PhishBench-External: Balanced Phishing and Legitimate URL Validation Dataset (D4ᴠ)
Description
A real-world validation dataset (D4ᴠ) comprising 1,000 URLs (500 phishing and 500 legitimate) was compiled in July 2025 to assess the practical performance of the proposed phishing detection system. Phishing URLs were collected from PhishTank, a reputable community-driven phishing repository, while legitimate URLs were selected from the Tranco top sites list, representing trusted web domains. Each URL is characterized by 27 extracted features including lexical features (URL length, digit ratio, special character count), domain-based features (age, expiration, registrar info), and network features (SSL certificate validity, IP-based attributes, redirection count). The “label” column indicates 0 for legitimate, -1 for suspicious and 1 for phishing. This dataset provides a balanced, up-to-date, and realistic benchmark reflecting modern phishing tactics and legitimate web characteristics. Dataset Records Features Legitimate/Phishing Source D4ᴠ 1,000 27 500 / 500 Tranco & PhishTank Intended Use: Designed as an external test set for validating phishing detection models and evaluating their generalization on unseen, real-world data. Keywords: Phishing detection, URL dataset, cybersecurity, machine learning, external validation, Tranco, PhishTank, web security, dataset
Files
Steps to reproduce
The dataset was compiled by independently crawling URLs from Tranco (legitimate) and PhishTank (phishing) sources. Each URL was processed using a custom feature extraction pipeline implemented in Python, utilizing libraries such as Requests, BeautifulSoup4, tldextract, and Whois. The script extracts 27 discriminative features commonly used in phishing detection research, covering lexical, host-based, and network-based attributes. All processing and feature labeling were performed in July 2025 to ensure data freshness and represent current phishing patterns. The complete feature extraction script is available at: 🔗 https://github.com/mbs57/Phishing/blob/main/feature_extractor.py
Institutions
- Hajee Mohammad Danesh Science and Technology University