Utility for detecting phishing domains targeting Web3 users.
For checking why a given domain was blocked, there is a third-party search tool maintained by ChainPatrol.
We are constantly evolving the ideal policy that guides this list, but a few clearly defined rules have emerged. We will be quick and decisive to block websites that:
There are other grounds for blocking, and we will ultimately do our best to keep our users safe.
const checkForPhishing = require('eth-phishing-detect')
const value = checkForPhishing('etherclassicwallet.com')
console.log(value) // true
const PhishingDetector = require('eth-phishing-detect/src/detector')
const config = [
{ blocklist: [/* blacklist */], name: 'blocklist', version: 2 },
{ allowlist: [/* whitelist */], name: 'allowlist', version: 2 },
{ fuzzylist: [/* fuzzylist */], name: 'fuzzylist', version: 2, tolerance: 2 },
];
const detector = new PhishingDetector(config)
const value = detector.check('etherclassicwallet.com')
console.log(value)
/*
{
type: "blacklist",
result: true,
}
*/
For understanding the lists, see doc/lists-ref.md
.
Contributors are encouraged to read CONTRIBUTING.md
for tips, pointers, and guidelines before reporting or collaborating.
To keep a tidy file, use the following CLI to make changes to the list:
yarn add:blocklist crypto-phishing-site.tld
yarn add:allowlist crypto-phishing-site.tld
We have added sqlite databases in test/db
directory. These will be committed to the working tree periodically to try reduce the amount of false positives being blocklisted. We will pull in domains from various third party sources - right now: CoinMarketCap and Tranco.
Update the database files:
yarn update:db
yarn update:db:tranco
yarn update:db:coinmarketcap
yarn update:db:snapsregistry
These sqlite databases will be checked against in yarn run test
to ensure nothing is on the blocklist that is also in these databases.