URI-to-hash search (TCA-0401)
The URI to Hash Search service provides a list of SHA1 hashes of files that, during static analysis, were found to contain the requested URI.
The following URI types are supported: email, URL, IPv4 address, and domain.
Sending requests using the GET method requires the SHA1 value of the URI string, while the POST method accepts the URI string value in plain text.
There are two available response formats: XML and JSON.
URI Query
GET
GET /api/uri_index/v1/query/{uri_sha1}/[next_page_sha1]?[format=xml|json]&[classification=KNOWN|MALICIOUS|SUSPICIOUS|UNKNOWN]
This query returns a response containing SHA1 hashes associated (through static analysis) with the requested URI. Using the GET method requires the URI to be submitted as a SHA1 hash value of the URI string.
uri_sha1
- The SHA1 hash value of the URI string
- Required
next_page_sha1
- An optional parameter used for pagination. Each response contains the next_page_sha1 field needed for requesting the next page. To get the next page of results, provide the SHA1 hash returned in the next_page_sha1 response field as the next_page_sha1 parameter of the next request. If not supplied, the first page will be returned.
- Optional
format
- Response format. Accepts the following parameters: xml (default) and json
- Optional
classification
- If this parameter is provided in the request, the query will return a list of only those samples that match the requested classification. Possible values are: KNOWN, MALICIOUS, SUSPICIOUS, UNKNOWN
- Optional
POST
POST /api/uri_index/v1/query?[format=xml|json]
This query returns a response containing SHA1 hashes associated (through static analysis) with the requested URI string. Unlike the GET method, the URI string in the POST request body can be in plain text format.
The input format is specified using the Content-Type HTTP header field. It supports the following values:
- text/xml
- application/json
The response format defaults to the input format.
Request body:
{ "rl" : {
"query" : {
"uri" : "uri_string",
"next_page_sha1" : "SHA1_value"
}
}
}
uri
- A plain text URI for which we request sample SHA1s. Supported URI types are:
email
(e.g., user@domain.com),URL
(e.g., http://domain.com/download/picture.jpg),IPv4 address
(e.g., 127.0.0.1),domain
(e.g., domain.com) - Required
- A plain text URI for which we request sample SHA1s. Supported URI types are:
next_page_sha1
- An optional parameter used for pagination. Each response contains the next_page_sha1 field needed for requesting the next page. To get the next page of results, provide the SHA1_value hash returned in the next_page_sha1 response field as the next_page_sha1 parameter of the next request. If not supplied, the first page will be returned.
- Optional
Response Format
Response code 404 is returned when the URI isn't found in the ReversingLabs reputation database.
{
"rl": {
"uri_index": {
"query_uri": "string",
"next_page_sha1": "string",
"sha1_list": [
"string",
"string",
"string",
"string",
"string",
"string"
]
}
}
}
- A maximum of 1000 results per page will be returned
- To get the next page of results, provide the SHA1 hash returned in the next_page_sha1 response field as the next_page_sha1 parameter in the next request
Examples
Example 1
Requesting SHA1 hashes associated with the 127.0.0.1 URI using JSON format for the request body. The response will also be in JSON format.
/api/uri_index/v1/query
Headers:
Content-Type:application/json
Request body:
{
"rl": {
"query": {
"uri": "127.0.0.1"
}
}
}
Example 2
Requesting the SHA1 hashes associated with the 127.0.0.1 URI using JSON format for the request body. The response will also be in JSON format.
Pagination system is used, with 4ca39b9be025792197c2dd17d63956d4089560fe used as a parameter to retrieve the next batch of results.
/api/uri_index/v1/query
Headers:
Content-Type:application/json
Request body:
{
"rl": {
"query": {
"uri": "127.0.0.1",
"next_page_sha1": "4ca39b9be025792197c2dd17d63956d4089560fe"
}
}
}
Example 3
Requesting SHA1 hashes associated with 127.0.0.1 using GET. The "127.0.0.1" URI string has to be converted to SHA1 - 4b84b15bff6ee5796152495a230e45e3d7e947d9.
Response formats vary by type.
/api/uri_index/v1/query/4b84b15bff6ee5796152495a230e45e3d7e947d9?format=json
/api/uri_index/v1/query/4b84b15bff6ee5796152495a230e45e3d7e947d9?format=xml
Example 4
Requesting SHA1 hashes associated with 127.0.0.1 using GET. The "127.0.0.1" URI string has to be converted to SHA1 - 4b84b15bff6ee5796152495a230e45e3d7e947d9.
Following example filters and returns only results that are classified as KNOWN.
/api/uri_index/v1/query/4b84b15bff6ee5796152495a230e45e3d7e947d9?classification=KNOWN
Multiple arguments can also be combined.
/api/uri_index/v1/query/4b84b15bff6ee5796152495a230e45e3d7e947d9?classification=MALICIOUS&format=json