DEV Community

Alex Spinov
Alex Spinov

Posted on

URLhaus Has a Free API — Check If Any URL Is Serving Malware

#python #api #security #tutorial

The Story

A client asked me to verify 500 URLs they collected from web scraping. Some looked suspicious. Clicking them manually? Terrible idea. VirusTotal has a 4/min rate limit. I needed something faster.

URLhaus by abuse.ch processes 300K+ malicious URLs and has a free API with no rate limits.

The API 

# Check a single URL
curl -s -X POST "https://urlhaus-api.abuse.ch/v1/url/" \
  -d "url=http://example-malware-site.com/payload.exe"

# Search by host
curl -s -X POST "https://urlhaus-api.abuse.ch/v1/host/" \
  -d "host=example-malware-site.com"

# Get recent malware URLs (last 3 hours)
curl -s "https://urlhaus-api.abuse.ch/v1/urls/recent/" | python3 -c "import sys,json; d=json.load(sys.stdin); print(f'Recent URLs: {len(d[\"urls\"])}')"
Enter fullscreen mode Exit fullscreen mode

What You Get

For each URL:

  • Threat type (malware download, phishing, C2 server)
  • Status (online, offline, unknown)
  • Tags (emotet, qakbot, cobalt strike, etc.)
  • First seen / Last seen dates
  • Reporter who submitted it
  • Blacklist status across multiple feeds

Practical Example: Bulk URL Scanner 

import requests
import time

def check_url(url):
    r = requests.post(
        "https://urlhaus-api.abuse.ch/v1/url/",
        data={"url": url}
    )
    data = r.json()
    if data["query_status"] == "no_results":
        return {"url": url, "status": "clean", "threat": None}
    return {
        "url": url,
        "status": data.get("threat", "unknown"),
        "tags": data.get("tags", []),
        "reports": data.get("urls", [])
    }

# Scan a batch of URLs
urls_to_check = [
    "https://legitimate-site.com",
    "http://suspicious-domain.xyz/update.exe",
    "https://another-site.com/download"
]

for url in urls_to_check:
    result = check_url(url)
    status = "MALWARE" if result["threat"] else "CLEAN"
    print(f"{status}: {url}")
    time.sleep(0.5)  # Be nice
Enter fullscreen mode Exit fullscreen mode

No API Key Required

URLhaus is completely free and requires no API key. Just POST to their endpoints.

Feature URLhaus VirusTotal Google Safe Browsing
API Key Not needed Required Required
Rate Limit None 4/min 10K/day
Malware URLs 300K+ Varies Varies
Cost Free Free (limited) Free (limited)

Combine With Other APIs

Build a complete URL security pipeline:

  1. URLhaus - Check against known malware URLs
  2. VirusTotal - Multi-engine scan for unknowns
  3. Google Safe Browsing - Browser-level protection
  4. AbuseIPDB - Check the hosting IP

Full list of free security APIs: Free Security APIs

How do you handle URL verification in your projects? Do you use a single API or stack multiple? Share your approach!

Follow me for daily free API discoveries and security tools.

Top comments (0)