PhishStats - API is here

is a real time Phishing database that gathers phishing URLs from several sources. There are two public dashboards  that can be accessed below. After many requests, API is here. Also, there's a bot on Telegram and Twitter that posts the last Phishing URLs that were added to the database in the last couple of hours. If you would like to report a Phishing that it's not on PhishStats yet, please send me a DM on Twitter. The next feature will be an API for receiving reports as well.

Dashboard 1

Overall statistics

Go
Dashboard 2

Search for specific IP, host, domain or full URL

Go
Database size

Over 2.5 million records on the database and growing.

Hosting location

Where Phishing websites are being hosted with information such as Country, City, ISP, ASN, ccTLD and gTLD.

New information added recently

Such as abuse contacts, SSL issuer, Alexa rank, Google Safebrowsing and Virustotal.

Comming soon.

API for receiving phishing reports.

API documentation

API is available at https://phishstats.info:2096/api/ and will return a JSON response. No account creation is required. Please note that running a massive amount of queries in a short time will get you banned. Recently added fields are not being calculated retroactively, just from now on.

Logical operators can be: ~and ~or

Comparison operators can be: eq (equal), ne (not equal), gt (greater than), lt (less than), like (not like) and not nlike (not like) and more.

By default 20 records and max of 100 are returned per GET request on a table. Where _p indicates page and _size indicates size of response rows /api/phishing?_p=2&_size=50 More examples on how to use the API can be found here https://github.com/o1lab/xmysql

Example Key | Value
Id phishstats.info:2096/api/phishing?_where=(id,eq,3296584)
ASN phishstats.info:2096/api/phishing?_where=(asn,eq,as14061)
IP phishstats.info:2096/api/phishing?_where=(ip,eq,148.228.16.3)
CountryCode phishstats.info:2096/api/phishing?_where=(countrycode,eq,US)
TLD phishstats.info:2096/api/phishing?_where=(tld,eq,US)
Id DESC phishstats.info:2096/api/phishing?_sort=-id
Date DESC phishstats.info:2096/api/phishing?_sort=-date
Title with Id DESC phishstats.info:2096/api/phishing?_where=(title,like,~apple~)&_sort=-id
URL with Id DESC phishstats.info:2096/api/phishing?_where=(url,like,~apple~)&_sort=-id
Title or URL with Id DESC phishstats.info:2096/api/phishing?_where=(title,like,~apple~)~or(url,like,~apple~)&_sort=-id
Score greater than 5 where TLD equals .BR but not hosted in Brazil with Id DESC phishstats.info:2096/api/phishing?_where=(score,gt,5)~and(tld,eq,br)~and(countrycode,ne,br)&_sort=-id

Information comparison

 

Feed

API

Public Dashboards

Metabase

Basic information
Search function
Database full access
No conding skills


Metabase access is not open for the general public. If you are a information security researcher, or member of a CSIRT, SOC, national CERT and would like to access Metabase, please contact me via e-mail or Twitter.

Who is talking or using PhishStats

  • Antiphishing.la - https://www.antiphishing.la/es-ar/
  • Forentics - https://www.facebook.com/509869416038508/posts/phishstats-es-una-plataforma-online-en-tiempo-real-sobre-amenazas-phishing-tambi/897410217284424/
  • FluProject - https://www.flu-project.com/2019/06/phishstats-monitorizando-phishings-en.html
  • FluProject - https://www.flu-project.com/2019/10/monitorizando-phishings-mediante-el-api.html
  • StalkPhish - https://github.com/t4d/StalkPhish
  • Tines.io - https://tines.io/blog/phishing-automation-url-analysis-phish-ai-tines-io/
  • Week in OSINT - https://medium.com/week-in-osint/week-in-osint-2019-41-64fca5af5d59

Join PhishStats at

Made with Pingendo Free  Pingendo logo