What is OpenPhish?

OpenPhish is a fully automated self-contained platform for phishing intelligence. It identifies phishing sites and performs intelligence analysis in real time without human intervention and without using any external resources, such as blacklists.

How does OpenPhish collect phishing URLs?

OpenPhish receives millions of unfiltered URLs from a variety of sources on its global partner network. The phishing detection engine of OpenPhish singles out live phishing URLs and extracts their metadata, which includes targeted brands (when applicable), network and geographical locations, phishing kits and drop accounts.

Why certain known phishing URLs are not listed on OpenPhish?

OpenPhish reports only new and live phishing URLs. We keep track of the detected phishing URLs and do not report any URL more than once within any given 14-day period. We do not report any dead phishing URLs as they do not pose any threat.

How can I report phishing URLs?

If you are interested in sharing URLs (phishing or not) with us, please contact us at contact@openphish.com.

How can I remove my website from your feed?

The short answer - you can't. OpenPhish neither maintains its own blacklist nor can remove your website from third party blacklists. OpenPhish only provides a feed of exact live phishing URLs and never flags the entire website/domain as malicious. If you have questions about a specific URL related to your website, please email us at support@openphish.com.

How can I report a False Positive?

First, please refer to the False Positive Feed to check if we are already aware of the false positive. If the URL is not in the feed and you believe that we incorrectly identified a phishing URL, please let us know at support@openphish.com.

PhishBreach Database

What is PhishBreach Database?

PhishBreach Database is a free service that allows any organization to check if it has email accounts that were potentially compromised as a result of a phishing attack. The PhishBreach Database is based off IntellAct, OpenPhish's proprietary phishing campaign tracking technology. IntellAct consumes the phishing campaigns detected by OpenPhish, analyzes them in real-time and produces a live feed of accounts that were affected by those campaigns.

Affected parties may request one free detailed report about the potential breach.

How often is PhishBreach Database refreshed?

The PhishBreach Database is updated every 6 hours. The IntellAct feeds are updated every 5 minutes.

What information does OpenPhish store?

For each potentially compromised account, OpenPhish stores the full email address and the corresponding phishing attack data, which includes the phishing URL, targeted brand and the discovery time stamp. OpenPhish does not store any other information.

How accurate is this information?

The information IntellAct captures from the phishing campaigns is accurate and supported by sufficient evidences. However, OpenPhish makes no attempt to establish the legitimacy of the captured data beyond reasonable doubt. It is the domain owner's responsibility to investigate further and take necessary actions.

My company's domain is in your database. What does it mean?

It means that at least one account on your domain was potentially compromised as a result of a phishing attack. OpenPhish makes no attempt to establish the legitimacy of the account(s) nor does it assess the severity of the impact.

What does the free report contain?

Each organization is eligible for one free report that contains the following information:

  • Potentially compromised account details (limited to 25 accounts)
  • Corresponding data: phishing URLs, targeted brands and discovery time
Please note that in order to receive a free report, you must prove domain ownership.