Open navigation

Abuse.ch URLHaus

Modified on: Tue, 10 Dec, 2024 at 9:53 PM

Overview

With Abuse.ch Transforms, investigators can identify malicious URLs and domains, explore their connections and the underlying malware.


Abuse.ch is a research project at the Institute for Cybersecurity and Engineering ICE hosted at the Bern University of Applied Sciences (BFH) in Switzerland. The project’s main goal is to identify and track cyber threats, with a strong focus on malware and botnets. They publish actionable open source threat intelligence as well as develop and operate platforms for IT security researchers and experts enabling them to shares relevant threat intel data with the community.


URLHaus is a project operated by Abuse.ch to share intelligence on malicious URLs that are being used for malware distribution. The community-driven project collects, tracks, and shares malware URLs, helping network administrators and security analysts to protect their network and customers from cyber threats.


You can read more about Abuse.ch URLHaus Transforms for Maltego on our website here.


Abuse.ch URLhaus Transforms

To Payload Signature [URLHaus]

Description

This Transform extracts the signature from the properties of the input Payload Entity


Transform Meta Info

InformationValue
Display NameTo Payload Signature [URLHaus]
Owner 
Author 
Data SourceURLHaus
Transform Nameabusech.payloadToSignature
Input Entitiesmaltego.abusech.Payload
Output Entitiesmaltego.abusech.Signature
Short DescriptionThis Transform extracts the signature from the properties of the input Payload Entity

To Payload URLs Observed [URLHaus]

Transform Meta Info

InformationValue
Display NameTo Payload URLs Observed [URLHaus]
Owner 
Author 
Data SourceURLHaus
Output Entitiesmaltego.URL

Variants

Transform NameInput EntitiesShort Description
abusech.abusechTagToPayloadUrlsObservedmaltego.abusech.TagThis Transform returns the URLs that were distributing the payloads having the same tag as the input
abusech.ipv4AddressToPayloadUrlsObservedmaltego.IPv4AddressThis Transform returns the payload URLs that were observed in the input host
abusech.domainToPayloadUrlsObservedmaltego.DomainThis Transform returns the payload URLs that were observed in the input host
abusech.abusechSignatureToPayloadUrlsObservedmaltego.abusech.SignatureThis Transform returns the URLs that were distributing the payloads having the same signature as the input
abusech.dnsNameToPayloadUrlsObservedmaltego.DNSNameThis Transform returns the payload URLs that were observed in the input host

To Payload [URLHaus]

Description

This Transform returns the payload which matches the input hash


Transform Meta Info

InformationValue
Display NameTo Payload [URLHaus]
Owner 
Author 
Data SourceURLHaus
Transform Nameabusech.hashToPayload
Input Entitiesmaltego.Hash
Output Entitiesmaltego.abusech.Payload
Short DescriptionThis Transform returns the payload which matches the input hash

To MD5 Hash [URLHaus]

Description

This Transform extracts the MD5 hash from the properties of the input Payload Entity


Transform Meta Info

InformationValue
Display NameTo MD5 Hash [URLHaus]
Owner 
Author 
Data SourceURLHaus
Transform Nameabusech.payloadToMd5Hash
Input Entitiesmaltego.abusech.Payload
Output Entitiesmaltego.Hash
Short DescriptionThis Transform extracts the MD5 hash from the properties of the input Payload Entity

To Payload URL Tags [URLHaus]

Description

This Transform returns the tags associated with the input URL


Transform Meta Info

InformationValue
Display NameTo Payload URL Tags [URLHaus]
Owner 
Author 
Data SourceURLHaus
Transform Nameabusech.urlToPayloadUrlTags
Input Entitiesmaltego.URL
Output Entitiesmaltego.abusech.Tag
Short DescriptionThis Transform returns the tags associated with the input URL

To Payload URLs [URLHaus]

Transform Meta Info

InformationValue
Display NameTo Payload URLs [URLHaus]
Owner 
Author 
Data SourceURLHaus
Output Entitiesmaltego.URL

Variants

Transform NameInput EntitiesShort Description
abusech.payloadToPayloadUrlsmaltego.abusech.PayloadThis Transform returns the URLs that were distributing the input payload
abusech.hashToPayloadUrlsmaltego.HashThis Transform returns the URLs that were distributing the payloads identified by the input hash

Lookup in URLHaus [URLHaus]

Description

This Transform returns the same input Entity back with details found in the URLHaus database


Transform Meta Info

InformationValue
Display NameLookup in URLHaus [URLHaus]
Owner 
Author 
Data SourceURLHaus
Short DescriptionThis Transform returns the same input Entity back with details found in the URLHaus database

Variants

Transform NameInput EntitiesOutput Entities
abusech.domainToHostLookupmaltego.Domainmaltego.Domain
abusech.urlToUrlLookupmaltego.URLmaltego.URL
abusech.ipv4AddressToHostLookupmaltego.IPv4Addressmaltego.IPv4Address
abusech.dnsNameToHostLookupmaltego.DNSNamemaltego.DNSName

To Payload Host [URLHaus]

Description

This Transform returns the host of the input URL


Transform Meta Info

InformationValue
Display NameTo Payload Host [URLHaus]
Owner 
Author 
Data SourceURLHaus
Transform Nameabusech.urlToPayloadHost
Input Entitiesmaltego.URL
Output Entitiesmaltego.Domain, maltego.IPv4Address, maltego.IPv6Address
Short DescriptionThis Transform returns the host of the input URL

To SHA256 Hash [URLHaus]

Description

This Transform extracts the MD5 hash from the properties of the input Payload Entity


Transform Meta Info

InformationValue
Display NameTo SHA256 Hash [URLHaus]
Owner 
Author 
Data SourceURLHaus
Transform Nameabusech.payloadToSha256Hash
Input Entitiesmaltego.abusech.Payload
Output Entitiesmaltego.Hash
Short DescriptionThis Transform extracts the MD5 hash from the properties of the input Payload Entity

To Blacklists Status [URLHaus]

Transform Meta Info

InformationValue
Display NameTo Blacklists Status [URLHaus]
Owner 
Author 
Data SourceURLHaus
Output Entitiesmaltego.abusech.Blacklist

Variants

Transform NameInput EntitiesShort Description
abusech.ipv4AddressToBlacklistsStatusmaltego.IPv4AddressThis Transform returns the status of the input host in various blacklists
abusech.urlToBlackListsStatusmaltego.URLThis Transform returns the status of the input URL in various blacklists
abusech.domainToBlacklistsStatusmaltego.DomainThis Transform returns the status of the input host in various blacklists
abusech.dnsNameToBlacklistsStatusmaltego.DNSNameThis Transform returns the status of the input host in various blacklists

To Payloads [URLHaus]

Description

This Transform returns the payloads identified on the input URL


Transform Meta Info

InformationValue
Display NameTo Payloads [URLHaus]
Owner 
Author 
Data SourceURLHaus
Transform Nameabusech.urlToPayloads
Input Entitiesmaltego.URL
Output Entitiesmaltego.abusech.Payload
Short DescriptionThis Transform returns the payloads identified on the input URL

To Payload URL Reporter [URLHaus]

Description

This Transform retuns the Twitter handle of the account that submitted the URL


Transform Meta Info

InformationValue
Display NameTo Payload URL Reporter [URLHaus]
Owner 
Author 
Data SourceURLHaus
Transform Nameabusech.urlToPayloadUrlReporter
Input Entitiesmaltego.URL
Output Entitiesmaltego.affiliation.Twitter
Short DescriptionThis Transform retuns the Twitter handle of the account that submitted the URL

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.