client-allegro.earchiwum.pl

hagezi / dns-blocklists

DNS-Blocklists: For a better internet - keep the internet clean!

GNU General Public License v3.0

6.99k stars 231 forks source link

client-allegro.earchiwum.pl #4243

Closed FadeMind closed 1 week ago

FadeMind commented 1 week ago

Which AdBlocker/DNS cloud service do you use?

AdGuard DNS

Other

client-allegro.earchiwum.pl

ControlD users

[ ] IMPORTANT - I assure that I have not set the Block Response in ControlD to Custom or Branded and can confirm that the problem still occurs.

NextDNS users

[ ] IMPORTANT - I can assure that I disabled the block page in NextDNS and can confirm that the problem still occurs.

With which block list(s) does the problem occur?

Threat Intelligence Feeds

Which domain(s) should be unblocked?

client-allegro.earchiwum.pl

Why should the domain(s) be unblocked?

client-allegro.earchiwum.pl is used by Allegro for delivery terms in PDF. Sample URL https://client-allegro.earchiwum.pl/doc/da3a6eedd1ce56202fe12109a9387d113b44929c4c696cb7da05ed19841d0800

20241107-1730971974

20241107-1730972022

Privacy

[X] I confirm that the report does not contain any private information.

hagezi commented 1 week ago

via phishing.army @drego85

github-actions[bot] commented 1 week ago

Thank you for your support. The issue is scheduled to be fixed in the next release. You will be notified when the issue is finally fixed.

drego85 commented 1 week ago

Hi @FadeMind, the domain was indicated as malicious by report 8251782 on PhishTank, confirmed by 4 users.

earchiwum.pl is probably a domain of eArchiwum, an online service offering digital archiving solutions for electronic documents.

Unfortunately, I cannot find an official website of this company. 🤷‍♂️

Can you confirm that it is a legitimate website (more information is also welcome)? So I can warn PhishTank of the false positive.

FadeMind commented 1 week ago

@drego85 hi. I got e-mail about change terms in Allegro service. Verified by GMAIL also 20241107-1730972529

20241107-1730973871

PDF with new terms https://client-allegro.earchiwum.pl/doc/da3a6eedd1ce56202fe12109a9387d113b44929c4c696cb7da05ed19841d0800

URL scan: https://urlscan.io/result/53040dc7-c7ae-4c7a-87f5-d38ad0570832/ VT: https://www.virustotal.com/gui/url/5a2aa4f39e17b51a7515853274834d15797954b38918c67ea0875303e33c5ae5?nocache=1

Only CRDF and Gridinsoft mark as malware. I use ESET Internet Security alongside Adguard DNS Private setup. URL is clean. PDF download properly. URL was blocked by TIF. Thats all I know.

drego85 commented 1 week ago

Thanks you, I opened this ticket on PhishTank:

earchiwum.pl is a domain of eArchiwum, an online service offering digital archiving solutions for electronic documents.
It is used in Poland to send new contractual documents (PDF), e.g. from the e-commerce company Allegro.

Surely it will soon be reported as non-malicious.

hagezi commented 1 week ago

Thanks @drego85 ;)

FadeMind commented 1 week ago

Unfortunately, I cannot find an official website of this company

@drego85 @hagezi Root domain earchiwum.pl belongs to KIR S.A. see: https://www.kir.pl/en/clearing Poland have own registry DNS checker https://www.dns.pl/whois 20241107-1730996392

drego85 commented 1 week ago

Don't worry, thanks anyway for your valuable help. PhishTank closed the ticket and now no longer reports the URL as malicious. In the next few hours, as soon as the lists update, everything will be back to normal.

github-actions[bot] commented 1 week ago

This issue has been fixed in release 2024.313.39107