How are phishing domains determined?

[thor-webmaestrodk]

I ask because the active domain sample list I checked did not have corresponding links (from the phishing links list). I assumed the domain list was simply a subset of phishing links list (without the path and url params). This is not the case?

[spirillen]

Hi @thor-webmaestrodk

Thanks for reaching out with a question regarding the project, let my try to help you to the best of my abilities.

This however requires me to ask you a question to try to understand your question right.

You are saying that phishing-domains-ACTIVE.txt are not equal to the phishing-links-ACTIVE.txt?

The short answer to this is, that PD are importing domains from trusted third party sources to the domain list. This is the explanation that you might find domains not represented in the LINK list.

Also there are a ongoing issue, where phishing-links-ACTIVE.txt are not in the ALL-phishing-links.lst (same for links)

Did this help you?