1 Rookie
•
1 Message
0
4146
Legitimacy of Dell website
Good morning Dell team, I'm working in Cyber Security sector, and encountered the below suspicious website that seems to be a phishing website as declared by several threat intelligence. As the information provided from the threat intelligence is not complete, I would like to have your confirmation if this website is legitimate or not:
www.dbrsupportportal.dellbackupandrecovery.com You can find this website categorized as malicious and phishing by Joe sanbox in the following HTML report:
https://www.joesandbox.com/analysis/172401/0/html Also, you can find the website categorized as phishing by IBM X-force threat intelligence:
https://exchange.xforce.ibmcloud.com/url/www.dbrsupportportal.dellbackupandrecovery.com Your immediate reply will be highly appreciated. Thank you! kind regards, Mohamed Salih - Cyber Security QA
Brian Piatt
67 Posts
1
September 13th, 2019 10:00
@MohamedS
As a follow-up, we have confirm that this website URL is malicious in nature and should be blocked in your company. The parent domain was used by a depreciated product called Dell Backup and Cloud Storage.
Looking at the URL using threat indicators it appears it's being redirected. We have request the DNS registar to remove this entire URL and are awaiting their response.
Please do not hesitate to reach out to us if you have any follow-up questions.
-Brian
L4 | Dell Data Security #IWork4Dell
Brian Piatt
67 Posts
0
September 11th, 2019 07:00
@MohamedS
I wanted to just let you know that I'm trying to look internal to see if I can find what/if the URL is used for. Looking at the registar info it appears identical to our normal registration.
I should following up by 9/13 on any info I can find out.
-Brian
L4 | Dell Data Security #IWork4Dell