PhishTank is a community-driven service that collects and verifies phishing URLs. Integrate it with Content Guard Pro for additional phishing detection.
What is PhishTank? #
PhishTank is:
- A free community phishing verification service
- Operated by Cisco Talos
- Contains millions of verified phishing URLs
- Updated continuously by community submissions
Benefits of Integration #
When enabled:
- URLs checked against PhishTank database
- Known phishing sites receive +50 confidence
- Severity automatically elevated to Critical
- Complements Google Safe Browsing coverage
Setting Up PhishTank #
Getting an API Key (Optional) #
An API key improves rate limits but isn’t required:
1. Go to PhishTank
2. Click Register to create an account
3. After registration, go to Developers
4. Request an API key
5. Key is provided immediately
Without API Key #
PhishTank works without a key but with lower rate limits:
- ~10 requests per minute
- May be throttled during high-volume scans
- Suitable for small sites
With API Key #
With a key you get:
- Higher rate limits
- More reliable service
- Recommended for medium+ sites
Configuring in Content Guard Pro #
Enable Integration #
1. Go to Content Guard Pro → Settings
2. Find General Settings section
3. Check PhishTank
4. Enter API Key (optional)
5. Click Save Changes
Testing the Connection #
1. Click Test API Connections
2. Look for “PhishTank: ✓ Working”
3. If error, check API key or try without key
How It Works #
Query Process #
1. External URL detected during scan
2. URL normalized (protocol, trailing slash)
3. Cache checked for recent result
4. If not cached, PhishTank API queried
5. Result cached (12 hours)
6. Finding updated if phishing detected
What’s Checked #
- All external URLs found in content
- Links in href attributes
- Script and iframe sources
- Redirect destinations
Response Types #
| Response | Meaning | Action |
| ———- | ——— | ——– |
| In database, verified phishing | Confirmed phishing site | +50 confidence, Critical |
| In database, unverified | Suspected but not confirmed | +25 confidence |
| Not in database | No phishing data | No change |
Interpreting Results #
Finding Details #
When PhishTank flags a URL:
Reputation: PhishTank
Status: VERIFIED_PHISHING
Submission Date: 2025-01-10
Verified: Yes
Confidence Bonus: +50
Verification Status #
| Status | Meaning |
| ——– | ——— |
| Verified | Community confirmed as phishing |
| Unverified | Submitted but not yet confirmed |
| Not Listed | Not in PhishTank database |
PhishTank vs. Google Safe Browsing #
| Aspect | PhishTank | Google Safe Browsing |
| ——– | ———– | ——————— |
| Focus | Phishing only | Malware + Phishing + More |
| Updates | Community-driven | Google-curated |
| Coverage | Good for phishing | Broader coverage |
| API Limits | Lower (free) | Higher (free tier) |
| API Key | Optional | Required |
Recommendation #
Enable both for comprehensive protection:
- Google Safe Browsing for broad coverage
- PhishTank for additional phishing detection
- Overlap provides redundancy
Rate Limits #
Without API Key #
| Limit | Amount |
| ——- | ——– |
| Per minute | ~10 requests |
| Per hour | ~100 requests |
| Per day | ~1,000 requests |
With API Key #
| Limit | Amount |
| ——- | ——– |
| Per minute | ~30 requests |
| Per hour | ~500 requests |
| Per day | ~5,000 requests |
Content Guard Pro Optimization #
- Results cached for 12 hours
- Only external URLs checked
- Duplicate URLs checked once
- Typically stays within limits
Caching #
Default Cache Duration #
- 12 hours for all results
- Reduces API calls
- Balances freshness with rate limits
Clearing Cache #
1. Go to Settings
2. Click Clear Reputation Cache
3. Clears both PhishTank and Safe Browsing cache
Troubleshooting #
“Rate Limited” #
1. Wait for rate limit to reset
2. Reduce scan frequency
3. Get an API key for higher limits
4. Ensure caching is working
“Connection Failed” #
1. Check outbound HTTPS connectivity
2. PhishTank uses: checkurl.phishtank.com
3. Verify no firewall blocking
4. Try without API key
“Invalid API Key” #
1. Verify key copied correctly
2. Check key status in PhishTank account
3. Generate new key if needed
4. Try without key temporarily
Phishing Sites Not Detected #
1. PhishTank only knows reported sites
2. New phishing sites may not be listed
3. Use with Safe Browsing for better coverage
4. Report new phishing sites to PhishTank
Reporting Phishing #
Help improve the database:
1. Visit PhishTank Submit
2. Submit suspicious URLs
3. Community verifies submissions
4. Future scans will detect the reported URLs
