Check the live operational status and response times for all PhishCan API endpoints. Stay informed about service availability and performance.
View API StatusPhishCan provides free, regularly updated threat intelligence feeds for Canadian phishing domains. These API endpoints allow you to programmatically access the data in various formats for integration into your security tools and systems.
Base URL: https://phishcan.org
Update Frequency: All feeds are updated every 12 hours to ensure the most current threat intelligence. The nextScheduledRun field in the metadata shows when the next update is scheduled.
Authentication: No API key or authentication is required. All endpoints are publicly accessible.
Rate Limiting: To ensure fair usage and service stability, all API endpoints are rate-limited to 100 requests per minute per IP address. If you exceed this limit, you will receive a 429 Too Many Requests response with a Retry-After header indicating when you can make another request.
CORS Support: All API endpoints support Cross-Origin Resource Sharing (CORS), allowing direct integration from web applications.
Feed Size Limit: You can limit the number of domains returned by adding a ?limit=N query parameter to any feed URL, where N is the desired number of domains. Use ?limit=all to retrieve the full dataset. Current feed sizes: Banking: 61 domains, Utilities: 47 domains, Government: 65 domains.
lastUpdated: Timestamp when the feed data was last refreshedtotalDomains: Total number of phishing domains in the feedfeedType: Category identifier (e.g., "banking-phishing")newSinceLastRun: Number of new domains added since the last updatenextScheduledRun: When the next automated update is scheduledsource: Data source identifier (always "PhishCan")Caching: To optimize performance and reduce load on our servers, we highly recommend implementing client-side caching for the API responses. The feeds are updated every 12 hours, so frequent requests within this window are unnecessary.
Attribution: While not strictly required for direct programmatic use, we appreciate attribution to PhishCan when our data is publicly displayed or redistributed. For full terms, please refer to our Terms of Service.
Disclaimer: The data is provided for security research and protection purposes. While we strive for accuracy, we make no guarantees about the completeness or accuracy of the threat intelligence data. Always verify suspicious domains through official channels.