Go to file

curben via GitLab Runner e77dcdd815 Filter updated: Sat, 13 Oct 2018 12:26:11 UTC		2018-10-13 12:26:12 +00:00
src	Filter updated: Sat, 13 Oct 2018 12:26:11 UTC	2018-10-13 12:26:12 +00:00
utils	Update repo link	2018-10-12 11:39:37 +10:30
.gitlab-ci.yml	Fix path	2018-10-11 11:12:35 +10:30
LICENSE.md	Initial commit	2018-10-09 16:48:46 +10:30
README.md	Clarify on wget -O top-1m.csv.zip	2018-10-13 14:16:30 +10:30
urlhaus-filter.txt	Filter updated: Sat, 13 Oct 2018 12:26:11 UTC	2018-10-13 12:26:12 +00:00

URLhaus Malicious URL Blocklist

This uBO-compatible filter list is based on the database dump (CSV) of Abuse.sh URLhaus.

Filter is updated twice a day.

Import the following URL into uBO to subcribe:

Description

Following URL categories are removed from the database dump:

Database dump is saved as URLhaus.csv, get processed by script.sh and output as urlhaus-filter.txt.

Please report any false positive.

This filter only accepts malware URLs from URLhaus.

Please report malware URL to the upstream maintainer through https://urlhaus.abuse.ch/api/#submit.

This repo is not endorsed by Abuse.sh.

Can you add this very-bad-url.com to the filter?
- No, please report to the upstream.
Why don't you use the URLhaus "Plain-Text URL List"?
- It doesn't show the status (online/offline) of a URL.
Why don't you wget top-1m.csv.zip and output to stdout?
- If wget fails, top-1m.txt will be empty. Output as file avoids that.
Why do you need to clone the repo again in your CI? I thought CI already fetch the repo by default?
- GitLab Runner clone/fetch the repo using HTTPS method by default (log). This method requires deploy token which is read-only (cannot push).
- Deploy key has write access but cannot be used with the HTTPS method, hence, the workaround to clone using SSH.
- See issue #20567 and #20845.