The Phishing.Database project is a comprehensive and regularly updated repository designed to help the community identify and mitigate phishing threats.
We believe that threat intelligence on phishing, malware, and ransomware should always remain free and open-source. By openly sharing data about criminal activities, we aim to protect the internet users, help organizations mitigate threats, and contribute to a safer online environment for everyone by contributing to the global effort to identify and shutdown malicious sites. Unlike proprietary systems that sell access to phishing data, we focus and on transparency and collaboration for the greater good.
Join us in our mission to keep threat intelligence free and open-source by contributing to the project, sharing the data, and supporting the maintainers.
Repository | Become a Sponsor |
---|---|
We're seeking sponsors to help us grow and strengthen our infrastructure. By sponsoring this project, you'll have the opportunity to showcase your logo and link here, gaining visibility and supporting an open-source initiative that benefits the community. 📧 Contact us at contact@phish.co.za to explore partnership opportunities. |
|
Help keep this project's infrastructure thriving by supporting the maintainers! | |
Support @mitchellkrogza on Ko-fi! Sponsor @funilrys via GitHub Sponsors! |
💥 Latest Threats @ 15:32:15 |
💥 Active Threats Saturday 2024-12-28 |
Total Links Discovered Today |
---|---|---|
589 |
Total Phishing Domains Captured: 778442 << (FILE SIZE: 6.5M tar.gz)
Total Phishing Links Captured: 1369033 << (FILE SIZE: 28M tar.gz)
The repository undergoes a history reset every 24 hours, which will break your setup if you rely on cloning. breaking changes.
To ensure uninterrupted access to the data, please download the latest lists directly from the provided links below.
The links below will direct you to the latest data files for this project.
The checksums for the files are available in the checksums repository.
File Name | Official Source | Checksums |
---|---|---|
ALL-phishing-domains.lst | Download | md5, sha1, sha256, sha512 |
ALL-phishing-links.lst | Download | md5, sha1, sha256, sha512 |
ALL-phishing-domains.tar.gz | Download | md5, sha1, sha256, sha512 |
ALL-phishing-links.tar.gz | Download | md5, sha1, sha256, sha512 |
phishing-domains-ACTIVE.txt | Download | md5, sha1, sha256, sha512 |
phishing-domains-INACTIVE.txt | Download | md5, sha1, sha256, sha512 |
phishing-domains-INVALID.txt | Download | md5, sha1, sha256, sha512 |
phishing-IPs-ACTIVE.txt | Download | md5, sha1, sha256, sha512 |
phishing-IPs-INACTIVE.txt | Download | md5, sha1, sha256, sha512 |
phishing-IPs-INVALID.txt | Download | md5, sha1, sha256, sha512 |
phishing-links-ACTIVE.txt | Download | md5, sha1, sha256, sha512 |
phishing-links-INACTIVE.txt | Download | md5, sha1, sha256, sha512 |
The files are updated regularly.
The testing of the domains and URLs is automated using the awesome PyFunceble Testing Suite written by Nissar Chababy (AKA @funilrys). Over many years in development, this tool has become a robust and reliable source of domain and URL status. We use it in an automated environment which actively retests domains and URLs on a regular basis.
We define an active status as a domain or URL that is currently active and serving phishing content. The status is determined by the HTTP status code returned by the server.
- 100, 101, 200, 201, 202, 203, 204, 205, 206
- 000, 300, 301, 302, 303, 304, 305, 307, 403, 405, 406, 407, 408, 411, 413, 417, 500, 501, 502, 503, 504, 505
Any of the status codes above are considered active until further investigation.
- 400, 402, 403, 404, 409, 410, 412, 414, 415, 416
If your domain has been listed incorrectly due to hacking or other reasons, file a False Positive Report with proof of removal from other platforms (e.g., Phishtank, Openphish) to expedite processing.
Contributions are welcome and encouraged.
To contribute, please submit follow the matrix below to identify the correct file and repository to submit your data.
Action | Data Type | File to Edit |
---|---|---|
➕ Add | Domain | add-domain |
➕ Add | Domain (wildcard) | add-wildcard-domain |
➕ Add | Link | add-link |
➕ Add | IP | IP-addr.list |
➕ Add | IP (cidr) | IP-addr.cidr.list |
❌ Remove | False Positive Domain | falsepositive.list |
To report an issue or a false positive, please submit a new issue.
-
Mitchell Krog (@mitchellkrogza) - Support @mitchellkrogza on Ko-fi!
-
Nissar Chababy (@funilrys) - Sponsor @funilrys via GitHub Sponsors!
MIT License
Copyright (c) 2018-2024 Mitchell Krog - @mitchellkrogza
Copyright (c) 2018-2024 Nissar Chababy - @funilrys
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.