Open URL abuse blacklist feed
Different formats of the list
Here is the list of possible formats to download the list
- Latest 500 entries of DB in JSON format - https://urlabuse.com/public/data/data.txt
- Latest 500 entries of DB in CSV format - https://urlabuse.com/public/data/data_csv.txt
- Latest 50 entries of DB updates every 5 minutes - https://urlabuse.com/public/data/data.json
- Latest malware URLs updates every 5 minutes - https://urlabuse.com/public/data/malware_url.txt
- Latest phishing URLs updates every 5 minutes - https://urlabuse.com/public/data/phishing_url.txt
- Latest hacked URLs updates every 5 minutes - https://urlabuse.com/public/data/hacked_url.txt
- The whole database dump updates every day - https://urlabuse.com/public/data/dumps
- All the malware files https://urlabuse.com/public/files
- All the page screenshots https://urlabuse.com/public/screenshot
- All the MISP data https://urlabuse.com/public/misp
How to use the API
This page describes the procedure of using the API endpoint to submit a report to urlabuse.com. Using our API, you are able to submit both confirmed and unconfirmed URLs to our system for all three types of malware, phishing and hacked websites. However, the API endpoint must be used very carefully as it can directly insert records to the verified list. This means if you are not sure about a URL (if it's phishing or not), you should not send it as confirmed.
Unfortunately, because of the huge amount of false-positives submitted through the API endpoint to our system, we decided to give the API token only to individuals (or companies) we trust. So if you want to have access to the API, do not hesitate to fill the contact form and contact us.
The API can accept all three types of malicious activity: 1) malware, 2) phishing and 3) hacked websites. However, if you have a malware delivery link, feel free to submit it to urlhaus.abuse.ch platform. We also submit all the malware delivery links to that platform. The reason is simple: abuse.ch has been designed by the owner to work with malware and malware delivery links. Everything there is free of charge with a CC0 license. WE DON'T WANT TO REINVENT THE WHEEL!
Here is the description of the API
API endpoint: https://urlabuse.com/api_report (POST)
Here is the list of parameters
| # | Name | Required? | Type | Description |
| 1 | token | YES | STRING | You must contact us for the token |
| 2 | url | YES | STRING | URL to submit. Must start with 'http://' or 'https://' |
| 3 | rtype | YES | STRING | One of the 'phishing', 'malware' or 'hacked' |
| 4 | reporter | NO | STRING | Your Twitter ID (without '@' char) |
| 5 | target | NO | STRING | Target of the attack for phishing. You can specify malware name for rtype of malware |
| 6 | confirmed | YES | INTEGER | either 0 or 1 (1 means you already confirmed the URL as malicious and 0 means you are not sure). |
The response from the API is always in JSON format. In case of failure, there is a 'msg' field in the response that describes the error.
If it's still not clear how to use the API, you can contact us and we will help you.