From 62f15fd125fa6bbe31c1fbac7c48a42c788e341d Mon Sep 17 00:00:00 2001
From: Garvit Sharma <sharmagarvit614@gmail.com>
Date: Mon, 2 Feb 2026 09:01:11 +0530
Subject: [PATCH] Add CleanBrowsing Malicious Detector

---
 docs/IntelOwl/usage.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/IntelOwl/usage.md b/docs/IntelOwl/usage.md
index 9e787161..a7197bbf 100644
--- a/docs/IntelOwl/usage.md
+++ b/docs/IntelOwl/usage.md
@@ -168,6 +168,7 @@ The following is the list of the available analyzers you can run out-of-the-box.
 - `CIRCLPassiveDNS`: scan an observable against the CIRCL Passive DNS DB
 - `CIRCLPassiveSSL`: scan an observable against the CIRCL Passive SSL DB
 - `Classic_DNS`: Retrieve current domain resolution with default DNS
+- `CleanBrowsing_Malicious_Detector`: Uses [CleanBrowsing DoH](https://cleanbrowsing.org/filters/#step3) to check if domain is related to phishing, spam or malware.
 - `CloudFlare_DNS`: Retrieve current domain resolution with CloudFlare DoH (DNS over HTTPS)
 - `CloudFlare_Malicious_Detector`: Leverages CloudFlare DoH to check if a domain is related to malware
 - `Crowdsec`: check if an IP was reported on [Crowdsec](https://www.crowdsec.net/) Smoke Dataset
@@ -769,4 +770,4 @@ The result of this combination is also a [Data Model](#datamodels) and it can be
 ![img.png](./static/job_data_model.png)
 
 A preview of the evaluation, reliability and tags can also be seen in the investigation overview:
-![img.png](./static/investigation_engine.png)
\ No newline at end of file
+![img.png](./static/investigation_engine.png)