Central Repository for Adding or Removing Domains / Links from the Phishing.Database project https://github.com/mitchellkrogza/Phishing.Database
DNS systems can operate on the domain level (everything before the first /) while IE Squid-proxy or uBlock Origin can operate on both sides of the slashes.
The add-link is for domains that have been hacked, ie. a Wordpress site where the phishing script lies in a subfolder vs a subdomain.
This means if an entire domain is being used for phishing i.e. phishing.example.com, then add it to the domain list (add-domain). If the phishing threat resides inside a subfolder of the domain i.e. /sub/oath/phishing-script/payload.php then add it to the url list (add-link).
To add domains to this database send a Pull Request on the file https://github.com/mitchellkrogza/phishing/blob/main/add-domain
include the domain name only (no http / https)
To add links / urls to this database send a Pull Request on the file https://github.com/mitchellkrogza/phishing/blob/main/add-link
Include the full link
To be able to keep the whitelist as precise as possible, the Phishing DB are using 3 types of list.
- The first list is matching 1 on 1. This means if we should only whitelist IE.
subdomain1.example.combut notsubdomain2.example.com, then this is the list. - The other list (ALL) is wildcard based. This means every subdomains from
example.netand lover level such assubdomain1.example.net&subdomain2.example.net. This list also accepts full regex. Except from ending$and\\as this is done by automatically. - The third list (RZD) will probably never be used... Read the full doc here before attemting to making changes to it: https://github.com/Ultimate-Hosts-Blacklist/whitelist/blob/script/README.rst#rzd
For better understanding of these speciallities, you are welcome to read the tools Readme.