⚡Incremental scan mode active — already-reviewed URLs will be skipped for existing brands.
URLs Scanned
0
from PhishTank feed
Threats Found
0
matches detected
Typosquats
0
pattern variations
Brands Monitored
0
in watchlist
BrandMatch TypeThreatStatus
Threat Intelligence Results 0 records
🔍
No scan results yet
Add brands above and click Run Threat Scan
📦
Scan complete — results ready
0 threats · 0 URLs
⚠ Important Disclaimer
Results are sourced from the PhishTank community feed and are provided for informational purposes only. PhishPin does not guarantee the accuracy, completeness, or timeliness of this data. Do not click on any flagged URLs directly — use sandboxed environments only. PhishPin is an automated intelligence-assistance tool and does not replace professional cybersecurity investigation. See footer for full terms.
Enforcement Services
PhishPin provides automated threat intelligence to support your enforcement and brand-protection workflows. Our services reduce analyst workload and accelerate response time across multiple threat vectors.
🎣
Anti-Phishing Enforcement
Automated detection of phishing domains impersonating your brand across the PhishTank feed and extended threat intelligence sources. Our engine uses multi-vector analysis including exact match, typosquatting, homoglyph detection, and subdomain abuse patterns. Contact us - Support@PhishPin.com
Real-time PhishTank feed monitoring
Pattern-based URL deception analysis
Threat level scoring (High / Medium / Low)
Active/Down status verification per domain
Exportable evidence for ICANN, registrar, and CERT complaints
Incremental scanning — no duplicate review overhead
Supports bulk brand watchlists for enterprise teams
Typical impact: Reduces phishing site dwell time by surfacing threats early. Results can be directly used in abuse desk submissions to hosting providers, domain registrars, and national CERTs.
™
Brand & Trademark Abuse Enforcement
Identify and document instances of brand name abuse used in phishing infrastructure. Covers lookalike domains, brand-keyword-stuffed URLs, and deceptive subdomains crafted to exploit consumer trust in your trademark. Contact us - Support@PhishPin.com
Continuous monitoring across multi-brand portfolios
Integration-ready exports (CSV / XLSX) for legal teams
Trademark owners can use PhishPin output as a starting point for UDRP filings or cease-and-desist notices — always in conjunction with qualified legal counsel.
🛒
Marketplace Enforcement
Detect phishing and counterfeit-adjacent URLs that masquerade as legitimate e-commerce platforms, product pages, or payment gateways. Particularly valuable for brands with high consumer-facing digital commerce exposure. Contact us - Support@PhishPin.com
Reports structured for platform trust & safety teams
Amazon, Flipkart, eBay brand protection workflows
Cross-brand portfolio scanning capability
Works best in combination with manual review by your brand protection team. Results are indicative and should be verified before formal escalation.
📱
Social Media Enforcement
Surface phishing URLs that mimic social media platforms or leverage social channels as attack vectors. Detect brand impersonation through social-platform-style URL patterns distributed via phishing campaigns.
Tracking threat URLs distributed via social campaigns
Social media enforcement requires platform-specific reporting to be actioned. PhishPin provides detection intelligence; enforcement actions must go through official platform channels.
📧
Email Scam Enforcement
Detect phishing URLs embedded in email scam campaigns targeting your brand. BEC (Business Email Compromise), spoofed sender domains, and credential-phishing landing pages are identified through URL-level pattern analysis.
BEC & email spoofing domain detection
Phishing landing page URL identification
Credential harvesting page pattern recognition
Domain-level threat scoring for email security teams
Integration-ready output for DMARC/DKIM enforcement teams
Support for CERT, APWG, and anti-spam body reporting
Timestamped scan records for incident documentation
Email scam enforcement is most effective when PhishPin intelligence is combined with your email gateway logs and SIEM data for full campaign attribution.
⚙️
How PhishPin Works
PhishPin is a fully automated, single-operator threat intelligence tool. No installation, no agent deployment. Built for brand protection analysts, legal teams, and cybersecurity professionals.
Add brand keywords to the watchlist
PhishPin fetches the live PhishTank feed server-side
Multi-layer matching engine analyses every URL
Threats are scored, deduplicated, and status-checked
Export results as CSV or XLSX for downstream action
Incremental mode skips already-reviewed URLs on repeat scans
No data is stored on PhishPin servers — fully client-side processing
About PhishPin
PhishPin is an automated brand threat intelligence platform built to help organisations reduce the manual effort involved in monitoring phishing infrastructure targeting their brands.
60K+
URLs Checked Per Run
6
Detection Vectors
100%
Automated Analysis
Our Mission
Brand protection teams and cybersecurity analysts spend enormous amounts of time manually reviewing phishing URLs to identify threats targeting their organisations. PhishPin was built to automate that initial triage layer — pulling from trusted community feeds, applying intelligent matching, and surfacing only what matters.
We believe threat intelligence should be accessible, fast, and frictionless — no enterprise contracts, no complex deployments. A single PHP file, self-hosted, under your control. Contact us - Support@Phishpin.com
What We Do
PhishPin ingests the PhishTank community phishing feed — one of the most comprehensive public datasets of verified phishing URLs — and runs it through a multi-layer matching engine designed specifically for brand impersonation detection.
Every URL is analysed for exact brand matches, typosquatting, homoglyph substitution, leet-speak encoding, subdomain abuse, and prefix/suffix manipulation. Results are scored by threat level and checked for live status. Contact us - Support@Phishpin.com
Data & Privacy
PhishPin processes all data locally in your browser. The PHP proxy fetches the PhishTank feed on your server — no data is transmitted to PhishPin. Brand names you enter and scan results are stored only in your browser's local storage for incremental scan functionality.
You can clear all stored data at any time using the "Clear All Scan History" button in the dashboard. We do not collect, transmit, or store any user data.
Technology
Built as a zero-dependency, single-file PHP application. The pattern matching engine runs entirely in the browser via JavaScript. The server-side PHP proxy handles CORS-compliant feed fetching and URL status checking.
Libraries used: PapaParse (CSV parsing), SheetJS (XLSX export). No database required. Deploy anywhere with PHP + cURL support.
🔒 A Note on Responsible Use
PhishPin is designed as an intelligence-assistance tool. The URLs surfaced in results are sourced from the PhishTank community database of reported phishing pages. While PhishTank employs community verification, PhishPin makes no independent determination of whether any specific URL is malicious. Results should always be reviewed by a qualified security analyst before being used as the basis for takedown requests, legal filings, or other enforcement actions. Automated tools reduce workload — they do not replace human judgment.
Privacy Policy
Effective Date: 2025. This Privacy Policy describes how PhishPin handles information in connection with your use of the platform.
Data We Do Not Collect
PhishPin does not collect, store, transmit, or share any personally identifiable information (PII). We do not operate user accounts, analytics tracking, cookies for advertising, or any form of user profiling.
Local Storage
Brand names you add to the watchlist and scan history markers (used for incremental scanning) are stored exclusively in your browser's localStorage. This data never leaves your device. You can clear it at any time via the "Clear All Scan History" button or by clearing your browser data.
Feed Fetching
When you run a scan, your server (where this PHP file is hosted) fetches the PhishTank CSV feed. This request originates from your server's IP address. PhishPin has no visibility into this transaction. You are responsible for complying with PhishTank's terms of use regarding feed access.
URL Status Checking
When website status checking is enabled, your server makes HEAD requests to flagged URLs to determine if they are live. This is done entirely server-side. PhishPin does not log or store the URLs checked or the results returned.
Third-Party Services
PhishPin loads fonts from Google Fonts and JavaScript libraries from cdnjs.cloudflare.com. These third-party services may log your IP address per their own privacy policies.
Contact
If you have questions about this privacy policy, please refer to the documentation accompanying your installation of PhishPin.
Terms & Conditions
By using PhishPin, you agree to the following terms. If you do not agree, do not use this platform.
Permitted Use
PhishPin is intended for use by cybersecurity professionals, brand protection analysts, and legal teams for the purpose of identifying potential phishing threats targeting legitimate brands. Use is permitted for threat intelligence research, brand monitoring, and enforcement evidence gathering.
Prohibited Use
You may not use PhishPin to: harass or target individuals, generate false or fabricated threat evidence, automate abuse complaints without human review, circumvent terms of service of third-party platforms, or for any unlawful purpose.
Accuracy of Results
PhishPin results are generated by automated pattern matching and are provided for informational purposes only. Results may contain false positives and false negatives. No result should be acted upon without independent verification by a qualified analyst. PhishPin makes no warranty regarding the accuracy, completeness, or timeliness of results.
No Legal Advice
Nothing on this platform constitutes legal advice. If you intend to use PhishPin output in legal proceedings or formal enforcement actions, you must consult qualified legal counsel.
Limitation of Liability
To the maximum extent permitted by applicable law, PhishPin and its operators shall not be liable for any direct, indirect, incidental, special, or consequential damages arising from use of this platform, including but not limited to damages arising from reliance on scan results, actions taken against third parties, or any harm resulting from visiting URLs identified by the tool.
Third-Party Data
Scan results are sourced from PhishTank, a third-party community database. PhishPin has no control over the accuracy of PhishTank data and assumes no responsibility for errors or omissions in that dataset. You are responsible for complying with PhishTank's terms of service.
Modifications
These terms may be updated at any time. Continued use of the platform constitutes acceptance of updated terms.
Full Disclaimer
No Warranty
PhishPin is provided "as is" and "as available" without any warranty of any kind, whether express, implied, statutory, or otherwise, including without limitation any warranty of merchantability, fitness for a particular purpose, or non-infringement.
URL Safety
URLs displayed in PhishPin results are believed to be phishing URLs. Do not click on any URL in the results table. If analysis of a URL is required, it must be performed in an isolated, sandboxed environment by a trained cybersecurity professional. PhishPin is not responsible for any harm, data loss, compromise, or legal liability arising from accessing any URL identified by this tool.
Automated Tool Limitations
PhishPin is an automated intelligence-assistance tool. Automation reduces manual workload but does not eliminate the need for human review. False positives (legitimate URLs incorrectly flagged) and false negatives (threats missed) are inherent in any automated detection system. Users must apply professional judgment to all results.
Not a Cybersecurity Service
PhishPin does not provide managed security services, incident response, or active threat mitigation. It provides read-only threat intelligence data from public sources. It is the responsibility of the user and their organisation to determine appropriate responses to threats identified.
Jurisdiction
Users are solely responsible for ensuring their use of PhishPin complies with all applicable laws and regulations in their jurisdiction, including laws relating to cybersecurity, privacy, data protection, and intellectual property.
Indemnification
By using PhishPin, you agree to indemnify and hold harmless PhishPin and its operators from any claims, damages, or expenses arising from your use of the platform or violation of these terms.