Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


MethodURL/dataThe parameterExpected response

HTTP POST variables?bulk[]=ipaddr1&bulk[]=ipaddr2bulk[]=ipAddr

Arrayed (or not arrayed by only using bulk=ipAddr) request should return information about the current blacklisted ip (if it is blacklisted). To return fingerprints about the ip address, you could add ipAddr|e, where e stands for extended information.

To add or delete a host in the blacklist, with specific permissions additional parameters was used: |a|<bitValue> for adding the address with a bit value (described here), or |d for deletion. Additional parameters (with permissions) could be used to purge (p) content.

FIngerprints are used to make API requesters get more information about the


MethodURLInformationData (POST parameters)Expected response


HTTP POST has the same role as HTTP GET but with post parameters. Supports IPv6.

URL-encoded or JSON-formatted:

Code Block
// simple json
// simple http post
// multiple json
{"ip":["", ""]}
// multiple http post

This example is the same for the rest of examples in this table.

Is ip listed?
HTTP PUT or update ip address

The bitmast
<ipAddress>Address to insert or update in DNSBL

What to update (defaults to dnsbl)

This information will update

<flags>ipArray with ip address and bitmasked flag-per-ip

The bitmask flags mentions here


Code Block
titleDo blacklist
	"ip": {
		"110.210.310.4"10": 64
}type": "dnsbl"

Response Look:

Response parameters (status) described

successThe insertion ID
addressThe address that was update or inserted
stateDefines if the request already has the address blacklisted or if it was updated. Answers can be new or update.
arpaDelegationsA list of DNS-records that was registered or updated
flagThe flag of the blacklisted address

Code Block
titleDo blacklist
	"dnsblResponse": {
		"status": [{
			"success": "1934699",
			"address": "",
			"state": "new",
			"arpaDelegations": [
			"flag": "64"

HTTP DELETE (delete/remove) ip address


Code Block
titleDo blacklist


The default "type" used in some of the examples above is using the standard registration behaviour. It is simply just "dnsbl". As is using the same flagset (see DNSBLv5: About the DNS Blacklist Project and usage), normally we don't need to know anything else than this. Adding a host with the flagid 4 (phishing) will also automatically update the fraudbl tables with proper data.