Blocklist Suggestion: invisiblethreat openphish-pihole #223
Description
| Developer | Lists | Homepage |
|---|---|---|
| invisiblethreat | openphish | https://github.com/invisiblethreat/openphish-pihole |
openphish-pihole
Details
Using the feed at https://openphish.com/phishing_feeds.html to generate a Pihole compatible blocklist that is updated twice-daily. This matches the update cadence of the upstream feed.
Processing
The upstream list is URLs, and upon examination, regardless of the path, there is value in blocking the entire domain. The one known class of false-positive that is created when extracting the domain from the URL is URL shorteners, like bit.ly. This is acceptable for the conferred protection and is not corrected for at this time. Permitting URL shorteners explicitly will overcome this.
Expiry
The feed is currently configured to retain all domains for 180 days. metadata.json is useful for understanding the age and last observation of the domain in question.