Reporting
Reporting
Use the form API to create and manage reports. All requests are sent to https://api.fraud.hosting/api/ using application/x-www-form-urlencoded encoding.
Submit a Report
Required fields:
| Field | Description |
|---|---|
_api | API key из панели Reporter Profiles. |
_action | Must be report. |
_type | Offence type (chargeback, fraud, phishing, …). |
_value | Integer 1–10 indicating severity. |
_text | Free-form description (displayed publicly to other users). |
Hash additional data fields (email, ip, phone, etc.) following the Hashing guide. Use multiple suffixes (email2, phone2) when you have variants.
Example Responses
"OK"– report accepted."ERROR: <details>"– validation failure (missing data, invalid API key, etc.).
Example Requests
curl https://api.fraud.hosting/api/ \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "_api=a51ff508c331b7e9&_action=report&_type=chargeback&_value=6&_text=Chargeback%20after%203%20months&email=ba65e95764ee08a38bff8d281ad0dcbbe86c9b64&ip=ee302279497c4c79a2e64c532d01ba4bb3b57a0c"function fraudhosting_hash(string $value): string {
$prepared = strtolower(str_replace(' ', '', trim($value)));
for ($i = 0; $i < 32000; $i++) {
$prepared = sha1('fraudhosting-' . $prepared);
}
return $prepared;
}
$payload = http_build_query([
'_api' => $apiKey,
'_action'=> 'report',
'_type' => 'chargeback',
'_value' => 6,
'_text' => 'Chargeback after 3 months of service.',
'email' => fraudhosting_hash('client@example.com'),
'ip' => fraudhosting_hash('203.0.113.4'),
]);
$ch = curl_init('https://api.fraud.hosting/api/');
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $payload,
CURLOPT_HTTPHEADER => ['Content-Type: application/x-www-form-urlencoded'],
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 10,
]);
$response = curl_exec($ch);
if ($response === false) {
throw new RuntimeException('cURL error: ' . curl_error($ch));
}
curl_close($ch);
if (trim($response) !== 'OK') {
throw new RuntimeException('Failed to create report: ' . $response);
}import requests
payload = {
'_api': api_key,
'_action': 'report',
'_type': 'phishing',
'_value': 8,
'_text': 'Observed credential harvesting landing page.',
'domain': fraudhosting_hash('malicious.example'),
'email': fraudhosting_hash('victim@example.org'),
}
resp = requests.post('https://api.fraud.hosting/api/', data=payload)
resp.raise_for_status()
if resp.text.strip() != 'OK':
raise RuntimeError(f"Report declined: {resp.text}")#include <curl/curl.h>
#include <map>
#include <sstream>
#include <string>
#include <stdexcept>
size_t write_cb(void* contents, size_t size, size_t nmemb, void* userp)
{
std::string* s = static_cast<std::string*>(userp);
s->append(static_cast<char*>(contents), size * nmemb);
return size * nmemb;
}
std::string url_encode(CURL* curl, const std::string& value)
{
char* encoded = curl_easy_escape(curl, value.c_str(), value.length());
std::string result(encoded);
curl_free(encoded);
return result;
}
void submit_report(const std::string& apiKey,
const std::string& type,
int value,
const std::string& text,
const std::map<std::string, std::string>& hashedData)
{
CURL* curl = curl_easy_init();
if (!curl) throw std::runtime_error("curl init failed");
std::ostringstream body;
body << "_api=" << url_encode(curl, apiKey)
<< "&_action=report"
<< "&_type=" << url_encode(curl, type)
<< "&_value=" << value
<< "&_text=" << url_encode(curl, text);
for (const auto& kv : hashedData) {
body << "&" << kv.first << "=" << url_encode(curl, kv.second);
}
std::string response;
curl_easy_setopt(curl, CURLOPT_URL, "https://api.fraud.hosting/api/");
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, body.str().c_str());
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, body.str().size());
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_cb);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response);
CURLcode res = curl_easy_perform(curl);
curl_easy_cleanup(curl);
if (res != CURLE_OK || response != "OK") {
throw std::runtime_error("Report rejected: " + response);
}
}package reports
import (
"errors"
"io"
"net/http"
"net/url"
"strconv"
"strings"
)
func Submit(apiKey string, reportType string, severity int, description string, hashedData map[string]string) error {
form := url.Values{
"_api": {apiKey},
"_action": {"report"},
"_type": {reportType},
"_value": {strconv.Itoa(severity)},
"_text": {description},
}
for k, v := range hashedData {
form.Set(k, v)
}
resp, err := http.Post(
"https://api.fraud.hosting/api/",
"application/x-www-form-urlencoded",
strings.NewReader(form.Encode()),
)
if err != nil {
return err
}
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
if strings.TrimSpace(string(body)) != "OK" {
return errors.New("report rejected: " + string(body))
}
return nil
}Delete a Report
Endpoint: POST https://api.fraud.hosting/api/
Payload:
| Field | Description |
|---|---|
_api | Reporter API key. |
_action | delete. |
_code | Report deletion code (16-character hex). |
The server responds with plain text:
"OK"– deletion accepted.- Any other message – failure (invalid code, already deleted, etc.).
Example (cURL):
curl https://api.fraud.hosting/api/ \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "_api=a51ff508c331b7e9&_action=delete&_code=b22db4fa88f223f8"$payload = http_build_query([
'_api' => $apiKey,
'_action'=> 'delete',
'_code' => $deletionCode,
]);
$ch = curl_init('https://api.fraud.hosting/api/');
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $payload,
CURLOPT_HTTPHEADER => ['Content-Type: application/x-www-form-urlencoded'],
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 10,
]);
$response = curl_exec($ch);
if ($response === false) {
throw new RuntimeException('cURL error: ' . curl_error($ch));
}
curl_close($ch);
if (trim($response) !== 'OK') {
throw new RuntimeException('Delete failed: ' . $response);
}import requests
payload = {
"_api": api_key,
"_action": "delete",
"_code": deletion_code,
}
resp = requests.post("https://api.fraud.hosting/api/", data=payload, timeout=10)
resp.raise_for_status()
if resp.text.strip() != "OK":
raise RuntimeError(f"Delete failed: {resp.text}")void delete_report(const std::string& apiKey, const std::string& deletionCode)
{
CURL* curl = curl_easy_init();
if (!curl) throw std::runtime_error("curl init failed");
std::string body = "_api=" + url_encode(curl, apiKey) +
"&_action=delete&_code=" + url_encode(curl, deletionCode);
std::string response;
curl_easy_setopt(curl, CURLOPT_URL, "https://api.fraud.hosting/api/");
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, body.c_str());
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, body.size());
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_cb);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response);
CURLcode res = curl_easy_perform(curl);
curl_easy_cleanup(curl);
if (res != CURLE_OK || response != "OK") {
throw std::runtime_error("Delete failed: " + response);
}
}package reports
import (
"errors"
"io"
"net/http"
"net/url"
"strings"
)
func Delete(apiKey, deletionCode string) error {
form := url.Values{
"_api": {apiKey},
"_action": {"delete"},
"_code": {deletionCode},
}
resp, err := http.Post(
"https://api.fraud.hosting/api/",
"application/x-www-form-urlencoded",
strings.NewReader(form.Encode()),
)
if err != nil {
return err
}
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
if strings.TrimSpace(string(body)) != "OK" {
return errors.New("delete failed: " + string(body))
}
return nil
}Best Practices
- Log both request payload (without raw PII) and raw response bodies for support escalation.
- Retry failed submissions only after human verification; duplicate reports dilute scoring.
- Always provide the deletion code to end-users who request removal—it is required for automated delete calls.