Suspicious calls to

On the last few days, one of our endpoints calls to

I used TCPView to find suspicious connections and checked if there any unknown extension.

The owner of the domain made it a record and set the next txt record:

“The owner of this domain does not know why your machine is reaching out to it. Owner saw suspicious traffic in multiple networks and bought it.”

I read the next analysis but I can’t find the cause of these calls.



Any Idea?