https://community.cisco.com/t5/network-security/nexus-websocket-a-intercom-io/m-p/4738907#M1095959 <P>Same here. Trying to track down correlation to the origination of the traffic.&nbsp; It appears, at least in our situation, that it is an embedded application in Microsoft Teams or other MS applications.&nbsp;&nbsp;</P> Wed, 14 Dec 2022 15:52:21 GMT tkamish22 2022-12-14T15:52:21Z https://community.cisco.com/t5/network-security/nexus-websocket-a-intercom-io/m-p/4738646#M1095946 <P>We've been receiving multiple alert regarding this domain "<SPAN>nexus-websocket-a.intercom.io"</SPAN></P><P><SPAN>User traffic shows it's related to legitimate web traffic.</SPAN></P><P><SPAN>Submitted the domain to sandboxing and it's benign. Also other OSINT categorized it under Technology/Internet and Business-and-Economy.&nbsp;</SPAN></P><P>Checked Cisco Talos portal and this has been categorized as phishing recently, Dec.12.</P><P>Requested re-categorization on this via Cisco Talos and it's still pending.</P><P>Would like to know your thoughts or if anyone has encountered this domain? Thank you.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 14 Dec 2022 10:35:39 GMT https://community.cisco.com/t5/network-security/nexus-websocket-a-intercom-io/m-p/4738646#M1095946 justwondering 2022-12-14T10:35:39Z https://community.cisco.com/t5/network-security/nexus-websocket-a-intercom-io/m-p/4738792#M1095947 <P>I too have observed this recently. It seems some sources note it as malicious, while others do not. I'm curious as well as I do not have a definite answer. Resource monitor on Windows machines shows chrome.exe as the culprit... but as for what it is... no idea.&nbsp;</P> Wed, 14 Dec 2022 19:11:11 GMT https://community.cisco.com/t5/network-security/nexus-websocket-a-intercom-io/m-p/4738792#M1095947 brettp 2022-12-14T19:11:11Z https://community.cisco.com/t5/network-security/nexus-websocket-a-intercom-io/m-p/4738907#M1095959 <P>Same here. Trying to track down correlation to the origination of the traffic.&nbsp; It appears, at least in our situation, that it is an embedded application in Microsoft Teams or other MS applications.&nbsp;&nbsp;</P> Wed, 14 Dec 2022 15:52:21 GMT https://community.cisco.com/t5/network-security/nexus-websocket-a-intercom-io/m-p/4738907#M1095959 tkamish22 2022-12-14T15:52:21Z https://community.cisco.com/t5/network-security/nexus-websocket-a-intercom-io/m-p/4739746#M1095993 <P>same on my end, it's initiating process is chrome.exe or edge.exe&nbsp;</P><P>checked logs further and seeing the domain ctaegorization is different in between cisco umbrella and firepower.. aren't they suppose to have threat intelligence?&nbsp;</P><P>firepower has urlfiltering, nonetheless its DNS Category=Phishing, while umbrella assessed it under&nbsp;Software/Technology, Business Services, Application, Business and Industry.</P> Thu, 15 Dec 2022 15:01:41 GMT https://community.cisco.com/t5/network-security/nexus-websocket-a-intercom-io/m-p/4739746#M1095993 justwondering 2022-12-15T15:01:41Z https://community.cisco.com/t5/network-security/nexus-websocket-a-intercom-io/m-p/4740981#M1096037 <P>Updating this, Cisco Talos has fixed the categorization to TRUSTED</P><P><SPAN>** Fixed - FP - Talos has concluded that the submission is safe to access at this time; the submission's reputation has been improved</SPAN></P> Sat, 17 Dec 2022 09:02:44 GMT https://community.cisco.com/t5/network-security/nexus-websocket-a-intercom-io/m-p/4740981#M1096037 justwondering 2022-12-17T09:02:44Z