{"service":"phishunt-mcp","protocol":"Model Context Protocol (MCP)","protocolVersion":"2025-03-26","transport":"HTTP JSON-RPC 2.0 (POST)","endpoint":"https://mcp.phishunt.io/","tools":[{"name":"check_domain","description":"Check whether a domain (or URL substring) appears in the phishunt active phishing feed. Returns matching entries with detection metadata if found, or a 'not found' note otherwise."},{"name":"list_brand_phishings","description":"List active phishing sites targeting a specific brand. Returns the most recent detections with URL, IP, country, cert issuer, hosting org, and detection source flags."},{"name":"get_recent_detections","description":"Retrieve phishing detections since a given date. Useful for delta-syncing a blocklist or threat intel pipeline."},{"name":"get_brand_metadata","description":"Fetch curated metadata for a tracked brand: display name, category, primary domain, an AI-authored characterisation of why the brand tends to be targeted by phishing, and the current count of active phishings. Useful for adding context to brand-specific responses."},{"name":"get_cert_metadata","description":"Fetch factual metadata for a TLS intermediate CA seen on phishing sites: operator, root CA, key type (RSA/ECDSA), typical use case, related sibling intermediates, and the count of active phishings using this intermediate. Helps answer 'I saw cert X in my browser, what is it?' for the most-abused intermediates."},{"name":"search_phishings","description":"Free-text search across active phishing URLs, domains, and IP addresses. Returns matching detections sorted by most recent first_seen. Use for queries like 'show me sites containing steamcommunity', 'phishing on 1.2.3.4', or 'sites with ingdirect in the URL'."}],"docs":"https://phishunt.io/api/","license":"CC0-1.0 (data)","source":"https://github.com/0xDanielLopez/phishunt-mcp"}