Go to file
curben 4d98b65acb Add umbrella top 1m
https://umbrella.cisco.com/blog/2016/12/14/cisco-umbrella-1-million/
2018-10-10 17:00:47 +10:30
.gitlab-ci.yml Add umbrella top 1m 2018-10-10 17:00:47 +10:30
LICENSE.md Initial commit 2018-10-09 16:48:46 +10:30
README.md Add umbrella top 1m 2018-10-10 17:00:47 +10:30
URLhaus.csv Initial commit 2018-10-09 16:48:46 +10:30
commit.sh Initial commit 2018-10-09 16:48:46 +10:30
exclude.txt Initial commit 2018-10-09 16:48:46 +10:30
script.sh Add umbrella top 1m 2018-10-10 17:00:47 +10:30
top-1m.txt Add umbrella top 1m 2018-10-10 17:00:47 +10:30
umbrella-top-1m.sh Add umbrella top 1m 2018-10-10 17:00:47 +10:30
urlhaus-filter.txt Initial commit 2018-10-09 16:48:46 +10:30

README.md

URLhaus Malicious URL Blocklist

This uBO-compatible filter list is based on the database dump (CSV) of Abuse.sh URLhaus.

Subscribe

Filter is updated once a day.

Import the following URL into uBO to subcribe:

https://gitlab.com/curben/urlhaus/raw/master/urlhaus-filter.txt

Description

Following URL categories are removed from the database dump:

Database dump is saved as URLhaus.csv, processed by script.sh and output as urlhaus-filter.txt.

Note

Please report any false positive.

This filter only accepts malware URLs from URLhaus.

Please report malware URL to the upstream maintainer through https://urlhaus.abuse.ch/api/#submit.

This repo is not endorsed by Abuse.sh.

FAQ

  • Can you add this very-bad-url.com to the filter?

  • Why don't you use the URLhaus "Plain-Text URL List"?

    • It doesn't show the status (online/offline) of a URL.
  • Why do you need to clone the repo again in your CI? I thought CI already fetch the repo by default?

    • GitLab Runner clone/fetch the repo using HTTPS method by default (log). This method requires deploy token which is read-only (cannot push).
    • Deploy key has write access but cannot be used with the HTTPS method, hence, the workaround to clone using SSH.
    • See issue #20567 and #20845.