romainmarcoux / malicious-domains
Aggregation of lists of malicious domains (phishing) that can be integrated into FortiGate firewalls and other products.
View on GitHubAI Architecture Analysis
This repository is indexed by RepoMind. By analyzing romainmarcoux/malicious-domains in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.
Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context on-demand, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.
Embed this Badge
Showcase RepoMind's analysis directly in your repository's README.
Repository Overview (README excerpt)
Crawler viewMenu: • Statistics • FR-EN - Introduction • Files URLs • Sources • Releases Notes • To support me • Contact Statistics Update of the following table: 2026-03-23 06:50 CEST | File | Number of domains | | ---- | ---------------- | | full-domains-\* | 150 376 | Introduction **[FR]** • Agrégation de listes de domaines malveillants, utilisés pour du phishing, scindée en fichiers de 131 072 entrées au maximum pour être intégrées dans des pare-feux : Fortinet **FortiGate** et autres équipements. • Pour éviter les faux positifs, les domaines du top 1M (Cisco Umbrella et CloudFlare) des sites Web les plus visités ont été retirés. • Domaines ordonnés en fonction du nombre de sources dans lesquelles ils apparaissent (Domaines apparaissant dans le plus de sources sont donc dans le début du fichier full-domain-aa.txt). • Mise à jour toutes les **heures** • Implémentation dans les pare-feux FortiGate : lien • Menu "Security Fabric → External Connectors → Create New → Threat Feeds → Domain Name" • Copier une URL dans la partie "Links" ci-dessous • Menu "Security Profiles → DNS Filter" • Dans un profil, activer "FortiGuard Category Based Filter" • Ajouter les listes dans "Remote Categories group" • Appliquer ensuite ce profil de sécurité dans vos "Firewall Policy" autorisant le protocole DNS en sortie (LAN > WAN) **[EN]** • Aggregation of lists of malicious domains (phishing) that can be integrated into FortiGate firewalls and other products. • To avoid false positives, the top 1M domains (Cisco Umbrella and CloudFlare) of the most visited websites have been removed. • Domains ordered according to the number of sources in which they appear (Domains appearing in the most sources are therefore at the beginning of the full-domain-aa.txt file). • Updated every **hour** • Implementation in FortiGate firewalls: link • Menu "Security Fabric → External Connectors → Create New → Threat Feeds → Domain Name" • Copy a URL in the "Links" section below • Menu "Security Profiles → DNS Filter" • In a profile, activate "FortiGuard Category Based Filter" • Add the lists to "Remote Categories group" • Then apply this security profile in your “Firewall Policy” authorizing the DNS protocol on output (LAN > WAN) Files URLs Sources | Filename | Source | Description | | --------------------------- | ------ | ----------- | | red.flag.domains | link | Recently registered probably malicious domain names in french TLDs | | alienvault-banking-phishtank | link | Verified Banking Phishing Domain | | alienvault-cert-pl | link | List of malicious domains | | alienvault-dropbox-phishtank | link | Verified Dropbox Phishing Domain | | alienvault-googledocs-phishtank | link | Verified Google Docs Phishing Domain | | alienvault-microsoft-phishtank | link | Verified Microsoft Phishing Domain | | alienvault-paypal-phishtank | link | Verified Paypal Phishing Domain | | alienvault-phishing-scam | link | Phishing & scam domain names | | digitalside.it | link | Malware and compromised URLs | | drb-ra | link | C2 Domains and URLs | | malwarebytes.com | link | Malware and phishing Domain | | openphish.com | link | Phishing domain | | phishing.army | link | Phishing domain (only .fr domains and with main keywords) | | phishtank.org | link | Phishing domain collaborative website | | phishunt.io | link | Phishing domain | | red.flag.domains | link | Recently registered typosquatting and probably malicious domain names in french TLDs | | url.abuse.ch | link | Sharing malicious domains | | ut1-fr | link | Malware and phishing domains (only .fr domains and with main keywords) | Release Notes • 2025-04-21: New sources: digitalside.it, drb-ra, malwarebytes.com, phishunt.io • 2024-03-03: New sources: url.abuse.ch, alienvault-phishing-scam, alienvault-cert-pl, ut1-fr, phishing.army • 2024-02-18: New source: phishtank.org • 2024-01-20: Initial release with first sources: red.flag.domains, openphish.com, alienvault-banking-phishtank, alienvault-dropbox-phishtank, alienvault-googledocs-phishtank, alienvault-microsoft-phishtank, alienvault-paypal-phishtank To support me Contact **[FR]** Contactez-moi via LinkedIn (mon profil) pour : • m'indiquer des faux positifs • être notifié quand un **nouveau segment** de fichier est créé (pour l'ajouter dans votre pare-feu) • me proposer d'ajouter une **autre** source de domaines malveillants. **[EN]** Contact me via LinkedIn (my profile) to: • notify me false positives • be notified when a **new file** segment is created (to add it to your firewall) • suggest I add **another** source of malicious domains.