8.1 Latest infected hashes
Request |
Value |
Method |
GET |
URL |
https://api.metadefender.com/v4/feed/infected/latest |
Summary
A feed exposing the latest infected hashes. Sorted chronologically, this feed can expose infected hashes up to 30 days old and is updated continuously. The data is returned in a paginated format of 1000 entries per page, and the last page of the day will contain less than 1000 entries. If querying the current day, the last page will be updated with the latest entries as our servers scan files, and will fill up to 1000 entries. When this happens, the next page needs to be accessed.
This feed is designed to be used as a live blacklist of hashes to be quarantined.
Query params usage is prohibited to licensed users. Free users can access the first 1000 entries of today.
Request
Header Parameters
|
Description |
Allowed Values |
Required |
apikey |
Gives rights to use the endpoint (API Authentication Mechanisms) |
apikey |
YES |
Query Parameters
|
Description |
Required |
Default |
Possible values |
?page |
Page number, each page consisting of 1000 hashes |
NO |
1 |
A positive integer |
?date |
Date when the hash was last scanned |
NO |
today |
A valid date(max up to 30 days ago) in the format YYYY-MM-DD |
?category |
File type category. When used, only return hashes of this file type. |
NO |
- |
Response
The response is paginated, 1000 results per page.
HTTP Status Codes
Please refer to Status Codes for more information.
Body
Example of a successful response
{
"from"
:
"2019-07-01T00:00:00.000Z"
,
"to"
:
"2019-07-01T23:59:59.999Z"
,
"length"
:
1000
,
"hashes"
: [
{
"md5"
:
"C5D0065B594A4775E26FA9875B21189F"
,
"sha1"
:
"5097848493564423C633F8EB2A30C122E3BF515E"
,
"sha256"
:
"78E126DB893190E71CD8E176B76C746E0713C1F26BA91C69EBDC9297D0F61DF8"
,
"data_id"
:
"WlRFNE1EVXhPWEl4V21kNU4xUnFOakJOQmtYdlpHR2pMWA"
,
"start_time"
:
"2019-07-01T09:35:37.057Z"
,
"threat_name"
:
"Trojan/Iframe!HzYOkfNW"
,
"total_avs"
:
35
,
"total_detected_avs"
:
6
,
"file_type_category"
:
"E"
,
"file_type_extension"
:
"exe"
,
},
{
"md5"
:
"F30B903B8E68EB22080F89BAD77884DA"
,
"sha1"
:
"8CD75118C28D1DF15C397FCAE13426D1D897764A"
,
"sha256"
:
"E865BDE3EFB8870FA4F181282FC80E97C9E5E17839983D93FD7062F54CE36197"
,
"data_id"
:
"WVRFNE1ERXhNMU14Wm5od1NuRkRTVFJtcnl5dThhcTg3"
,
"start_time"
:
"2019-07-01T09:35:38.012Z"
,
"threat_name"
:
"Trojan/Malware!wzTQHAlb"
,
"total_avs"
:
34
,
"total_detected_avs"
:
21
,
"file_type_category"
:
"E"
,
"file_type_extension"
:
"exe"
,
}
...
]
}
Example of a failed response:
{
"error"
: {
"code"
:
404008
,
"messages"
: [
"The apikey was not found"
]
}
}
Description of response
data_id |
A unique ID used to identify an exact scan. See how to retrieve a scan via data_id. |
md5 |
The hash of the file |
sha1 |
The hash of the file |
sha256 |
The hash of the file |
total_avs |
The total number of anti-malware engines that scanned this file |
total_detected_avs |
The total number of anti-malware engines that detected this file as being infected |
file_type_category |
Category for the file type. Please refer to Description of file categories for more information. |
file_type_extension |
The extension of the file based on the file type |
start_time |
Time of scan |
threat_name |
The OPSWAT generated name of the detected threat. Format: 'malwareType/malwareFamily!uniqueId' |
Errors
Please refer to Errors for more information.
Sample code (NodeJS)
var http = require(
"https"
);
var options = {
"method"
:
"GET"
,
"hostname"
: [
"api"
,
"metadefender"
,
"com"
],
"path"
: [
"v4"
,
"feed"
,
"infected"
,
"latest"
],
"headers"
: {
"apikey"
: process.env.APIKEY
}
};
var req = http.request(options, function (res) {
var chunks = [];
res.on(
"data"
, function (chunk) {
chunks.push(chunk);
});
res.on(
"end"
, function () {
var body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
Sample code (cURL)
curl -X GET \
'https://api.metadefender.com/v4/feed/infected/latest?page=1&category=N&date=2019-07-18'
\
-H
"apikey: ${APIKEY}"