The validin-phish-feed is a GitHub repository that provides a feed of phishing domains, curated by the Validin Threat Intelligence Platform. Validin is a company that specializes in internet intelligence, offering services for threat hunting, brand protection, and incident response. Their platform aggregates and analyzes vast amounts of DNS data, host responses, certificates, registration data, and open-source threat intelligence to provide insights into malicious infrastructure and threat actor activities.
The validin-phish-feed specifically leverages this intelligence to deliver a list of confirmed phishing URLs. These feeds are designed to integrate with security solutions like Security Orchestration, Automation, and Response and Security Information and Event Management systems, enabling organizations to proactively block known threats. The data includes various metadata such as URL, impersonated brand, IP address, geolocation, and information on whether an attack was mobile-focused. The goal is to enhance an organization’s visibility into phishing attacks, improve detection capabilities, and facilitate takedown efforts against malicious campaigns. The project is open-source and operates under an MIT License.