Here's the TL;DR of an earlier post: I accidentally mistyped a domain name configuration value while updating a website and found what I feel is a phishing op. If you take any .com domain, and add a second.com to the end (I do NOT recommend actually trying this unless you know what you are doing) you will see what appears to be a typo phishing operation.<p>My question: is this well known? Because I've never seen it written up before when I peruse web security stuff. For the full write-up of my experience and an associated screenshot check out: http://www.oldirtyhacker.com/something-wicked-this-way-coms
It is well-known. uBlock blocks anything ending in ".com.com" by default. It's on most badware block lists.<p>It's not a hole in the web any more than people accidentally typing "fcaebook.com" is a hole in the web. It's just someone exploiting user error, not unlike domain squatting. If you hit "CTRL+ENTER" in most browsers' address bars, they used to blindly append ".com" onto the domain name. If you typed "facebook.com" and then hit CTRL+ENTER, you'd get to facebook.com.com. As far as I know, all browsers have fixed that.<p>This isn't actually phishing (as far as I know) because it's not trying to trick you into thinking you've gone to the correct website. It's just a malware distribution page.<p>I believe OpenDNS also blocks this, for the record.
uBlock's Badware list blocks it, and via its documentation page I found these two links:<p><a href="https://isc.sans.edu/diary/.COM.COM+Used+For+Malicious+Typo+Squatting/20019" rel="nofollow">https://isc.sans.edu/diary/.COM.COM+Used+For+Malicious+Typo+...</a><p><a href="https://www.whitehatsec.com/blog/why-com-com-should-scare-you/" rel="nofollow">https://www.whitehatsec.com/blog/why-com-com-should-scare-yo...</a><p>Seems like this has been going on for a while...