Awesome
Phishing
Central Repository for Adding or Removing Domains / Links from the Phishing.Database project
Toc
<!-- TOC --> <!-- TOC -->Committing Phishing records
DNS systems can operate on the domain level (everything between the protocol and the first /) while IE Squid-proxy or uBlock Origin can operate on both sides of the slashes and protocol independently.
Add Phishing Domains
File | Contents |
---|---|
add-domain | This list are matching a records 1 to 1 or this domain only (hosts file style RFC:952 and RFC:953 |
add-wildcard-domain | This domain and all it's subdomains should be added. This means if an entire domain is being used for phishing i.e. phishing.example.com , then add it to the domain list (add-domain). If the phishing threat resides inside a subfolder of the domain i.e. /sub/oath/phishing-script/payload.php then add it to the url list (add-link). |
include the domain name only (no http / https) and no path (/something)
Add Phishing Urls / Links
To add either a domain, subdomain or a number of URI's to the project, you should be understanding a bit about how it is working.
File | Contents |
---|---|
add-link | this URI, and only this URI |
Add phishing by IP
File | Contents |
---|---|
IP-addr.cidr.in-addr.arpa | This is a list for blocking phishing by IP address in CIDR notated in-arpa style (rfc:5737) |
IP-addr.cidr.list | This is a list for blocking phishing by IP address in CIDR notation style (rfc:5737) |
IP-addr.in-addr.arpa | This is a list for blocking phishing by IP address in in-arpa style (rfc:5737) |
IP-addr.list | This is a list for blocking phishing by IP address in (strait forward) style (rfc:5737) |
False Positives
To be able to keep the whitelist as precise as possible, the Phishing DB are using 3 types of list.
File | Contents |
---|---|
The first list | Matching 1 on 1 . This means, should we only whitelist IE. subdomain1.example.com but not subdomain2.example.com , then this is the list. |
The other list | (ALL) is wildcard based. This means every subdomains from example.net and lover level such as subdomain1.example.net & subdomain2.example.net . This list also accepts full regex. Except from ending $ and \\ as this is done by automatically. |
The third list | (RZD) will probably never be used... Read the full doc here before attempting to making changes to it: https://github.com/Ultimate-Hosts-Blacklist/whitelist/blob/script/README.rst#rzd |
For better understanding of these specialities, you are welcome to read the tools Readme.