Go to file
curben 4d5f8fb87d
fix(status-badge): set git branch
2020-04-01 10:14:30 +01:00
.gitlab Success pipeline 2019-10-01 12:12:35 +00:00
src Filter updated: Sun, 29 Mar 2020 00:09:05 UTC 2020-03-29 00:09:06 +00:00
utils build: safer shell script 2020-02-08 03:32:36 +00:00
.gitignore chore(gitignore): remove unnecessary regex 2020-03-30 03:34:58 +01:00
.gitlab-ci.yml fix(status-badge): set git branch 2020-04-01 10:14:30 +01:00
LICENSE.md Initial commit 2018-10-09 16:48:46 +10:30
README.md docs: add dnsmasq-compatible blocklist 2020-03-30 04:20:32 +01:00
script.sh feat: add dnsmasq-compatible blocklist 2020-03-30 04:20:07 +01:00
urlhaus-filter-dnsmasq-online.conf chore: add dnsmasq-compatible blocklist 2020-03-30 04:20:32 +01:00
urlhaus-filter-dnsmasq.conf chore: add dnsmasq-compatible blocklist 2020-03-30 04:20:32 +01:00
urlhaus-filter-hosts-online.txt Filter updated: Sun, 29 Mar 2020 00:09:05 UTC 2020-03-29 00:09:06 +00:00
urlhaus-filter-hosts.txt Filter updated: Sun, 29 Mar 2020 00:09:05 UTC 2020-03-29 00:09:06 +00:00
urlhaus-filter-online.txt Filter updated: Sun, 29 Mar 2020 00:09:05 UTC 2020-03-29 00:09:06 +00:00
urlhaus-filter.txt Filter updated: Sun, 29 Mar 2020 00:09:05 UTC 2020-03-29 00:09:06 +00:00

README.md

URLhaus Malicious URL Blocklist

A block list of malicious URLs that are being used for malware distribution. This uBO-compatible filter list is based on the Database dump (CSV) of Abuse.ch URLhaus.

Subscribe

Filter is updated twice a day.

Import the following URL into uBO to subscribe:

Mirrors

Lite version (online urls only):
Mirrors

Note: Lite version is ~95% smaller by excluding offline urls. The status of urls is determined by the upstream Abuse.ch. However, the test is not 100% accurate and some malicious urls that are otherwise accessible may be missed. If bandwidth (1.5MB/day) is not a constraint, I recommend the regular version.

PS: While regular version contains roughly 65K filters, uBO can easily handle half a million filters.

Compatibility

This filter is only tested with uBO. FilterLists shows it is compatible with the following software:

Host/DNS-based software uses host-based blocklist instead, see below section.

Host-based blocklist

If you're using host-based blockers like one of the following (but not limited to):

The filters listed in Subscribe section are not compatible. Instead, use the following blocklist:

Mirrors

Lite version (online hosts only):
Mirrors

Note that host-based software does not block malware URLs hosted by well-known domains (e.g. amazonaws.com, docs.google.com, dropbox.com).

Dnsmasq

Dnsmasq-compatible blocklist is also available.

Install

mkdir -p ~/.config/urlhaus-filter/
wget https://gitlab.com/curben/urlhaus-filter/raw/master/urlhaus-filter-dnsmasq.conf -O ~/.config/urlhaus-filter/urlhaus-filter-dnsmasq.conf
printf "\nconf-file=$HOME/.config/urlhaus-filter/urlhaus-filter-dnsmasq.conf\n" >> /etc/dnsmasq.conf

Update

wget https://gitlab.com/curben/urlhaus-filter/raw/master/urlhaus-filter-dnsmasq.conf -O ~/.config/urlhaus-filter/urlhaus-filter-dnsmasq.conf
Mirrors

Lite version (online urls only); filename is different, adjust the installation and update instructions appropriately:
Mirrors

Note that it is not possible for Dnsmasq to block malicious IP address.

Issues

Report any false positive by creating an issue or merge request

This filter only accepts malware URLs from URLhaus.

Please report new malware URL to the upstream maintainer through https://urlhaus.abuse.ch/api/#submit.

This repo is not endorsed by Abuse.ch.

Cloning

Since the filter is updated frequently, cloning the repo would become slower over time as the revision grows.

Use shallow clone to get the recent revisions only. Getting the last five revisions should be sufficient for a valid MR.

git clone --depth 5 https://gitlab.com/curben/urlhaus-filter.git

License

Creative Commons Zero v1.0 Universal

FAQ

See wiki.