search

hagezi / dns-blocklists

DNS-Blocklists: For a better internet - keep the internet clean!
GNU General Public License v3.0
6.16k stars 208 forks source link

Removal of mirakl.net entries #634

Closed AlexisCadoret closed 1 year ago

AlexisCadoret commented 1 year ago

What adblocker/DNS cloud service are you using?

Issue on Pro.txt and Pro.plus.txt

Which blocklists are used?

Pro.txt and pro.plus.txt

Which domain(s) should be unblocked?

mirakl.net dotzbr-dev.mirakl.net

Why should the domain(s) be unblocked? If necessary, please describe the steps to reproduce.

Mirakl is an ecommerce SaaS solution (mirakl.com). Blocking those domains will prevent our users from being able to use our solution. If needed, you can contact us at security@mirakl.com Thanks in advance

hagezi commented 1 year ago

dotzbr-dev.mirakl.net and login.mirakl.net blocked because of phishing activities. Blocked by some SecureDNS.

@drego85: can you please check why it is blocked by phishing.army? Is there still activity? Both are not flagged, I think they are false positives? Thanks!

Domain:
 - dotzbr-dev.mirakl.net OK

Malware/Phishing/Scam:
 - Malicous?       POSSIBLE (1)

 - Threat?
   HaGeZi.TIF.LT   YES
   HaGeZi.TIF      YES
   HaGeZi.TIF.RAW  YES
   Quad9           NO
   OpenDNS         NO
   ThreatFox       NO
   URLhaus         NO
   ThreatView      NO
   KADHosts        NO

 - Phishing?
   Phishing.Army   YES
   PT/OP/PH        YES
   CERT.PL         NO
   Phishing.DB     NO

Top 1M rank:
 - Umbrella:       -/-
 - Tranco:         -/-
 - Chrome:         -/-

Secure DNS:
 - CleanBrowsing   BLOCKED
 - Cloudflare      OK
 - CONTROLD.TIF    BLOCKED
 - DNS0.eu         BLOCKED
 - DNS0.eu.ZERO    BLOCKED
 - NextDNS.TIF_AI  BLOCKED
 - NRD.DGA.IDN     OK
 - OpenDNS         OK
 - Quad9           OK
 - SafeDNS         BLOCKED
 - UltraDNS        OK

Blocklists:
 - 1Hosts.Lite     OK
 - 1Hosts.Mini     OK
 - 1Hosts.Pro      OK
 - AdGuardDNS      OK
 - AhaDNS          OK
 - CONTROLD        BLOCKED
 - DNSforge.de     BLOCKED
 - EasyList        OK
 - HaGeZi.LIGHT    BLOCKED
 - HaGeZi.NORMAL   BLOCKED
 - HaGeZi.PERSONAL BLOCKED
 - HaGeZi.PRO      BLOCKED
 - HaGeZi.PRO.PLUS BLOCKED
 - HaGeZi.ULTIMATE BLOCKED
 - hBlock          BLOCKED
 - Lightswitch05   OK
 - NextDNS         OK
 - NoTracking      BLOCKED
 - OISD            OK
 - QuidsUp.NOTRACK OK
 - StevenBlack     OK

Intels:
 - Google          https://transparencyreport.google.com/safe-browsing/search?url=dotzbr-dev.mirakl.net
 - VirusTotal      https://www.virustotal.com/en/domain/dotzbr-dev.mirakl.net/information/
 - AlienVault      https://otx.alienvault.com/indicator/domain/dotzbr-dev.mirakl.net
 - Bitdefender     https://trafficlight.bitdefender.com/info/?url=https%3A%2F%2Fdotzbr-dev.mirakl.net
 - FortiGuard      https://www.fortiguard.com/webfilter?q=dotzbr-dev.mirakl.net&type=&engine=1
 - Kaspersky       https://opentip.kaspersky.com/dotzbr-dev.mirakl.net?tab=web
 - McAfee          https://siteadvisor.com/sitereport.html?url=dotzbr-dev.mirakl.net
 - Norton          https://safeweb.norton.com/report/show?url=dotzbr-dev.mirakl.net
 - OpenDNS         https://domain.opendns.com/dotzbr-dev.mirakl.net
 - URLVoid         https://www.urlvoid.com/scan/dotzbr-dev.mirakl.net/
 - Yandex          https://yandex.com/safety/?l10n=en&url=dotzbr-dev.mirakl.net

Domain:
 - login.mirakl.net OK

Malware/Phishing/Scam:
 - Malicous?       POSSIBLE (1)

 - Threat?
   HaGeZi.TIF.LT   YES
   HaGeZi.TIF      YES
   HaGeZi.TIF.RAW  YES
   Quad9           NO
   OpenDNS         NO
   ThreatFox       NO
   URLhaus         NO
   ThreatView      NO
   KADHosts        NO

 - Phishing?
   Phishing.Army   YES
   PT/OP/PH        NO
   CERT.PL         NO
   Phishing.DB     NO

Top 1M rank:
 - Umbrella:       -/-
 - Tranco:         -/-
 - Chrome:         -/-

Secure DNS:
 - CleanBrowsing   BLOCKED
 - Cloudflare      OK
 - CONTROLD.TIF    BLOCKED
 - DNS0.eu         BLOCKED
 - DNS0.eu.ZERO    BLOCKED
 - NextDNS.TIF_AI  BLOCKED
 - NRD.DGA.IDN     OK
 - OpenDNS         OK
 - Quad9           OK
 - SafeDNS         BLOCKED
 - UltraDNS        OK

Blocklists:
 - 1Hosts.Lite     OK
 - 1Hosts.Mini     OK
 - 1Hosts.Pro      OK
 - AdGuardDNS      OK
 - AhaDNS          OK
 - CONTROLD        BLOCKED
 - DNSforge.de     BLOCKED
 - EasyList        OK
 - HaGeZi.LIGHT    BLOCKED
 - HaGeZi.NORMAL   BLOCKED
 - HaGeZi.PERSONAL BLOCKED
 - HaGeZi.PRO      BLOCKED
 - HaGeZi.PRO.PLUS BLOCKED
 - HaGeZi.ULTIMATE BLOCKED
 - hBlock          BLOCKED
 - Lightswitch05   OK
 - NextDNS         OK
 - NoTracking      BLOCKED
 - OISD            OK
 - QuidsUp.NOTRACK OK
 - StevenBlack     OK

Intels:
 - Google          https://transparencyreport.google.com/safe-browsing/search?url=login.mirakl.net
 - VirusTotal      https://www.virustotal.com/en/domain/login.mirakl.net/information/
 - AlienVault      https://otx.alienvault.com/indicator/domain/login.mirakl.net
 - Bitdefender     https://trafficlight.bitdefender.com/info/?url=https%3A%2F%2Flogin.mirakl.net
 - FortiGuard      https://www.fortiguard.com/webfilter?q=login.mirakl.net&type=&engine=1
 - Kaspersky       https://opentip.kaspersky.com/login.mirakl.net?tab=web
 - McAfee          https://siteadvisor.com/sitereport.html?url=login.mirakl.net
 - Norton          https://safeweb.norton.com/report/show?url=login.mirakl.net
 - OpenDNS         https://domain.opendns.com/login.mirakl.net
 - URLVoid         https://www.urlvoid.com/scan/login.mirakl.net/
 - Yandex          https://yandex.com/safety/?l10n=en&url=login.mirakl.net
drego85 commented 1 year ago

Hi @AlexisCadoret, the domain mirakl.net is reported as malicious as a result of these two reports:

As you can see, more than 10 users have indicated that the domain is malicious.

Is Mirakl likely to host malicious (phishing) or scam subdomains?

AlexisCadoret commented 1 year ago

Hello @drego85, Thanks for those links. Dotz is one of our customers. However their security team wasn't aware that their business purchased our solution and thus reported dotz-dev.mirakl.net subdomain, which is one of their development environment.

Mirakl service is unlikely to host malicious subdomains as we have a pretty standardized solution where we host environments for our customers, using their branding (since they are our customers). The report performed by DotzBr is a false positive.

drego85 commented 1 year ago

Ok Alexis, thanks for the clarification!

I report this discussion to PhishTank so they can remove the domain from their list.

AlexisCadoret commented 1 year ago

Thanks a lot !

hagezi commented 1 year ago

Thanks @AlexisCadoret and @drego85, the domains will be removed from my lists.

ping @notracking

notracking commented 1 year ago

Thanks! Added to the whitelist, changes will be visible after the next auto update.