I am curious - who are you, and why should I (or other Canadian information security professionals) trust this data over other threat intelligence sources?
I admit to only doing a casual, cursory check, but the website, github and linkedin account all appear to be configured to conceal who is behind the site, and the only third party credited is an American company.
1) To my knowledge, there isn't a centralized phishing database specifically for Canadian entities, nor are there updated threat feeds available. My primary goal is to create a resource that is openly accessible and free for everyone. While I acknowledge that Microsoft’s threat intelligence is far superior to what I can offer (I used to work a lot with their security products), it comes at a high price and lacks the flexibility for inspection and use.
2) I shared this project on my personal Linkedin to gather feedback, as I haven't registered a company yet. I plan to enhance transparency in the future, but for now, it’s mainly a personal/nerd project. The third-party credited is Whoxy, they allow me to use their WHOIS records for free since my project is non-commercial, and I need to provide appropriate credit for that.
This is interesting. I was thinking about building a similar solution around GRC but this time focusing on AI regulations, AI threats, breaches, 0-days etc. Out of curiosity did you use agents for this or a platform like Exa AI?
This is pretty interesting!
I am curious - who are you, and why should I (or other Canadian information security professionals) trust this data over other threat intelligence sources?
I admit to only doing a casual, cursory check, but the website, github and linkedin account all appear to be configured to conceal who is behind the site, and the only third party credited is an American company.
Great questions!
1) To my knowledge, there isn't a centralized phishing database specifically for Canadian entities, nor are there updated threat feeds available. My primary goal is to create a resource that is openly accessible and free for everyone. While I acknowledge that Microsoft’s threat intelligence is far superior to what I can offer (I used to work a lot with their security products), it comes at a high price and lacks the flexibility for inspection and use.
2) I shared this project on my personal Linkedin to gather feedback, as I haven't registered a company yet. I plan to enhance transparency in the future, but for now, it’s mainly a personal/nerd project. The third-party credited is Whoxy, they allow me to use their WHOIS records for free since my project is non-commercial, and I need to provide appropriate credit for that.
I hope this clarifies things!
This is great! Which aspects of this are Canada specific? Would it be technically practical to expand it to other TLDs?
It only tracks phishing related to Canadian entities (banks, utilities etc.). So it's not restricted to .ca (if that was your question!).
This is interesting. I was thinking about building a similar solution around GRC but this time focusing on AI regulations, AI threats, breaches, 0-days etc. Out of curiosity did you use agents for this or a platform like Exa AI?
Hey, I don't rely on any agents, my approach primarily involves heuristic-based detection and fuzzing using various open data sources.
Can you provide a DNS RPZ zone file for people to add to their servers to block requests for these malicious domains?
Super cool!
Thanks!