Get the Database
If you'll be doing lots of lookups, the best option is to take advantage of our downloadable databases. Available in multiple formats and updated hourly, these make it easy to have fast and up to date phishing detection built into your application.
The data is available in a variety of formats to make it as easy as possible for you to implement. We're always open to suggestions for additional formats we could provide, so if you have any thoughts, please join our developers list and let us know!
If you do intend to fetch these files automatically, please register for an application key and see below for instructions on how to use it to request files. Without this key, you will be limited to a few downloads per day.
<output> <meta> <generated_at>2009-06-19T16:18:40+00:00</generated_at> <total_entries>1234</total_entries> </meta> <entries> <entry> <url><![CDATA[http://www.example.com/]]></url> <phish_id>123456</phish_id> <phish_detail_url>http://www.phishtank.com/phish_detail.php?phish_id=123456</phish_detail_url> <details> <detail> <ip_address>188.8.131.52</ip_address> <cidr_block>184.108.40.206/24</ip_address> <announcing_network>1234</announcing_network> <rir>arin</rir> <detail_time>2009-06-20T15:37:31+00:00</detail_time> </detail> </details> <submission> <submission_time>2009-06-19T15:15:47+00:00</submission_time> </submission> <verification> <verified>yes</verified> <verification_time>2009-06-19T15:37:31+00:00</verification_time> </verification> <status> <online>yes</online> </status> <target>1st National Example Bank</target> </entry> ... </entries> </output>CSV
phish_id,url,phish_detail_url,submission_time,verified,verification_time,online,target 123456,http://www.example.com/,http://www.phishtank.com/phish_detail.php?phish_id=123456,2009-06-19T15:15:47+00:00,yes,2009-06-19T15:37:31+00:00,yes,1st National Example BankPHP/JSON
array( array( 'phish_id' => 123456, 'url' => 'http://www.example.com/', 'phish_detail_url' => 'http://www.phishtank.com/phish_detail.php?phish_id=123456', 'submission_time' => '2009-06-19T15:15:47+00:00', 'verified' => 'yes', 'verification_time' => '2009-06-19T15:37:31+00:00', 'online' => 'yes', 'target' => '1st National Example Bank', 'details' => array( array( 'ip_address' => '220.127.116.11', 'cidr_block' => '18.104.22.168/24', 'announcing_network' => '1234', 'rir' => 'arin', 'detail_time' => '2006-10-01T02:30:54+00:00' ) ) ) )
phish_id The ID number by which Phishtank refers to a phish submission. All data in PhishTank is tied to this ID. This will always be a positive integer.
phish_detail_url PhishTank detail url for the phish, where you can view data about the phish, including a screenshot and the community votes.
url The phish URL. This is always a string, and in the XML feeds may be a CDATA block.
submission_time The date and time at which this phish was reported to Phishtank. This is an ISO 8601 formatted date.
verified Whether or not this phish has been verified by our community. In these data files, this will always be the string 'yes' since we only supply verified phishes in these files.
verification_time The date and time at which the phish was verified as valid by our community. This is an ISO 8601 formatted date.
online Whether or not the phish is online and operational. In these data files, this will always be the string 'yes' since we only supply online phishes in these files.
target The name of the company or brand the phish is impersonating, if it's known.
Using your application keyOnce you have registered for an application key, make your request as you normally would, but format the URL this way:
http://data.phishtank.com/data/<your app key>/online-valid.json.bz2