Closed AlexisCadoret closed 1 year ago
dotzbr-dev.mirakl.net
and login.mirakl.net
blocked because of phishing activities. Blocked by some SecureDNS.
@drego85: can you please check why it is blocked by phishing.army? Is there still activity? Both are not flagged, I think they are false positives? Thanks!
Domain:
- dotzbr-dev.mirakl.net OK
Malware/Phishing/Scam:
- Malicous? POSSIBLE (1)
- Threat?
HaGeZi.TIF.LT YES
HaGeZi.TIF YES
HaGeZi.TIF.RAW YES
Quad9 NO
OpenDNS NO
ThreatFox NO
URLhaus NO
ThreatView NO
KADHosts NO
- Phishing?
Phishing.Army YES
PT/OP/PH YES
CERT.PL NO
Phishing.DB NO
Top 1M rank:
- Umbrella: -/-
- Tranco: -/-
- Chrome: -/-
Secure DNS:
- CleanBrowsing BLOCKED
- Cloudflare OK
- CONTROLD.TIF BLOCKED
- DNS0.eu BLOCKED
- DNS0.eu.ZERO BLOCKED
- NextDNS.TIF_AI BLOCKED
- NRD.DGA.IDN OK
- OpenDNS OK
- Quad9 OK
- SafeDNS BLOCKED
- UltraDNS OK
Blocklists:
- 1Hosts.Lite OK
- 1Hosts.Mini OK
- 1Hosts.Pro OK
- AdGuardDNS OK
- AhaDNS OK
- CONTROLD BLOCKED
- DNSforge.de BLOCKED
- EasyList OK
- HaGeZi.LIGHT BLOCKED
- HaGeZi.NORMAL BLOCKED
- HaGeZi.PERSONAL BLOCKED
- HaGeZi.PRO BLOCKED
- HaGeZi.PRO.PLUS BLOCKED
- HaGeZi.ULTIMATE BLOCKED
- hBlock BLOCKED
- Lightswitch05 OK
- NextDNS OK
- NoTracking BLOCKED
- OISD OK
- QuidsUp.NOTRACK OK
- StevenBlack OK
Intels:
- Google https://transparencyreport.google.com/safe-browsing/search?url=dotzbr-dev.mirakl.net
- VirusTotal https://www.virustotal.com/en/domain/dotzbr-dev.mirakl.net/information/
- AlienVault https://otx.alienvault.com/indicator/domain/dotzbr-dev.mirakl.net
- Bitdefender https://trafficlight.bitdefender.com/info/?url=https%3A%2F%2Fdotzbr-dev.mirakl.net
- FortiGuard https://www.fortiguard.com/webfilter?q=dotzbr-dev.mirakl.net&type=&engine=1
- Kaspersky https://opentip.kaspersky.com/dotzbr-dev.mirakl.net?tab=web
- McAfee https://siteadvisor.com/sitereport.html?url=dotzbr-dev.mirakl.net
- Norton https://safeweb.norton.com/report/show?url=dotzbr-dev.mirakl.net
- OpenDNS https://domain.opendns.com/dotzbr-dev.mirakl.net
- URLVoid https://www.urlvoid.com/scan/dotzbr-dev.mirakl.net/
- Yandex https://yandex.com/safety/?l10n=en&url=dotzbr-dev.mirakl.net
Domain:
- login.mirakl.net OK
Malware/Phishing/Scam:
- Malicous? POSSIBLE (1)
- Threat?
HaGeZi.TIF.LT YES
HaGeZi.TIF YES
HaGeZi.TIF.RAW YES
Quad9 NO
OpenDNS NO
ThreatFox NO
URLhaus NO
ThreatView NO
KADHosts NO
- Phishing?
Phishing.Army YES
PT/OP/PH NO
CERT.PL NO
Phishing.DB NO
Top 1M rank:
- Umbrella: -/-
- Tranco: -/-
- Chrome: -/-
Secure DNS:
- CleanBrowsing BLOCKED
- Cloudflare OK
- CONTROLD.TIF BLOCKED
- DNS0.eu BLOCKED
- DNS0.eu.ZERO BLOCKED
- NextDNS.TIF_AI BLOCKED
- NRD.DGA.IDN OK
- OpenDNS OK
- Quad9 OK
- SafeDNS BLOCKED
- UltraDNS OK
Blocklists:
- 1Hosts.Lite OK
- 1Hosts.Mini OK
- 1Hosts.Pro OK
- AdGuardDNS OK
- AhaDNS OK
- CONTROLD BLOCKED
- DNSforge.de BLOCKED
- EasyList OK
- HaGeZi.LIGHT BLOCKED
- HaGeZi.NORMAL BLOCKED
- HaGeZi.PERSONAL BLOCKED
- HaGeZi.PRO BLOCKED
- HaGeZi.PRO.PLUS BLOCKED
- HaGeZi.ULTIMATE BLOCKED
- hBlock BLOCKED
- Lightswitch05 OK
- NextDNS OK
- NoTracking BLOCKED
- OISD OK
- QuidsUp.NOTRACK OK
- StevenBlack OK
Intels:
- Google https://transparencyreport.google.com/safe-browsing/search?url=login.mirakl.net
- VirusTotal https://www.virustotal.com/en/domain/login.mirakl.net/information/
- AlienVault https://otx.alienvault.com/indicator/domain/login.mirakl.net
- Bitdefender https://trafficlight.bitdefender.com/info/?url=https%3A%2F%2Flogin.mirakl.net
- FortiGuard https://www.fortiguard.com/webfilter?q=login.mirakl.net&type=&engine=1
- Kaspersky https://opentip.kaspersky.com/login.mirakl.net?tab=web
- McAfee https://siteadvisor.com/sitereport.html?url=login.mirakl.net
- Norton https://safeweb.norton.com/report/show?url=login.mirakl.net
- OpenDNS https://domain.opendns.com/login.mirakl.net
- URLVoid https://www.urlvoid.com/scan/login.mirakl.net/
- Yandex https://yandex.com/safety/?l10n=en&url=login.mirakl.net
Hi @AlexisCadoret, the domain mirakl.net is reported as malicious as a result of these two reports:
As you can see, more than 10 users have indicated that the domain is malicious.
Is Mirakl likely to host malicious (phishing) or scam subdomains?
Hello @drego85, Thanks for those links. Dotz is one of our customers. However their security team wasn't aware that their business purchased our solution and thus reported dotz-dev.mirakl.net subdomain, which is one of their development environment.
Mirakl service is unlikely to host malicious subdomains as we have a pretty standardized solution where we host environments for our customers, using their branding (since they are our customers). The report performed by DotzBr is a false positive.
Ok Alexis, thanks for the clarification!
I report this discussion to PhishTank so they can remove the domain from their list.
Thanks a lot !
Thanks @AlexisCadoret and @drego85, the domains will be removed from my lists.
ping @notracking
Thanks! Added to the whitelist, changes will be visible after the next auto update.
What adblocker/DNS cloud service are you using?
Issue on Pro.txt and Pro.plus.txt
Which blocklists are used?
Pro.txt and pro.plus.txt
Which domain(s) should be unblocked?
mirakl.net dotzbr-dev.mirakl.net
Why should the domain(s) be unblocked? If necessary, please describe the steps to reproduce.
Mirakl is an ecommerce SaaS solution (mirakl.com). Blocking those domains will prevent our users from being able to use our solution. If needed, you can contact us at security@mirakl.com Thanks in advance