Unphish just received a major upgrade to make detecting, tracking, and taking down phishing faster and safer. We’ve added AI-optimised enforcement, a new image view, deeper discovery, richer case files, smarter watchlists, tag and campaign tracking, Safe Mode with an isolated browser in development, a previously submitted case alert, and assignee search. Dark Mode, an open API, and a ServiceNow integration are in development. We’ve also launched Unphish.com to bring it all together.
1. AI & Enforcement
Unphish includes built-in enforcement workflows designed to integrate seamlessly with major enforcement channels such as registrars, hosts, and social platforms. These workflows automate much of the manual effort traditionally required in takedown submissions, significantly reducing time to action and improving efficiency. By incorporating AI into the process, Unphish ensures that every complaint is optimised to align with the specific requirements of the platform, the jurisdiction of the country, and the relevant policy framework. This not only accelerates resolutions but also enhances consistency and effectiveness across large-scale enforcement operations.
2. CleanDNS Integration
Unphish now integrates with CleanDNS to streamline DNS-abuse reporting, evidence collection, and remediation, leveraging CleanDNS’s case-management, evidence-first workflows to accelerate escalations to registrars and registries and to help demonstrate compliance with the DNS Abuse Framework. With the integration of CleanDNS, Unphish now delivers a fully-orchestrated DNS-abuse response lifecycle – from lightning-fast detection to validated evidence, escalation to the correct infrastructure partner, and full audit-trail transparency. CleanDNS’s deep source network, evidence-based decision engine and compliance-ready workflows mean Client’s can act confidently and compliantly when DNS abuse surfaces in their environment.
3. Interface Update
We’ve introduced a new image view to the dashboard, now available in both the Threat Feed and the Enforcement Centre, designed to make analysis faster and more intuitive. This feature presents a gallery-style visualisation of infringing online properties, displaying screenshots alongside key metadata such as domain name, host, registrar, and discovery date. By seeing these elements together, users can instantly assess patterns and spot visual correlations, such as shared templates, logos, layouts, or infrastructure links like IP addresses and hosting providers. The image view enhances situational awareness, allowing analysts and clients to move from data to insight more efficiently, quickly identifying related campaigns, duplicate phishing kits, and clusters of coordinated activity.
4. Deeper Phishing Data Discovery
With the integration of NothingPhishy into our ecosystem, we elevate detection from passive monitoring to proactive disruption. NothingPhishy brings advanced generative-AI detection, extensive domain & app intelligence, brand misuse monitoring and automated enforcement workflows, allowing you to surface complex threats like phishing, fake mobile apps and social media impersonation sooner and act faster. Together, this deepens your visibility across channels, enriches alerts with forensic-grade context, and improves remediation precision, enabling you to stay ahead of attackers targeting your brand, customers and digital assets.
5. Case File Upgrade
ChatGPT said:
6. Watchlist Upgrade
The Watchlist is a key feature within Unphish that allows clients to keep continuous oversight of potential threat domains. It is designed for proactive detection, enabling users to track parked or inactive typo domains that could later be weaponised for phishing or brand abuse. When one of these domains becomes active or starts hosting suspicious content, Unphish automatically generates an alert, allowing clients to respond quickly. Users can manually add domains to their Watchlist, categorise them by relevance or risk, and set custom notification preferences to ensure they are alerted only to the issues that matter most. This capability provides an early-warning layer against domain-based attacks and supports timely enforcement before damage occurs.
7. Tag Tracker
The Tag Tracker in Unphish allows users to classify enforcement cases with custom tags, turning raw case data into actionable intelligence. By tagging cases for factors like phishing kit reuse, template similarity, hosting provider, or geographic targeting, users can uncover relationships between incidents and detect recurring attack patterns. Aggregated tag data reveals broader trends, such as how certain threat actors operate or how specific campaigns evolve over time. This capability transforms Unphish from a reactive takedown tool into a proactive intelligence platform, helping clients anticipate threats, refine detection rules, and disrupt coordinated phishing operations more effectively.
8. Campaign Tracker V1
Unphish now supports campaign tracking through tags in the dashboard. Clients can segment cases into new, active, and closed campaigns, with visibiliUnphish now supports campaign tracking through tags in the dashboard, allowing clients to group related cases into new, active, and closed campaigns. Integrated with Unphish’s time-based analytics, this feature provides structured reporting and deeper insight into campaign lifecycles, attacker persistence, and enforcement effectiveness, helping clients measure impact and identify recurring threat patterns with clarity and precision.ty presented in the same time-responsive framework as existing analytics. This provides structured reporting and enables deeper analysis of campaign lifecycles, attacker persistence, and the effectiveness of enforcement actions.
9. Safe Mode & Isolated Browser
To strengthen client security, we’ve introduced Safe Mode, which warns users before clicking on suspicious links. Safe Mode is enabled by default but can be temporarily disabled for a session if required. In addition, we are developing an isolated browser function, allowing each case to be opened in a protected browsing session within Unphish, reducing the risk of exposure when analysing malicious content. The isolated browser option will be released in the coming weeks.
10. Previously Submitted Case Alert
When you submit a new case, Unphish automatically checks for duplicates and flags if the URL or domain was previously submitted. A clear alert shows the matching case IDs so you can jump to the history, evidence, and outcome, or reference the prior record instead of creating a new one. This reduces noise, prevents double work, and keeps a single clean audit trail.
11. New Options: Watchlist & Whitelist
We have enhanced both the casefile and the threat feed with new functionality that streamlines how cases are managed. Users can now send cases directly to the watchlist, where they will be monitored for any changes or suspicious activity over time. In addition, cases can be directed to the whitelist, ensuring that any discovered domains, social handles, or properties linked to trusted partners or clients are properly recognised and excluded from enforcement workflows. This update not only simplifies case handling but also improves accuracy, helping users focus on genuine threats while reducing noise from legitimate assets.
12. Search by Tag and Assigned User
Unphish now makes it effortless to find what matters fast: filter cases by Assignee and Tags to zero in on work owned by specific team members or slice results by issue, country, campaign, or any custom label your org uses. Combine filters to streamline triage, focus reviews, and keep cross-functional teams aligned, so every investigation starts in the right place.
We have officially launched Unphish.com, a dedicated platform designed to help organisations detect, track, and enforce against phishing and online impersonation threats. Built with AI-enabled automation, Unphish streamlines enforcement workflows, integrates with major enforcement channels, and provides clients with real-time dashboards for tracking campaigns and analysing threats. With features such as Safe Mode browsing, campaign tracking, and advanced case enrichment, Unphish empowers businesses to respond faster, reduce risk, and stay ahead of evolving online threats.
What we are currently working on:
Open API
We’re excited to share that an open API for Unphish is now in development, following strong demand from our clients. The API will let you plug Unphish directly into your own security operations, making it easier to manage enforcement workflows without leaving your existing tools. You’ll be able to create new cases (phishing, brand impersonation, and more), retrieve and track ongoing cases, update details with notes or evidence, and access your list of protected brands, all through secure API key access. This means faster case submission, the ability to build your own dashboards, and tighter integration with your security stack. The first release will cover these core features, with additions like webhook notifications and advanced filtering to come.
Dark Mode
We’re developing a new Dark Mode feature for Unphish, giving users a sleek, low-glare interface that’s easier on the eyes during extended analysis sessions. Much asked for, Dark Mode not only enhances visual comfort for analysts working late or across multiple screens, but also improves contrast and focus when reviewing screenshots, evidence, and dashboards. This optional theme will align with system preferences and can be toggled directly in the user profile, delivering the same smooth performance and intuitive layout that Unphish is known for, just darker.
ServiceNOW Intergration
We’re working on a basic integration with ServiceNow that will allow Unphish cases to flow directly into clients’ ServiceNow environments. This means new cases can be created and tracked inside ServiceNow, giving security teams a single place to manage incidents without needing to switch between platforms.
About brandsec
brandsec is a team of highly experienced domain name management and online brand protection experts. We provide corporate domain name management and brand enforcement services, helping brands eliminate phishing platforms across the internet. Supporting some of the largest brands in the region, we offer innovative solutions to combat threats across multiple industries.
