Skip to main content

CyberTotal

This Integration is part of the CyberTotal Pack.#

CyberTotal is a cloud-based threat intelligence service developed by CyCraft. This integration was integrated and tested with version 1.6.4 of CyberTotal

Configure CyberTotal in Cortex#

ParameterDescriptionRequired
urlCyberTotal URLTrue
tokenCyberTotal API TokenTrue
feedFetch indicatorsFalse
threshold_ipBad ip thresholdFalse
threshold_fileBad hash thresholdFalse
threshold_domainBad domain thresholdFalse
threshold_urlBad url thresholdFalse
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

ip#


Return IP information and reputation

Base Command#

ip

Input#

Argument NameDescriptionRequired
ipList of IPs.Required
thresholdIf the IP has reputation above the threshold then the IP defined as malicious. If threshold not set, then threshold from instance configuration is used.Optional

Context Output#

PathTypeDescription
CyberTotal.IP.scan_datedateScan date format: ISO 8601
CyberTotal.IP.resourcestringThe scan target sent to CyberTotal.
CyberTotal.IP.task_idstringThe unique id of each scan in CyberTotal.
CyberTotal.IP.permalinkstringThe link of this IP’s report in CyberTotal.
CyberTotal.IP.severitynumberSeverity of this IP. The range is from 0 to 10.
CyberTotal.IP.confidencenumberConfidence of this IP. The range is from 0 to 10.
CyberTotal.IP.threatstringThreat of this IP, which is a select from ‘High’, ‘Medium’ and ‘Low’.
CyberTotal.IP.detection_enginesnumberThe number of all antivirus vendors scanned.
CyberTotal.IP.positive_detectionsnumberThe number of antivirus vendors scanned with positive detection.
CyberTotal.IP.detection_ratiostringThe ratio of positive_detections and detection_engines.
CyberTotal.IP.messagestringMessage about this search.
IP.AddressStringIP address
IP.DetectionEnginesNumberThe total number of engines that checked the indicator.
IP.PositiveDetectionsNumberThe number of engines that positively detected the indicator as malicious.
IP.Malicious.VendorStringThe vendor reporting the IP address as malicious.
IP.Malicious.DescriptionStringA description explaining why the IP address was reported as malicious.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.

Command Example#

!ip ip=1.1.1.1

Context Example#

{
"CyberTotal": {
"IP": {
"confidence": 3,
"detection_engines": 87,
"detection_ratio": "4/87",
"message": "search success",
"permalink": "https://cybertotal.cycraft.com/app/intelligence/5a2601d575ea44058efeb1aba995dc8d",
"positive_detections": 4,
"resource": "1.1.1.1",
"scan_date": "2020-07-28T14:11:19+00:00",
"severity": 9,
"task_id": "5a2601d575ea44058efeb1aba995dc8d",
"threat": "High"
}
},
"DBotScore": {
"Indicator": "1.1.1.1",
"Score": 1,
"Type": "ip",
"Vendor": "CyberTotal"
},
"IP": {
"Address": "1.1.1.1",
"DetectionEngines": 87,
"PositiveDetections": 4
}
}

Human Readable Output#

IP List#

confidencedetection_enginesdetection_ratiomessagepermalinkpositive_detectionsresourcescan_dateseveritytask_idthreat
3874/87search successhttps://cybertotal.cycraft.com/app/intelligence/5a2601d575ea44058efeb1aba995dc8d41.1.1.12020-07-28T14:11:19+00:0095a2601d575ea44058efeb1aba995dc8dHigh

file#


Return file's information and reputation

Base Command#

file

Input#

Argument NameDescriptionRequired
filelist of hash(s).Required
thresholdIf the HASH has reputation above the threshold then the HASH defined as malicious. If threshold not set, then threshold from instance configuration is used.Optional

Context Output#

PathTypeDescription
CyberTotal.File.scan_datedateScan date format: ISO 8601
CyberTotal.File.resourcestringThe scan target sent to CyberTotal.
CyberTotal.File.task_idstringThe unique id of each scan in CyberTotal.
CyberTotal.File.permalinkstringThe link of this HASH’s report in CyberTotal.
CyberTotal.File.severitynumberSeverity of this HASH. The range is from 0 to 10.
CyberTotal.File.confidencenumberConfidence of this HASH. The range is from 0 to 10.
CyberTotal.File.threatstringThreat of this HASH, which is a select from ‘High’, ‘Medium’ and ‘Low’.
CyberTotal.File.detection_enginesnumberThe number of all antivirus vendors scanned.
CyberTotal.File.positive_detectionsnumberThe number of antivirus vendors scanned with positive detection.
CyberTotal.File.detection_ratiostringThe ratio of positive_detections and detection_engines.
CyberTotal.File.messagestringMessage about this search.
CyberTotal.File.sizestringSize of this file.
CyberTotal.File.md5stringThis file’s md5 value.
CyberTotal.File.sha1stringThis file’s sha1 value.
CyberTotal.File.sha256stringThis file’s sha256 value.
CyberTotal.File.extensionstringThis file’s extension type.
CyberTotal.File.namestringThis file’s name, separated by ‘,’ if more than 2 names.
File.MD5StringThe MD5 hash of the file.
File.SHA1StringThe SHA1 hash of the file.
File.SHA256StringThe SHA1 hash of the file.
File.NameStringThe full file name (including file extension).
File.ExtensionStringThe file extension, for example: 'xls'.
File.SizeNumberThe size of the file in bytes.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.

Command Example#

!file file=b5e8793b216cf2e63c47af4ac424ac9a77601405c131c32a2eaa22812306123e

Context Example#

{
"CyberTotal": {
"File": {
"confidence": 10,
"detection_engines": 70,
"detection_ratio": "58/70",
"extension": "exe",
"md5": "19063b2a1b1a7930aef31678903b7088",
"message": "search success",
"name": "19063b2a1b1a7930aef31678903b7088.virus",
"permalink": "https://cybertotal.cycraft.com/app/intelligence/7a37a8d7a32847c9b3eee5a4431c9ab5",
"positive_detections": 58,
"resource": "b5e8793b216cf2e63c47af4ac424ac9a77601405c131c32a2eaa22812306123e",
"scan_date": "2020-07-09T15:11:56+00:00",
"severity": 10,
"sha1": "c771b33f4f3867f95721d0eceed5c4040c78d3ee",
"sha256": "b5e8793b216cf2e63c47af4ac424ac9a77601405c131c32a2eaa22812306123e",
"size": "28672",
"task_id": "7a37a8d7a32847c9b3eee5a4431c9ab5",
"threat": "High"
}
},
"DBotScore": {
"Indicator": "b5e8793b216cf2e63c47af4ac424ac9a77601405c131c32a2eaa22812306123e",
"Score": 3,
"Type": "file",
"Vendor": "CyberTotal"
},
"File": {
"Extension": "exe",
"MD5": "19063b2a1b1a7930aef31678903b7088",
"Malicious": {
"Description": "CyberTotal returned reputation 58",
"Vendor": "CyberTotal"
},
"Name": "19063b2a1b1a7930aef31678903b7088.virus",
"SHA1": "c771b33f4f3867f95721d0eceed5c4040c78d3ee",
"SHA256": "b5e8793b216cf2e63c47af4ac424ac9a77601405c131c32a2eaa22812306123e",
"Size": "28672"
}
}

Human Readable Output#

File List#

confidencedetection_enginesdetection_ratioextensionmd5messagenamepermalinkpositive_detectionsresourcescan_dateseveritysha1sha256sizetask_idthreat
107058/70exe19063b2a1b1a7930aef31678903b7088search success19063b2a1b1a7930aef31678903b7088.virushttps://cybertotal.cycraft.com/app/intelligence/7a37a8d7a32847c9b3eee5a4431c9ab558b5e8793b216cf2e63c47af4ac424ac9a77601405c131c32a2eaa22812306123e2020-07-09T15:11:56+00:0010c771b33f4f3867f95721d0eceed5c4040c78d3eeb5e8793b216cf2e63c47af4ac424ac9a77601405c131c32a2eaa22812306123e286727a37a8d7a32847c9b3eee5a4431c9ab5High

domain#


Return domain information and reputation

Base Command#

domain

Input#

Argument NameDescriptionRequired
domainList of domains.Required
thresholdIf the domain has reputation above the threshold then the domain defined as malicious. If threshold not set, then threshold from instance configuration is used.Optional

Context Output#

PathTypeDescription
CyberTotal.Domain.scan_datedateScan date format: ISO 8601
CyberTotal.Domain.resourcestringThe scan target sent to CyberTotal.
CyberTotal.Domain.permalinkstringThe link of this domain’s report in CyberTotal.
CyberTotal.Domain.severitynumberSeverity of this domain. The range is from 0 to 10.
CyberTotal.Domain.confidencenumberConfidence of this domain. The range is from 0 to 10.
CyberTotal.Domain.threatstringThreat of this domain, which is a select from ‘High’, ‘Medium’ and ‘Low’.
CyberTotal.Domain.detection_enginesnumberThe number of all antivirus vendors scanned.
CyberTotal.Domain.positive_detectionsnumberThe number of antivirus vendors scanned with positive detection.
CyberTotal.Domain.detection_ratiostringThe ratio of positive_detections and detection_engines.
CyberTotal.Domain.messagestringMessage about this search.
Domain.NameStringThe domain name, for example: "google.com".
Domain.DetectionEnginesNumberThe total number of engines that checked the indicator.
Domain.PositiveDetectionsNumberThe number of engines that positively detected the indicator as malicious.
Domain.Malicious.VendorStringThe vendor reporting the domain as malicious.
Domain.Malicious.DescriptionStringA description explaining why the domain was reported as malicious.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.

Command Example#

!domain domain=abc.com

Context Example#

{
"CyberTotal": {
"Domain": {
"confidence": 7,
"detection_engines": 79,
"detection_ratio": "0/79",
"message": "search success",
"permalink": "https://cybertotal.cycraft.com/app/intelligence/79ca1bd740564c36a7a4a78df5dc719d",
"positive_detections": 0,
"resource": "abc.com",
"scan_date": "2020-06-18T03:19:48+00:00",
"severity": 6,
"task_id": "79ca1bd740564c36a7a4a78df5dc719d",
"threat": "Medium"
}
},
"DBotScore": {
"Indicator": "abc.com",
"Score": 0,
"Type": "domain",
"Vendor": "CyberTotal"
},
"Domain": {
"DetectionEngines": 79,
"Name": "abc.com"
}
}

Human Readable Output#

Domain List#

confidencedetection_enginesdetection_ratiomessagepermalinkpositive_detectionsresourcescan_dateseveritytask_idthreat
7790/79search successhttps://cybertotal.cycraft.com/app/intelligence/79ca1bd740564c36a7a4a78df5dc719d0abc.com2020-06-18T03:19:48+00:00679ca1bd740564c36a7a4a78df5dc719dMedium

url#


Return domain information and reputation

Base Command#

url

Input#

Argument NameDescriptionRequired
urlList of url(s).Required
thresholdIf the URL has reputation above the threshold then the URL defined as malicious. If threshold not set, then threshold from instance configuration is used.Optional

Context Output#

PathTypeDescription
CyberTotal.URL.scan_datedateScan date format: ISO 8601
CyberTotal.URL.resourcestringThe scan target sent to CyberTotal.
CyberTotal.URL.task_idstringThe unique id of each scan in CyberTotal.
CyberTotal.URL.permalinkstringThe link of this URL’s report in CyberTotal.
CyberTotal.URL.severitynumberSeverity of this URL. The range is from 0 to 10.
CyberTotal.URL.confidencenumberConfidence of this URL. The range is from 0 to 10.
CyberTotal.URL.threatstringThreat of this URL, which is a select from ‘High’, ‘Medium’ and ‘Low’.
CyberTotal.URL.detection_enginesnumberThe number of all antivirus vendors scanned.
CyberTotal.URL.positive_detectionsnumberThe number of antivirus vendors scanned with positive detection.
CyberTotal.URL.detection_ratiostringThe ratio of positive_detections and detection_engines.
CyberTotal.URL.messagestringMessage about this search.
URL.DataStringThe URL
URL.DetectionEnginesStringThe total number of engines that checked the indicator.
URL.PositiveDetectionsStringThe number of engines that positively detected the indicator as malicious.
URL.Malicious.VendorStringThe vendor reporting the URL as malicious.
URL.Malicious.DescriptionStringA description of the malicious URL.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.

Command Example#

!url url=http://abc.com

Context Example#

{
"CyberTotal": {
"URL": {
"confidence": 1,
"detection_engines": 79,
"detection_ratio": "0/79",
"message": "search success",
"permalink": "https://cybertotal.cycraft.com/app/intelligence/61bbc65f5c034930b8a659c39e745d96",
"positive_detections": 0,
"resource": "http://abc.com",
"scan_date": "2020-06-22T07:24:16+00:00",
"severity": 5,
"task_id": "61bbc65f5c034930b8a659c39e745d96",
"threat": "Medium"
}
},
"DBotScore": {
"Indicator": "http://abc.com",
"Score": 0,
"Type": "url",
"Vendor": "CyberTotal"
},
"URL": {
"Data": "http://abc.com",
"DetectionEngines": 79
}
}

Human Readable Output#

URL List#

confidencedetection_enginesdetection_ratiomessagepermalinkpositive_detectionsresourcescan_dateseveritytask_idthreat
1790/79search successhttps://cybertotal.cycraft.com/app/intelligence/61bbc65f5c034930b8a659c39e745d960http://abc.com2020-06-22T07:24:16+00:00561bbc65f5c034930b8a659c39e745d96Medium

cybertotal-ip-whois#


Return ip whois information

Base Command#

cybertotal-ip-whois

Input#

Argument NameDescriptionRequired
ipList of IP(s).Required

Context Output#

PathTypeDescription
CyberTotal.WHOIS-IP.scan_datedateScan date format: ISO 8601
CyberTotal.WHOIS-IP.task_idstringThe unique id of each scan in CyberTotal.
CyberTotal.WHOIS-IP.resourcestringThe scan target sent to CyberTotal.
CyberTotal.WHOIS-IP.messagestringMessage about this search.
CyberTotal.WHOIS-IP.permalinkstringThe link of this whois report in CyberTotal.
CyberTotal.WHOIS-IP.createdAtdateCreate date format: ISO 8601
CyberTotal.WHOIS-IP.updatedAtdateUpdate date format: ISO 8601
CyberTotal.WHOIS-IP.statusstringStatus of this IP
CyberTotal.WHOIS-IP.domainstringDomain of this IP
CyberTotal.WHOIS-IP.domainMd5stringMD5 translation of CyberTotal.WHOIS-IP.domain
CyberTotal.WHOIS-IP.domainUnicodestringEncode CyberTotal.WHOIS-IP.domain by using unicode
CyberTotal.WHOIS-IP.nameserversstringAn array of all DNS nameservers
CyberTotal.WHOIS-IP.registrarNamestringThe name of registrar
CyberTotal.WHOIS-IP.registrarEmailstringThe email address of registrar
CyberTotal.WHOIS-IP.registrarPhonestringThe phone number of registrar
CyberTotal.WHOIS-IP.registrarCreatedAtdateRegistrar create date format: ISO 8601
CyberTotal.WHOIS-IP.registrarUpdatedAtdateRegistrar update date format: ISO 8601
CyberTotal.WHOIS-IP.registrarExpiresAtdateRegistrar expire date format: ISO 8601
CyberTotal.WHOIS-IP.auditCreatedAtdateRegistrar update date format: ISO 8601
CyberTotal.WHOIS-IP.auditUpdatedAtdateRegistrar expire date format: ISO 8601
CyberTotal.WHOIS-IP.registrant.namestringThe name of registrant
CyberTotal.WHOIS-IP.registrant.organizationstringThe organization name of registrant
CyberTotal.WHOIS-IP.registrant.streetstringThe street name of registrant
CyberTotal.WHOIS-IP.registrant.citystringThe location city of registrant
CyberTotal.WHOIS-IP.registrant.statestringThe location state name of registrant
CyberTotal.WHOIS-IP.registrant.zipstringThe post zip code of registrant
CyberTotal.WHOIS-IP.registrant.countrystringThe country of registrant
CyberTotal.WHOIS-IP.registrant.addressstringThe address of registrant
CyberTotal.WHOIS-IP.admin.namestringThe name of admin
CyberTotal.WHOIS-IP.admin.organizationstringThe organization name of admin
CyberTotal.WHOIS-IP.admin.streetstringThe street name of admin
CyberTotal.WHOIS-IP.admin.citystringThe location city of admin
CyberTotal.WHOIS-IP.admin.statestringThe location state name of admin
CyberTotal.WHOIS-IP.admin.zipstringThe post zip code of admin
CyberTotal.WHOIS-IP.admin.countrystringThe country of admin
CyberTotal.WHOIS-IP.admin.addressstringThe address of admin
CyberTotal.WHOIS-IP.technical.namestringThe name of technical
CyberTotal.WHOIS-IP.technical.organizationstringThe organization name of technical
CyberTotal.WHOIS-IP.technical.streetstringThe street name of technical
CyberTotal.WHOIS-IP.technical.citystringThe location city of technical
CyberTotal.WHOIS-IP.technical.statestringThe location state name of technical
CyberTotal.WHOIS-IP.technical.zipstringThe post zip code of technical
CyberTotal.WHOIS-IP.technical.countrystringThe country of technical
CyberTotal.WHOIS-IP.technical.addressstringThe address of technical
CyberTotal.WHOIS-IP.contactEmailsstringAn array of all contact email address
CyberTotal.WHOIS-IP.contactsstringAn array of all contact details
CyberTotal.WHOIS-IP.contactNamesstringAn array of all contact names
CyberTotal.WHOIS-IP.contactCountriesstringAn array of all contact countries
CyberTotal.WHOIS-IP.domainAvailablebooleanIf this domain is available
CyberTotal.WHOIS-IP.expiredbooleanIf this IP is expired

Command Example#

!cybertotal-ip-whois ip=1.1.1.1

Context Example#

{
"CyberTotal": {
"WHOIS-IP": {
"abuse": {
"address": "po box 3646\n4101\nqld\naustralia\n",
"country": "australia",
"email": "xxx@xxx.net",
"id": 0,
"name": "IRT-APNICRANDNET-AU",
"state": "qld",
"street": "po box 3646",
"whoisContactID": 0,
"zip": "4101"
},
"admin": {
"address": "po box 3646\n4101\nqld\naustralia\n",
"country": "australia",
"email": "research@apnic.net",
"fax": "+61-7-3858-3199",
"id": 0,
"name": "APNIC RESEARCH",
"phone": "+61-7-3858-3188",
"state": "qld",
"street": "po box 3646",
"whoisContactID": 0,
"zip": "4101"
},
"auditCreatedAt": "2020-07-18T02:07:02+00:00",
"auditUpdatedAt": "2020-07-18T02:07:02+00:00",
"compositeParseCode": 10528,
"contactCountries": [
"australia"
],
"contactEmails": [
"research@apnic.net"
],
"contactNames": [
"APNIC RESEARCH"
],
"contactOrganizations": [],
"contacts": [
{
"address": "po box 3646\n4101\nqld\naustralia\n",
"country": "australia",
"email": "research@apnic.net",
"fax": "+61-7-3858-3199",
"id": 0,
"name": "APNIC RESEARCH",
"phone": "+61-7-3858-3188",
"state": "qld",
"street": "po box 3646",
"whoisContactID": 0,
"zip": "4101"
}
],
"createdAt": "2020-07-18T02:07:02+00:00",
"domain": "1.1.1.0",
"domainAvailable": false,
"domainMd5": "ede514d996ecdf82a0abf5356ff6a13c",
"domainUnicode": "1.1.1.0",
"expired": false,
"id": 6690074356934458000,
"message": "search success",
"nameservers": [],
"netRange": {
"ipEnd": "1.1.1.255",
"ipStart": "1.1.1.0",
"netName": "APNIC-LABS",
"netRange": "1.1.1.0 - 1.1.1.255",
"numericEnd": 16843263,
"numericStart": 16843008,
"status": "INACTIVE",
"whoisNetRangeID": 0
},
"noRecord": false,
"permalink": [
"https://cybertotal.cycraft.com/app/intelligence/5a2601d575ea44058efeb1aba995dc8d"
],
"registrarName": "APNIC",
"registrarParseCode": 10528,
"registrarUpdatedAt": "2020-07-15T13:10:57+00:00",
"resource": [
"1.1.1.1"
],
"scan_date": [
"2020-07-28 14:11:19"
],
"status": "ACTIVE",
"task_id": "5a2601d575ea44058efeb1aba995dc8d",
"technical": {
"address": "po box 3646\n4101\nqld\naustralia\n",
"country": "australia",
"email": "research@apnic.net",
"fax": "+61-7-3858-3199",
"id": 0,
"name": "APNIC RESEARCH",
"phone": "+61-7-3858-3188",
"state": "qld",
"street": "po box 3646",
"whoisContactID": 0,
"zip": "4101"
},
"tld": "ipv4",
"updatedAt": "2020-07-18T02:07:02+00:00",
"whoisID": 6690074356934458000,
"whoisServer": "rdap.apnic.net"
}
}
}

Human Readable Output#

Results#

abuseadminauditCreatedAtauditUpdatedAtcompositeParseCodecontactCountriescontactEmailscontactNamescontactOrganizationscontactscreatedAtdomaindomainAvailabledomainMd5domainUnicodeexpiredidmessagenameserversnetRangenoRecordpermalinkregistrarNameregistrarParseCoderegistrarUpdatedAtresourcescan_datestatustask_idtechnicaltldupdatedAtwhoisIDwhoisServer
whoisContactID: 0
email: xxx@xxx.net
name: IRT-APNICRANDNET-AU
street: po box 3646
state: qld
zip: 4101
country: australia
address: po box 3646
4101
qld
australia

id: 0
whoisContactID: 0
email: research@apnic.net
name: APNIC RESEARCH
street: po box 3646
state: qld
zip: 4101
country: australia
phone: +61-7-3858-3188
fax: +61-7-3858-3199
address: po box 3646
4101
qld
australia

id: 0
2020-07-18T02:07:02+00:002020-07-18T02:07:02+00:0010528australiaresearch@apnic.netAPNIC RESEARCH{'whoisContactID': 0, 'email': 'research@apnic.net', 'name': 'APNIC RESEARCH', 'street': 'po box 3646', 'state': 'qld', 'zip': '4101', 'country': 'australia', 'phone': '+61-7-3858-3188', 'fax': '+61-7-3858-3199', 'address': 'po box 3646\n4101\nqld\naustralia\n', 'id': 0}2020-07-18T02:07:02+00:001.1.1.0falseede514d996ecdf82a0abf5356ff6a13c1.1.1.0false6690074356934458403search successstatus: INACTIVE
whoisNetRangeID: 0
netRange: 1.1.1.0 - 1.1.1.255
netName: APNIC-LABS
ipStart: 1.1.1.0
ipEnd: 1.1.1.255
numericEnd: 16843263
numericStart: 16843008
false["https://cybertotal.cycraft.com/app/intelligence/5a2601d575ea44058efeb1aba995dc8d"]APNIC105282020-07-15T13:10:57+00:00["1.1.1.1"]["2020-07-28 14:11:19"]ACTIVE5a2601d575ea44058efeb1aba995dc8dwhoisContactID: 0
email: research@apnic.net
name: APNIC RESEARCH
street: po box 3646
state: qld
zip: 4101
country: australia
phone: +61-7-3858-3188
fax: +61-7-3858-3199
address: po box 3646
4101
qld
australia

id: 0
ipv42020-07-18T02:07:02+00:006690074356934458403rdap.apnic.net

cybertotal-url-whois#


Return url whois information

Base Command#

cybertotal-url-whois

Input#

Argument NameDescriptionRequired
urlList of URL(s).Required

Context Output#

PathTypeDescription
CyberTotal.WHOIS-URL.scan_datedateScan date format: ISO 8601
CyberTotal.WHOIS-URL.task_idstringThe unique id of each scan in CyberTotal.
CyberTotal.WHOIS-URL.resourcestringThe scan target sent to CyberTotal.
CyberTotal.WHOIS-URL.messagestringMessage about this search.
CyberTotal.WHOIS-URL.permalinkstringThe link of this whois report in CyberTotal.
CyberTotal.WHOIS-URL.createdAtdateCreate date format: ISO 8601
CyberTotal.WHOIS-URL.updatedAtdateUpdate date format: ISO 8601
CyberTotal.WHOIS-URL.statusstringStatus of this IP
CyberTotal.WHOIS-URL.domainstringDomain of this IP
CyberTotal.WHOIS-URL.domainMd5stringMD5 translation of CyberTotal.WHOIS-URL.domain
CyberTotal.WHOIS-URL.domainUnicodestringEncode CyberTotal.WHOIS-URL.domain by using unicode
CyberTotal.WHOIS-URL.nameserversstringAn array of all DNS nameservers
CyberTotal.WHOIS-URL.registrarNamestringThe name of registrar
CyberTotal.WHOIS-URL.registrarEmailstringThe email address of registrar
CyberTotal.WHOIS-URL.registrarPhonestringThe phone number of registrar
CyberTotal.WHOIS-URL.registrarCreatedAtdateRegistrar create date format: ISO 8601
CyberTotal.WHOIS-URL.registrarUpdatedAtdateRegistrar update date format: ISO 8601
CyberTotal.WHOIS-URL.registrarExpiresAtdateRegistrar expire date format: ISO 8601
CyberTotal.WHOIS-URL.auditCreatedAtdateRegistrar update date format: ISO 8601
CyberTotal.WHOIS-URL.auditUpdatedAtdateRegistrar expire date format: ISO 8601
CyberTotal.WHOIS-URL.registrant.namestringThe name of registrant
CyberTotal.WHOIS-URL.registrant.organizationstringThe organization name of registrant
CyberTotal.WHOIS-URL.registrant.streetstringThe street name of registrant
CyberTotal.WHOIS-URL.registrant.citystringThe location city of registrant
CyberTotal.WHOIS-URL.registrant.statestringThe location state name of registrant
CyberTotal.WHOIS-URL.registrant.zipstringThe post zip code of registrant
CyberTotal.WHOIS-URL.registrant.countrystringThe country of registrant
CyberTotal.WHOIS-URL.registrant.addressstringThe address of registrant
CyberTotal.WHOIS-URL.admin.namestringThe name of admin
CyberTotal.WHOIS-URL.admin.organizationstringThe organization name of admin
CyberTotal.WHOIS-URL.admin.streetstringThe street name of admin
CyberTotal.WHOIS-URL.admin.citystringThe location city of admin
CyberTotal.WHOIS-URL.admin.statestringThe location state name of admin
CyberTotal.WHOIS-URL.admin.zipstringThe post zip code of admin
CyberTotal.WHOIS-URL.admin.countrystringThe country of admin
CyberTotal.WHOIS-URL.admin.addressstringThe address of admin
CyberTotal.WHOIS-URL.technical.namestringThe name of technical
CyberTotal.WHOIS-URL.technical.organizationstringThe organization name of technical
CyberTotal.WHOIS-URL.technical.streetstringThe street name of technical
CyberTotal.WHOIS-URL.technical.citystringThe location city of technical
CyberTotal.WHOIS-URL.technical.statestringThe location state name of technical
CyberTotal.WHOIS-URL.technical.zipstringThe post zip code of technical
CyberTotal.WHOIS-URL.technical.countrystringThe country of technical
CyberTotal.WHOIS-URL.technical.addressstringThe address of technical
CyberTotal.WHOIS-URL.contactEmailsstringAn array of all contact email address
CyberTotal.WHOIS-URL.contactsstringAn array of all contact details
CyberTotal.WHOIS-URL.contactNamesstringAn array of all contact names
CyberTotal.WHOIS-URL.contactCountriesstringAn array of all contact countries
CyberTotal.WHOIS-URL.domainAvailablebooleanIf this domain is available
CyberTotal.WHOIS-URL.expiredbooleanIf this URL is expired

Command Example#

!cybertotal-url-whois url=http://abc.com

Context Example#

{
"CyberTotal": {
"WHOIS-URL": {
"admin": {
"address": "New York\n10023-6298\nNY\nUS\n",
"city": "New York",
"country": "US",
"email": "xxx@xxx.net",
"fax": "18182384694",
"id": 0,
"name": "ABC, Inc.; Domain Administrator",
"organization": "ABC, Inc.",
"phone": "18182384694",
"state": "NY",
"whoisContactID": 0,
"zip": "10023-6298"
},
"auditCreatedAt": "2020-04-09T07:17:45+00:00",
"auditUpdatedAt": "2020-04-09T07:17:45+00:00",
"compositeParseCode": 3579,
"contactCountries": [
"US"
],
"contactEmails": [
"corp.dns.domains@disney.com"
],
"contactNames": [
"ABC, Inc.; Domain Administrator"
],
"contactOrganizations": [
"ABC, Inc."
],
"contacts": [
{
"address": "New York\n10023-6298\nNY\nUS\n",
"city": "New York",
"country": "US",
"email": "xxx@xxx.net",
"fax": "18182384694",
"id": 0,
"name": "ABC, Inc.; Domain Administrator",
"organization": "ABC, Inc.",
"phone": "18182384694",
"state": "NY",
"whoisContactID": 0,
"zip": "10023-6298"
}
],
"createdAt": "2020-04-09T07:17:45+00:00",
"domain": "abc.com",
"domainAvailable": false,
"domainMd5": "929ba26f492f86d4a9d66a080849865a",
"domainStatus": "clientTransferProhibited serverDeleteProhibited serverTransferProhibited serverUpdateProhibited",
"domainUnicode": "abc.com",
"expired": false,
"id": 6653913764397840000,
"message": "search success",
"nameservers": [
"ns-1368.awsdns-43.org",
"ns-1869.awsdns-41.co.uk",
"ns-318.awsdns-39.com",
"ns-736.awsdns-28.net"
],
"noRecord": false,
"permalink": [
"https://cybertotal.cycraft.com/app/intelligence/61bbc65f5c034930b8a659c39e745d96"
],
"registrant": {
"address": "New York\n10023-6298\nNY\nUS\n",
"city": "New York",
"country": "US",
"email": "xxx@xxx.net",
"fax": "18182384694",
"id": 0,
"name": "ABC, Inc.; Domain Administrator",
"organization": "ABC, Inc.",
"phone": "18182384694",
"state": "NY",
"whoisContactID": 0,
"zip": "10023-6298"
},
"registrarCreatedAt": "1996-05-22T04:00:00+00:00",
"registrarEmail": "domainabuse@cscglobal.com",
"registrarExpiresAt": "2021-05-23T04:00:00+00:00",
"registrarIanaID": 299,
"registrarName": "CSC Corporate Domains, Inc.",
"registrarParseCode": 3579,
"registrarPhone": "+1.8887802723",
"registrarUpdatedAt": "2020-04-08T07:06:06+00:00",
"registryParseCode": 251,
"resource": [
"http://abc.com"
],
"scan_date": [
"2020-06-22 07:24:16"
],
"status": "ACTIVE",
"task_id": "61bbc65f5c034930b8a659c39e745d96",
"technical": {
"address": "New York\n10023-6298\nNY\nUS\n",
"city": "New York",
"country": "US",
"email": "xxx@xxx.net",
"fax": "18182384694",
"id": 0,
"name": "ABC, Inc.; Domain Administrator",
"organization": "ABC, Inc.",
"phone": "18182384694",
"state": "NY",
"whoisContactID": 0,
"zip": "10023-6298"
},
"tld": "com",
"updatedAt": "2020-04-09T07:17:45+00:00",
"whoisID": 6653913764397840000,
"whoisServer": "whois.corporatedomains.com"
}
}
}

Human Readable Output#

Results#

adminauditCreatedAtauditUpdatedAtcompositeParseCodecontactCountriescontactEmailscontactNamescontactOrganizationscontactscreatedAtdomaindomainAvailabledomainMd5domainStatusdomainUnicodeexpiredidmessagenameserversnoRecordpermalinkregistrantregistrarCreatedAtregistrarEmailregistrarExpiresAtregistrarIanaIDregistrarNameregistrarParseCoderegistrarPhoneregistrarUpdatedAtregistryParseCoderesourcescan_datestatustask_idtechnicaltldupdatedAtwhoisIDwhoisServer
whoisContactID: 0
email: xxx@xxx.net
name: ABC, Inc.; Domain Administrator
organization: ABC, Inc.
city: New York
state: NY
zip: 10023-6298
country: US
phone: 18182384694
fax: 18182384694
address: New York
10023-6298
NY
US

id: 0
2020-04-09T07:17:45+00:002020-04-09T07:17:45+00:003579UScorp.dns.domains@disney.comABC, Inc.; Domain AdministratorABC, Inc.{'whoisContactID': 0, 'email': 'xxx@xxx.net', 'name': 'ABC, Inc.; Domain Administrator', 'organization': 'ABC, Inc.', 'city': 'New York', 'state': 'NY', 'zip': '10023-6298', 'country': 'US', 'phone': '18182384694', 'fax': '18182384694', 'address': 'New York\n10023-6298\nNY\nUS\n', 'id': 0}2020-04-09T07:17:45+00:00abc.comfalse929ba26f492f86d4a9d66a080849865aclientTransferProhibited serverDeleteProhibited serverTransferProhibited serverUpdateProhibitedabc.comfalse6653913764397840884search successns-1368.awsdns-43.org,
ns-1869.awsdns-41.co.uk,
ns-318.awsdns-39.com,
ns-736.awsdns-28.net
false["https://cybertotal.cycraft.com/app/intelligence/61bbc65f5c034930b8a659c39e745d96"]whoisContactID: 0
email: xxx@xxx.net
name: ABC, Inc.; Domain Administrator
organization: ABC, Inc.
city: New York
state: NY
zip: 10023-6298
country: US
phone: 18182384694
fax: 18182384694
address: New York
10023-6298
NY
US

id: 0
1996-05-22T04:00:00+00:00domainabuse@cscglobal.com2021-05-23T04:00:00+00:00299CSC Corporate Domains, Inc.3579+1.88878027232020-04-08T07:06:06+00:00251["http://abc.com"]["2020-06-22 07:24:16"]ACTIVE61bbc65f5c034930b8a659c39e745d96whoisContactID: 0
email: xxx@xxx.net
name: ABC, Inc.; Domain Administrator
organization: ABC, Inc.
city: New York
state: NY
zip: 10023-6298
country: US
phone: 18182384694
fax: 18182384694
address: New York
10023-6298
NY
US

id: 0
com2020-04-09T07:17:45+00:006653913764397840884whois.corporatedomains.com

cybertotal-domain-whois#


Return domain whois information

Base Command#

cybertotal-domain-whois

Input#

Argument NameDescriptionRequired
domainList of domain(s).Required

Context Output#

PathTypeDescription
CyberTotal.WHOIS-Domain.scan_datedateScan date format: ISO 8601
CyberTotal.WHOIS-Domain.task_idstringThe unique id of each scan in CyberTotal.
CyberTotal.WHOIS-Domain.resourcestringThe scan target sent to CyberTotal.
CyberTotal.WHOIS-Domain.messagestringMessage about this search.
CyberTotal.WHOIS-Domain.permalinkstringThe link of this whois report in CyberTotal.
CyberTotal.WHOIS-Domain.createdAtdateCreate date format: ISO 8601
CyberTotal.WHOIS-Domain.updatedAtdateUpdate date format: ISO 8601
CyberTotal.WHOIS-Domain.statusstringStatus of this Domain
CyberTotal.WHOIS-Domain.domainstringTop level Domain of this domain
CyberTotal.WHOIS-Domain.domainMd5stringMD5 translation of CyberTotal.WHOIS-Domain.domain
CyberTotal.WHOIS-Domain.domainUnicodestringEncode CyberTotal.WHOIS-Domain.domain by using unicode
CyberTotal.WHOIS-Domain.nameserversstringAn array of all DNS nameservers
CyberTotal.WHOIS-Domain.registrarNamestringThe name of registrar
CyberTotal.WHOIS-Domain.registrarEmailstringThe email address of registrar
CyberTotal.WHOIS-Domain.registrarPhonestringThe phone number of registrar
CyberTotal.WHOIS-Domain.registrarCreatedAtdateRegistrar create date format: ISO 8601
CyberTotal.WHOIS-Domain.registrarUpdatedAtdateRegistrar update date format: ISO 8601
CyberTotal.WHOIS-Domain.registrarExpiresAtdateRegistrar expire date format: ISO 8601
CyberTotal.WHOIS-Domain.auditCreatedAtdateRegistrar update date format: ISO 8601
CyberTotal.WHOIS-Domain.auditUpdatedAtdateRegistrar expire date format: ISO 8601
CyberTotal.WHOIS-Domain.registrant.namestringThe name of registrant
CyberTotal.WHOIS-Domain.registrant.organizationstringThe organization name of registrant
CyberTotal.WHOIS-Domain.registrant.streetstringThe street name of registrant
CyberTotal.WHOIS-Domain.registrant.citystringThe location city of registrant
CyberTotal.WHOIS-Domain.registrant.statestringThe location state name of registrant
CyberTotal.WHOIS-Domain.registrant.zipstringThe post zip code of registrant
CyberTotal.WHOIS-Domain.registrant.countrystringThe country of registrant
CyberTotal.WHOIS-Domain.registrant.addressstringThe address of registrant
CyberTotal.WHOIS-Domain.admin.namestringThe name of admin
CyberTotal.WHOIS-Domain.admin.organizationstringThe organization name of admin
CyberTotal.WHOIS-Domain.admin.streetstringThe street name of admin
CyberTotal.WHOIS-Domain.admin.citystringThe location city of admin
CyberTotal.WHOIS-Domain.admin.statestringThe location state name of admin
CyberTotal.WHOIS-Domain.admin.zipstringThe post zip code of admin
CyberTotal.WHOIS-Domain.admin.countrystringThe country of admin
CyberTotal.WHOIS-Domain.admin.addressstringThe address of admin
CyberTotal.WHOIS-Domain.technical.namestringThe name of technical
CyberTotal.WHOIS-Domain.technical.organizationstringThe organization name of technical
CyberTotal.WHOIS-Domain.technical.streetstringThe street name of technical
CyberTotal.WHOIS-Domain.technical.citystringThe location city of technical
CyberTotal.WHOIS-Domain.technical.statestringThe location state name of technical
CyberTotal.WHOIS-Domain.technical.zipstringThe post zip code of technical
CyberTotal.WHOIS-Domain.technical.countrystringThe country of technical
CyberTotal.WHOIS-Domain.technical.addressstringThe address of technical
CyberTotal.WHOIS-Domain.contactEmailsstringAn array of all contact email address
CyberTotal.WHOIS-Domain.contactsstringAn array of all contact details
CyberTotal.WHOIS-Domain.contactNamesstringAn array of all contact names
CyberTotal.WHOIS-Domain.contactCountriesstringAn array of all contact countries
CyberTotal.WHOIS-Domain.domainAvailablebooleanIf this domain is available
CyberTotal.WHOIS-Domain.expiredbooleanIf this domain is expired

Command Example#

!cybertotal-domain-whois domain=abc.com

Context Example#

{
"CyberTotal": {
"WHOIS-Domain": {
"admin": {
"address": "New York\n10023-6298\nNY\nUS\n",
"city": "New York",
"country": "US",
"email": "xxx@xxx.net",
"fax": "18182384694",
"id": 0,
"name": "ABC, Inc.; Domain Administrator",
"organization": "ABC, Inc.",
"phone": "18182384694",
"state": "NY",
"whoisContactID": 0,
"zip": "10023-6298"
},
"auditCreatedAt": "2020-04-09T07:17:45+00:00",
"auditUpdatedAt": "2020-04-09T07:17:45+00:00",
"compositeParseCode": 3579,
"contactCountries": [
"US"
],
"contactEmails": [
"corp.dns.domains@disney.com"
],
"contactNames": [
"ABC, Inc.; Domain Administrator"
],
"contactOrganizations": [
"ABC, Inc."
],
"contacts": [
{
"address": "New York\n10023-6298\nNY\nUS\n",
"city": "New York",
"country": "US",
"email": "xxx@xxx.net",
"fax": "18182384694",
"id": 0,
"name": "ABC, Inc.; Domain Administrator",
"organization": "ABC, Inc.",
"phone": "18182384694",
"state": "NY",
"whoisContactID": 0,
"zip": "10023-6298"
}
],
"createdAt": "2020-04-09T07:17:45+00:00",
"domain": "abc.com",
"domainAvailable": false,
"domainMd5": "929ba26f492f86d4a9d66a080849865a",
"domainStatus": "clientTransferProhibited serverDeleteProhibited serverTransferProhibited serverUpdateProhibited",
"domainUnicode": "abc.com",
"expired": false,
"id": 6653913764397840000,
"message": "search success",
"nameservers": [
"ns-1368.awsdns-43.org",
"ns-1869.awsdns-41.co.uk",
"ns-318.awsdns-39.com",
"ns-736.awsdns-28.net"
],
"noRecord": false,
"permalink": [
"https://cybertotal.cycraft.com/app/intelligence/79ca1bd740564c36a7a4a78df5dc719d"
],
"registrant": {
"address": "New York\n10023-6298\nNY\nUS\n",
"city": "New York",
"country": "US",
"email": "xxx@xxx.net",
"fax": "18182384694",
"id": 0,
"name": "ABC, Inc.; Domain Administrator",
"organization": "ABC, Inc.",
"phone": "18182384694",
"state": "NY",
"whoisContactID": 0,
"zip": "10023-6298"
},
"registrarCreatedAt": "1996-05-22T04:00:00+00:00",
"registrarEmail": "domainabuse@cscglobal.com",
"registrarExpiresAt": "2021-05-23T04:00:00+00:00",
"registrarIanaID": 299,
"registrarName": "CSC Corporate Domains, Inc.",
"registrarParseCode": 3579,
"registrarPhone": "+1.8887802723",
"registrarUpdatedAt": "2020-04-08T07:06:06+00:00",
"registryParseCode": 251,
"resource": [
"abc.com"
],
"scan_date": [
"2020-06-18 03:19:48"
],
"status": "ACTIVE",
"task_id": "79ca1bd740564c36a7a4a78df5dc719d",
"technical": {
"address": "New York\n10023-6298\nNY\nUS\n",
"city": "New York",
"country": "US",
"email": "xxx@xxx.net",
"fax": "18182384694",
"id": 0,
"name": "ABC, Inc.; Domain Administrator",
"organization": "ABC, Inc.",
"phone": "18182384694",
"state": "NY",
"whoisContactID": 0,
"zip": "10023-6298"
},
"tld": "com",
"updatedAt": "2020-04-09T07:17:45+00:00",
"whoisID": 6653913764397840000,
"whoisServer": "whois.corporatedomains.com"
}
}
}

Human Readable Output#

Results#

adminauditCreatedAtauditUpdatedAtcompositeParseCodecontactCountriescontactEmailscontactNamescontactOrganizationscontactscreatedAtdomaindomainAvailabledomainMd5domainStatusdomainUnicodeexpiredidmessagenameserversnoRecordpermalinkregistrantregistrarCreatedAtregistrarEmailregistrarExpiresAtregistrarIanaIDregistrarNameregistrarParseCoderegistrarPhoneregistrarUpdatedAtregistryParseCoderesourcescan_datestatustask_idtechnicaltldupdatedAtwhoisIDwhoisServer
whoisContactID: 0
email: xxx@xxx.net
name: ABC, Inc.; Domain Administrator
organization: ABC, Inc.
city: New York
state: NY
zip: 10023-6298
country: US
phone: 18182384694
fax: 18182384694
address: New York
10023-6298
NY
US

id: 0
2020-04-09T07:17:45+00:002020-04-09T07:17:45+00:003579UScorp.dns.domains@disney.comABC, Inc.; Domain AdministratorABC, Inc.{'whoisContactID': 0, 'email': 'xxx@xxx.net', 'name': 'ABC, Inc.; Domain Administrator', 'organization': 'ABC, Inc.', 'city': 'New York', 'state': 'NY', 'zip': '10023-6298', 'country': 'US', 'phone': '18182384694', 'fax': '18182384694', 'address': 'New York\n10023-6298\nNY\nUS\n', 'id': 0}2020-04-09T07:17:45+00:00abc.comfalse929ba26f492f86d4a9d66a080849865aclientTransferProhibited serverDeleteProhibited serverTransferProhibited serverUpdateProhibitedabc.comfalse6653913764397840884search successns-1368.awsdns-43.org,
ns-1869.awsdns-41.co.uk,
ns-318.awsdns-39.com,
ns-736.awsdns-28.net
false["https://cybertotal.cycraft.com/app/intelligence/79ca1bd740564c36a7a4a78df5dc719d"]whoisContactID: 0
email: xxx@xxx.net
name: ABC, Inc.; Domain Administrator
organization: ABC, Inc.
city: New York
state: NY
zip: 10023-6298
country: US
phone: 18182384694
fax: 18182384694
address: New York
10023-6298
NY
US

id: 0
1996-05-22T04:00:00+00:00domainabuse@cscglobal.com2021-05-23T04:00:00+00:00299CSC Corporate Domains, Inc.3579+1.88878027232020-04-08T07:06:06+00:00251["abc.com"]["2020-06-18 03:19:48"]ACTIVE79ca1bd740564c36a7a4a78df5dc719dwhoisContactID: 0
email: xxx@xxx.net
name: ABC, Inc.; Domain Administrator
organization: ABC, Inc.
city: New York
state: NY
zip: 10023-6298
country: US
phone: 18182384694
fax: 18182384694
address: New York
10023-6298
NY
US

id: 0
com2020-04-09T07:17:45+00:006653913764397840884whois.corporatedomains.com