Phishing intelligence for defenders

Name: PhishStats Phishing Database
Creator: PhishStats
License: https://phishstats.info/api-docs

Search verified phishing URLs, IPs, domains and threat scores. Real-time feed and REST API, free since 2014.

Search database View pricing

PhishStats search interface listing verified phishing URLs with IP, country, date and threat score columns

Our sponsor

PhishStats by the numbers

Security professionals, organizations, and academics rely on the PhishStats database and feed for threat intelligence, incident response, and phishing research.

Phishing URLs

Verified phishing threats in the database

Monthly API Requests

Served to security teams worldwide

Research Papers

Citing PhishStats data in their work

Why organizations contribute to PhishStats

Faster takedowns

URLs submitted to PhishStats reach hundreds of security teams and integrators who rely on our feed, helping speed up detection and takedown of phishing sites.

Community intelligence

Our feed includes unique URLs contributed by the infosec community, not just recycled open source lists.

Verified submissions

Submissions and false positive reports are scored with the PhishStats hybrid engine (rule based and ML). Enriched context is reviewed by our AI Cyber Defense agent for high accuracy.

Submit a URL Report false positive

Continuously growing database with real-time updates every 90 minutes

Search the phishing database

Investigate millions of verified phishing URLs through an intuitive search interface designed for SOC analysts, threat hunters and phishing research. Filter by URL, IP, country, ASN, date range, and more.

Advanced search filters and sorting options
Interactive data visualization and maps
Export results in multiple formats

PhishStats phishing feed listing verified URLs with their IP addresses and country codes

API client showing a GET request to the PhishStats API and the JSON response

Phishing feed API

Plug PhishStats into your stack as a real-time phishing feed. Run complex queries against our phishing database and stream JSON-formatted threat intelligence straight into your SIEM, SOAR, or research pipeline.

Real-time data updates
Customizable filters for URL, Title, Country and more
Seamless integration with external APIs and services

API available at: https://api.phishstats.info

Built for analysts

Platform capabilities

These features are available now for registered users. Paid plans unlock higher API volume, submissions, and monitoring limits.

Submit phishing URLs

Contribute URLs through our web interface and API. Help expand the database and strengthen the community's collective defense.

Monitoring & webhooks

Receive real-time alerts for new phishing URLs via custom webhooks. Integrate with Slack, Microsoft Teams, Discord, Google Chat, and Telegram.

Premium & Enterprise

Higher API volume, submissions, and monitoring limits for integrators and teams. Transparent pricing with monthly or annual billing.

Threat Hunting & Similar pages

On any record's detail page, pivot on title, IP, domain, and enrichment signals like body hash, tracking IDs, and redirect chains to surface shared infrastructure and correlated campaigns.

Compare plans →

Frequently Asked Questions

Is PhishStats a free phishing database for research?

Yes. PhishStats is a free phishing database and real-time phishing feed used in cybersecurity research since 2014. Verified phishing URLs, IPs, domains, and threat scores are accessible through our web search interface and JSON REST API, with no signup required for read-only access.

How many API requests can I make?

Limits depend on your plan and whether you send an API key. Anonymous requests (no key) are capped at 50/day per IP. Free registered users: 150/day with a key. Premium: 1,000/day. Enterprise: 10,000/day. All daily quotas reset at UTC midnight. See our Pricing page for the full matrix.

How do I use an API key?

Sign in, then create a key at Settings → API keys. Send it on every request to api.phishstats.info as X-API-Key: psk_… or Authorization: Bearer psk_…. Paying for Premium or Enterprise does not raise the anonymous IP limit. You must include your key. See API docs for examples.

Where can I find API documentation?

You can find comprehensive API documentation with examples and parameters at our API Docs page. It includes detailed information about filtering, sorting, pagination, and various query examples.

How often is the data updated?

Our database is updated every 90 minutes with the latest phishing intelligence. We recommend checking for updates no more frequently than this interval to ensure optimal performance.

What is the phishscore and how is it calculated?

The phishscore is a confidence rating calculated using 22 different features and machine learning algorithms. It provides a numerical assessment of how likely a URL is to be a phishing site, helping you prioritize threats based on confidence levels.

How to get support for the product?

For any questions or support, please send an email to [email protected]. We'll be happy to assist you with any questions or concerns you may have.

View All FAQ Questions