Filter updated: Thu, 13 Jan 2022 00:11:23 +0000
[urlhaus-filter.git] / README.md
blob0531135f2a02e6c67f6499ef5c24640c0ad94576
1 # Malicious URL Blocklist
3 A blocklist of malicious websites that are being used for malware distribution, based on the **Database dump (CSV)** of Abuse.ch [URLhaus](https://urlhaus.abuse.ch/). Blocklist is updated twice a day.
5 There are multiple formats available, refer to the appropriate section according to the program used:
7 - uBlock Origin (uBO) -> [URL-based](#url-based) section (recommended)
8 - Pi-hole -> [Domain-based](#domain-based) or [Hosts-based](#hosts-based) section
9 - AdGuard Home -> [Domain-based (AdGuard Home)](#domain-based-adguard-home) or [Hosts-based](#hosts-based) section
10 - AdGuard (browser extension) -> [URL-based (AdGuard)](#url-based-adguard)
11 - Vivaldi -> [URL-based (Vivaldi)](#url-based-vivaldi)
12 - [Hosts](#hosts-based)
13 - [Dnsmasq](#dnsmasq)
14 - BIND -> BIND [zone](#bind) or [RPZ](#response-policy-zone)
15 - [Unbound](#unbound)
16 - [dnscrypt-proxy](#dnscrypt-proxy)
17 - Internet Explorer -> [Tracking Protection List (IE)](#tracking-protection-list-ie)
18 - [Snort2](#snort2)
19 - [Snort3](#snort3)
20 - [Suricata](#suricata)
22 Not sure which format to choose? See [Compatibility](https://gitlab.com/curben/urlhaus-filter/wikis/compatibility) page in the wiki.
24 Check out my other filters:
26 - [phishing-filter](https://gitlab.com/curben/phishing-filter)
27 - [pup-filter](https://gitlab.com/curben/pup-filter)
28 - [tracking-filter](https://gitlab.com/curben/tracking-filter)
30 ## URL-based
32 Import the following URL into uBO to subscribe (includes online and **offline** malicious websites):
34 - https://curben.gitlab.io/malware-filter/urlhaus-filter.txt
36 <details>
37 <summary>Mirrors</summary>
39 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter.txt
40 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter.txt
41 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter.txt
42 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter.txt
43 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter.txt
44 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter.txt
46 </details>
48 <br />
50 Lite version (**online** links only):
52 _enabled by default in uBO >=[1.28.2](https://github.com/gorhill/uBlock/releases/tag/1.28.2)_
54 - https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
56 <details>
57 <summary>Mirrors</summary>
59 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt
60 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-online.txt
61 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt
62 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt
63 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt
64 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt
66 </details>
68 **Note:** Lite version is 99% smaller by excluding offline urls. The status of urls is determined by the upstream Abuse.ch. However, the test is not 100% accurate and some malicious urls that are otherwise accessible may be missed. If bandwidth (9 MB/day) is not a constraint, I recommend the regular version; browser extensions may utilise [HTTP compression](https://developer.mozilla.org/en-US/docs/Web/HTTP/Compression) that can save 70% of bandwidth.
70 Regular version contains >260K filters, do note that uBO can [easily handle](https://github.com/uBlockOrigin/uBlock-issues/issues/338#issuecomment-452843669) 500K filters.
72 If you've installed the lite version but prefer to use the regular version, it's better to remove it beforehand. Having two versions at the same time won't cause any conflict issue, uBO can detect duplicate network filters and adjust accordingly, but it's a waste of your bandwidth.
74 **AdGuard Home** users should use [this blocklist](#domain-based-adguard-home).
76 ## URL-based (AdGuard)
78 Import the following URL into AdGuard browser extensions to subscribe (includes online and **offline** malicious websites):
80 - https://curben.gitlab.io/malware-filter/urlhaus-filter-ag.txt
82 <details>
83 <summary>Mirrors</summary>
85 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-ag.txt
86 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-ag.txt
87 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-ag.txt
88 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-ag.txt
89 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-ag.txt
90 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-ag.txt
92 </details>
94 <br />
96 Lite version (**online** links only):
98 - https://curben.gitlab.io/malware-filter/urlhaus-filter-ag-online.txt
100 <details>
101 <summary>Mirrors</summary>
103 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-ag-online.txt
104 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-ag-online.txt
105 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-ag-online.txt
106 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-ag-online.txt
107 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-ag-online.txt
108 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-ag-online.txt
110 </details>
112 ## URL-based (Vivaldi)
114 _Requires Vivaldi Desktop/Android 3.3+, blocking level must be at least "Block Trackers"_
116 Import the following URL into Vivaldi's **Tracker Blocking Sources** to subscribe (includes online and **offline** malicious websites):
118 - https://curben.gitlab.io/malware-filter/urlhaus-filter-vivaldi.txt
120 <details>
121 <summary>Mirrors</summary>
123 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-vivaldi.txt
124 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-vivaldi.txt
125 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-vivaldi.txt
126 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-vivaldi.txt
127 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-vivaldi.txt
128 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-vivaldi.txt
130 </details>
132 <br />
134 Lite version (**online** links only):
136 - https://curben.gitlab.io/malware-filter/urlhaus-filter-vivaldi-online.txt
138 <details>
139 <summary>Mirrors</summary>
141 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-vivaldi-online.txt
142 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-vivaldi-online.txt
143 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-vivaldi-online.txt
144 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-vivaldi-online.txt
145 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-vivaldi-online.txt
146 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-vivaldi-online.txt
148 </details>
150 ## Domain-based
152 This blocklist includes domains and IP addresses.
154 - https://curben.gitlab.io/malware-filter/urlhaus-filter-domains.txt
156 <details>
157 <summary>Mirrors</summary>
159 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-domains.txt
160 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-domains.txt
161 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-domains.txt
162 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-domains.txt
163 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-domains.txt
164 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-domains.txt
166 </details>
168 <br />
169 Lite version (online domains/IPs only):
171 - https://curben.gitlab.io/malware-filter/urlhaus-filter-domains-online.txt
173 <details>
174 <summary>Mirrors</summary>
176 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-domains-online.txt
177 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-domains-online.txt
178 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-domains-online.txt
179 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-domains-online.txt
180 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-domains-online.txt
181 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-domains-online.txt
183 </details>
185 ## Domain-based (AdGuard Home)
187 This AdGuard Home-compatible blocklist includes domains and IP addresses.
189 - https://curben.gitlab.io/malware-filter/urlhaus-filter-agh.txt
191 <details>
192 <summary>Mirrors</summary>
194 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-agh.txt
195 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-agh.txt
196 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-agh.txt
197 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-agh.txt
198 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-agh.txt
199 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-agh.txt
201 </details>
203 <br />
204 Lite version (online domains/IPs only):
206 - https://curben.gitlab.io/malware-filter/urlhaus-filter-agh-online.txt
208 <details>
209 <summary>Mirrors</summary>
211 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-agh-online.txt
212 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-agh-online.txt
213 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-agh-online.txt
214 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-agh-online.txt
215 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-agh-online.txt
216 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-agh-online.txt
218 </details>
220 ## Hosts-based
222 This blocklist includes domains only.
224 - https://curben.gitlab.io/malware-filter/urlhaus-filter-hosts.txt
226 <details>
227 <summary>Mirrors</summary>
229 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-hosts.txt
230 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-hosts.txt
231 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-hosts.txt
232 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-hosts.txt
233 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-hosts.txt
234 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-hosts.txt
236 </details>
238 <br />
239 Lite version (online domains only):
241 - https://curben.gitlab.io/malware-filter/urlhaus-filter-hosts-online.txt
243 <details>
244 <summary>Mirrors</summary>
246 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-hosts-online.txt
247 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-hosts-online.txt
248 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-hosts-online.txt
249 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-hosts-online.txt
250 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-hosts-online.txt
251 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-hosts-online.txt
253 </details>
255 ## Dnsmasq
257 This blocklist includes domains only.
259 ### Install
262 # Create a new folder to store the blocklist
263 mkdir -p /usr/local/etc/dnsmasq/
265 # Create a new cron job for daily update
266 printf '#!/bin/sh\ncurl -L "https://curben.gitlab.io/malware-filter/urlhaus-filter-dnsmasq.conf" -o "/usr/local/etc/dnsmasq/urlhaus-filter-dnsmasq.conf"\n' > /etc/cron.daily/urlhaus-filter
268 # cron job requires execution permission
269 chmod 755 /etc/cron.daily/urlhaus-filter
271 # Configure dnsmasq to use the blocklist
272 printf "\nconf-file=/usr/local/etc/dnsmasq/urlhaus-filter-dnsmasq.conf\n" >> /etc/dnsmasq.conf
275 - https://curben.gitlab.io/malware-filter/urlhaus-filter-dnsmasq.conf
277 <details>
278 <summary>Mirrors</summary>
280 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-dnsmasq.conf
281 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-dnsmasq.conf
282 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-dnsmasq.conf
283 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-dnsmasq.conf
284 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-dnsmasq.conf
285 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-dnsmasq.conf
287 </details>
289 <br />
290 Lite version (online domains only):
292 - https://curben.gitlab.io/malware-filter/urlhaus-filter-dnsmasq-online.conf
294 <details>
295 <summary>Mirrors</summary>
297 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-dnsmasq-online.conf
298 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-dnsmasq-online.conf
299 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-dnsmasq-online.conf
300 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-dnsmasq-online.conf
301 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-dnsmasq-online.conf
302 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-dnsmasq-online.conf
304 </details>
306 ## BIND
308 This blocklist includes domains only.
310 ### Install
313 # Create a new folder to store the blocklist
314 mkdir -p /usr/local/etc/bind/
316 # Create a new cron job for daily update
317 printf '#!/bin/sh\ncurl -L "https://curben.gitlab.io/malware-filter/urlhaus-filter-bind.conf" -o "/usr/local/etc/bind/urlhaus-filter-bind.conf"\n' > /etc/cron.daily/urlhaus-filter
319 # cron job requires execution permission
320 chmod 755 /etc/cron.daily/urlhaus-filter
322 # Configure BIND to use the blocklist
323 printf '\ninclude "/usr/local/etc/bind/urlhaus-filter-bind.conf";\n' >> /etc/bind/named.conf
326 Add this to "/etc/bind/null.zone.file" (skip this step if the file already exists):
329 $TTL    86400   ; one day
330 @       IN      SOA     ns.nullzone.loc. ns.nullzone.loc. (
331                2017102203
332                     28800
333                      7200
334                    864000
335                     86400 )
336                 NS      ns.nullzone.loc.
337                 A       0.0.0.0
338 @       IN      A       0.0.0.0
339 *       IN      A       0.0.0.0
342 Zone file is derived from [here](https://github.com/tomzuu/blacklist-named/blob/master/null.zone.file).
344 - https://curben.gitlab.io/malware-filter/urlhaus-filter-bind.conf
346 <details>
347 <summary>Mirrors</summary>
349 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-bind.conf
350 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-bind.conf
351 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-bind.conf
352 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-bind.conf
353 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-bind.conf
354 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-bind.conf
356 </details>
358 <br />
359 Lite version (online domains only):
361 - https://curben.gitlab.io/malware-filter/urlhaus-filter-bind-online.conf
363 <details>
364 <summary>Mirrors</summary>
366 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-bind-online.conf
367 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-bind-online.conf
368 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-bind-online.conf
369 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-bind-online.conf
370 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-bind-online.conf
371 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-bind-online.conf
373 </details>
375 ## Response Policy Zone
377 This blocklist includes domains only.
379 - https://curben.gitlab.io/malware-filter/urlhaus-filter-rpz.conf
381 <details>
382 <summary>Mirrors</summary>
384 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-rpz.conf
385 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-rpz.conf
386 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-rpz.conf
387 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-rpz.conf
388 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-rpz.conf
389 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-rpz.conf
391 </details>
393 <br />
394 Lite version (online domains only):
396 - https://curben.gitlab.io/malware-filter/urlhaus-filter-rpz-online.conf
398 <details>
399 <summary>Mirrors</summary>
401 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-rpz-online.conf
402 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-rpz-online.conf
403 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-rpz-online.conf
404 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-rpz-online.conf
405 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-rpz-online.conf
406 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-rpz-online.conf
408 </details>
410 ## Unbound
412 This blocklist includes domains only.
414 ### Install
417 # Create a new folder to store the blocklist
418 mkdir -p /usr/local/etc/unbound/
420 # Create a new cron job for daily update
421 printf '#!/bin/sh\ncurl -L "https://curben.gitlab.io/malware-filter/urlhaus-filter-unbound.conf" -o "/usr/local/etc/unbound/urlhaus-filter-unbound.conf"\n' > /etc/cron.daily/urlhaus-filter
423 # cron job requires execution permission
424 chmod 755 /etc/cron.daily/urlhaus-filter
426 # Configure Unbound to use the blocklist
427 printf '\n  include: "/usr/local/etc/unbound/urlhaus-filter-unbound.conf"\n' >> /etc/unbound/unbound.conf
430 - https://curben.gitlab.io/malware-filter/urlhaus-filter-unbound.conf
432 <details>
433 <summary>Mirrors</summary>
435 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-unbound.conf
436 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-unbound.conf
437 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-unbound.conf
438 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-unbound.conf
439 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-unbound.conf
440 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-unbound.conf
442 </details>
444 <br />
445 Lite version (online domains only):
447 - https://curben.gitlab.io/malware-filter/urlhaus-filter-unbound-online.conf
449 <details>
450 <summary>Mirrors</summary>
452 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-unbound-online.conf
453 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-unbound-online.conf
454 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-unbound-online.conf
455 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-unbound-online.conf
456 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-unbound-online.conf
457 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-unbound-online.conf
459 </details>
461 ## dnscrypt-proxy
463 ### Install
466 # Create a new folder to store the blocklist
467 mkdir -p /etc/dnscrypt-proxy/
469 # Create a new cron job for daily update
470 printf '#!/bin/sh\ncurl -L "https://curben.gitlab.io/malware-filter/urlhaus-filter-dnscrypt-blocked-names.txt" -o "/etc/dnscrypt-proxy/urlhaus-filter-dnscrypt-blocked-names.txt"\n' > /etc/cron.daily/urlhaus-filter
471 printf '\ncurl -L "https://curben.gitlab.io/malware-filter/urlhaus-filter-dnscrypt-blocked-ips.txt" -o "/etc/dnscrypt-proxy/urlhaus-filter-dnscrypt-blocked-ips.txt"\n' >> /etc/cron.daily/urlhaus-filter
473 # cron job requires execution permission
474 chmod 755 /etc/cron.daily/urlhaus-filter
477 Configure dnscrypt-proxy to use the blocklist:
479 ``` diff
480 [blocked_names]
481 +  blocked_names_file = '/etc/dnscrypt-proxy/urlhaus-filter-dnscrypt-blocked-names.txt'
483 [blocked_ips]
484 +  blocked_ips_file = '/etc/dnscrypt-proxy/urlhaus-filter-dnscrypt-blocked-ips.txt'
487 - https://curben.gitlab.io/malware-filter/urlhaus-filter-dnscrypt-blocked-names.txt
488 - https://curben.gitlab.io/malware-filter/urlhaus-filter-dnscrypt-blocked-ips.txt
490 <details>
491 <summary>Mirrors</summary>
493 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-dnscrypt-blocked-names.txt
494 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-dnscrypt-blocked-names.txt
495 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-dnscrypt-blocked-names.txt
496 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-dnscrypt-blocked-names.txt
497 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-dnscrypt-blocked-names.txt
498 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-dnscrypt-blocked-names.txt
500 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-dnscrypt-blocked-ips.txt
501 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-dnscrypt-blocked-ips.txt
502 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-dnscrypt-blocked-ips.txt
503 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-dnscrypt-blocked-ips.txt
504 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-dnscrypt-blocked-ips.txt
505 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-dnscrypt-blocked-ips.txt
506 </details>
508 <br />
509 Lite version (online domains only):
511 - https://curben.gitlab.io/malware-filter/urlhaus-filter-dnscrypt-blocked-names-online.txt
512 - https://curben.gitlab.io/malware-filter/urlhaus-filter-dnscrypt-blocked-ips-online.txt
514 <details>
515 <summary>Mirrors</summary>
517 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-dnscrypt-blocked-names-online.txt
518 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-dnscrypt-blocked-names-online.txt
519 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-dnscrypt-blocked-names-online.txt
520 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-dnscrypt-blocked-names-online.txt
521 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-dnscrypt-blocked-names-online.txt
522 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-dnscrypt-blocked-names-online.txt
524 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-dnscrypt-blocked-ips-online.txt
525 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-dnscrypt-blocked-ips-online.txt
526 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-dnscrypt-blocked-ips-online.txt
527 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-dnscrypt-blocked-ips-online.txt
528 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-dnscrypt-blocked-ips-online.txt
529 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-dnscrypt-blocked-ips-online.txt
530 </details>
533 ## Tracking Protection List (IE)
535 This blocklist includes domains only. Supported in Internet Explorer 9+.
537 - https://curben.gitlab.io/malware-filter/urlhaus-filter.tpl
539 <details>
540 <summary>Mirrors</summary>
542 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter.tpl
543 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter.tpl
544 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter.tpl
545 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter.tpl
546 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter.tpl
547 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter.tpl
549 </details>
551 <br />
552 Lite version (online domains only):
554 - https://curben.gitlab.io/malware-filter/urlhaus-filter-online.tpl
556 <details>
557 <summary>Mirrors</summary>
559 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.tpl
560 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-online.tpl
561 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.tpl
562 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-online.tpl
563 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-online.tpl
564 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.tpl
566 </details>
568 ## Snort2
570 This ruleset includes online URLs only. Not compatible with [Snort3](#snort3).
572 ### Install
575 # Download ruleset
576 curl -L "https://curben.gitlab.io/malware-filter/urlhaus-filter-snort2-online.rules" -o "/etc/snort/rules/urlhaus-filter-snort2-online.rules"
578 # Create a new cron job for daily update
579 printf '#!/bin/sh\ncurl -L "https://curben.gitlab.io/malware-filter/urlhaus-filter-snort2-online.rules" -o "/etc/snort/rules/urlhaus-filter-snort2-online.rules"\n' > /etc/cron.daily/urlhaus-filter
581 # cron job requires execution permission
582 chmod 755 /etc/cron.daily/urlhaus-filter
584 # Configure Snort to use the ruleset
585 printf "\ninclude \$RULE_PATH/urlhaus-filter-snort2-online.rules\n" >> /etc/snort/snort.conf
588 - https://curben.gitlab.io/malware-filter/urlhaus-filter-snort2-online.rules
590 <details>
591 <summary>Mirrors</summary>
593 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-snort2-online.rules
594 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-snort2-online.rules
595 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-snort2-online.rules
596 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-snort2-online.rules
597 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-snort2-online.rules
598 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-snort2-online.rules
600 </details>
602 ## Snort3
604 This ruleset includes online URLs only. Not compatible with [Snort2](#snort2).
606 ### Install
609 # Download ruleset
610 curl -L "https://curben.gitlab.io/malware-filter/urlhaus-filter-snort3-online.rules" -o "/etc/snort/rules/urlhaus-filter-snort3-online.rules"
612 # Create a new cron job for daily update
613 printf '#!/bin/sh\ncurl -L "https://curben.gitlab.io/malware-filter/urlhaus-filter-snort3-online.rules" -o "/etc/snort/rules/urlhaus-filter-snort3-online.rules"\n' > /etc/cron.daily/urlhaus-filter
615 # cron job requires execution permission
616 chmod 755 /etc/cron.daily/urlhaus-filter
619 Configure Snort to use the ruleset:
621 ``` diff
622 # /etc/snort/snort.lua
623 ips =
625   variables = default_variables,
626 +  include = 'rules/urlhaus-filter-snort3-online.rules'
630 - https://curben.gitlab.io/malware-filter/urlhaus-filter-snort3-online.rules
632 <details>
633 <summary>Mirrors</summary>
635 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-snort3-online.rules
636 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-snort3-online.rules
637 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-snort3-online.rules
638 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-snort3-online.rules
639 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-snort3-online.rules
640 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-snort3-online.rules
642 </details>
644 ## Suricata
646 This ruleset includes online URLs only.
648 ### Install
651 # Download ruleset
652 curl -L "https://curben.gitlab.io/malware-filter/urlhaus-filter-suricata-online.rules" -o "/etc/suricata/rules/urlhaus-filter-suricata-online.rules"
654 # Create a new cron job for daily update
655 printf '#!/bin/sh\ncurl -L "https://curben.gitlab.io/malware-filter/urlhaus-filter-suricata-online.rules" -o "/etc/suricata/rules/urlhaus-filter-suricata-online.rules"\n' > /etc/cron.daily/urlhaus-filter
657 # cron job requires execution permission
658 chmod 755 /etc/cron.daily/urlhaus-filter
661 Configure Suricata to use the ruleset:
663 ``` diff
664 # /etc/suricata/suricata.yaml
665 rule-files:
666   - local.rules
667 +  - urlhaus-filter-suricata-online.rules
670 - https://curben.gitlab.io/malware-filter/urlhaus-filter-suricata-online.rules
672 <details>
673 <summary>Mirrors</summary>
675 - https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-suricata-online.rules
676 - https://glcdn.githack.com/curben/urlhaus-filter/raw/master/urlhaus-filter-suricata-online.rules
677 - https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-suricata-online.rules
678 - https://cdn.statically.io/gh/curbengh/urlhaus-filter/master/urlhaus-filter-suricata-online.rules
679 - https://gitcdn.xyz/repo/curbengh/urlhaus-filter/master/urlhaus-filter-suricata-online.rules
680 - https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-suricata-online.rules
682 </details>
684 ## Third-party mirrors
686 <details>
687 <summary>iosprivacy/urlhaus-filter-mirror</summary>
689 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter.txt
690 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-online.txt
691 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-ag.txt
692 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-ag-online.txt
693 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-vivaldi.txt
694 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-vivaldi-online.txt
695 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-domains.txt
696 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-domains-online.txt
697 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-agh.txt
698 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-agh-online.txt
699 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-hosts.txt
700 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-hosts-online.txt
701 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-dnsmasq.conf
702 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-dnsmasq-online.conf
703 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-bind.conf
704 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-bind-online.conf
705 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-rpz.conf
706 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-rpz-online.conf
707 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-unbound.conf
708 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-unbound-online.conf
709 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-dnscrypt-blocked-names.txt
710 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-dnscrypt-blocked-names-online.txt
711 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-dnscrypt-blocked-ips.txt
712 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-dnscrypt-blocked-ips-online.txt
713 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter.tpl
714 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-online.tpl
715 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-snort2-online.rules
716 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-snort3-online.rules
717 - https://gitlab.com/iosprivacy/urlhaus-filter-mirror/raw/master/urlhaus-filter-suricata-online.rules
719 </details>
721 ## Issues
723 This blocklist operates by blocking the **whole** website, instead of specific webpages; exceptions are made on popular websites (e.g. `https://docs.google.com/`), in which webpages are specified instead (e.g. `https://docs.google.com/malware-page`). Malicious webpages are only listed in the [URL-based](#url-based) filter, popular websites are excluded from other filters.
725 *Popular* websites are as listed in the [Umbrella Popularity List](https://s3-us-west-1.amazonaws.com/umbrella-static/index.html) (top 1M domains + subdomains), [Tranco List](https://tranco-list.eu/) (top 1M domains) and this [custom list](src/exclude.txt).
727 If you wish to exclude certain website(s) that you believe is sufficiently well-known, please create an [issue](https://gitlab.com/curben/urlhaus-filter/issues) or [merge request](https://gitlab.com/curben/urlhaus-filter/merge_requests). If the website is quite obscure but you still want to visit it, you can add a new line `||legitsite.com^$badfilter` to "My filters" tab of uBO; use a subdomain if relevant, `||sub.legitsite.com^$badfilter`.
729 This filter **only** accepts new malware URLs from [URLhaus](https://urlhaus.abuse.ch/).
731 Please report new malware URL to the upstream maintainer through https://urlhaus.abuse.ch/api/#submit.
733 ## Cloning
735 Since the filter is updated frequently, cloning the repo would become slower over time as the revision grows.
737 Use shallow clone to get the recent revisions only. Getting the last five revisions should be sufficient for a valid MR.
739 `git clone --depth 5 https://gitlab.com/curben/urlhaus-filter.git`
741 ## FAQ
743 See [FAQ](https://gitlab.com/curben/urlhaus-filter/wikis/faq).
745 ## License
747 [Creative Commons Zero v1.0 Universal](LICENSE.md)
749 [badge.sh](src/badge.sh) & [.gitlab/](.gitlab/) contain badges that are licensed by [Shields.io](https://shields.io) under [CC0 1.0](LICENSE.md)
751 [URLhaus](https://urlhaus.abuse.ch/): [CC0](https://creativecommons.org/publicdomain/zero/1.0/)
753 [Tranco List](https://tranco-list.eu/): [MIT License](https://choosealicense.com/licenses/mit/)
755 [Umbrella Popularity List](https://s3-us-west-1.amazonaws.com/umbrella-static/index.html): Available free of charge by Cisco Umbrella
757 This repository is not endorsed by Abuse.ch.