API

API endpoint

Introduction

Get all the suspicious phishings sites and details at once.
Easily integrate it in your workflows.

Pricing

Once payment is confirmed, you will receive your API key within 24h in your mail

Endpoints

Full feed in JSON & CSV formats
- - URL, Potential Targeted Brand, Screenshot, IP, ASN, Hosting Provider, Country & TLS Certificate

JSON Format

Example:

    {
        "identifier": 1, 
        "date": "October 08, 2020 (12:48:13)", 
        "first_seen": "2020-10-08", 
        "new": true, 
        "company": "amazon", 
        "url": "https://www.amazon.ac9656t.top/", 
        "domain": "www.amazon.ac9656t.top", 
        "image": "https://phishunt.io/static/img/screenshots/amazon/1.png", 
        "malicious_google": "Not found", 
        "gsb_category": "Not found", 
        "malicious_openphish": "Not found", 
        "malicious_phishtank": "Found", 
        "ip": "137.220.137.86", 
        "asn": "AS64050", 
        "hostingprovider": "BGPNET Global ASN", 
        "country": "Japan", 
        "cert": "Let's Encrypt Authority X3"
    }

CSV Format

Example:

identifier,date,first_seen,new,company,url,domain,image,malicious_google,gsb_category,malicious_openphish,malicious_phishtank,ip,asn,hostingprovider,country,cert
1,"October 08, 2020 (12:48:13)",2020-10-08,True,amazon,https://www.amazon.ac9656t.top/,www.amazon.ac9656t.top,https://phishunt.io/static/img/screenshots/amazon/1.png,Not found,Not found,Not found,Found,137.220.137.86,AS64050,BGPNET Global ASN,Japan,Let's Encrypt Authority X3

Full Statistics
- - Targeted Brand, IPs, ASNs, Hosting Providers, Countries & TLD Certificates

Statistics

Example:

[
    {
        "date": "November 07, 2020 (13:09:19)", 
        "companies": {
            "apple": 338, 
            "steam": 238, 
            "microsoft": 235, 
            ...
        }, 
        "ips": {
            "199.59.242.153": 102, 
            "20.190.154.128": 22, 
            "104.219.248.114": 19, 
            ...
        }, 
        "asns": {
            "AS13335": 562, 
            "AS46606": 143, 
            "AS22612": 113, 
            ...
        }, 
        "hostingproviders": {
            "CLOUDFLARENET": 562, 
            "UNIFIEDLAYER-AS-1": 143, 
            "NAMECHEAP-NET": 113, 
            ... 
        }, 
        "TLS Certificates": {
            "Let's Encrypt Authority X3": 529, 
            "Cloudflare Inc ECC CA-3": 507, 
            "cPanel, Inc. Certification Authority": 181, 
            ...
        }, 
        "countries": {
            "United States": 1412, 
            "Germany": 105, 
            "Russia": 56, 
            ...
        }
    }
]

How to use it?

GET https://api.phishunt.io/suspicious/{time}/{details}
x-api-key: [your API key]

curl -i -H "x-api-key: {your API key}" https://api.phishunt.io/suspicious/{time}/{details}

import requests

r=requests.get("https://api.phishunt.io/suspicious/{time}/{details}", headers={'x-api-key': '[your API key]'})  

print(r.text)

More endpoints

Values that can be given to the API endpoint

https://api.phishunt.io/suspicious/{time}/{details}

{time}	{details}	Comments	Examples
statistics		JSON with all the statistics (companies, ips, hosting providers..)	https://api.phishunt.io/suspicious/statistics
feed_json		Feed in JSON	https://api.phishunt.io/suspicious/feed_json
feed_csv		Feed in CSV	https://api.phishunt.io/suspicious/feed_csv
all new today yesterday week month year		Get suspicious sites with time filter in "first_seen" field	https://api.phishunt.io/suspicious/all https://api.phishunt.io/suspicious/new https://api.phishunt.io/suspicious/today
all new today yesterday week month year	[company] [ip] [asn] [hostingprovider] [country] [cert]	Get suspicious sites with time and specific details filter	https://api.phishunt.io/suspicious/all/amazon https://api.phishunt.io/suspicious/new/GOOGLE https://api.phishunt.io/suspicious/today/AS13335

Output fields

Output data given by the API

#	Field	Comment
1	identifier	ID
2	date	Date of the last check (CET)
3	first_seen	Date when the URL was seen (CET)
4	new	Boolean. True if the first time the URL is included
5	company	Potential company affected
6	url	Uniform Resource Locator (URL)
7	domain	Domain. Also includes subdomains
8	image	Path of the screenshot
9	malicious_google	"Malicious" if the URL is flagged at Google Safe Browsing. "Not found" otherwise
10	gsb_category	Google Safe Browsing category if it is flagged as malicious (e.g. "SOCIAL_ENGINEERING")
11	malicious_openphish	"Found" if the URL is at Openphish feed. "Not found" otherwise
12	malicious_phishtank	"Found" if the URL is at Phishtank feed. "Not found" otherwise
13	ip	Internet Protocol address (IP)
14	asn	Autonomous System Number (ASN)
15	hostingprovider	Hosting provider
16	country	Country where the URL is located
17	cert	TLS Certificate

National CERTs

National CERTs can have full access to the API and Feed without any cost. Please visit contact section and we will provide the access.

Terms of Service

All the data is offered by phishunt.io as "it is" on best effort, but please note that some false positives (not bad sites) may appear.

*Includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.