Results 1 to 6 of 6
  1. #1
    Master Untangler Kyawa's Avatar
    Join Date
    Dec 2016
    Location
    Maryland
    Posts
    216

    Default Phishing/Fraud website visit blocked:dbrsupportportal dellbackupandrecovery

    Can someone tell me how one would go about vetting messages like this to see if the site should be moved to PASS?

    Phishing/Fraud website visit blocked:
    Web Filter blocked http://www.dbrsupportportal.dellback...e/SpUpdate.svc (Phishing/Fraud)

    Causal Event: WebFilterEvent

    Thanks

  2. #2
    Master Untangler
    Join Date
    Jan 2009
    Location
    Minneapolis, MN
    Posts
    155

    Default

    Not sure how to officially vet a phishing site, but Chrome gives me a big red warning for it:



    so, chances are pretty good you don't want to be anywhere near this site.

  3. #3
    Master Untangler f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    397

    Default

    I would concur...and trust WebFilter i.e., Zvelo: https://zvelo.com/zvelolive/ and the Google: https://www.google.com/transparencyr...oogletutor.com
    Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

  4. #4
    Newbie
    Join Date
    Aug 2017
    Posts
    1

    Default

    I have an entire office attempting to access this site but I can't find a culprit, virus scans bring up nothing. Did you ever find out what was causing this?

  5. #5
    Master Untangler Kyawa's Avatar
    Join Date
    Dec 2016
    Location
    Maryland
    Posts
    216

    Default

    Never did. I just blocked WAN access for that particular device. If you figure it out, post it here.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,448

    Default

    Dellbackupandrecovery.com redirects to dell.com.

    The registrar for dellbackupandrecovery.com is the same as dell.com.

    The DNS servers for dellbackupandrecovery.com belong to Godaddy.

    The whois email records for both names are identical. Even the version of IIS serving both domains is the same.

    It looks like dellbackupandrecovery.com belongs to EMC/Dell, and poses no intended threat, given the way subdomains work this would also apply to all subdomains. A quick Google search indicates the domain may have been compromised at some point in the past.

    I see that WebFilter is blocking connection attempts to the domain. I'd just let it do so until Dell fixes this.
    f1assistance and Kyawa like this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2