Jump to content

Malicious Domain - False Positive ?


Go to solution Solved by Zynthesist,

Recommended Posts

Working from home on Business Laptop running Win 10 with MB and Office 13 - Outlook was open and reviewing email when I received a MW Trojan Alert from one of the emails.  The difficult aspect is the MW info does not identify what the email was?

Research on the IP indicates its AWS - Miami DNS ?  the pardot.com is sales force

I access Corp AWS  accounts from both of my Systems but different email on outlook for both systems and no common email that I can identify.  Is this a false positive on this IP ? 

Checking the MW logs I get the following: 

Work Laptop

Website blocked: 3;36 PM EST -

CAT - Trojan

Domain: storage,pardot.com

IP: 13.32.80.42

Port: 64343

Type Outbound

File :

c:\Program Files\Microsoft Office15\OUTLOOK>EXE

 

Home WS

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/6/19
Protection Event Time: 4:45 PM
Log File: 1cd12586-b88b-11e9-982c-3417ebbf9797.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.586
Update Package Version: 1.0.11880
License: Trial

-System Information-
OS: Windows 10 (Build 17763.615)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: storage.pardot.com
IP Address: 13.32.80.42
Port: [58650]
Type: Outbound
File: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

 

 

 

 

 

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.