03-09-2018 09:17 AM
hi,
Did anyone had WildFire Threat events with the following Unique Threat ID: 193986039?
Threat Vault provided me the following information:
Signature Release Domain Name Type
Name: generic:ecompassesfarringdon.com Unique Threat ID: 193986039 Create Time: 2018-01-18 10:45:23 (UTC) | Threat ID: 4035508 Current Release: 2497 (2018-01-19 UTC) First Release: 2497 (2018-01-19 UTC) | www threecompassesfarringdon com | AntiVirus |
Name: generic:ecompassesfarringdon.com Unique Threat ID: 193986039 Create Time: 2018-01-18 10:45:23 (UTC) | Threat ID: 3823708 Current Release: 155829 (2018-01-18 UTC) First Release: 155829 (2018-01-18 UTC) | www threecompassesfarringdon com | WildFire
|
Being a Tucows domain (Domain Provider with a long story of Nefarious Activity) doesn't help, however the domain appears to be register under Squarespace Inc. which is a legite and known "website creation facilitator" type of company/software.
03-09-2018 12:22 PM
Hello,
I dont have these on my PAN but dont think anyone in our company would go to that site. I checked a few sites to see if that one was malicious and they came up clean. You could always take some pcaps and have the PAN engineers take a look.
https://quttera.com/sitescan/www.threecompassesfarringdon.com
https://sitecheck.sucuri.net/results/www.threecompassesfarringdon.com
Regards,
03-12-2018 10:27 AM
The domain was found to be queried by malicious samples of explorer.exe
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
