Has anyone encountered the issue where the Pardot campaign tracking code is causing your website to be categorized as malware? We recently launched a new website and implemented the Pardot tracking code. Within a day of the code being present on the site, we had a customer reach out to us that the site was being flagged as malware and our emails (not sent by pardot) were being blocked because the email contained a link to our website that was being flagged. Our customer sent us the following details as to why our emails and website were flagged:
The issue appears the site calling JavaScript resources from hosts with expired domains that have been registered by third party actor. Those domains are now instead pushing some code to either:
- steal the cookies from parent domain
- redirect the traffic to ZeroPark ad-agency
The site is pulling JavaScript resources from hxxps://pipardot[.]com/pd[.]js which is already noted as malware in PAN-DB. The pipardot domain lists four A records, of which our SIEM can confirm traffic to two. That traffic was allowed before being denied.
We've since removed the tracking code from our website and believe the issue is now resolved. Has anyone else experienced this issue and can provide feedback towards a solution?
Thanks!
Amanda, is it possible there was a copy/paste error when adding the tracker code to the page? The link should be hxxps://pi[.]pardot[.]com/pd.js versus hxxps://pipardot[.]com/pd.js. The pipardot[.]com is not a Pardot related domain and very likely why this is being flagged by the customer's firewall.
