We use cookies to improve your experience. Please read our cookies policy here.


Phishing feed

At a glance

  • Security companies provide us with a live data feed of sites that have been reported as phishing sites
  • We can use this data to alert you of any domain names on your tag that are on this report
  • When you receive notification of a domain name being involved in phishing you can lock it using our investigation lock while you carry out further checks
  • You can enable the phishing feed by checking the box ‘Receive Phishing Notifications’ in your Online Services account

We are providing a phishing feed to help registrars combat phishing.

Specialist security companies are continually monitoring phishing through a variety of methods. These security companies will often identify a phishing site within a very short time of it being registered and set up.

When a phisher sets up a phishing site it is usually only effective for a short period of time. It is therefore essential to act as quickly as possible to shut down phishing sites.

The security companies are providing us with a live data feed of sites that have been reported as phishing sites. We can use this data to alert a registrar of any domain names on their tag that are on this report. Once you receive notification of a domain name suspected of being involved in phishing, you can then lock the name using our investigation lock, whilst you carry out further checks.

The data for our phishing feed is currently supplied by Netcraft. We are also looking at other sources of data and will add them when available.

Netcraft phishing feed – notifies of domains that have been used for phishing purposes.

Field definitions

Field name Description
Key Domain name notified about
Abuse-type The type of abuse – may be ‘phishing’
Source The source of the notification
Hostname The hostname for the site
URL URL of abusive page
Date Date source added the record to their database
IP IP address for abusive page
Nameserver Nameserver for the abusive page
Dns-admin DNS Admin for the abusive page
Target Target of the abuse
Whole-domain ‘y’ if the whole domain is affected, ‘n’ if not

How do I use the phishing feed?

The phishing feed is an opt-in service and can be accessed in your online service account under Tag Settings > Notifications. To enable the phishing feed simply check the box ‘Receive Phishing Notifications’.

Notifications can be sent either by email or by EPP. If you wish to receive email notification of phishing events on your tag you can supply your preferred notification email address. Further details about the notification email and the layout of the EPP notifications are available.

The phishing feed and its use are covered by its own terms of use.

Minerva House, Edmund Halley Road, Oxford Science Park, OX4 4DQ, United Kingdom