Updated every 90 minutes with phishing URLs from the past 30 days. Contains the following columns: date, phishscore, URL and IP addressGo
Over 3 million records on the database and growing.
Where phishing websites are being hosted with information such as Country, City, ISP, ASN, ccTLD and gTLD.
Such as abuse contacts, SSL issuer, Alexa rank, Google Safebrowsing, Virustotal and Shodan.
Blog with phishing analysis.
API to receive phishing reports from trusted partners.
|Database full access|
|No conding skills|
Metabase access is not open for the general public. If you are an information security researcher, or member of a CSIRT, SOC, national CERT and would like to access Metabase, please get in touch via e-mail or Twitter. Keep in mind that Public Dashboards are already using Metabase itself, but with prebuilt dashboards. Metabase access means you can run your own queries and create your own dashboards from scratch, but the web interface is the same.
API is available at https://phishstats.info:2096/api/ and will return a JSON response. No account creation is required. Please note that running a massive amount of queries in a short time will get you blocked and/or banned. New database fields are not being calculated retroactively.
Logical operators can be: ~and ~or
Comparison operators can be: eq (equal), ne (not equal), gt (greater than), lt (less than), like (not like) and not nlike (not like) and more.
By default 20 records and max of 100 are returned per GET request on a table. Where _p indicates page and _size indicates size of response rows, for instance, /api/phishing?_p=2&_size=50. More examples on how to use the API can be found here https://github.com/o1lab/xmysql
|Example||Key | Value|
|Title with Id DESC||phishstats.info:2096/api/phishing?_where=(title,like,~apple~)&_sort=-id|
|URL with Id DESC||phishstats.info:2096/api/phishing?_where=(url,like,~apple~)&_sort=-id|
|Title or URL with Id DESC||phishstats.info:2096/api/phishing?_where=(title,like,~apple~)~or(url,like,~apple~)&_sort=-id|
|Score greater than 5 where TLD equals .BR but not hosted in Brazil with Id DESC||phishstats.info:2096/api/phishing?_where=(score,gt,5)~and(tld,eq,br)~and(countrycode,ne,br)&_sort=-id|
Who is getting/sending information to PhishStats