menu
getposthttps://verdict.valkyrie.comodo.com/api/v1/file/query/<sha1>
curl -X GET 
 https://verdict.valkyrie.comodo.com/api/v1/file/query/<sha1> 
 -H 'X-Api-Key: api_key' 
params = {'sha1': 'sha1|sha256|md5'}
QUERY PARAMS
  • X-Api-Key
  • string
  • required
  • Your API Key
  • sha1
  • string
  • required
  • SHA1, SHA256, MD5 hash of file
  • use_cache
  • Boolean
  • optional
  • If use_cache parameter=true: cache is using. If use_cache parameter=false: cache not used.

This endpoint allows you to query file verdicts on Valkyrie Verdict. The "sha1, sha256, md5" argument should be the calculated SHA1, SHA256, MD5 hash of the file.

The timestamp of last analysis of the queried file is returned in the "last_analysis_date" argument. The verdict result is returned as an integer in the "verdict" argument.

OUTPUT PARAMS
  • last_analysis_date
  • string
  • Optional
  • UTC date of last analysis in 'YYYY-MM-DD HH:MM:SS' format
  • verdict
  • integer
  • Optional
  • Verdict of file
Show Details

Possible "verdict" values:

0: Unknown
1: Malware
2: Not Available
3: PUA
-1: Clean
  • return_code
  • integer
  • This field can have 0 “Success” or a non-zero “Error” code. Possible error codes listed below
  • result_message
  • string
  • Description of return code
POSSIBLE RETURN CODES
0: Success
1: SHA1 can not be empty and must be 40 characters length!
8: Requested file not found (Absent)
9: File exists but verdict is not given yet, please check later (Unknown)
100: Requested API Key is invalid
101: API method is not allowed for this API Key
102: Operation request limit is reached, please try again later
104: Daily operation request limit is reached, please try again later
500: Internal server error occurred
Example Response
{
  • "last_analysis_date": "2017-11-22 14:30:18",
  • "verdict": -1,
  • "return_code": 0,
  • "result_message": "Success"
}
posthttps://verdict.valkyrie.comodo.com/api/v1/file/scan
curl -X POST 
 https://verdict.valkyrie.comodo.com/api/v1/file/scan 
 -H 'X-Api-Key: api_key' 
 -F file_data=@my_file.exe
QUERY PARAMS
  • X-Api-Key
  • string
  • required
  • Your API Key
  • file_data
  • file
  • required
  • file to be scanned

This endpoint allows you to send a file to be scanned with Valkyrie Verdict. The "file_data" argument should be the binary content of the file.

The calculated Sha1 guid of the file is returned in the "sha1" argument. The file size in bytes and file name are returned rescpectively as strings in the "file_size" and "file_name" arguments.

File size limit is 25MB and only portable executable file types are supported.

OUTPUT PARAMS
  • sha1
  • string
  • Optional
  • SHA1 hash of file
  • file_name
  • string
  • Optional
  • Name of file
  • file_size
  • long
  • Optional
  • Size of file in bytes
  • return_code
  • integer
  • This field can have 0 “Success” or a non-zero “Error” code. Possible error codes listed below
  • result_message
  • string
  • Description of return code
POSSIBLE RETURN CODES
0: Success
4: Not supported file type please check api manual
103: Parallel file upload request limit is reached, please try again later
100: Requested API Key is invalid
101: API method is not allowed for this API Key
102: Operation request limit is reached, please try again later
104: Daily operation request limit is reached, please try again later
500: Internal server error occurred
Example Response
{
  • "sha1": "2ee0d66bbe2f835ca71dcfbbc688375d47fa273d",
  • "file_name": "file.exe",
  • "file_size": 7632384,
  • "return_code": 0,
  • "result_message": "Success"
}
posthttps://verdict.valkyrie.comodo.com/api/v1/file/rescan
curl -X POST 
 https://verdict.valkyrie.comodo.com/api/v1/file/rescan 
 -H 'X-Api-Key:api_key' 
 -F sha1=sha1
QUERY PARAMS
  • X-Api-Key
  • string
  • required
  • Your API Key
  • sha1
  • string
  • required
  • SHA1 hash of file

This endpoint allows you to reanalyze a file that has been previously analyzed with Valkyrie Verdict. The "sha1" argument should be the calculated Sha1 GUID of the file.

The Sha1 guid of the file is returned in the "sha1" argument.

OUTPUT PARAMS
  • sha1
  • string
  • Optional
  • SHA1 hash of file
  • return_code
  • integer
  • This field can have 0 “Success” or a non-zero “Error” code. Possible error codes listed below
  • result_message
  • string
  • Description of return code
POSSIBLE RETURN CODES
0: Success
1: SHA1 can not be empty and must be 40 characters length!
100: Requested API Key is invalid
101: API method is not allowed for this API Key
102: Operation request limit is reached, please try again later
104: Daily operation request limit is reached, please try again later
500: Internal server error occurred
Example Response
{
  • "sha1": "2ee0d66bbe2f835ca71dcfbbc688375d47fa273d",
  • "return_code": 0,
  • "result_message": "Success"
}
getposthttps://verdict.valkyrie.comodo.com/api/v1/file/sendto/human/analysis
curl -X POST 
 https://verdict.valkyrie.comodo.com/api/v1/file/sendto/human/analysis 
 -H 'X-Api-Key:api_key' 
 -F sha1=sha1
QUERY PARAMS
  • X-Api-Key
  • string
  • required
  • Your API Key
  • sha1
  • string
  • required
  • SHA1 hash of file

This endpoint allows you to send file to Human Expert Analysis that has been previously analyzed with Valkyrie Verdict. The "sha1" argument should be the calculated Sha1 GUID of the file.

The Sha1 guid of the file is returned in the "sha1" argument.

OUTPUT PARAMS
  • sha1
  • string
  • Optional
  • SHA1 hash of file
  • return_code
  • integer
  • This field can have 0 “Success” or a non-zero “Error” code. Possible error codes listed below
  • result_message
  • string
  • Description of return code
POSSIBLE RETURN CODES
0: Success
100: Requested API Key is invalid
101: API method is not allowed for this API Key
102: Operation request limit is reached, please try again later
104: Daily operation request limit is reached, please try again later
500: Internal server error occurred
Example Response
{
  • "sha1": "2ee0d66bbe2f835ca71dcfbbc688375d47fa273d",
  • "return_code": 0,
  • "result_message": "Success"
}
posthttps://verdict.valkyrie.comodo.com/api/v1/file/get/sandboxed/version
curl -X POST 
 https://verdict.valkyrie.comodo.com/api/v1/file/get/sandboxed/version 
 -H 'X-Api-Key: api_key' 
 -F file_data=@my_file.exe
QUERY PARAMS
  • X-Api-Key
  • string
  • required
  • Your API Key
  • file_data
  • file
  • required
  • file to be wrapped

This endpoint allows you to send a file to be wrapped with Valkyrie Verdict and download new sandboxed version of file. The "file_data" argument should be the binary content of the file.
File size limit is 25MB and only portable executable file types are supported.

OUTPUT PARAMS
  • return_code
  • integer
  • Optional
  • This field can have 0 “Success” or a non-zero “Error” code. Possible error codes listed below
  • result_message
  • string
  • Optional
  • Description of return code
POSSIBLE RETURN CODES
0: Success
4: Not supported file type please check api manual
7: Unable to wrap given file please try again later
100: Requested API Key is invalid
101: API method is not allowed for this API Key
102: Operation request limit is reached, please try again later
104: Daily operation request limit is reached, please try again later
500: Internal server error occurred
Example Response
{
  • "response": "Wrapped_binary"
}
gethttps://verdict.valkyrie.comodo.com/api/v1/file/download/<sha1>
curl -X GET 
 https://verdict.valkyrie.comodo.com/api/v1/file/download/<sha1> 
 -H 'X-Api-Key: api_key' -F sha1=sha1
QUERY PARAMS
  • X-Api-Key
  • string
  • required
  • Your API Key
  • sha1
  • string
  • required
  • SHA1 hash of file

This endpoint allows you to download file from Valkyrie Verdict. The "sha1" argument should be the calculated SHA1 hash of the file.

OUTPUT PARAMS
  • return_code
  • integer
  • Optional
  • This field can have 0 “Success” or a non-zero “Error” code. Possible error codes listed below
  • result_message
  • string
  • Optional
  • Description of return code
POSSIBLE RETURN CODES
0: Success
2: No result found
100: Requested API Key is invalid
101: API method is not allowed for this API Key
102: Operation request limit is reached, please try again later
104: Daily operation request limit is reached, please try again later
500: Internal server error occurred
Example Response
{
  • "response": "file"
}
getposthttps://verdict.valkyrie.comodo.com/api/v1/file/kill/chain/results
curl -X POST 
 https://verdict.valkyrie.comodo.com/api/v1/file/kill/chain/results 
 -H 'X-Api-Key:api_key' 
 -F sha1=sha1
QUERY PARAMS
  • X-Api-Key
  • string
  • required
  • Your API Key
  • sha1
  • string
  • required
  • SHA1 hash of file

This endpoint allows you getting kill chain results as json.

OUTPUT PARAMS
  • sha1
  • string
  • Optional
  • SHA1 hash of file
  • return_code
  • integer
  • This field can have 0 “Success” or a non-zero “Error” code. Possible error codes listed below
  • result_message
  • string
  • Description of return code
  • kill_chain_results
  • string
  • Optional
  • Kill chain results
POSSIBLE RETURN CODES
0: Success
1: SHA1 can not be empty and must be 40 characters length!
100: Requested API Key is invalid
101: API method is not allowed for this API Key
102: Operation request limit is reached, please try again later
104: Daily operation request limit is reached, please try again later
500: Internal server error occurred
Example Response
getposthttps://verdict.valkyrie.comodo.com/api/v1/file/trigger/kill/chain/results
curl -X POST 
 https://verdict.valkyrie.comodo.com/api/v1/file/trigger/kill/chain/results 
 -H 'X-Api-Key:api_key' 
 -F sha1=sha1
QUERY PARAMS
  • X-Api-Key
  • string
  • required
  • Your API Key
  • sha1
  • string
  • required
  • SHA1 hash of file

This endpoint allows you trigger kill chain results api.

OUTPUT PARAMS
  • sha1
  • string
  • Optional
  • SHA1 hash of file
  • return_code
  • integer
  • This field can have 0 “Success” or a non-zero “Error” code. Possible error codes listed below
  • result_description
  • string
  • Description of return code
POSSIBLE RETURN CODES
0: Success
1: SHA1 can not be empty and must be 40 characters length!
100: Requested API Key is invalid
101: API method is not allowed for this API Key
102: Operation request limit is reached, please try again later
104: Daily operation request limit is reached, please try again later
500: Internal server error occurred
Example Response
getposthttps://verdict.valkyrie.comodo.com/api/v1/url/query
curl -X POST 
 https://verdict.valkyrie.comodo.com/api/v1/url/query 
 -H 'X-Api-Key: api_key' 
 -F url=https://valkyrie.comodo.com -F analyze=true
QUERY PARAMS
  • X-Api-Key
  • string
  • required
  • Your API Key
  • url
  • string
  • required
  • Url to be queried
  • analyze
  • Boolean
  • If analyze parameter=true:Deep Scan. If analyze parameter=false: Light Scan.
  • use_cache
  • Boolean
  • optional
  • If use_cache parameter=true: cache is using. If use_cache parameter=false: cache not used.

This endpoint allows you to query URL verdicts on Valkyrie Verdict. The "url" argument should be the URL address to be queried.

The timestamp of last scan of the queried URL is returned in the "scan_date" argument. The url verdict is returned as an integer ID in the "url_result_id" argument and as a description string in the "url_result_text" argument. The queried URL is returned back in the "normalized_url" argument. The "analyze" parameter default value is "false". The "analyze" parameter should be "true" or "false".

OUTPUT PARAMS
  • normalized_url
  • string
  • Optional
  • Normalized version of given URL
  • scan_date
  • string
  • Optional
  • UTC date of last scan in 'YYYY-MM-DD HH:MM:SS' format
  • url_result_id
  • integer
  • Optional
  • Id of url category
Show Details

Possible "url_result_id" values:

1: Not found
2: Safe
3: Suspicious
4: Phishing
5: Malware
6: Malicious
7: PUA
  • url_result_text
  • string
  • Optional
  • Name of url category
  • return_code
  • integer
  • This field can have 0 “Success” or a non-zero “Error” code. Possible error codes listed below
  • result_message
  • string
  • Description of return code
POSSIBLE RETURN CODES
0: Success
3: Error in fls lookup service
100: Requested API Key is invalid
101: API method is not allowed for this API Key
102: Operation request limit is reached, please try again later
104: Daily operation request limit is reached, please try again later
500: Internal server error occurred
Example Response
{
  • "normalized_url": https://valkyrie.comodo.com,
  • "scan_date": "2017-12-12 05:15:33",
  • "url_result_id": 1,
  • "url_result_text": "Safe",
  • "return_code": 0,
  • "result_message": "Success"
}
getposthttps://verdict.valkyrie.comodo.com/api/v1/url/category/query
curl -X POST 
 https://verdict.valkyrie.comodo.com/api/v1/url/category/query 
 -H 'X-Api-Key: api_key' 
 -F url=https://valkyrie.comodo.com
QUERY PARAMS
  • X-Api-Key
  • string
  • required
  • Your API Key
  • url
  • string
  • required
  • Url to be queried

This endpoint allows you to query URL categories on Valkyrie Verdict. The "url" argument should be the URL address to be queried.

The url category is returned as an integer ID in the "category_id" argument and as a description string in the "category_name" argument. The queried URL is returned back in the "normalized_url" argument.

For the complete list of URL categories please contact us.

OUTPUT PARAMS
  • categories
  • json[]
  • Optional
  • List of categories found
Show Details

Possible "categories" values:

category_id: Id of category
1: Media Sharing
2: Mobile Communications
4: Professional Networking
5: Proxies
6: Spam Related Sites
7: Sports
10: Tasteless & Offensive
13: Nudity
14: Online Storage
15: Pornography
16: Public Information
17: Real Estate
20: Search Engines & Portals
21: Streaming Media
23: Technical Information
25: Visual Search
26: Weapons
28: Adult Content
29: Advocacy-NGO
30: Alcohol & Tobacco
31: Arts & Society & Culture
32: Auctions & Classifieds
33: Business
34: Chat
35: Comics & Humor & Jokes
37: Downloads
38: Entertainment
40: Fashion & Beauty
41: Finance & Investment
42: Food & Dining
43: Forums & Newsgroups
44: Gambling
46: Game Playing & Game Media
47: Game-Cartoon Violence
50: Hacking
51: Health & Medicine
54: Hobbies & Recreation
55: Hosted Personal Pages
56: Illegal Drugs
58: Information Security
59: Instant Messaging
60: Web Applications
61: Intimate Apparel & Swimwear
63: Kids Sites
64: Moderated Forums
65: News
66: Online Services
67: Personals & Dating
68: Shopping
69: Travel
72: Malware Related Sites
75: Software-Hardware
76: Advertisements & Popups
79: Blogs & Wikis
80: Computing & Technology
83: Education & Reference
84: Illegal Software
85: Job Search & Career Development
86: Marketing & Merchandising
88: Motor Vehicles
89: Parked Sites
90: Peer-to-Peer
91: Political Issues
93: Religion
94: Social Networking
95: Stock Trading
96: Text-Audio only
102: Government & Legal
103: Content Server
category_name: Name of category
  • normalized_url
  • string
  • Optional
  • Normalized version of given URL
  • return_code
  • integer
  • This field can have 0 “Success” or a non-zero “Error” code. Possible error codes listed below
  • result_message
  • string
  • Description of return code
POSSIBLE RETURN CODES
0: Success
3: Error in fls lookup service
100: Requested API Key is invalid
101: API method is not allowed for this API Key
102: Operation request limit is reached, please try again later
104: Daily operation request limit is reached, please try again later
500: Internal server error occurred
Example Response
{}
getposthttps://verdict.valkyrie.comodo.com/api/v1/url/merged/category/query
curl -X POST 
 https://verdict.valkyrie.comodo.com/api/v1/url/merged/category/query 
 -H 'X-Api-Key: api_key' 
 -F url=https://valkyrie.comodo.com
QUERY PARAMS
  • X-Api-Key
  • string
  • required
  • Your API Key
  • url
  • string
  • required
  • Url to be queried

This endpoint allows you to query URL categories on Valkyrie Verdict. The "url" argument should be the URL address to be queried.

The url category is returned as an integer ID in the "category_id" argument, as a description string in the "category_name" argument, as a verdict text in the "verdict" argument and as a verdict id integer in the "verdict_id" . The queried URL is returned back in the "normalized_url" argument.

For the complete list of URL categories please contact us.

OUTPUT PARAMS
  • categories
  • json[]
  • Optional
  • List of categories found
Show Details

Possible "categories" values:

category_id: Id of category
1: Media Sharing
2: Mobile Communications
4: Professional Networking
5: Proxies
6: Spam Related Sites
7: Sports
10: Tasteless & Offensive
13: Nudity
14: Online Storage
15: Pornography
16: Public Information
17: Real Estate
20: Search Engines & Portals
21: Streaming Media
23: Technical Information
25: Visual Search
26: Weapons
28: Adult Content
29: Advocacy-NGO
30: Alcohol & Tobacco
31: Arts & Society & Culture
32: Auctions & Classifieds
33: Business
34: Chat
35: Comics & Humor & Jokes
37: Downloads
38: Entertainment
40: Fashion & Beauty
41: Finance & Investment
42: Food & Dining
43: Forums & Newsgroups
44: Gambling
46: Game Playing & Game Media
47: Game-Cartoon Violence
50: Hacking
51: Health & Medicine
54: Hobbies & Recreation
55: Hosted Personal Pages
56: Illegal Drugs
58: Information Security
59: Instant Messaging
60: Web Applications
61: Intimate Apparel & Swimwear
63: Kids Sites
64: Moderated Forums
65: News
66: Online Services
67: Personals & Dating
68: Shopping
69: Travel
72: Malware Related Sites
75: Software-Hardware
76: Advertisements & Popups
79: Blogs & Wikis
80: Computing & Technology
83: Education & Reference
84: Illegal Software
85: Job Search & Career Development
86: Marketing & Merchandising
88: Motor Vehicles
89: Parked Sites
90: Peer-to-Peer
91: Political Issues
93: Religion
94: Social Networking
95: Stock Trading
96: Text-Audio only
102: Government & Legal
103: Content Server
category_name: Name of category
  • normalized_url
  • string
  • Optional
  • Normalized version of given URL
  • return_code
  • integer
  • This field can have 0 “Success” or a non-zero “Error” code. Possible error codes listed below
  • result_message
  • string
  • Description of return code
POSSIBLE RETURN CODES
0: Success
3: Error in fls lookup service
100: Requested API Key is invalid
101: API method is not allowed for this API Key
102: Operation request limit is reached, please try again later
104: Daily operation request limit is reached, please try again later
500: Internal server error occurred
Example Response
{}
getposthttps://verdict.valkyrie.comodo.com/api/v1/domain/query
curl -X POST 
 https://verdict.valkyrie.comodo.com/api/v1/domain/query 
 -H 'X-Api-Key: api_key' 
 -F domain=valkyrie.comodo.com -F analyze=true
QUERY PARAMS
  • X-Api-Key
  • string
  • required
  • Your API Key
  • domain
  • string
  • required
  • Domain to be queried
  • analyze
  • Boolean
  • If analyze parameter=true:Deep Scan. If analyze parameter=false: Light Scan.
  • use_cache
  • Boolean
  • optional
  • If use_cache parameter=true: cache is using. If use_cache parameter=false: cache not used.

This endpoint allows you to query domain verdicts on Valkyrie Verdict. The "domain" argument should be the domain to be queried.

The domain verdict is returned as an integer ID in the "domain_result_id" argument and as a description string in the "domain_result_text" argument. The "analyze" parameter default value is "false". The "analyze" parameter should be "true" or "false".

OUTPUT PARAMS
  • domain_result_id
  • integer
  • Optional
  • Id of domain category
Show Details

Possible "domain_result_id" values:

1: Not found
2: Safe
3: Suspicious
4: Phishing
5: Malware
6: Malicious
7: PUA
  • domain_result_text
  • string
  • Optional
  • Name of domain category
  • return_code
  • integer
  • This field can have 0 “Success” or a non-zero “Error” code. Possible error codes listed below
  • result_message
  • string
  • Description of return code
POSSIBLE RETURN CODES
0: Success
3: Error in fls lookup service
100: Requested API Key is invalid
101: API method is not allowed for this API Key
102: Operation request limit is reached, please try again later
104: Daily operation request limit is reached, please try again later
500: Internal server error occurred
Example Response
{
  • "domain_result_id": 1,
  • "domain_result_text": "Not found",
  • "return_code": 0,
  • "result_message": "Success"
}
getposthttps://verdict.valkyrie.comodo.com/api/v1/ip/query
curl -X POST 
 https://verdict.valkyrie.comodo.com/api/v1/ip/query 
 -H 'X-Api-Key: api_key' 
 -F ip=valkyrie.comodo.com
QUERY PARAMS
  • X-Api-Key
  • string
  • required
  • Your API Key
  • ip
  • string
  • required
  • IP to be queried
  • use_cache
  • Boolean
  • optional
  • If use_cache parameter=true: cache is using. If use_cache parameter=false: cache not used.

This endpoint allows you to query IP verdicts on Valkyrie Verdict. The "ip" argument should be the IP to be queried.

The IP verdict is returned as an integer ID in the "ip_result_id" argument and as a description string in the "ip_result_text" argument.

OUTPUT PARAMS
  • ip_result_id
  • integer
  • Optional
  • Id of IP category
Show Details

Possible "ip_result_id" values:

1: Not found
2: Safe
3: Suspicious
4: Phishing
5: Malware
6: Malicious
7: PUA
8: Spam
  • ip_result_text
  • string
  • Optional
  • Name of IP category
  • return_code
  • integer
  • This field can have 0 “Success” or a non-zero “Error” code. Possible error codes listed below
  • result_message
  • string
  • Description of return code
POSSIBLE RETURN CODES
0: Success
100: Requested API Key is invalid
101: API method is not allowed for this API Key
102: Operation request limit is reached, please try again later
104: Daily operation request limit is reached, please try again later
500: Internal server error occurred
Example Response
{
  • "ip_result_id": 1,
  • "ip_result_text": "Not found",
  • "return_code": 0,
  • "result_message": "Success"
}
getposthttps://verdict.valkyrie.comodo.com/api/v1/feed/download
curl -X POST 
 https://verdict.valkyrie.comodo.com/api/v1/feed/download 
 -H 'X-Api-Key: api_key' 
 -F feed_id='06-02'
QUERY PARAMS
  • X-Api-Key
  • string
  • required
  • Your API Key
  • feed_id
  • string
  • required
  • Id of feed to be downloaded

This endpoint allows you to feeds from Valkyrie Verdict.

OUTPUT PARAMS
  • feed_id
  • string
  • Optional
  • Id of feed to be downloaded
Show Details

Possible "feed_id" values:

01-01: File detected as malware
01-02: File detected as safe (trusted)
01-03: File detected as Potentially Unwanted Application (PUA)
01-04: Parent-Child relation
01-05: Domain of the url where the file is downloaded
01-06: IP of the host where the file is download
01-07: Url of the host where the file is download
01-08: Hash of file dropped by malware
01-09: .pcap formatted network analysis dump of malware files
01-10: Phishing Email attachments
02-01: Malware File Paths
02-02: PUA File Paths
02-03: Clean File Paths
02-04: File paths WRD by malware
02-05: Created process path by malware
03-01: Domain hosting malware files
03-02: Domain hosting Potentially Unwanted Application (PUA) files
03-03: Domain hosting only safe files
03-04: Spammer Domains
03-05: Domain that send only promotional or spam emails
03-06: Domains hosting at least one phishing URL
03-07: Domain that send only clean emails
03-08: Domain that send only mixed type emails
03-09: List of email addresses on that domain that send only spam emails
03-10: List of email addresses on that domain that send only promotinal or spam emails
03-11: List of email addresses on that domain that send only phishing emails
03-12: List of email addresses on that domain that send only clean emails
03-13: List of email addresses on that domain that send only mixed emails
03-14: Domain which sends emails to non-existing/unknown accounts
03-15: Malware connecting to Domains
03-16: Domains sending an email but has no MX record
03-17: Domains that only safe files are connecting to
03-18: Domain that are safe to send clean emails
03-19: Malware Command and Control Server Domains
03-20: Domains of drop sites for logs or stolen credentials
03-21: Spyware Reporting Server Domains
03-22: Questionable Gaming Site Domains
03-23: Driveby Source Domains
03-24: Chat Server Domains
03-25: Tor Node Domains
03-26: Known compromised or Hostile Domains
03-27: P2P Node Domains
03-28: Proxy Host Domains
03-29: IP Check Services Domains
03-30: Domains Target of a DDoS
03-31: Domains Performing Scanning
03-32: SSH or other brute forcer Domains
03-33: Domains of Fake AV and AS Products
03-34: Domains Related to a Dynamic DNS Entry or Request
03-35: Abused or free TLD Related Domains
03-36: Domains related to Self Signed SSL or other suspicious encryption
03-37: Blackhole or Sinkhole Domains
03-38: Domains related to GoToMyPC and similar remote access services
03-39: DDoS Source Domains
03-40: Reserved
03-41: Domains of Malicious URLs in FLS
03-42: ET All Feeds Unified
03-43: Botnet Domains
03-44: Suspicious Domains
03-45: (Potentially Clean) Domains that shall be used as ignore list for blacklisting operations.
03-46: Domains and the hashes of malwares related to that domain
03-47: Domains and the hashes of malwares hosted by that domain
03-48: Deceptive Domain - Targeted Brands
03-49: Domains and related PUA hashes mapping
04-01: IP hosting malware files
04-02: IP hosting Potentially Unwanted Application (PUA) files
04-03: IP hosting only safe files
04-04: IPs that are blacklisted for sending only spam emails
04-05: IPs that are whitelisted for sending only clean (ham) emails
04-06: The range owner (as an organization) of the ip address
04-07: Spammer IPs
04-08: IP that send only promotional or spam emails
04-09: IP that send only phishing emails
04-10: IP that send only clean emails
04-11: IP that send only mixed type (spam or clean) emails
04-12: List of email addresses on that ip that send only spam emails
04-13: List of email addresses on that ip that send only promotinal or spam emails
04-14: List of email addresses on that ip that send only phishing emails
04-15: List of email addresses on that ip that send only clean emails
04-16: List of email addresses on that ip that send only mixed emails
04-17: IPs that doesn't have a reverse DNS record
04-18: IP address which sends emails to non-existing/unknown accounts
04-19: Malware connecting to IP address
04-20: IP address that only clean files are connecting to
04-21: IP address that are sending only clean emails
04-22: Malware Command and Control Server IPs
04-23: Known Infected Bot IPs
04-24: IPs of drop sites for logs or stolen credentials
04-25: Spyware Reporting Server IPs
04-26: Questionable Gaming Site IPs
04-27: Driveby Source IPs
04-28: Chat Server IPs
04-29: Tor Node IPs
04-30: Known compromised or Hostile IPs
04-31: IPs of P2P Nodes
04-32: IPs of Proxy Hosts
04-33: IPs of IP Check Services
04-34: IPs targeted by a DDoS Attack
04-35: IPs of Hosts Performing Scanning
04-36: SSH or other brute forcer IPs
04-37: IPs of Fake AV and AS Products
04-38: IPs Related to a Dynamic DNS Entry or Request
04-39: Abused or free TLD Related IPs
04-40: IPs related to Self Signed SSL or other suspicious encryption
04-41: IPs of Blackhole or Sinkhole systems
04-42: IPs of GoToMyPC and similar remote access services
04-43: DDoS Source IPs
04-44: IP that send only spam emails
04-45: ET All Feeds Unified
04-46: (Potentially Clean) IPs that shall be used as ignore list for blacklisting operations.
04-47: IPs and the hashes of malwares related to that IP
04-48: UDP IPs and the hashes of malware files connecting to that IP via UDP protocol
04-49: IPs and hashes of related PUA files to that IP
05-01: The business industry category of the range owner
05-02: The range owner (as an organization) that sends spam emails
05-03: The range owner (as an organization) that sends promotional emails
05-04: The range owner (as an organization) that sends emails with unsub urls
05-05: The range owner (as an organization) that sends phishing emails
05-06: The range owner (as an organization) that sends clean emails
05-07: The range owner (as an organization) that sends mixed emails
06-01: URLs that redirects to malware files
06-02: Final URLs that redirects to phishing files
06-03: Landing URL that redirects to phishing files
06-04: URL that redirects to Potentially Unwanted Application (PUA) files
06-05: URLs that redirects to safe files
06-06: URL that redirects to spam sites
06-07: URL that redirects to unsubscription pages
06-08: List of email addresses that send only spam emails that used this url
06-09: List of email addresses that send only promotional emails that used this url
06-10: List of email addresses that send only phishing emails that used this url
06-11: List of email addresses that send only clean emails that used this url
06-12: List of email addresses that send only mixed emails that used this url
06-13: Malware connecting to url
06-14: Url classified as high risk url
06-15: Url classified as spyware
06-16: Regular expressions of phishing urls
06-17: Url that only clean (safe) files are connecting to
06-18: List of urls that are used to check certificate revocations lists
06-19: URL patterns of malware files
06-20: URL patterns extracted from urls that malware connect to
06-21: URLs that are used to check certificate revocations via CRL
06-22: Malicious URLs in FLS
06-23: URL confidence score calculation
06-24: URLs and the hashes of malwares related to that URL
06-25: URLs and the hashes of malwares hosted at that URL
06-26: Deceptive URL - Targeted Brands
06-28: URLs and hashes of related PUA files
07-01: Registrant Organization that send only spam emails
07-02: Registrant Organization that send only promotional or spam emails
07-03: Registrant Organization that send only phishing emails
07-04: Registrant Organization that send only clean emails
07-05: Registrant Organization that send only mixed type (spam or clean) emails
08-01: Trusted Vendor List
08-02: Grey Vendor List (that produces only PUA Files)
09-01: Code Signing Certificate that are used to sign only safe files
09-02: Code Signing Certificate that are used to sign only PUA files
10-01: Code snippets that are used to initiate malicious activities (fileless malwares)
11-01: Registry entries that are used to initiate malicious activities (fileless malwares)
11-02: Registry entries QOWD by malware
12-01: Email address that sends only spam emails
12-02: Email address that sends only promotional or spam emails
12-03: Email address that sends only phishing emails
12-04: Email address that sends only clean emails
12-05: Email address that sends any kind of emails (spam and clean mixed)
12-06: Email address which sends emails to non-existing/unknown accounts
12-07: Email address of which is replied from another user
12-08: Email address that sends emails with image-only content
12-09: Email address that's seen only today
13-01: Common subjects of spam emails
13-02: Common subjects of promotional emails
13-03: Common subjects of phishing emails
13-04: Subjects of phishing emails and email counts
14-01: Common attachment names of spam emails
14-02: Common attachment names of promotional emails
14-03: Common attachment names of phishing emails
15-01: Domain name of which is replied from another domain's user
16-01: List of texts of urls in spam emails
16-02: List of texts of urls in promotional emails
16-03: List of texts of urls in phishing emails
17-01: A list of relation, between email address and domains of urls found in the email
18-01: Human readable strings in malware binaries
19-01: Mutexes created by malware files
20-01: Payload hashes of malware HTTP requests
20-02: PE section hashes of malware files
21-01: Windows Services Created/Stopped/Started by malware
  • return_code
  • integer
  • Optional
  • This field can have 0 “Success” or a non-zero “Error” code. Possible error codes listed below
  • result_message
  • string
  • Optional
  • Description of return code
POSSIBLE RETURN CODES
0: Success
5: Requested feed is not found
6: Requested feed is not available
100: Requested API Key is invalid
101: API method is not allowed for this API Key
102: Operation request limit is reached, please try again later
104: Daily operation request limit is reached, please try again later
500: Internal server error occurred
Example Response
{
  • "response": "valkyrie_feed_01-01.txt"
}