Global Blocklist
Every Attack We Find is Blocklisted
Once we have identified an attack, we remove it. To do this we blocklist every threat and at the same time proceed to remove it, preventing access instantly.
Real-Time Intelligence Flow
PhishFort API
Verified phishing & scams pushed hourly
+25 Global Integrations
MEW
IX
Abuse
DNS
Web Browsers
Google
Brave
Opera
Edge
Among
Others
Others
Wallets
Meta
Mask
Mask
Trust
Wallet
Wallet
Among
Others
Others
Threat Intel
Hyper
native
native
Chain
Abuse
Abuse
AIX
AbuseIX
IQ
IQAbuse
Among
Others
Others
Security Endpoints
Bing/
MSRC
MSRC
Cloudflare
Vercel
apk
Manager
Manager
CDN
CleanDNS
Among
Others
Others
Warning
Deceptive site ahead
Back to safety
MX/SMTP Traffic Halted
Domain MX records are blackholed globally. Zero outbound emails can be sent or delivered from this domain while blocklisted.
Threat Neutralized
Domain access and emails halted instantly
+418M Active Users
Our Blocklist is consumed by Web Browsers, Anti-Virus Providers, ISPs, and many others.
First Layer of Defence
We provide instant protection that safeguards before takedowns happen.
Year-Long URL Shielding
Following a takedown, blocked URLs remain on our list for a year, thwarting future attacks.
How it grows
Our blocklist gets populated and grows by clients and non-clients reports (via browser extension/nighthawk).
Once a URL gets reported, the report is classified by one of our analysts and flagged as malicious if it is targeting a legitimate project in any way.
We do not blocklist URLs automatically
To halt phishing campaigns urgently, we blocklist sites first, and legitimate projects can request removal through GitHub PRs or email.
Fueling the Security Ecosystem
PhishFort’s blocklisting data is distributed through a network of 25+ global providers via our exclusive Partner Sharing API. Our Threat Resolution Team automatically updates incidents every hour to protect across the digital ecosystem.
Threat Intelligence
Integrated with premium malware analysis platforms and domain/URL abuse reporting services.
Domain & DNS Services
Consumed by domain registries and DNS providers that block malicious traffic instantly.
Web Browsers
Built-in threat detection for major and privacy-focused browsers (Google, Brave, Edge) and crypto wallets like MetaMask.
Cloud Infrastructure
Cloud service providers implement warning and blocking mechanisms based directly on our API.
Protect Yourself with PhishFort's Expertise
Report Phishing Attempts
PhishFort will review each report and if accepted, will blocklist this across our network.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. By subscribing you agree to with our Privacy Policy and provide consent to receive updates from our company.
Frequently Asked Questions
Learn more about our blocklisting process and partnerships.
What is the meaning of "blocklist"?
Blocklisting is the process of identifying and preventing access to malicious online entities, such as domains, social media accounts, or IP addresses. A blocklist is a meticulously maintained database of these identified threats utilized by security providers, web browsers, antivirus solutions, and internet service providers to automatically alert and protect users before harmful activity can cause damage.
When does PhishFort blocklist an incident?
When our operations team is handling a takedown request, the submission to our partners’ blocklists is triggered automatically for specific incidents: Phishing cases, proven Scam cases, and Malware cases. Every time we begin a takedown process for these three attack types, the system automatically updates the incident’s status to be submitted to all integrated blocklists.
Who consumes the PhishFort blocklist?
Our blocklist is consumed by over 25 global providers, including major web browsers (Google, Brave, Edge), crypto wallets (MetaMask and others), premium malware analysis platforms, domain registries, DNS providers, URL reputation APIs, and cloud service providers.
How can partners access the blocklist data?
We manage a private blocklist accessible exclusively through our Partner Sharing API. This API is managed by our Threat Resolution Team and automatically pushes the latest verified incidents from our database every hour, covering data from the past 1, 3, and 12 months.