topic Re: FW access to domain "accountsupportteam.com" in Firewall and Security Management

FW access to domain "accountsupportteam.com"

Dvirg — Wed, 10 Feb 2021 14:42:57 GMT

Hi,

Our CP Firewalls are constantly trying to reach out a domain named "accountsupportteam.com"

according to some sources in VirusTotal this domain is recognized as a malicious domain.

Does it familiar to someone? Why are they reach out to this domain?

Re: FW access to domain "accountsupportteam.com"

PhoneBoy — Wed, 10 Feb 2021 15:22:16 GMT

What kind of gateway running what version of code?
My guess is that one of the clients is doing it.

Re: FW access to domain "accountsupportteam.com"

Chris_Atkinson — Wed, 10 Feb 2021 15:24:40 GMT

Reach out how? Are you able to share a redacted log card for the communication...

Re: FW access to domain "accountsupportteam.com"

Dvirg — Sun, 14 Feb 2021 08:36:32 GMT

After an investigation and help from CP-Support, I found this object in "Object Explorer", and it turned out that the GWs are validating FQDN requests.
Thank you all for your help.