API
API endpoint
Introduction
The API is used to easily get ALL the information and details at once.Contact us with any questions, or for more information on the Feed allowing you to gain full access to our data via API.
Features
- Full access to the API
- Full feed in JSON & CSV formats
- - URL, Targeted Brand, Screenshot, check if Malicious, IP, ASN, Hosting Provider, Country & TLS Certificate
Example:
{
"identifier": 1,
"date": "October 08, 2020 (12:48:13)",
"first_seen": "2020-10-08",
"new": true,
"company": "amazon",
"url": "https://www.amazon.ac9656t.top/",
"domain": "www.amazon.ac9656t.top",
"image": "https://phishunt.io/static/img/screenshots/amazon/1.png",
"malicious_google": "Not found",
"gsb_category": "Not found",
"malicious_openphish": "Not found",
"malicious_phishtank": "Found",
"ip": "137.220.137.86",
"asn": "AS64050",
"hostingprovider": "BGPNET Global ASN",
"country": "Japan",
"cert": "Let's Encrypt Authority X3"
}
Example:
identifier,date,first_seen,new,company,url,domain,image,malicious_google,gsb_category,malicious_openphish,malicious_phishtank,ip,asn,hostingprovider,country,cert
1,"October 08, 2020 (12:48:13)",2020-10-08,True,amazon,https://www.amazon.ac9656t.top/,www.amazon.ac9656t.top,https://phishunt.io/static/img/screenshots/amazon/1.png,Not found,Not found,Not found,Found,137.220.137.86,AS64050,BGPNET Global ASN,Japan,Let's Encrypt Authority X3
- Full Statistics
- - Targeted Brand, IPs, ASNs, Hosting Providers, Countries & TLD Certificates
Example:
[
{
"date": "November 07, 2020 (13:09:19)",
"companies": {
"apple": 338,
"steam": 238,
"microsoft": 235,
...
},
"ips": {
"199.59.242.153": 102,
"20.190.154.128": 22,
"104.219.248.114": 19,
...
},
"asns": {
"AS13335": 562,
"AS46606": 143,
"AS22612": 113,
...
},
"hostingproviders": {
"CLOUDFLARENET": 562,
"UNIFIEDLAYER-AS-1": 143,
"NAMECHEAP-NET": 113,
...
},
"TLS Certificates": {
"Let's Encrypt Authority X3": 529,
"Cloudflare Inc ECC CA-3": 507,
"cPanel, Inc. Certification Authority": 181,
...
},
"countries": {
"United States": 1412,
"Germany": 105,
"Russia": 56,
...
}
}
]
API Authorisation
GET https://api.phishunt.io/suspicious/{time}/{details}
x-api-key: [your API key]
API's possible values
Values that can be given to the API endpointhttps://api.phishunt.io/suspicious/{time}/{details}
{time} | {details} | Comments | Examples |
---|---|---|---|
statistics | https://api.phishunt.io/suspicious/statistics | ||
feed_json | Feed in JSON | https://api.phishunt.io/suspicious/feed_json | |
feed_csv | Feed in CSV | https://api.phishunt.io/suspicious/feed_csv | |
all new today yesterday week month year |
Get suspicious sites with time filter in "first_seen" field |
https://api.phishunt.io/suspicious/all https://api.phishunt.io/suspicious/new https://api.phishunt.io/suspicious/today |
|
all new today yesterday week month year |
[company] [ip] [asn] [hostingprovider] [country] [cert] |
Get suspicious sites with time and specific details filter |
https://api.phishunt.io/suspicious/all/amazon https://api.phishunt.io/suspicious/new/GOOGLE https://api.phishunt.io/suspicious/today/AS13335 |
Fields
Output data given by the API# | Field | Comment |
---|---|---|
1 | identifier | ID |
2 | date | Date of the last check (CET) |
3 | first_seen | Date when the URL was seen (CET) |
4 | new | Boolean. True if the first time the URL is included |
5 | company | Potential company affected |
6 | url | Uniform Resource Locator (URL) |
7 | domain | Domain. Also includes subdomains |
8 | image | Path of the screenshot |
9 | malicious_google | "Malicious" if the URL is flagged at Google Safe Browsing. "Not found" otherwise |
10 | gsb_category | Google Safe Browsing category if it is flagged as malicious (e.g. "SOCIAL_ENGINEERING") |
11 | malicious_openphish | "Found" if the URL is at Openphish feed. "Not found" otherwise |
12 | malicious_phishtank | "Found" if the URL is at Phishtank feed. "Not found" otherwise |
13 | ip | Internet Protocol address (IP) |
14 | asn | Autonomous System Number (ASN) |
15 | hostingprovider | Hosting provider |
16 | country | Country where the URL is located |
17 | cert | TLS Certificate |
National CERTs
- National CERTs can have full access to the API and Feed without any cost. Please visit contact section and we will provide the access.
Terms of Service
- All the data is offered by phishunt.io as "it is" on best effort, but please note that some false positives (not bad sites) may appear.
*Includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.