URLhaus
live SecurityCheck URLs, hosts, and file hashes against the abuse.ch malware URL database
4 tools
0ms auth
free tier 50 calls/day
Tools
lookup_url
required: url Look up a URL in the URLhaus malware database to check if it is known to host or distribute malware. Returns threat category, status, blacklist status, and tags.
Parameters
Name Type Description
url req string The full URL to look up (e.g. "http://example.com/malware.exe"). Try it
Response
lookup_host
required: host Look up a hostname or IP address in the URLhaus database to find associated malware URLs. Returns all known malicious URLs hosted on that host.
Parameters
Name Type Description
host req string Hostname or IP address to look up (e.g. "example.com" or "192.168.1.1"). Try it
Response
get_recent Get a list of recently submitted malware URLs from URLhaus. Useful for monitoring the latest threats.
Parameters
Name Type Description
limit opt number Number of recent URLs to return (default 10, max 1000). Try it
Response
lookup_payload Look up a malware payload file by its MD5 or SHA256 hash in the URLhaus database. Returns file type, size, first/last seen dates, and associated delivery URLs.
Parameters
Name Type Description
md5_hash opt string MD5 hash of the payload to look up (32 hex characters). sha256_hash opt string SHA256 hash of the payload to look up (64 hex characters). Try it
Response
Test with curl
The gateway speaks JSON-RPC 2.0 over HTTP POST. You can test any pack directly from the terminal.
List available tools
bash
curl -X POST https://gateway.pipeworx.io/urlhaus/mcp \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'Call a tool
bash
curl -X POST https://gateway.pipeworx.io/urlhaus/mcp \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"lookup_url","arguments":{"url": "https://example.com"}}}'