Phishing Threat Intelligence Feeds
Our Threat Intelligence Feeds deliver continuously updated phishing-related Indicators of Compromise (IOCs) through TAXII integration, allowing security teams to automatically ingest threat data into SIEMs, TIPs, and existing security workflows.
The feeds include malicious domains, phishing URLs, sender indicators, suspicious attachments, credential-harvesting infrastructure, and emerging phishing campaign activity, helping organizations strengthen detection capabilities, accelerate response, and proactively defend against evolving phishing threats.
Connect Your Security Platform
Use these parameters to integrate dPhish threat intelligence directly into your SIEM, firewall, or threat-intelligence platform using the TAXII 2.1 protocol.
TAXII Integration Credentials
https://tip.dphish.live/taxii2
https://tip.dphish.live/taxii2/root
68f57461-5c20-451d-ab32-6357d1fbef0b
Feed Specifications & Metadata
2.1
2.1
Public Feed (No Registration Required)
Open Live Feed. Registration is currently not required. The threat intelligence feed is completely public and open for dynamic data retrieval. You can directly integrate the discovery and root configurations into your client connector without any token authentication headers.
Available Feed Collections
Phishing Domains
Phishing IPs
Phishing URLs
Phishing Attachments
Ready to stop phishing end-to-end?
Join the security teams that rely on dPhish and renew every year.
Book a Demo
See dPhish in your environment.
A 30-minute live session tailored to your industry, stack, and threat landscape. No slides just the platform working live.
-
Live demo with your own phishing scenarios
-
ROI and workload reduction walkthrough
-
Integration fit assessment (no commitments)
-
Pricing tailored to your org size & region