Phishing detection doesn't have to be a black box

Simple signatures, understandable alerts

We scan millions of sites every day looking for abuse. With our simple signature language, you can be alerted if any of those sites are impersonating your brand.

Real-time URL feeds.: We scan millions of URLs from multiple feeds so we can find phishing sites as soon as they're created.
Simple signatures.: Each site is scanned against detection signatures looking for impersonation of your brand. Write your own signatures, and get help from our experts.
High confidence alerts.: No unpredictable machine-learning systems, just super accurate detection signatures tuned by our experts.

fake-chrome-error.yml

phishing-kit.yml

title: Fake Chrome error page
description: |
    The Chrome error page HTML is built into the browser: you should never see it in the response from a
    website.
    This is a clear sign that the site is employing cloaking/anti-analysis techniques.
references:
    - https://twitter.com/phish_report/status/1537825544343011328

detection:
    chromeHTMLFragments:
        html|contains|all:
            - '<body id="t" class="neterror" style="font-family: '
            - '<div id="main-frame-error" class="interstitial-wrapper" jstcache="0">'
    condition: chromeHTMLFragments

Every week, security teams use Phish Report to take down over a thousand phishing sites. Start a takedown

Phish Report can alert your team within minutes of a new phishing site being created.

Website monitoring and takedown

Get high fidelity alerts for malicious sites

Phish Report ingests millions URLs each day from threat intelligence feeds looking for abuse. Suspicious sites are scanned, and you're alerted to review and take down any which are confirmed to be malicious.

Detection funnel depicting a large number of URLs, a smaller number being monitored, a smaller number again being triaged, and finally the smallest number becoming phishing takedowns.

Real-time feeds of new URLs

Detect attacks before they've reached your customers

The faster you detect a phishing site, the sooner you can get it taken down. With Phish Report's real-time feeds of new URLs you can detect phishing sites within minutes of them being created.

Newly registered domains: We check every registered domain name for impersonation of your brand name.
Every HTTPS certificate.: Most phishing sites now support HTTPS and we scan the domains in every single certificate issued.
Threat intelligence partners.: Through our threat intelligence partners we can discover malicious sites attempting to hide on compromised hosts or benign-sounding hostnames.