Phishing feed

At a glance

  • Security companies provide us with a live data feed of sites that have been reported as phishing sites
  • We can use this data to alert you of any domain names on your tag that are on this report
  • When you receive notification of a domain name being involved in phishing you can lock it using our investigation lock while you carry out further checks
  • You can enable the phishing feed by checking the box 'Receive Phishing Notifications' in your Online Services account

We are providing a phishing feed to help registrars combat phishing.

Specialist security companies are continually monitoring phishing through a variety of methods. These security companies will often identify a phishing site within a very short time of it being registered and set up.

When a phisher sets up a phishing site it is usually only effective for a short period of time. It is therefore essential to act as quickly as possible to shut down phishing sites.

The security companies are providing us with a live data feed of sites that have been reported as phishing sites. We can use this data to alert a registrar of any domain names on their tag that are on this report. Once you receive notification of a domain name suspected of being involved in phishing, you can then lock the name using our investigation lock, whilst you carry out further checks.

The data for our phishing feed is currently supplied by Netcraft. We are also looking at other sources of data and will add them when available.

Netcraft phishing feed - notifies of domains that have been used for phishing purposes.

Field definitions

Field nameDescription
KeyDomain name notified about
Abuse-typeThe type of abuse - may be 'phishing'
SourceThe source of the notification
HostnameThe hostname for the site
URLURL of abusive page
DateDate source added the record to their database
IPIP address for abusive page
NameserverNameserver for the abusive page
Dns-adminDNS Admin for the abusive page
TargetTarget of the abuse
Whole-domain'y' if the whole domain is affected, 'n' if not

How do I use the phishing feed?

The phishing feed is an opt-in service and can be accessed in your online service account under Tag Settings > Notifications. To enable the phishing feed simply check the box 'Receive Phishing Notifications'.

Notifications can be sent either by email or by EPP. If you wish to receive email notification of phishing events on your tag you can supply your preferred notification email address. Further details about the notification email and the layout of the EPP notification are available here.

The phishing feed and its use are covered by its own terms of use.