---
name: fetch-feed
type: instructions
description: Download the current phishunt phishing domains feed in TXT, JSON or CSV.
---

# Fetch the phishunt phishing feed

## Purpose
Download all currently-active suspicious phishing sites flagged by phishunt.io.
Use this to seed blocklists, enrich threat intel pipelines, or check bulk URLs.

## Endpoints
- `GET https://phishunt.io/feed.txt` — newline-delimited URLs (text/plain)
- `GET https://phishunt.io/feed.json` — JSON array with full metadata
- `GET https://phishunt.io/feed.csv` — CSV with header row

All three are public (no auth), rate-limited at the Cloudflare edge, CC0 licensed.
Updated hourly by the phishunt pipeline. Cache TTL: 5 min (`max-age=300, public`).

## Fields in JSON/CSV format
`url`, `date` (ISO), `first_seen` (ISO), `company` (brand slug), `ip`, `country`,
`cert` (TLS issuer), `asn`, `org` (hosting), and malicious flags from 5 sources
(GSB, OpenPhish, PhishTank, TweetFeed, urlscan).

## Example
```bash
curl -sf https://phishunt.io/feed.json | jq '.[] | select(.company=="microsoft")'
```