8.1 Latest infected hashes

Request

Value

Method

GET

URL

https://api.metadefender.com/v4/feed/infected/latest

Summary

A feed exposing the latest infected hashes. Sorted chronologically, this feed can expose infected hashes up to 30 days old and is updated continuously. The data is returned in a paginated format of 1000 entries per page, and the last page of the day will contain less than 1000 entries. If querying the current day, the last page will be updated with the latest entries as our servers scan files, and will fill up to 1000 entries. When this happens, the next page needs to be accessed.

This feed is designed to be used as a live blacklist of hashes to be quarantined.

Query params usage is prohibited to licensed users. Free users can access the first 1000 entries of today.

Request

Header Parameters

 

Description

Allowed Values

Required

apikey

Gives rights to use the endpoint (API Authentication Mechanisms)

apikey

YES

Query Parameters

 

Description

Required

Default

Possible values

?page

Page number, each page consisting of 1000 hashes

NO

1

A positive integer

?date

Date when the hash was last scanned

NO

today

A valid date(max up to 30 days ago) in the format YYYY-MM-DD

?category

File type category. When used, only return hashes of this file type.

NO

-

See: Description of file categories

Response

The response is paginated, 1000 results per page.

HTTP Status Codes

Please refer to Status Codes for more information.

Body

Example of a successful response

{
"from": "2019-07-01T00:00:00.000Z",
"to": "2019-07-01T23:59:59.999Z",
"length": 1000,
"hashes": [
{
"md5": "C5D0065B594A4775E26FA9875B21189F",
"sha1": "5097848493564423C633F8EB2A30C122E3BF515E",
"sha256": "78E126DB893190E71CD8E176B76C746E0713C1F26BA91C69EBDC9297D0F61DF8",
"data_id": "WlRFNE1EVXhPWEl4V21kNU4xUnFOakJOQmtYdlpHR2pMWA",
"start_time": "2019-07-01T09:35:37.057Z",
"threat_name": "Trojan/Iframe!HzYOkfNW",
"total_avs": 35,
"total_detected_avs": 6,
"file_type_category": "E",
"file_type_extension": "exe",
},
{
"md5": "F30B903B8E68EB22080F89BAD77884DA",
"sha1": "8CD75118C28D1DF15C397FCAE13426D1D897764A",
"sha256": "E865BDE3EFB8870FA4F181282FC80E97C9E5E17839983D93FD7062F54CE36197",
"data_id": "WVRFNE1ERXhNMU14Wm5od1NuRkRTVFJtcnl5dThhcTg3",
"start_time": "2019-07-01T09:35:38.012Z",
"threat_name": "Trojan/Malware!wzTQHAlb",
"total_avs": 34,
"total_detected_avs": 21,
"file_type_category": "E",
"file_type_extension": "exe",
}
...
]
}

Example of a failed response:

{
"error": {
"code": 404008,
"messages": [
"The apikey was not found"
]
}
}

Description of response

data_id

A unique ID used to identify an exact scan. See how to retrieve a scan via data_id.

md5

The hash of the file

sha1

The hash of the file

sha256

The hash of the file

total_avs

The total number of anti-malware engines that scanned this file

total_detected_avs

The total number of anti-malware engines that detected this file as being infected

file_type_category

Category for the file type. Please refer to Description of file categories for more information.

file_type_extension

The extension of the file based on the file type

start_time

Time of scan

threat_name

The OPSWAT generated name of the detected threat. Format: 'malwareType/malwareFamily!uniqueId'

Errors

Please refer to Errors for more information.

Sample code (NodeJS)

var http = require("https");
 
var options = {
"method": "GET",
"hostname": [
"api",
"metadefender",
"com"
],
"path": [
"v4",
"feed",
"infected",
"latest"
],
"headers": {
"apikey": process.env.APIKEY
}
};
 
var req = http.request(options, function (res) {
var chunks = [];
 
res.on("data", function (chunk) {
chunks.push(chunk);
});
 
res.on("end", function () {
var body = Buffer.concat(chunks);
console.log(body.toString());
});
});
 
req.end();

Sample code (cURL)

curl -X GET \
'https://api.metadefender.com/v4/feed/infected/latest?page=1&category=N&date=2019-07-18' \
-H "apikey: ${APIKEY}"