lookup_payload

Pack: urlhaus · Endpoint: https://gateway.pipeworx.io/urlhaus/mcp

Look up a malware payload file by its MD5 or SHA256 hash in the URLhaus database. Returns file type, size, first/last seen dates, and associated delivery URLs.

Parameters

NameTypeRequiredDescription
md5_hashstringnoMD5 hash of the payload to look up (32 hex characters).
sha256_hashstringnoSHA256 hash of the payload to look up (64 hex characters).

Example call

Arguments

{
  "md5_hash": "d41d8cd98f00b204e9800998ecf8427e"
}

curl

curl -X POST https://gateway.pipeworx.io/urlhaus/mcp \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"lookup_payload","arguments":{"md5_hash":"d41d8cd98f00b204e9800998ecf8427e"}}}'

TypeScript (@pipeworx/sdk)

import { Pipeworx } from '@pipeworx/sdk';
const pipeworx = new Pipeworx();

const result = await pipeworx.call('lookup_payload', {
  "md5_hash": "d41d8cd98f00b204e9800998ecf8427e"
});

More examples

{
  "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
}

Response shape

Always returns: query_status, md5_hash, sha256_hash, file_type, file_size_bytes, signature, first_seen, last_seen, url_count, delivery_urls

FieldTypeDescription
query_statusstringStatus of the query
md5_hashstring | nullMD5 hash of the payload
sha256_hashstring | nullSHA256 hash of the payload
file_typestring | nullFile type of the payload
file_size_bytesnumber | nullSize of the payload file in bytes
signaturestring | nullMalware signature name if available
first_seenstring | nullDate when payload was first seen
last_seenstring | nullDate when payload was last seen
url_countnumber | nullNumber of URLs serving this payload
delivery_urlsarrayURLs associated with this payload delivery
Full JSON Schema 
{
  "type": "object",
  "properties": {
    "query_status": {
      "type": "string",
      "description": "Status of the query"
    },
    "md5_hash": {
      "type": [
        "string",
        "null"
      ],
      "description": "MD5 hash of the payload"
    },
    "sha256_hash": {
      "type": [
        "string",
        "null"
      ],
      "description": "SHA256 hash of the payload"
    },
    "file_type": {
      "type": [
        "string",
        "null"
      ],
      "description": "File type of the payload"
    },
    "file_size_bytes": {
      "type": [
        "number",
        "null"
      ],
      "description": "Size of the payload file in bytes"
    },
    "signature": {
      "type": [
        "string",
        "null"
      ],
      "description": "Malware signature name if available"
    },
    "first_seen": {
      "type": [
        "string",
        "null"
      ],
      "description": "Date when payload was first seen"
    },
    "last_seen": {
      "type": [
        "string",
        "null"
      ],
      "description": "Date when payload was last seen"
    },
    "url_count": {
      "type": [
        "number",
        "null"
      ],
      "description": "Number of URLs serving this payload"
    },
    "delivery_urls": {
      "type": "array",
      "description": "URLs associated with this payload delivery"
    }
  },
  "required": [
    "query_status",
    "md5_hash",
    "sha256_hash",
    "file_type",
    "file_size_bytes",
    "signature",
    "first_seen",
    "last_seen",
    "url_count",
    "delivery_urls"
  ]
}

Connect

Add this to your MCP client config, or use one-click install buttons:

{
  "mcpServers": {
    "urlhaus": {
      "url": "https://gateway.pipeworx.io/urlhaus/mcp"
    }
  }
}

See Getting Started for client-specific install steps.

Regenerated from source · build May 9, 2026