2138507e75 | ||
---|---|---|
.gitlab | ||
dist | ||
src | ||
utils | ||
.gitignore | ||
.gitlab-ci.yml | ||
LICENSE.md | ||
README.md |
README.md
Phishing URL Blocklist
A blocklist of phishing websites, based on the PhishTank list. Blocklist is updated twice a day.
There are multiple formats available, refer to the appropriate section according to the program used:
- uBlock Origin (uBO) -> URL-based section (recommended)
- Pi-hole -> Domain-based or Hosts-based section
- Hosts file -> Hosts-based section
- Dnsmasq -> Dnsmasq section
- BIND -> BIND section
- Unbound -> Unbound section
Not sure which format to choose? See Compatibility page.
URL-based
Import the following URL into uBO to subscribe:
Mirrors
- https://cdn.statically.io/gl/curben/phishing-filter/raw/master/dist/phishing-filter.txt
- https://glcdn.githack.com/curben/phishing-filter/raw/master/dist/phishing-filter.txt
- https://raw.githubusercontent.com/curbengh/phishing-filter/master/dist/phishing-filter.txt
- https://cdn.statically.io/gh/curbengh/phishing-filter/master/dist/phishing-filter.txt
- https://gitcdn.xyz/repo/curbengh/phishing-filter/master/dist/phishing-filter.txt
- https://cdn.jsdelivr.net/gh/curbengh/phishing-filter/dist/phishing-filter.txt
- https://repo.or.cz/phishing-filter.git/blob_plain/refs/heads/master:/dist/phishing-filter.txt
Domain-based
This blocklist includes domains and IP addresses.
Mirrors
- https://cdn.statically.io/gl/curben/phishing-filter/raw/master/dist/phishing-filter-domains.txt
- https://glcdn.githack.com/curben/phishing-filter/raw/master/dist/phishing-filter-domains.txt
- https://raw.githubusercontent.com/curbengh/phishing-filter/master/dist/phishing-filter-domains.txt
- https://cdn.statically.io/gh/curbengh/phishing-filter/master/dist/phishing-filter-domains.txt
- https://gitcdn.xyz/repo/curbengh/phishing-filter/master/dist/phishing-filter-domains.txt
- https://cdn.jsdelivr.net/gh/curbengh/phishing-filter/dist/phishing-filter-domains.txt
- https://repo.or.cz/phishing-filter.git/blob_plain/refs/heads/master:/dist/phishing-filter-domains.txt
Hosts-based
This blocklist includes domains only.
Mirrors
- https://cdn.statically.io/gl/curben/phishing-filter/raw/master/dist/phishing-filter-hosts.txt
- https://glcdn.githack.com/curben/phishing-filter/raw/master/dist/phishing-filter-hosts.txt
- https://raw.githubusercontent.com/curbengh/phishing-filter/master/dist/phishing-filter-hosts.txt
- https://cdn.statically.io/gh/curbengh/phishing-filter/master/dist/phishing-filter-hosts.txt
- https://gitcdn.xyz/repo/curbengh/phishing-filter/master/dist/phishing-filter-hosts.txt
- https://cdn.jsdelivr.net/gh/curbengh/phishing-filter/dist/phishing-filter-hosts.txt
- https://repo.or.cz/phishing-filter.git/blob_plain/refs/heads/master:/dist/phishing-filter-hosts.txt
Dnsmasq
This blocklist includes domains only.
Install
# Create a new folder to store the blocklist
mkdir -p /usr/local/etc/dnsmasq/
# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://gitlab.com/curben/phishing-filter/raw/master/dist/phishing-filter-dnsmasq.conf" -o "/usr/local/etc/dnsmasq/phishing-filter-dnsmasq.conf"\n' > /etc/cron.daily/phishing-filter
# cron job requires execution permission
chmod 755 /etc/cron.daily/phishing-filter
# Configure dnsmasq to use the blocklist
printf "\nconf-file=/usr/local/etc/dnsmasq/dist/phishing-filter-dnsmasq.conf\n" >> /etc/dnsmasq.conf
Mirrors
- https://cdn.statically.io/gl/curben/phishing-filter/raw/master/dist/phishing-filter-dnsmasq.conf
- https://glcdn.githack.com/curben/phishing-filter/raw/master/dist/phishing-filter-dnsmasq.conf
- https://raw.githubusercontent.com/curbengh/phishing-filter/master/dist/phishing-filter-dnsmasq.conf
- https://cdn.statically.io/gh/curbengh/phishing-filter/master/dist/phishing-filter-dnsmasq.conf
- https://gitcdn.xyz/repo/curbengh/phishing-filter/master/dist/phishing-filter-dnsmasq.conf
- https://cdn.jsdelivr.net/gh/curbengh/phishing-filter/dist/phishing-filter-dnsmasq.conf
- https://repo.or.cz/phishing-filter.git/blob_plain/refs/heads/master:/dist/phishing-filter-dnsmasq.conf
BIND
This blocklist includes domains only.
Install
# Create a new folder to store the blocklist
mkdir -p /usr/local/etc/bind/
# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://gitlab.com/curben/phishing-filter/raw/master/dist/phishing-filter-bind.conf" -o "/usr/local/etc/bind/phishing-filter-bind.conf"\n' > /etc/cron.daily/phishing-filter
# cron job requires execution permission
chmod 755 /etc/cron.daily/phishing-filter
# Configure BIND to use the blocklist
printf '\ninclude "/usr/local/etc/bind/dist/phishing-filter-bind.conf";\n' >> /etc/bind/named.conf
Add this to "/etc/bind/null.zone.file" (skip this step if the file already exists):
$TTL 86400 ; one day
@ IN SOA ns.nullzone.loc. ns.nullzone.loc. (
2017102203
28800
7200
864000
86400 )
NS ns.nullzone.loc.
A 0.0.0.0
@ IN A 0.0.0.0
* IN A 0.0.0.0
Zone file is derived from here.
Mirrors
- https://cdn.statically.io/gl/curben/phishing-filter/raw/master/dist/phishing-filter-bind.conf
- https://glcdn.githack.com/curben/phishing-filter/raw/master/dist/phishing-filter-bind.conf
- https://raw.githubusercontent.com/curbengh/phishing-filter/master/dist/phishing-filter-bind.conf
- https://cdn.statically.io/gh/curbengh/phishing-filter/master/dist/phishing-filter-bind.conf
- https://gitcdn.xyz/repo/curbengh/phishing-filter/master/dist/phishing-filter-bind.conf
- https://cdn.jsdelivr.net/gh/curbengh/phishing-filter/dist/phishing-filter-bind.conf
- https://repo.or.cz/phishing-filter.git/blob_plain/refs/heads/master:/dist/phishing-filter-bind.conf
Unbound
This blocklist includes domains only.
Install
# Create a new folder to store the blocklist
mkdir -p /usr/local/etc/unbound/
# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://gitlab.com/curben/phishing-filter/raw/master/dist/phishing-filter-unbound.conf" -o "/usr/local/etc/unbound/phishing-filter-unbound.conf"\n' > /etc/cron.daily/phishing-filter
# cron job requires execution permission
chmod 755 /etc/cron.daily/phishing-filter
# Configure Unbound to use the blocklist
printf '\n include: "/usr/local/etc/unbound/dist/phishing-filter-unbound.conf"\n' >> /etc/unbound/unbound.conf
Mirrors
- https://cdn.statically.io/gl/curben/phishing-filter/raw/master/dist/phishing-filter-unbound.conf
- https://glcdn.githack.com/curben/phishing-filter/raw/master/dist/phishing-filter-unbound.conf
- https://raw.githubusercontent.com/curbengh/phishing-filter/master/dist/phishing-filter-unbound.conf
- https://cdn.statically.io/gh/curbengh/phishing-filter/master/dist/phishing-filter-unbound.conf
- https://gitcdn.xyz/repo/curbengh/phishing-filter/master/dist/phishing-filter-unbound.conf
- https://cdn.jsdelivr.net/gh/curbengh/phishing-filter/dist/phishing-filter-unbound.conf
- https://repo.or.cz/phishing-filter.git/blob_plain/refs/heads/master:/dist/phishing-filter-unbound.conf
Issues
This blocklist operates by blocking the whole website, instead of specific webpages; exceptions are made on popular websites (e.g. https://docs.google.com/
), in which webpages are specified instead (e.g. https://docs.google.com/phishing-page
). Phishing webpages are only listed in URL-based filter, popular websites are excluded from other filters.
Popular websites are as listed in the Umbrella Popularity List (top 1M domains + subdomains) and Tranco List (top 1M domains) and this custom list.
If you wish to exclude certain website(s) that you believe is sufficiently well-known, please create an issue or merge request.
This filter only accepts new phishing URLs from PhishTank.
Please report new phishing URL to the upstream maintainer through https://www.phishtank.com/add_web_phish.php.
Cloning
Since the filter is updated frequently, cloning the repo would become slower over time as the revision grows.
Use shallow clone to get the recent revisions only. Getting the last five revisions should be sufficient for a valid MR.
git clone --depth 5 https://gitlab.com/curben/phishing-filter.git
License
Creative Commons Zero v1.0 Universal
Umbrella Popularity List: Available free of charge by Cisco Umbrella
PhishTank and Cisco are either trademarks or registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.