Public CTI API

PhishDestroy Public API

Read-only threat intelligence endpoints. Open access, CC-BY-4.0.

No auth required CC-BY-4.0 JSON + RSS + plaintext

Endpoints

Probe
Single-domain check
GET /api/probe.php?domain=example.com

Returns phishing status, threat category, registrar, and first-seen date for a given domain.

Global Stats
Platform-wide metrics
GET /api/stats.php

Returns live counts: total domains tracked, active threats, takedowns processed, and detection rate.

CTI Breakdown
By registrar, TLD, brand
GET /api/stats-cti.php

Returns structured intelligence: top abused registrars, TLDs, targeted brands, and detection methods.

Takedown Feed
RSS — latest takedowns
GET /feed.xml

Atom/RSS feed of the most recently confirmed and processed phishing domain takedowns.

Threat Feed
RSS — newly detected
GET /feed-threats.xml

Real-time RSS stream of newly detected phishing domains, updated as threats emerge.

LLM Overview
AI-readable site index
GET /llms.txt

Machine-readable plain-text summary of platform capabilities suitable for LLM context injection.

LLM Full
Full content for AI ingestion
GET /llms-full.txt

Complete platform content in AI-ingestible format — used by LLM crawlers and agent integrations.

Domain Dossier
Per-domain LLM report
GET /domain/{domain}/llm.txt

Structured threat intelligence dossier for a specific domain in plain text for AI agent use.

Sitemaps & Discovery

/sitemap.xml — Sitemap index /sitemap-pages.xml — Static pages sitemap /domain-sitemap.xml — Domain reports sitemap /.well-known/api-catalog — RFC 9727 API catalog /.well-known/openapi.json — OpenAPI / service description /.well-known/mcp/server-card.json — MCP server card /.well-known/agent-skills/index.json — Agent skills index
License & Attribution

Data: CC-BY-4.0. Cite as: PhishDestroy CTI, https://phishdestroy.io, accessed YYYY-MM-DD

For high-volume or commercial use, contact us — we welcome partnerships.