PhishTank is operated by Cisco Talos Intelligence Group.

API Information

Use Our API

If you'll be doing just a few lookups each day, you can use our simple API. This method accepts an HTTP POST request and returns a response indicating a url's status in our database.

Request Parameters
Name Value
url The URL to check. This should be either urlencoded or base64 encoded.
format The format in which you would like the response data. Valid options are 'xml', 'php', and 'json'. The default behavior is to return XML. Example responses can be found below.
app_key Your application key. Optional, but without it the rate at which you can make requests will be much more limited.
Request URL:
http://checkurl.phishtank.com/checkurl/

User Agent String

We require that you use a descriptive User Agent string in your application to identify the application. If your User Agent is blank or generic, you may recieve an increased number of rate limited requests or be redirected to additional security checks. The recommended format is:

Header Parameters
Name Value
User-Agent Descriptive user agent string, e.g.
phishtank/[username]

Rate Limiting

To reduce abuse and maintain our servers' ability to serve all of our users, we have implemented request rate limits for both methods. In all cases you will get a higher limit by using a valid API key, to encourage people to register their applications. Going over-limit will result in an HTTP 509 error. Users going grossly over the limit and not throttling their apps may, at our discretion, be blocked at the firewall level. You will find information in the response headers regarding the limit:

Response Description
X-Request-Limit-Interval The amount of time over which the request rate is enforced. This will be in the format of '<number> Seconds'. Example: '300 Seconds'
X-Request-Limit A number representing the maximum number of requests within the time period given in X-Request-Limit-Interval
X-Request-Count A number representing the number of connections already made within that time period. Remaining requests = (X-Request-Limit - X-Request-Count)

If you find your application is constantly hitting the limit, please feel free to get in touch with us via the developers mailing list. Odds are good that if you're using the API and hitting the limit often, the best solution is to periodically download a local copy of the database and do your lookups locally.

Sample Reponses

XML
<response>
    <meta>
    ...
    </meta>
    <results>
        <url0>
            <url>https://www.example.org/</url>
            <in_database>true</in_database>
            <phish_id>11728</phish_id>
            <phish_detail_page>
                http://www.phishtank.com/phish_detail.php?phish_id=11728
            </phish_detail_page>
            <verified>true</verified>
            <verified_at>2006-10-01T02:32:23+00:00</verified_at>
            <valid>true</valid>
            <submitted_at>2006-10-01T02:28:46+00:00</submitted_at>
        </url0>
    </results>
</response>
PHP/JSON
array('results' => array('url' => 'https://www.example.org/',
                         'in_database' => true,
                         'phish_id' => 11728,
                         'phish_detail_page' => 'http://www.phishtank.com/phish_detail.php?phish_id=11728',
                         'verified' => 'y',
                         'verified_at' => '2006-10-01T02:32:23+00:00',
                         'valid' => 'y'
                        )
)