{ "openapi": "3.1.0", "info": { "title": "PhishDestroy Threat Intelligence API", "version": "1.0.0", "description": "Public read-only CTI API: platform stats, live-ping probes, threat feeds. Volunteer-driven anti-phishing intelligence — no auth required for public endpoints.", "contact": { "name": "PhishDestroy", "url": "https://phishdestroy.io", "email": "abuse@phishdestroy.io" }, "license": { "name": "CC-BY-4.0", "url": "https://creativecommons.org/licenses/by/4.0/" } }, "servers": [ { "url": "https://phishdestroy.io", "description": "Production" } ], "paths": { "/api/stats.php": { "get": { "summary": "Platform counters (total / alive / dead / recent)", "operationId": "getStats", "tags": [ "stats" ], "responses": { "200": { "description": "Aggregate counts", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Stats" } } } } } } }, "/api/stats-cti.php": { "get": { "summary": "CTI-specific stats (campaigns, registrars, geo aggregates)", "operationId": "getCtiStats", "tags": [ "stats" ], "responses": { "200": { "description": "CTI aggregate data", "content": { "application/json": {} } } } } }, "/api/probe.php": { "get": { "summary": "Live-check a domain (liveping / redirect / cdnbypass)", "operationId": "probe", "tags": [ "probe" ], "parameters": [ { "name": "domain", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Domain to probe, e.g. example.com" }, { "name": "type", "in": "query", "required": true, "schema": { "type": "string", "enum": [ "liveping", "redirect", "cdnbypass" ] } } ], "responses": { "200": { "description": "Probe result", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ProbeResult" } } } }, "400": { "description": "Bad domain or SSRF blocked" }, "429": { "description": "Rate limited" } } } }, "/feed.xml": { "get": { "summary": "Editorial Atom feed (news, investigations)", "operationId": "getFeed", "tags": [ "feeds" ], "responses": { "200": { "description": "Atom 1.0 feed", "content": { "application/atom+xml": {} } } } } }, "/feed-threats.xml": { "get": { "summary": "Threat detection Atom feed (newly flagged domains)", "operationId": "getThreatFeed", "tags": [ "feeds" ], "parameters": [ { "name": "brand", "in": "query", "schema": { "type": "string" }, "description": "Filter by target brand" }, { "name": "registrar", "in": "query", "schema": { "type": "string" } } ], "responses": { "200": { "description": "Atom 1.0 feed of threats", "content": { "application/atom+xml": {} } } } } } }, "components": { "schemas": { "Stats": { "type": "object", "properties": { "ok": { "type": "boolean" }, "total": { "type": "integer", "description": "Total domains tracked" }, "alive": { "type": "integer" }, "dead": { "type": "integer" }, "last_update": { "type": "string", "format": "date-time" } } }, "ProbeResult": { "type": "object", "properties": { "ok": { "type": "boolean" }, "domain": { "type": "string" }, "type": { "type": "string" }, "data": { "type": "object", "properties": { "live": { "type": "boolean" }, "http": { "type": "integer" }, "probed_at": { "type": "integer", "format": "unix-timestamp" }, "method": { "type": "string" } } } } } } }, "tags": [ { "name": "stats", "description": "Platform aggregate counts" }, { "name": "probe", "description": "Domain liveness / redirect / cloaking probes" }, { "name": "feeds", "description": "Syndication feeds (Atom/RSS)" } ], "externalDocs": { "description": "Full LLM-readable documentation", "url": "https://phishdestroy.io/llms-full.txt" } }