Question 1

Is phishdown free to use?

Accepted Answer

Yes, phishdown is completely free to use. You can check unlimited URLs, domains, and IP addresses without any signup or payment required. Unlike premium services like Phish Report or enterprise security tools, we believe phishing protection should be accessible to everyone.

Question 2

How accurate is the phishing detection?

Accepted Answer

Our detection system combines multiple data sources including DNS records, WHOIS data, SSL certificates, reputation databases, and threat intelligence feeds to provide comprehensive analysis. We use similar techniques to services like PhishTank and APWG, but no system is 100% accurate. We continuously improve our detection algorithms to minimize both false positives and false negatives.

Question 3

What's the difference between Safe, Suspicious, and Malicious?

Accepted Answer

Safe means we found no indicators of phishing or malicious activity. Suspicious means we detected some warning signs (like newly registered domain, unusual DNS configuration, or weak SSL certificate) that warrant caution. Malicious means we have strong evidence that the target is involved in phishing or other malicious activities, such as being listed in threat intelligence databases or matching known phishing patterns.

Question 4

Can I check URLs, domains, and IP addresses?

Accepted Answer

Yes! You can submit full URLs (like https://example.com/page), domains (like example.com), or IP addresses (like 192.168.1.1). Our system automatically detects the type of input you provide and performs the appropriate analysis. We also trace redirect chains to analyze the final destination.

Question 5

How long does a scan take?

Accepted Answer

Most scans complete within a few seconds. Simple domain checks are fastest, while complex URLs with multiple redirects may take slightly longer as we trace the entire redirect chain. We also perform deeper analysis for suspicious sites, which may add a few more seconds.

Question 6

Do you store the URLs I check?

Accepted Answer

We may store anonymized lookup data to improve our detection capabilities and build threat intelligence, but we do not store any personally identifiable information or track individual users. Your privacy is important to us.

Question 7

What should I do if a link is marked as malicious?

Accepted Answer

Do not visit the link. If you received it via email or message, report it as phishing to the Anti-Phishing Working Group (APWG) or PhishTank. If you've already clicked it or entered information, immediately change any passwords that may have been compromised, enable two-factor authentication, and monitor your accounts for suspicious activity. Consider reporting the incident to your email provider and relevant authorities.

Question 8

Can I report a false positive or false negative?

Accepted Answer

Yes! If you believe our analysis is incorrect, please contact us through our contact page. We appreciate feedback as it helps improve our detection accuracy. We also encourage you to report confirmed phishing sites to APWG and PhishTank to help the broader security community.

Question 9

How does phishdown compare to other phishing detection services?

Accepted Answer

phishdown is a free, public-facing tool similar to PhishTank's public checker. Services like Phish Report offer more advanced features like automated takedown workflows and case management for enterprise teams. phishdown focuses on providing fast, accurate detection for individuals and small teams who need quick answers without the complexity of enterprise tools.

Question 10

What types of phishing attacks can you detect?

Accepted Answer

We can detect various phishing techniques including brand impersonation, typosquatting, credential harvesting, fake login pages, and malicious redirects. Our system analyzes domain patterns, SSL certificates, hosting providers, and threat intelligence to identify these attacks. However, sophisticated attacks using legitimate compromised sites may be harder to detect.

Question 11

Do you provide API access?

Accepted Answer

Currently, phishdown is focused on providing a free web interface. API access may be available in the future. For now, you can use our web interface to check URLs programmatically, though we ask that you respect rate limits to ensure service availability for all users.

Question 12

Can I use phishdown for automated monitoring?

Accepted Answer

While phishdown is designed for on-demand checking, we understand the need for monitoring. For enterprise-scale automated monitoring and takedown workflows, services like Phish Report offer more specialized solutions. For individual use, you can check URLs as needed through our interface.

Question 13

What information do you show in the analysis results?

Accepted Answer

Our analysis results include DNS records, WHOIS information, SSL certificate details, hosting provider information, redirect chain analysis, threat intelligence matches, and a comprehensive verdict with confidence score. This gives you all the information needed to make an informed decision about a URL's safety.

Question 14

How do you handle anti-analysis techniques used by phishing sites?

Accepted Answer

Some phishing sites use techniques to evade detection, such as blocking automated scanners or showing different content to bots. While we employ various methods to detect and bypass these techniques, sophisticated evasion may still occur. We continuously update our detection methods to stay ahead of these tactics.

Frequently Asked Questions