Sunday, June 18, 2017

BLACKLIST: McPhishin' Detected!

The Case of the Dirty Ron's Dirty Domain:


So there I was...testing out an OSINT/NextPivot tool & performing info gathering around 'mcdonalds.com' when I came across a BLACKLISTED domain in their digital asset pool:

                      mcencasa.com



(Screenshot from kryio.com)
Why does McDonald's have a domain that is currently blacklisted?!?!

BLACKLISTED BY:
Google Safe Browsing
McAfee Site Advisor
Virus Total

Taking a closer look at the domain reveals a previous owner may have used the domain for PHISHING and lost the domain in dispute.



Excerpt below from 'http://www.wipo.int/amc/en/domains/decisions/text/2015/d2015-0956.html':
The Respondent registered the disputed domain name and then redirected it to a Web site ("www.mcencasa.com") in which it created an appearance that consisted of appearing before the Internet user as if it were an official site of the Claimant .Indeed, it reproduced the distinctive signs of the Complainant which, in the Expert's view, implies a clear violation of the Policy. That is, knowing the existence of trademark rights, the Respondent proceeded to register.









More info...
http://www.wipo.int/amc/en/domains/search/case.jsp?case=D2015-0956
https://www.dndisputes.com/case/d2015-0956/



I'm not investing any more time on this McRabbithole but wanted to leave a nibblet here in case anyone else is curious. I personally believe BLACKLISTING can work but relies on having accurate, clean, real-time data. If this domain is not a threat...then it shouldn't be on the current lists...


However...the sites below tell us to WATCH OUT...for McPhishin'!


https://www.google.com/transparencyreport/safebrowsing/diagnostic/?hl=en#url=mcencasa.com


https://www.virustotal.com/en/url/635588d4160e7f43a2ab1935efb5f217b339adb92ed16d8c471ceaf40bc5fca4/analysis/

https://www.siteadvisor.com/sites/mcencasa.com



 

No comments:

Post a Comment