URLAbuse DBL — DNS Blocklist Nameserver

⚙️ How It Works

The nameserver address is dbl.urlabuse.com. Prepend any domain to this address and send a DNS A record query. A blacklisted domain returns 127.0.0.2; a clean domain returns NXDOMAIN.

dbl.urlabuse.com

DNS Query — dig example

dig A malware.wicar.org.dbl.urlabuse.com @dbl.urlabuse.com

Sample Output

; <<>> DiG 9.18.28 <<>> @dbl.urlabuse.com malware.wicar.org.dbl.urlabuse.com
;; ANSWER SECTION:
malware.wicar.org.dbl.urlabuse.com. 300 IN A 127.0.0.2

;; ADDITIONAL SECTION:
malware.wicar.org. 300 IN TXT "TARGET: TEST ENTRY"

;; Query time: 93 msec
;; SERVER: 135.181.151.12#53(dbl.urlabuse.com)

Listed / Blacklisted

A record → 127.0.0.2

Not Listed / Clean

NXDOMAIN

🔌 HTTP API

Prefer HTTP over DNS? Use the /lookup endpoint. No authentication required. The only parameter is rd — the domain or FQDN to query.

Endpoint

https://dbl.urlabuse.com/lookup?rd={domain}

Python

import requests, json

url = "https://dbl.urlabuse.com/lookup"
r = requests.get(url, params={"rd": "malware.wicar.org"}, timeout=3)
print(json.loads(r.text))
r.close()

cURL

curl -q "https://dbl.urlabuse.com/lookup?rd=malware.wicar.org"

Listed response

{
"success":true,
"attr":"BLACKLISTED",
"target":"OTHERS"
}

Not listed response

{
"success":true,
"attr":"NOTBLACKLISTED",
"target":null
}

📋 Notes

~~Please make sure you are not sending excessive queries. The service currently has no rate-limit but any attempt to DDoS the nameserver will result in a permanent IP ban.~~

Send whatever number of queries you want. Just don't play stupid.

Block malicious domainsat the DNS layer.

⚙️ How It Works

DNS Query — dig example

Sample Output

🔌 HTTP API

Endpoint

Python

cURL

📋 Notes

Block malicious domains
at the DNS layer.