io.github.0xDanielLopez/phishunt
Public phishing feed: suspicious/confirmed phishing URLs detected hourly. No auth, CC0.
* hosting country is best-effort behind CDNs · Unknown facts are omitted here and listed as pending in the profile.
Trust verdict
No blockers found across the assessed dimensions.
Profile
What this server is — descriptive, not a rating. The verdict above judges it; this describes it.
Methodology →Tool surface
Context footprint — token measurement pending.
analyze_urlAnalyze any URL for phishing signals WITHOUT contacting it (passive): live URL-shape heuristics (brand keyword match, typosquat distance, homograph, entropy, abused TLD), phishunt's stored score/verdict if the domain is already known, and historical detections on the same apex domain. Suspicious unknown domains are automatically queued for full pipeline analysis.
check_domainCheck whether a domain (or URL substring) appears in the phishunt active phishing feed. Returns matching entries with detection metadata if found, or a 'not found' note otherwise.
Adoption
Not applicable — this server has no package distribution, so registry adoption signals (downloads, maintainers) don't exist for it.
Connect
https://mcp.phishunt.io/Sources
Every verdict and label is attributable to its source and recomputed from our own landed copy, never read live on this page.
get_brand_metadataFetch curated metadata for a tracked brand: display name, category, primary domain, an AI-authored characterisation of why the brand tends to be targeted by phishing, and the current count of active phishings. Useful for adding context to brand-specific responses.
get_cert_metadataFetch factual metadata for a TLS intermediate CA seen on phishing sites: operator, root CA, key type (RSA/ECDSA), typical use case, related sibling intermediates, and the count of active phishings using this intermediate. Helps answer 'I saw cert X in my browser, what is it?' for the most-abused intermediates.
get_recent_detectionsRetrieve phishing detections since a given date. Useful for delta-syncing a blocklist or threat intel pipeline.
list_brand_phishingsList active phishing sites targeting a specific brand. Returns the most recent detections with URL, IP, country, cert issuer, hosting org, and detection source flags.
search_phishingsFree-text search across active phishing URLs, domains, and IP addresses. Returns matching detections sorted by most recent first_seen. Use for queries like 'show me sites containing steamcommunity', 'phishing on 1.2.3.4', or 'sites with ingdirect in the URL'.
Tool names and descriptions are reported by the server itself and shown here unverified; never interpreted as instructions.