Go to file
curben 2bfb3a7495 Fix filter subscription link 2018-10-09 17:08:22 +10:30
.gitlab-ci.yml Initial commit 2018-10-09 16:48:46 +10:30
LICENSE.md Initial commit 2018-10-09 16:48:46 +10:30
README.md Fix filter subscription link 2018-10-09 17:08:22 +10:30
URLhaus.csv Initial commit 2018-10-09 16:48:46 +10:30
commit.sh Initial commit 2018-10-09 16:48:46 +10:30
exclude.txt Initial commit 2018-10-09 16:48:46 +10:30
script.sh Initial commit 2018-10-09 16:48:46 +10:30
urlhaus-filter.txt Initial commit 2018-10-09 16:48:46 +10:30

README.md

URLhaus Malicious URL Blocklist

This uBO-compatible filter list is based on the database dump (CSV) of Abuse.sh URLhaus.

Subscribe

Filter is updated once a day.

Click the following link to subscribe to this filter:

abuse.ch URLhaus Malicious URL Blocklist

Or import the following URL:

https://gitlab.com/curben/urlhaus/raw/master/urlhaus-filter.txt

Description

Following URL categories are removed from the database dump:

  • Offline URL
  • Well-known host or false positives (see exclude.txt)

Database dump is saved as URLhaus.csv, processed by script.sh and output as urlhaus-filter.txt.

Note

Please report any false positive, especially if the domain is one of the Alexa 10M.

This filter only accepts malware URLs from URLhaus.

Please report malware URL to the upstream maintainer through https://urlhaus.abuse.ch/api/#submit.

This repo is not endorsed by Abuse.sh.

FAQ

  • Can you add this very-bad-url.com to the filter?

  • Why do you need to clone the repo again in your CI?

    • GitLab Runner clone/fetch the repo using HTTPS method by default (log). This method requires deploy token which is read-only (cannot push).
    • Deploy key has write access but cannot be used with the HTTPS method, hence, the workaround to clone using SSH.
    • See issue #20567 and #20845.