List Structure

The PhishFort Public List is located here (opens in a new tab). The directory structure contains two folders, blacklists and whitelists. A description of both is provided below.

Blacklists

The blacklists directory contains two lists in JSON format:

A full list of blacklisted domains: domains.json (opens in a new tab)
A "hot list" of recently blacklisted domains: hotlist.json (opens in a new tab)

Teams are invited to openly pull from our domains.json (opens in a new tab) to ensure maximum coverage. However, in the case where performance or the size of the list is a concern (this list is always growing) we urge developers and/or teams to then consider consuming from our hotlist.json (opens in a new tab).

The hot list keeps a rolling window of 3 month detections (ie. items in the hotlist will only exist for 3 months). The rolling window period is subject to change. Although this should be ample time for PhishFort to execute a successful takedown on the site mentioned, we cannot guarantee that we will be executing takedowns on every single item in the list.

Whitelists

The whitelist directory contains a number of lists we maintain for partner projects and internal reasons. We do not recommend consuming or making any assumptions based on this list.

API Data Structures Data Collection Policy