Why is beagle.prod.tda.link elevated exposure?
I'm trying to figure out why I see dozen to hundreds of daily lookups of the domain beagle.prod.tda.link on all Security Reports and why it's classified as "elevated exposure". Even Fireboxes without DNSwatch do block accesses to that webserver and trigger an elevated exposure webblocker alert.
I couldn't find any valuable information about what this webservice does and whether it's really an indication of a possible attack. But maybe I don't really understand what the category "elevated exposure" means. Is it a malicious tracker?
Does anyone have more insights?
0
Sign In to comment.
Comments
Hi @schwicky
The site you mentioned is coming up as potentially an issue on two engines on virus total right now:
https://www.virustotal.com/gui/url/fcea213ec78c40155d1727652417186a90be850d44345d721fd679ffd9475d77/detection
Investigating it, it looks like a site that just redirects to something else, so it can likely pivot to anything. This type of thing happens often where a site is set up to point at something benign and is later changed to something malicious. In most cases, you'd point to your CDN, and not something that points at something else.
If you'd like to trigger a review of the site, please make a submission here:
https://www.watchguard.com/securityportal/UrlCategorization.aspx
-James Carson
WatchGuard Customer Support