Maldatabase API

API provides an easy access method to maldatabase services. It allows you to download the latest content without the need of using a browser, email or any other user interface service. Here you can find documentation and examples about endpoints that will help you building scripts and integrating with your systems.

To access through the API, you will need an API_KEY that will be provided by the Maldatabase team after completing the registration.

API key (example): 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08


Maldatabase API must not be used in commercial services or for the benefit of a third party business (contact us for partnership offers). The violation of these terms will result in an indefinite suspension of the account.


get feed

Download feed

Download daily feed. (Updated everyday at 1:00 UTC)

Authorization: API key
Accept-Encoding: Content is gzip encoded. Use: 'gzip, deflate', ...
curl -H "Authorization:9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08" --compressed -o feed_file.json
Response  200
sha256: SHA256 hash of the sample.
threat_level: Level of the threat. From 0 (no risk identified) to 2 (malicious activity detected).
md5: MD5 hash of the sample.
sha1: SHA1 hash of the sample.
family: Malware family detected for the sample.
size: File size of the sample, in bytes.
type: File type of the sample (EXE, PDF, etc.).
domains: List of domains by the sample.
processes: List of processes executed in the system.
files: List of files dropped in the system.
Example body response (after decoding)

Made with by maldatabase © 2017- | All Rights Reserved