PHISHING Button on Computer Keyboard

Phishing Domain Database

Phishing Domains, urls websites and threats database. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active.


NOTICE: Do Not Clone the repository and rely on Pulling the latest info !!!

This WILL BREAK daily due to a complete reset of the repository history every 24 hours. Please rely ONLY on pulling individual list files or the full list of domains in tar.gz format and links in tar.gz format (updated hourly) using wget or curl.

Version: V.2021-09-18.11

💥 Latest Threats
@ 11:36:16
💥 Active Threats
Saturday 2021-09-18
Total Links
Discovered Today
⚠️ 8⚠️ 355514

Total Phishing Domains Captured: 364833 << (FILE SIZE: 3.0M tar.gz)

Total Phishing Links Captured: 730154 << (FILE SIZE: 15M tar.gz)


Purpose of this repo?

A Testing Repository for Phishing Domains, Web Sites and Threats. Above are results of Domains that have been tested to be Active, Inactive or Invalid. These Lists update hourly. This is just one of a number of extensive projects dealing with testing the status of harmful domain names and web sites. We test sources of Phishing attacks to keep track of how many of the domain names used in Phishing attacks are still active and functioning. We sort all domains from all sources into one list, removing any duplicates so that we have a clean list of domains to work with.

Additions

Add Phishing Domains

To add domains to this database send a Pull Request on the file

https://github.com/mitchellkrogza/phishing/blob/main/add-domain
  • include the domain name only (no http / https)

Add Phishing Urls / Links

To add links / urls to this database send a Pull Request on the file

https://github.com/mitchellkrogza/phishing/blob/main/add-link
  • Include the full link

Do Not Make Pull Requests for Additions in this Repo !!!

Please Send PR’s to above files

PR >

https://github.com/mitchellkrogza/phishing

Define an Active Status

We define ACTIVE domains or links as any of the HTTP Status Codes Below. All the following HTTP status codes we regard as ACTIVE or still POTENTIALLY ACTIVE.

  • ACTIVE HTTP Codes
- 100
- 101
- 200
- 201
- 202
- 203
- 204
- 205
- 206
  • POTENTIALLY ACTIVE HTTP Codes
- 000
- 300
- 301
- 302
- 303
- 304
- 305
- 307
- 403
- 405
- 406
- 407
- 408
- 411
- 413
- 417
- 500
- 501
- 502
- 503
- 504
- 505
  • POTENTIALLY INACTIVE HTTP Codes
- 400
- 402
- 403
- 404
- 409
- 410
- 412
- 414
- 415
- 416

Criminals planting Phishing links often resort to a variety of techniques like returning a variety of HTTP failure codes to trick people into thinking the link is gone but in reality if you test a bit later it is often back.

Our System also tests and re-tests anything flagged as INACTIVE or INVALID.


How do you test?

We make use of the awesome PyFunceble Testing Suite written by Nissar Chababy. Over 2 years in development this testing tool really provides us with a reliable source of active and inactive domains and through regular testing even domains which are inactive and may become active again are automatically moved back to the active list. Read More about PyFunceble


Contributing

If you have a source list of phishing domains or links please consider contributing them to this project for testing? Simply send a PR adding your input source details and we will add the source.


Please Remove my Domain From This List !!

If your domain was listed as being involved in Phishing due to your site being hacked or some other reason, please file a False Positive report it unfortunately happens to many web site owners.

Make sure to include links in your report to where else your domain / web site was removed and whitelisted ie. Phishtank / Openphish or it might not be removed here at all.


Some Domains from Major reputable companies appear on these lists?

Lots of Phishing, Malware and Ransomware links are planted onto very reputable services. We automatically remove Whitelisted Domains from our list of published Phishing Domains.

We do NOT however remove these and enforce an Anti-Whitelist from our phishing links/urls lists as these lists help other spam and cybersecurity services to discover new threats and get them taken down. Please send a PR to the Anti-Whitelist file to have something important re-included into the Phishing Links lists. The Anti-Whitelist only filters through link (url) lists and not domain lists.


Keep Threat Intelligence Free and Open Source

We are firm believers that threat intelligence on Phishing, Malware and Ransomware should always remain free and open source. Open disclosure of any criminal activity such as Phishing, Malware and Ransomware is not only vital to the protection of every internet user and corporation but also vital to the gathering of intelligence in order to shut down these criminal sites. Selling access to phishing data under the guises of “protection” is somewhat questionable.