44 lines
1.7 KiB
Markdown
44 lines
1.7 KiB
Markdown
# URLhaus Malicious URL Blocklist
|
|
|
|
This [uBO](https://github.com/gorhill/uBlock/)-compatible filter list is based on the database dump (CSV) of Abuse.sh [URLhaus](https://urlhaus.abuse.ch/).
|
|
|
|
## Subscribe
|
|
|
|
Filter is updated once a day.
|
|
|
|
Import the following URL into uBO to subcribe:
|
|
|
|
https://gitlab.com/curben/urlhaus/raw/master/urlhaus-filter.txt
|
|
|
|
## Description
|
|
|
|
Following URL categories are removed from the database dump:
|
|
|
|
- Offline URL
|
|
- Well-known host ([top-1m.txt](top-1m.txt)) or false positives ([exclude.txt](exclude.txt))
|
|
|
|
Database dump is saved as [URLhaus.csv](URLhaus.csv), processed by [script.sh](script.sh) and output as [urlhaus-filter.txt](urlhaus-filter.txt).
|
|
|
|
## Note
|
|
|
|
Please report any false positive.
|
|
|
|
This filter **only** accepts malware URLs from [URLhaus](https://urlhaus.abuse.ch/).
|
|
|
|
Please report malware URL to the upstream maintainer through https://urlhaus.abuse.ch/api/#submit.
|
|
|
|
This repo is not endorsed by Abuse.sh.
|
|
|
|
## FAQ
|
|
|
|
- Can you add this *very-bad-url.com* to the filter?
|
|
+ No, please report to the [upstream](https://urlhaus.abuse.ch/api/#submit).
|
|
|
|
- Why don't you use the URLhaus "Plain-Text URL List"?
|
|
+ It doesn't show the status (online/offline) of a URL.
|
|
|
|
- Why do you need to clone the repo again in your CI? I thought CI already fetch the repo by default?
|
|
+ GitLab Runner clone/fetch the repo using HTTPS method by default ([log](https://gitlab.com/curben/urlhaus/-/jobs/105979394)). This method requires deploy *token* which is *read-only* (cannot push).
|
|
+ Deploy *key* has write access but cannot be used with the HTTPS method, hence, the workaround to clone using SSH.
|
|
+ See issue [#20567](https://gitlab.com/gitlab-org/gitlab-ce/issues/20567) and [#20845](https://gitlab.com/gitlab-org/gitlab-ce/issues/20845).
|