What is the purpose of StalkPhish.io?
StalkPhish.io provides enriched data on the potential presence of phishing URLs, usurping the visual identity of a company or administration. The data provided via a REST API can be easily and regularly retrieved and integrated into a detection and takedown workflow. In addition, the StalkPhish.io backend is tailored to retrieve phishing kits when they are still present on the server, and exfiltration configurations (emails, Telegram channels) are extracted and made available via the API, enabling the investigator to perfect his knowledge of the threat and the actor.
Why this name?
The name StalkPhish.io is based on the open source software
StalkPhish-OSS, created by the founder of StalkPhish: Thomas Damonneville, creator of multiple tools dedicated to the fight against phishing.
Why should I use StalkPhish.io instead of StalkPhish-OSS?
Because StalkPhish.io is a highly augmented version (more data, more enrichment, more data sources) of StalkPhish-OSS, you don't need to deploy and maintain a StalkPhish-OSS stack - we do that for you. You can then easily use the StalkPhish.io REST API to retrieve the data you need.
Why do I need to sign up on StalkPhish.io?
We ask our beneficiaries to sign up because we need to manage your account in case you lose your password or API key. We also need a valid e-mail address to keep in touch with you about your use, needs or experience of StalkPhish.io, so that we can improve our product according to the needs of the majority of our users.
How can I use my API key?
The API key (also known as a token), must be included in an HTTP authorization header. The key must be prefixed by the literal string "Token", with a white space separating the two strings, like this cURL command:
curl -X GET -H "authorization: Token 739aec689724c45066689ce03385e3abf38d2f54" https://api.stalkphish.io/api/v1/search/url/wellsfargo
What sources do you use in StalkPhish.io?
We use several OSINT sources referencing phishing sites, as well as several pivots tailored to the infrastructure being analyzed in order to retrieved more data and much more URLs. The URLs are then subjected to enrichment, enabling us to qualify the threat more precisely thanks to algorithms developed by us: giving it a danger score (out of 100) as well as the usurped brand.