Closed spatula75 closed 1 year ago
Flagged as phishing, blocked by a few SecureDNS, picked up as a new phishing domain here today:
Domain:
- link.storjshare.io OK
Malware/Phishing/Scam:
- Malicous? POSSIBLE (1)
- Threat?
HaGeZi.TIF.LT YES
HaGeZi.TIF YES
HaGeZi.TIF.RAW YES
Quad9 NO
OpenDNS NO
ThreatFox NO
URLhaus NO
ThreatView NO
KADHosts NO
- Phishing?
Phishing.Army NO
PT/OP/PH YES
CERT.PL NO
Phishing.DB NO
Top 1M rank:
- Umbrella: -/-
- Tranco: -/-
- Chrome: -/-
Secure DNS:
- CleanBrowsing BLOCKED
- Cloudflare BLOCKED
- CONTROLD.TIF OK
- DNS0.eu BLOCKED
- DNS0.eu.ZERO BLOCKED
- NextDNS.TIF_AI BLOCKED
- NRD.DGA.IDN OK
- OpenDNS OK
- Quad9 OK
- SafeDNS BLOCKED
- UltraDNS OK
Blocklists:
- 1Hosts.Lite OK
- 1Hosts.Mini OK
- 1Hosts.Pro OK
- AdGuardDNS OK
- AhaDNS OK
- CONTROLD OK
- DNSforge.de BLOCKED
- EasyList OK
- HaGeZi.LIGHT BLOCKED
- HaGeZi.NORMAL BLOCKED
- HaGeZi.PERSONAL BLOCKED
- HaGeZi.PRO BLOCKED
- HaGeZi.PRO.PLUS BLOCKED
- HaGeZi.ULTIMATE BLOCKED
- hBlock OK
- Lightswitch05 OK
- NextDNS OK
- NoTracking OK
- OISD OK
- QuidsUp.NOTRACK OK
- StevenBlack OK
Intels:
- Google https://transparencyreport.google.com/safe-browsing/search?url=link.storjshare.io
- VirusTotal https://www.virustotal.com/en/domain/link.storjshare.io/information/
- AlienVault https://otx.alienvault.com/indicator/domain/link.storjshare.io
- Bitdefender https://trafficlight.bitdefender.com/info/?url=https%3A%2F%2Flink.storjshare.io
- FortiGuard https://www.fortiguard.com/webfilter?q=link.storjshare.io&type=&engine=1
- Kaspersky https://opentip.kaspersky.com/link.storjshare.io?tab=web
- McAfee https://siteadvisor.com/sitereport.html?url=link.storjshare.io
- Norton https://safeweb.norton.com/report/show?url=link.storjshare.io
- OpenDNS https://domain.opendns.com/link.storjshare.io
- URLVoid https://www.urlvoid.com/scan/link.storjshare.io/
- Yandex https://yandex.com/safety/?l10n=en&url=link.storjshare.io
Sources:
- malware-filter.io_malware-filter_phishing-filter-hosts
- mitchellkrogza_phishing.database_phishing-domains-new-today
When the domain is no longer flagged, it also disappears from my lists.
Thanks for the information; I'll give the proprietors of the site a heads-up that they need to deal with an abusive site and/or get themselves delisted from the sites that are originating a block for them.
What adblocker/DNS cloud service are you using?
BIND/named response policy zone
Which blocklists are used?
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.txt
Which domain(s) should be unblocked?
link.storjshare.io
Why should the domain(s) be unblocked? If necessary, please describe the steps to reproduce.
This appears to be a generic CDN operated by https://www.storj.io/, not necessarily a site that serves up malware, trackers, etc. In particular, it is used by the Mastodon site tech.lgbt's media server, media.tech.lgbt (by virtue of a CNAME), to serve up general media content (images, videos, sound clips, etc).