{"query": {"url": "https://amazon-secure-login.example.com/signin", "host": "amazon-secure-login.example.com", "normalized_host": "amazon-secure-login.example.com", "apex": "example.com"}, "known": {"in_active_feed": false, "previously_active": false, "in_new_registration_feed": false, "record": null}, "live_analysis": {"allowlisted": false, "brand_match": "amazon", "kw_score": 160, "impersonation": false, "url_signals": {"kw_score_norm": 1.0, "levenshtein_brand": 0.4, "idn_homograph": 0.0, "brand_in_subdomain": 1.0, "brand_in_apex_label": 0.0, "tld_abuse": 0.1, "domain_length": 1.0, "subdomain_depth": 0.25, "hyphen_count": 0.5, "char_entropy": 0.0, "clone_intent": 0.0, "paas_host": 0.0}, "path_signals": {"brand_off_host": 0.0, "suspicious_path": 1.0, "exec_page": 0.0}, "url_risk_score": 63, "url_risk": "high"}, "history": {"apex_prior_detections": 0, "apex_first_seen": null, "apex_last_seen": null, "brands_targeted": []}, "action": {"queued_for_analysis": false, "reason": "queue_capped"}, "external_feeds": {"openphish": false, "phishtank": false, "tweetfeed": false, "listed": false}, "meta": {"analyzed_at": "2026-07-09T20:01:46.870784+00:00", "passive_only": true, "note": "Live signals are URL/domain-shape heuristics only; the target was NOT contacted. Known-record and history data come from the phishunt detection pipeline.", "docs": "https://phishunt.io/api/", "license": "CC0-1.0"}}