API to provide easy checking for messages against phishing domains

To avoid unnecessary requests to the service, please implement a RegEx on your end to ensure only messages which contain a domain are being sent to the service!

This service uses the following expression to match domains:


Request URL:

Method: POST

Headers: Please include a User-Agent header in format Application-Name (Application-Link)!

Request Body:

{"message":"Oh no a here"}

Match(es) Found (Status Code 200)


Since a single message could technically contain multiple results, the returning json contains a json array under the "matches" field.

Followed: Whether the link was followed to find the actual destination domain. I.e. for links.

Domain: The resulting domain which was matched successfully.

Source: Which list/database contained a match for this domain.

Type: The type of the rusult, which is either of: "PHISHING", "IP_LOGGER".

Trust Rating: A 0-1 floating point number representing how much I would trust this source to be correct. I.e. for Phishing.Database I use a lower trust rating, since that Database is very huge, but also contains some false-positives.

No Match Found (Status Code 404)


Test it!


Privacy Statement

This service does not store or share any messages. Messages are being pattern matched for domains and the rest of the message is being discarded.
The matched domains are being held in cache with their respecting result (i.e. bad domain or not) until the application restarts or a LRU eviction takes place.

API hosted & maintained by ZeroTwo-Bot. Uses nwunder#4003's API and Phishing.Database for domain data.
Support / Update Information on Discord: Join the Server
Icons made by Freepik from