API not showing phishing alerts

We have a phishing alert in our CF dashboard in one of our domains that look like this:

Your domain has content that has been blocked.
(Type - Phishing)

We tried to automate the detection of such using the API:

However, the respond always shows:

“meta”: {
“step”: 2,
“custom_certificate_quota”: 0,
“page_rule_quota”: 3,
“phishing_detected”: false,
“multiple_railguns_allowed”: false

Any idea why the API is not reporting this?