This article was accepted into the corpus but its outbound wikilinks were never NER-processed — typical at the deepest BFS hop or when the run's entity cap was reached. No expansion funnel to show.
| PhishTank | |
|---|---|
| Name | PhishTank |
| Type | Online collaborative platform |
| Founded | 2006 |
| Founder | OpenDNS |
| Owner | Cisco Systems |
| Country | United States |
| Headquarters | San Francisco, California |
| Language | English |
PhishTank PhishTank is an online collaborative platform for reporting, verifying, and tracking phishing URLs and related threats. It aggregates user-submitted phishing reports and uses community voting, automated analysis, and partnerships to produce crowdsourced verdicts and machine-readable feeds. The service has been used by security researchers, network operators, law enforcement, and technology companies to mitigate phishing campaigns and improve threat intelligence.
PhishTank operates as a centralized repository where participants submit suspected phishing URLs, annotate evidence, and vote on whether items constitute phishing. The platform interfaces with threat intelligence consumers such as Cisco Systems, OpenDNS, Mozilla, Google, Microsoft, and Yahoo! to provide blocklists, APIs, and datasets. Researchers from institutions like SANS Institute, Carnegie Mellon University, MIT, Stanford University, and University of Cambridge have referenced PhishTank data for empirical studies on phishing trends, attack vectors, and user susceptibility. Major cybersecurity vendors including Symantec, McAfee, Palo Alto Networks, FireEye, and Trend Micro integrate crowdsourced feeds alongside commercial signals for defense-in-depth.
PhishTank was created in 2006 by OpenDNS as an experiment in collective defense against phishing that leveraged community validation and transparent records. In 2013, Cisco Systems acquired OpenDNS, bringing PhishTank into the portfolio alongside products used by Cisco Umbrella and other Cisco Security offerings. Over time the platform evolved from a simple submission-and-vote model to incorporate automated heuristics and partnerships with anti-phishing initiatives such as Anti-Phishing Working Group and collaborations with law enforcement partners including Federal Bureau of Investigation, Europol, and national CERT organizations. Academic collaborations expanded with grants and joint publications involving groups at Georgia Institute of Technology, University of California, Berkeley, and University of Oxford.
PhishTank’s operational model combines human curation, community voting, and programmatic analysis. Registered contributors submit suspected phishing URLs, associated landing pages, and contextual metadata; peers then vote and comment to reach a consensus on maliciousness. The platform employs automated checks referencing domain registration records from WHOIS, reputation signals from VirusTotal, and hosting information from Amazon Web Services, Google Cloud Platform, and Microsoft Azure to enrich each report. Law enforcement takedown requests and coordination rely on evidence chains compatible with agencies such as United States Secret Service and National Crime Agency (UK). PhishTank maintains APIs and machine-readable formats that integrate with security orchestration tools like Splunk, QRadar, Elastic Stack, and TheHive Project.
PhishTank stores structured datasets of URLs, timestamps, submitter IDs, vote tallies, and archived page snapshots. Data consumers retrieve feeds via RESTful APIs and bulk exports used in platforms like MISP and analytics projects at NIST. The project employs web-crawling and snapshotting mechanisms comparable to techniques used by Internet Archive, combined with hash-based signatures and content similarity measures inspired by research from Google Research and Facebook AI Research. Machine-learning models for phishing detection trained on PhishTank labels have been published by teams at Microsoft Research, IBM Research, and independent groups, using feature sets derived from URL tokenization, HTML form attributes, and hosting patterns. PhishTank’s outputs support browser safety features in Mozilla Firefox, Google Chrome, and Microsoft Edge by contributing to blocklists and warning systems.
The PhishTank community comprises volunteers, security professionals, academic researchers, and corporate partners who contribute reports and validation efforts. Strategic partners have included OpenDNS, Cisco Talos, Mozilla Foundation, and civil-society organizations focused on digital safety. The platform has engaged in data-sharing agreements and collaborative initiatives with anti-abuse teams at PayPal, eBay, American Express, and major banks such as JPMorgan Chase and Bank of America to accelerate takedowns. Conferences and workshops where PhishTank data have been presented include RSA Conference, Black Hat USA, DEF CON, Virus Bulletin Conference, and OWASP Global AppSec.
PhishTank’s crowdsourced model has demonstrably assisted in identifying and mitigating thousands of phishing campaigns, improving responsiveness for ISPs, hosting providers, and browser vendors. Studies citing PhishTank indicate benefits in threat intelligence enrichment and academic reproducibility. Criticism has centered on voting accuracy, potential bias from volunteer populations, and latency between submission and consensus compared with automated detection pipelines from organizations like Google Safe Browsing. Concerns about data quality and false positives have led to calls for stronger provenance controls and hybrid approaches combining human and machine signals, discussed in literature from IEEE, ACM, and policy analyses at RAND Corporation. Despite limitations, PhishTank remains a notable example of community-driven cyber threat intelligence and collaborative online defense.