Skip to content

phishfort/phishfort-lists

Repository files navigation

PhishFort Logo

PhishFort Counter-Phishing Lists

Now protecting over 402 million monthly active users across the globe!

This repository contains a blacklist and whitelist of domains maintained by PhishFort. These lists are used by the PhishFort Protect browser plugin (Chrome, Firefox), as well a number of third-party browser plugins and services to protect their users from crypto phishing attacks and scams.

If you would like to make use of this list commercially or at scale contact us about using our PhishFort List Lookup API. We cannot guarantee the integrity of lists downloaded via a 3rd party content delivery network, as a result we advise to use our lookup API instead.

🔴 Blacklists

The blacklists directory contains two lists in JSON format:

Teams are invited to openly pull from our full blacklist to ensure maximum coverage. However, in the case where performance or the size of the list is a concern (this list is always growing) we urge developers and/or teams to then consider consuming from our hot list.

The hot list keeps a rolling window of 3 month detections (ie. items in the hotlist will only exist for 3 months). The rolling window period is subject to change. Although this should be ample time for PhishFort to execute a successful takedown on the site mentioned, we cannot guarantee that we will be executing takedowns on every single item in the list.

🟢 Whitelists

The whitelist directory contains a number of lists we maintain for partner projects and internal reasons. We do not recommend consuming or making any assumptions based on this list.

🌐 Use of CDN

Although we recommend loading directly from GitHub to maintain a perfect sync with the most up-to-date version of the PhishFort lists, significant performance improvements can be seen with using a CDN. For example by accessing the blacklist via jsdelivr CDN here.

We cannot guarantee the integrity of lists downloaded via a 3rd party content delivery network. We recommend using the PhishFort Public Blocklist API instead of CDNs.