This document is an active database dump from URLhaus, which includes only online (active) malware URLs. The data is formatted for use with the Little Snitch application and contains one URL per line. This format is particularly useful if you want to utilise the dataset as an Indicator of Compromise (IOC). You can compare these URLs against specific log files from your security perimeter, such as web proxy logs. Additionally, this list can serve as a blocklist with a low false-positive rate.
The dumps are generated every 5 minutes from the source DB, but the formatted JSON file is generated daily.
- The filter is only compatible with Little Snitch for Mac.
- Source Database URLhaus
- Little Snitch JSON RAW file for subscription.
- Open
Little Snitch Rules...from the Little Snitch icon in the menu bar - In the sidebar, look for
Rule Groupswhen hovering on this, a+button appears - Click the
+button - Paste the URL from below:
https://raw.githubusercontent.com/genquiky/genURLblock/refs/heads/main/new_format.json
- Press
Subscribe... - Change
updateto daily - Check the
activecheckbox - Press
Subscribe
