---
name: lookup-brand
type: instructions
description: List active phishing sites targeting a specific brand.
---

# Look up phishing sites targeting a brand

## Purpose
Given a brand slug (e.g. `microsoft`, `binance`, `spotify`), retrieve all
currently-active phishing domains flagged as impersonating that brand.

## Endpoint
```
GET https://phishunt.io/api/v1/domains?company=<brand>&limit=<n>&format=json
```

## Parameters
- `company` — brand slug (lowercase). See https://phishunt.io/api/ for list.
- `limit` — 1-1000 (default 100).
- `offset` — 0-10000 (default 0).
- `since` — ISO date; filter to detections since that date.
- `format` — `json` | `txt` | `csv` (default `json`).

Public, CC0. Response is CORS-enabled.

## Example
```bash
curl -sf 'https://phishunt.io/api/v1/domains?company=microsoft&limit=50' | jq '.results[] | {url, date, ip, country}'
```

## Related
- Human-readable brand page: `https://phishunt.io/suspicious/<brand>/`
- OpenAPI spec: `https://phishunt.io/openapi.yaml`