search

mitchellkrogza / Phishing.Database

Phishing Domains, urls websites and threats database. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active.
MIT License
1.12k stars 257 forks source link

[FALSE-POSITIVE] `hotels.com` #311

Closed PeterDaveHello closed 2 years ago

PeterDaveHello commented 2 years ago

Domains or links

More Information

Yet another famous website.

Hotels.com is a website for booking hotel rooms online and by telephone. The company has 85 websites in 34 languages, and lists over 325,000 hotels in approximately 19,000 locations. Its inventory includes hotels and B&Bs, and some condos and other types of commercial lodging.

From Wikipedia

I checked this domain with the following secure DNS below, none of them blocked it:

Have you requested removal from other sources?

Didn't see it blocked by other sources.

PeterDaveHello commented 2 years ago

Hi @mitchellkrogza @funilrys, not sure if you guys have a minute to take a look at it? Thank you!

spirillen commented 2 years ago

Hey @PeterDaveHello

I checked this domain with the following secure DNS below, none of them blocked it:

Non of these are as such blocking DNS services, and should therefore not be considered as a source for validation. You should instead use a collection of blacklists as lookup source. I do have 1 of such thing here: https://github.com/Import-External-Sources/hosts-sources you use it by updating your local copy and the run git grep '$domain' inside the repo to see who might block the domain and in rare cases you can also guess why by the file name, but don't trust them to much and most of them have a lot of drop/garbage categories blacklist is among the worst here.

Next you can do the same with mypdns.org (mine as well) from the matrix repo here you can trust the folder naming as cat.

PeterDaveHello commented 2 years ago

Hi @spirillen

Non of these are as such blocking DNS services, and should therefore not be considered as a source for validation.

That's a little different from what I know, they all provide the function to block threat hosts(just may not be the default IP address or DNS-over-HTTPS endpoint), you can try some known blocked domain like ftx.cool to verify that they'll block domains. Instead of validation, I think it's more like cross-reference with different sources.

spirillen commented 2 years ago

What I mean they are blocking some, as they weight functionality over privacy and security

ie: can you access the biggest SpyWare, Adware, Phishing domains like fakebook,adsense, dubleclick and google??

And DNS-over-http have been network hacking thanks to FireFox...

The keyword is, some, and not efficiently blocking badware.

PeterDaveHello commented 2 years ago

@spirillen got your point though, this project seems to aim phishing hosts, not like those tech giants spy things ;)