This WILL BREAK daily due to a complete reset of the repository history every 24 hours. Please rely ONLY on pulling individual list files or the full list of domains in tar.gz format and links in tar.gz format (updated hourly) using wget or curl.
SPONSORS | |
---|---|
REPO | BECOME A SPONSOR |
---|---|
Your logo and link to your domain will appear here if you become a sponsor. Simply email me on mitchellkrog@gmail.com if you would like to sponsor this project as South Africa is not supported yet under the Github sponsor program. | |
Help Support Me at https://ko-fi.com/mitchellkrog |
💥 Latest Threats @ 02:31:57 |
💥 Active Threats Wednesday 2023-03-08 |
Total Links Discovered Today |
---|---|---|
30945 |
Total Phishing Domains Captured: 495413 << (FILE SIZE: 4.2M tar.gz)
Total Phishing Links Captured: 892699 << (FILE SIZE: 19M tar.gz)
A Testing Repository for Phishing Domains, Web Sites and Threats. Above are results of Domains that have been tested to be Active, Inactive or Invalid. These Lists update hourly. This is just one of a number of extensive projects dealing with testing the status of harmful domain names and web sites. We test sources of Phishing attacks to keep track of how many of the domain names used in Phishing attacks are still active and functioning. We sort all domains from all sources into one list, removing any duplicates so that we have a clean list of domains to work with.
To add domains to this database send a Pull Request on the file https://github.com/mitchellkrogza/phishing/blob/main/add-domain
- include the domain name only (no http / https)
To add links / urls to this database send a Pull Request on the file https://github.com/mitchellkrogza/phishing/blob/main/add-link
- Include the full link
We define ACTIVE domains or links as any of the HTTP Status Codes Below. All the following HTTP status codes we regard as ACTIVE or still POTENTIALLY ACTIVE.
- ACTIVE HTTP Codes
- 100
- 101
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- POTENTIALLY ACTIVE HTTP Codes
- 000
- 300
- 301
- 302
- 303
- 304
- 305
- 307
- 403
- 405
- 406
- 407
- 408
- 411
- 413
- 417
- 500
- 501
- 502
- 503
- 504
- 505
- POTENTIALLY INACTIVE HTTP Codes
- 400
- 402
- 403
- 404
- 409
- 410
- 412
- 414
- 415
- 416
Criminals planting Phishing links often resort to a variety of techniques like returning a variety of HTTP failure codes to trick people into thinking the link is gone but in reality if you test a bit later it is often back.
Our System also tests and re-tests anything flagged as INACTIVE or INVALID.
We make use of the awesome PyFunceble Testing Suite written by Nissar Chababy. Over many years in development this testing tool really provides us with a reliable source of active and inactive domains and through regular testing even domains which are inactive and may become active again are automatically moved back to the active list. Read More about PyFunceble
If you have a source list of phishing domains or links please consider contributing them to this project for testing? Simply send a PR adding your input source details and we will add the source.
If your domain was listed as being involved in Phishing due to your site being hacked or some other reason, please file a False Positive report it unfortunately happens to many web site owners.
Make sure to include links in your report to where else your domain / web site was removed and whitelisted ie. Phishtank / Openphish or it might not be removed here at all.
Lots of Phishing, Malware and Ransomware links are planted onto very reputable services. We automatically remove Whitelisted Domains from our list of published Phishing Domains.
We do NOT however remove these and enforce an Anti-Whitelist from our phishing links/urls lists as these lists help other spam and cybersecurity services to discover new threats and get them taken down. Please send a PR to the Anti-Whitelist file to have something important re-included into the Phishing Links lists. The Anti-Whitelist only filters through link (url) lists and not domain lists.
We are firm believers that threat intelligence on Phishing, Malware and Ransomware should always remain free and open source. Open disclosure of any criminal activity such as Phishing, Malware and Ransomware is not only vital to the protection of every internet user and corporation but also vital to the gathering of intelligence in order to shut down these criminal sites. Selling access to phishing data under the guises of "protection" is somewhat questionable.
MIT License
Copyright (c) 2018-2023 Mitchell Krog - github.com/mitchellkrogza
Copyright (c) 2018-2023 Nissar Chababy - github.com/funilrys
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.