Home

Awesome

Phishing

Central Repository for Adding or Removing Domains / Links from the Phishing.Database project

Toc

<!-- TOC --> <!-- TOC -->

Committing Phishing records

DNS systems can operate on the domain level (everything between the protocol and the first /) while IE Squid-proxy or uBlock Origin can operate on both sides of the slashes and protocol independently.

Add Phishing Domains

FileContents
add-domainThis list are matching a records 1 to 1 or this domain only (hosts file style RFC:952 and RFC:953
add-wildcard-domainThis domain and all it's subdomains should be added. This means if an entire domain is being used for phishing i.e. phishing.example.com, then add it to the domain list (add-domain). If the phishing threat resides inside a subfolder of the domain i.e. /sub/oath/phishing-script/payload.php then add it to the url list (add-link).

include the domain name only (no http / https) and no path (/something)

Add Phishing Urls / Links

To add either a domain, subdomain or a number of URI's to the project, you should be understanding a bit about how it is working.

FileContents
add-linkthis URI, and only this URI

Add phishing by IP

FileContents
IP-addr.cidr.in-addr.arpaThis is a list for blocking phishing by IP address in CIDR notated in-arpa style (rfc:5737)
IP-addr.cidr.listThis is a list for blocking phishing by IP address in CIDR notation style (rfc:5737)
IP-addr.in-addr.arpaThis is a list for blocking phishing by IP address in in-arpa style (rfc:5737)
IP-addr.listThis is a list for blocking phishing by IP address in (strait forward) style (rfc:5737)

False Positives

To be able to keep the whitelist as precise as possible, the Phishing DB are using 3 types of list.

FileContents
The first listMatching 1 on 1. This means, should we only whitelist IE. subdomain1.example.com but not subdomain2.example.com, then this is the list.
The other list(ALL) is wildcard based. This means every subdomains from example.net and lover level such as subdomain1.example.net & subdomain2.example.net. This list also accepts full regex. Except from ending $ and \\ as this is done by automatically.
The third list(RZD) will probably never be used... Read the full doc here before attempting to making changes to it: https://github.com/Ultimate-Hosts-Blacklist/whitelist/blob/script/README.rst#rzd

For better understanding of these specialities, you are welcome to read the tools Readme.