-p/204619#M269 OtakarKlier 2018-03-09T20:22:26Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/completely-puzzled-unique-threat-id-193986039/m-p/204869#M270 <P>&nbsp;The domain was found to be queried by malicious samples of explorer.exe</P> Mon, 12 Mar 2018 17:27:53 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/completely-puzzled-unique-threat-id-193986039/m-p/204869#M270 mivaldi 2018-03-12T17:27:53Z