abuse.ch Has 5 Free APIs — The Complete Threat Intelligence Toolkit You Didn't Know Existed

The Story I have been writing about free security APIs all week. AbuseIPDB for IP reputation. VirusTotal for file scanning. Shodan for device search. But one organization quietly runs five free APIs that together cover URL scanning, malware samples, IOC sharing, botnet tracking, and SSL blacklisting. All without an API key. Meet abuse.ch — the Swiss non-profit that powers half the internet's threat intelligence. The 5 Free APIs 1. URLhaus — Malicious URL Database import requests # Check if a URL serves malware r = requests . post ( " https://urlhaus-api.abuse.ch/v1/url/ " , data = { " url " : " http://suspicious-site.com " }) print ( r . json ()[ " query_status " ]) # 'no_results' = clean 300K+ malicious URLs indexed. No rate limits. 2. MalwareBazaar — Malware Sample Repository # Get recent malware samples r = requests . post ( " https://mb-api.abuse.ch/api/v1/ " , data = { " query " : " get_recent " , " selector " : " 25 " }) samples = r . json (). get ( " data " , []) print ( f " Lat