Show HN: Phishcan, Canada's first open and free threat intelligence platform

Show HN: Phishcan, Canada's first open and free threat intelligence platform phishcan.com/...

Phishcan provides crucial threat intelligence, and it currently tracks phishing domains for:

• Scotiabank, Desjardins, RBC, Interac…

• Telecom providers, provincial power and health services...

• Federal & provincial services, CRA, Canada Post, Service Canada, Revenue Québec...

How Phishcan works:

• Parsing millions of domains: Continuously scanning and analyzing vast numbers of domains to detect suspicious patterns and potential phishing sites.

• Monitoring threat actors : close watch on cyber‑criminal infrastructures and their new domain registrations.

• Data enrichment : adding contextual insights and connections to improve the information

• Feeds are updated every 12 hours.

• You can use the API freely at: https://phishcan.com/api-docs

Data is also available on: https://github.com/Phishcan/phishcan-data

I plan to improve the whole platform with more data during my free time!

This is pretty interesting!

I am curious - who are you, and why should I (or other Canadian information security professionals) trust this data over other threat intelligence sources?

I admit to only doing a casual, cursory check, but the website, github and linkedin account all appear to be configured to conceal who is behind the site, and the only third party credited is an American company.

ripernverse · 3 months ago

Great questions!

1) To my knowledge, there isn't a centralized phishing database specifically for Canadian entities, nor are there updated threat feeds available. My primary goal is to create a resource that is openly accessible and free for everyone. While I acknowledge that Microsoft’s threat intelligence is far superior to what I can offer (I used to work a lot with their security products), it comes at a high price and lacks the flexibility for inspection and use.

2) I shared this project on my personal Linkedin to gather feedback, as I haven't registered a company yet. I plan to enhance transparency in the future, but for now, it’s mainly a personal/nerd project. The third-party credited is Whoxy, they allow me to use their WHOIS records for free since my project is non-commercial, and I need to provide appropriate credit for that.

I hope this clarifies things!

ygjb · 3 months ago

tdeck · 3 months ago

This is great! Which aspects of this are Canada specific? Would it be technically practical to expand it to other TLDs?

It only tracks phishing related to Canadian entities (banks, utilities etc.). So it's not restricted to .ca (if that was your question!).

gorkemcetin · 3 months ago

This is interesting. I was thinking about building a similar solution around GRC but this time focusing on AI regulations, AI threats, breaches, 0-days etc. Out of curiosity did you use agents for this or a platform like Exa AI?

Hey, I don't rely on any agents, my approach primarily involves heuristic-based detection and fuzzing using various open data sources.

selinkocalar · 3 months ago

Wonder how they're handling attribution and false positives. Threat intel quality can vary so wildly between sources.

I identified patterns and categorized them as strong positives, while continuing to search for new patterns and assigning scores based on factors such as TLD, host registrar, and registration duration.

The accuracy varies across categories, as some patterns cannot be linked to Canadian entities, but, most of the data is sourced from phishing feeds.

nubinetwork · 3 months ago

Can you provide a DNS RPZ zone file for people to add to their servers to block requests for these malicious domains?

Awesomedonut · 3 months ago

Super cool!

Thanks!