About PhishStats

Open phishing intelligence for the infosec community: gathering, enriching, and sharing verified threat data since 2014.

Our mission

Reliable phishing data for defenders and researchers

PhishStats is a source of relevant, verified phishing intelligence for security companies, researchers, and analysts worldwide. We combine continuous feed aggregation with deep enrichment (URLs, IPs, domains, geolocation, ASN, SSL, threat scores, and campaign signals) so you can investigate faster and integrate with confidence.

2014

A solo research project

PhishStats began as a personal effort to group phishing activity by IP, ASN, country, and page title, making it easier to spot shared infrastructure and recurring campaigns in the noise.

2018

Public API

We opened a JSON REST API so researchers, SOCs, and integrators could pull verified phishing intelligence into SIEMs, feeds, and academic pipelines. Hundreds of integrations have been built since.

2025

Modern architecture

The platform moved from a monolith into a specialized stack: Kong API gateway, enriched processing pipeline, SSR web frontend, and hardened access controls, built for reliability at scale.

2026

Intelligence & monitoring

Campaign correlation, threat-hunting pivots, and webhook monitoring let teams watch keywords, IPs, and signals without polling the API, while researchers still get the open data they rely on.

Who uses PhishStats

Built for the security community

Researchers & academics

Cited in papers and theses worldwide; export-friendly data with enrichment fields for ML, statistics, and threat studies.

SOCs & threat hunters

Search, pivot, and correlate live phishing URLs with geolocation, ASN, SSL, and threat scores for incident response.

Integrators & vendors

Stable JSON API, tiered quotas, and webhook alerts for product teams embedding phishing intelligence into their stack.

Get started

Explore data, integrate via API, or upgrade for volume

Search the database API documentation Pricing & plans