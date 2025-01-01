Phishing Detection

Phishing Detection provides automated protection against malicious URLs by leveraging open-source threat intelligence.

It uses data from PhishTank (operated by Cisco Talos Intelligence Group) to identify and block known phishing attempts.

This feature helps secure your applications by:

Detecting phishing URLs in real-time.

Protecting form submissions and user-generated input.

Enhancing inbound email with the Email Spam Filter.

Resources

Feature Highlights

Continuously updated database of verified phishing URLs (≈50,000 entries).

Sub-millisecond lookup times for minimal performance impact.

Implementation Guide

Phishing Detection is integrated into the Classifier and Email Spam Filter to assist in identifying potential spam.

When a verified phishing URL is detected, the rule URL_PHISHING is triggered and the input is marked as spam.

To use phishing detection directly in your applications or services, call the POST /v1/phishing endpoint with the URL you want to check:

Request

Response Terminal window curl -X POST http://localhost:8080/v1/phishing \ -H " Content-Type: application/json " \ -H " Authorization: Bearer {API_KEY} " \ -d ' { "url": "https://example.com" } ' { "id" : " 123456 " , "info" : " http://www.phishtank.com/phish_detail.php?phish_id=123456 " , "phishing" : true , "submittedAt" : 1758308530 , "target" : " Other " , "time" : 0.67 }

Configuration

Phishing detection is enabled by default with the following configuration:

Default values for ENV variables:

PHISHING_LIST_URL : https://data.phishtank.com/data/online-valid.csv

: PHISHING_LIST_SCHEDULE : 0 */12 * * * (updates every 12 hours)

If you are a registered member of PhishTank.org, you can configure an authenticated URL with your app key as described in their documentation.