malware-intel
URLhaus (abuse.ch)
abuse.ch's database of malware-distribution URLs, holding millions of malicious links searchable by URL, host or payload hash. Lookups run through a simple API using the same free abuse.ch Auth-Key as their other services. Check it when you want to know whether a URL found in an archived page or old dataset was known to push malware.
API key required
Why it’s useful & how it works
Same free abuse.ch Auth-Key (2026). JSON. URL/host/payload-hash lookups. Has a community MCP server.
What’s inside
Millions of malicious URLs.
API access
POST https://urlhaus-api.abuse.ch/v1/ (url=/host=/payload=); header Auth-Key
An API key is required — usually free; see the endpoints above for where to get one.
Access
Programmatic API access (a key may be required — see the API tag).