• Update Frequency
  • Data Volume
  • 15 minutes
  • 60 days
  • 15 minutes
  • 120 days
  • Daily
  • 180 days

The OpenPhish Database is a continuously updated archive of structured and searchable information on all the phishing websites detected by OpenPhish. In addition, the database contains metadata that can be used for detecting and analyzing cyber incidents, searching for patterns and trends, or act as a training or validation dataset for AI applications.

What information is in the database?

The database contains these forensics indicators for each URL:

  • Hostname, page, path, and language
  • SSL certificate metadata
  • IP address, ASN, country
  • Impersonated brand, drop accounts

Use Cases

The database can help answer questions like:

  • Is a particular URL a phish?
  • How many phishing URLs were detected on a specific hostname?
  • How many phishing URLs on a specific IP address?
  • What percentage of URLs have a specific pattern in their path?


The OpenPhish Database is provided as an SQLite database and can be easily integrated into existing systems using our free, open-source API module. Please send us an email from a domain owned by your organization for more information and pricing details.