Skip to main content

VirusTotal (Deprecated)

This Integration is part of the VirusTotal Pack.#

Deprecated

Use VirusTotalV3 integration instead.

Analyze suspicious hashes, URLs, domains, and IP addresses.

Configure VirusTotal in Cortex#

ParameterDescriptionRequired
Server URL (e.g. https://192.168.0.1)True
API KeyTrue
Source ReliabilityReliability of the source providing the intelligence data.True
Use system proxy settingsFalse
Trust any certificate (not secure)False
File Threshold. Minimum number of positive results from VT scanners to consider the file malicious.False
IP Threshold. Minimum number of positive results from VT scanners to consider the IP malicious.False
URL Threshold. Minimum number of positive results from VT scanners to consider the URL malicious.False
Domain Threshold. Minimum number of positive results from VT scanners to consider the domain malicious.False
Preferred Vendors List. CSV list of vendors which are considered more trustworthy.False
Preferred Vendor Threshold. The minimum number of highly trusted vendors required to consider a domain, IP address, URL, or file as malicious.False
Determines whether to return all results, which can number in the thousands. If “true”, returns all results and overrides the fullResponse, long arguments (if set to “false”) in a command. If “false”, the fullResponse, long arguments in the command determines how results are returned.False
IP RelationshipsSelect the list of relationships to retrieve from the API. Some of the relationships are signed with * key which indicates that they are available only when using a premium API key.False
Domain RelationshipsSelect the list of relationships to retrieve from the API. Some of the relationships are signed with * key which indicates that they are available only when using a premium API key.False
URL RelationshipsSelect the list of relationships to retrieve from the API. Some of the relationships are signed with * key which indicates that they are available only when using a premium API key.False
File RelationshipsSelect the list of relationships to retrieve from the API. Some of the relationships are signed with * key which indicates that they are available only when using a premium API key.False

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

file#


Checks the file reputation of the specified hash.

Base Command#

file

Input#

Argument NameDescriptionRequired
fileA CSV list of hashes of the file to query. Supports MD5, SHA1, and SHA256.Required
longWhether to return full response for scans. Default is "false". Possible values are: true, false. Default is false.Optional
thresholdIf the number of positives is higher than the threshold, the file will be considered malicious. If the threshold is not specified, the default file threshold, as configured in the instance settings, will be used.Optional
waitTime (in seconds) to wait between tries if the API rate limit is reached. Default is "60". Default is 60.Optional
retriesNumber of retries for the API rate limit. Default is "0". Default is 0.Optional

Context Output#

PathTypeDescription
File.MD5unknownBad MD5 hash.
File.SHA1unknownBad SHA1 hash.
File.SHA256unknownBad SHA256 hash.
File.Malicious.VendorunknownFor malicious files, the vendor that made the decision.
File.Malicious.DetectionsunknownFor malicious files, the total number of detections.
File.Malicious.TotalEnginesunknownFor malicious files, the total number of engines that checked the file hash.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.
DBotScore.ReliabilityStringReliability of the source providing the intelligence data.
File.VirusTotal.Scans.SourceunknownVendor used to scan the hash.
File.VirusTotal.Scans.DetectedunknownScan detection for this hash (True or False).
File.VirusTotal.Scans.ResultunknownScan result for this hash, for example, signature.
File.VirusTotal.ScanIDstringScan ID for this hash.
File.PositiveDetectionsnumberNumber of engines that positively detected the indicator as malicious.
File.DetectionEnginesnumberTotal number of engines that checked the indicator.
File.VirusTotal.vtLinkstringVirus Total permanent link.

Command Example#

Human Readable Output#

ip#


Checks the reputation of an IP address.

Base Command#

ip

Input#

Argument NameDescriptionRequired
ipIP address to check.Required
longWhether to return a full response for detected URLs. Default is "false". Possible values are: "true" and "false".Optional
thresholdIf the number of positives is higher than the threshold, the IP address will be considered malicious. If the threshold is not specified, the default IP threshold, as configured in the instance settings, will be used.Optional
sampleSizeThe number of samples from each type (resolutions, detections, etc.) to display in the long format. Default is "10".Optional
waitTime (in seconds) to wait between tries if the API rate limit is reached. Default is "60".Optional
retriesNumber of retries for the API rate limit. Default is "0".Optional
fullResponseWhether to return all results, which can be thousands. We recommend that you don't return full results in playbooks. Possible values are: "true" and "false". Default is "false".Optional

Context Output#

PathTypeDescription
IP.AddressunknownBad IP address.
IP.ASNunknownBad IP ASN.
IP.Geo.CountryunknownBad IP country.
IP.Malicious.VendorunknownFor malicious IPs, the vendor that made the decision.
IP.Malicious.DescriptionunknownFor malicious IPs, the reason that the vendor made the decision.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.
DBotScore.ReliabilityStringReliability of the source providing the intelligence data.
IP.VirusTotal.DownloadedHashesunknownLatest files that were detected by at least one antivirus solution, and were downloaded by VirusTotal from the IP address.
IP.VirusTotal.UnAVDetectedDownloadedHashesunknownLatest files that were not detected by any antivirus solution, and were downloaded by VirusTotal from the specified IP address.
IP.VirusTotal.DetectedURLsunknownLatest URLs hosted in this IP address that were detected by at least one URL scanner.
IP.VirusTotal.CommunicatingHashesunknownLatest detected files that communicate with this IP address.
IP.VirusTotal.UnAVDetectedCommunicatingHashesunknownLatest undetected files that communicate with this IP address.
IP.VirusTotal.Resolutions.hostnameunknownDomains that resolved to the specified IP address.
IP.VirusTotal.ReferrerHashesunknownLatest detected files that embed this IP address in their strings.
IP.VirusTotal.UnAVDetectedReferrerHashesunknownLatest undetected files that embed this IP address in their strings.
IP.VirusTotal.Resolutions.last_resolvedunknownLast resolution times of the domains that resolved to the specified IP address.

Command Example#

Human Readable Output#

url#


Checks the reputation of a URL.

Base Command#

url

Input#

Argument NameDescriptionRequired
urlA comma-separated list of URLs to check. This command will not work properly on URLs containing commas.Required
sampleSizeThe number of samples from each type (resolutions, detections, etc.) to display for long format. Default is "10".Optional
longWhether to return the full response for the detected URLs. Possible values are: "true" and "false". Default is "false".Optional
thresholdIf the number of positives is higher than the threshold, the URL will be considered malicious. If the threshold is not specified, the default URL threshold, as configured in the instance settings, will be used.Optional
submitWaitTime (in seconds) to wait if the URL does not exist and is submitted for scanning. Default is "0".Optional
waitTime (in seconds) to wait between tries if the API rate limit is reached. Default is "60".Optional
retriesNumber of retries for the API rate limit. Default is "0".Optional

Context Output#

PathTypeDescription
URL.DataunknownBad URLs found.
URL.Malicious.VendorunknownFor malicious URLs, the vendor that made the decision.
URL.Malicious.DescriptionunknownFor malicious URLs, the reason that the vendor made the decision.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.
DBotScore.ReliabilityStringReliability of the source providing the intelligence data.
URL.VirusTotal.Scans.SourceunknownVendor that scanned this URL.
URL.VirusTotal.Scans.DetectedunknownScan detection for this URL (True or False).
URL.VirusTotal.Scans.ResultunknownScan result for this URL, for example, signature.
URL.DetectionEnginesnumberTotal number of engines that checked the indicator.
URL.PositiveDetectionsnumberNumber of engines that positively detected the indicator as malicious.
url.VirusTotal.ScanIDstringScan ID for this URL.
File.VirusTotal.vtLinkstringVirus Total permanent link.

Command Example#

!url url=https://example.com using=vt

Context Example#

{
"DBotScore": {
"Indicator": "https://example.com",
"Reliability": "C - Fairly reliable",
"Score": 1,
"Type": "url",
"Vendor": "VirusTotal"
},
"URL": {
"Data": "https://example.com",
"DetectionEngines": 87,
"PositiveDetections": 2,
"VirusTotal": {
"ScanID": "0f115db062b7c0dd030b16878c99dea5c354b49dc37b38eb8846179c7783e9d7-1618315592",
"vtLink": "https://www.virustotal.com/gui/url/0f115db062b7c0dd030b16878c99dea5c354b49dc37b38eb8846179c7783e9d7/detection/u-0f115db062b7c0dd030b16878c99dea5c354b49dc37b38eb8846179c7783e9d7-1618315592"
}
}
}

Human Readable Output#

VirusTotal URL Reputation for: https://example.com#

Last scan date: 2021-04-13 12:06:32 Total scans: 87 Positive scans: 2 VT Link: https://example.com

domain#


Checks the reputation of a domain.

Base Command#

domain

Input#

Argument NameDescriptionRequired
domainDomain name to check.Required
longWhether to return the full response for detected URLs. Default is "false". Possible values are: true, false. Default is false.Optional
sampleSizeThe number of samples from each type (resolutions, detections, etc.) to display for long format. Default is 10.Optional
thresholdIf the number of positives is higher than the threshold, the domain will be considered malicious. If the threshold is not specified, the default domain threshold, as configured in the instance settings, will be used.Optional
waitTime (in seconds) to wait between tries if the API rate limit is reached. Default is "60". Default is 60.Optional
retriesNumber of retries for API rate limit. Default is "0". Default is 0.Optional
fullResponseWhether to return all results, which can be thousands. Default is "false". We recommend that you don't return full results in playbooks. Possible values are: true, false. Default is false.Optional

Context Output#

PathTypeDescription
Domain.NameunknownBad domain found.
Domain.Malicious.VendorunknownFor malicious domains, the vendor that made the decision.
Domain.Malicious.DescriptionunknownFor malicious domains, the reason that the vendor made the decision.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.
DBotScore.ReliabilityStringReliability of the source providing the intelligence data.
Domain.VirusTotal.DownloadedHashesunknownHashes of files that were downloaded from this domain.
Domain.VirusTotal.CommunicatingHashesunknownHashes of files that communicated with this domain in a sandbox.
Domain.VirusTotal.Resolutions.ip_addressunknownIP addresses that resolved to this domain.
Domain.VirusTotal.WhoisunknownWhois report.
Domain.VirusTotal.SubdomainsunknownSubdomains.
Domain.VirusTotal.UnAVDetectedDownloadedHashesunknownLatest files that were not detected by any antivirus solution, and were downloaded by VirusTotal from the specified IP address.
Domain.VirusTotal.DetectedURLsunknownLatest URLs hosted in this domain address that were detected by at least one URL scanner.
Domain.VirusTotal.ReferrerHashesunknownLatest detected files that embed this domain address in their strings.
Domain.VirusTotal.UnAVDetectedReferrerHashesunknownLatest undetected files that embed this domain address in their strings.
Domain.VirusTotal.UnAVDetectedCommunicatingHashesunknownLatest undetected files that communicated with this domain in a sandbox.
Domain.VirusTotal.Resolutions.last_resolvedunknownLast resolution times of the IP addresses that resolve to this domain.

Command Example#

!domain domain=example.com using=vt

Context Example#

{
"DBotScore": {
"Indicator": "example.com",
"Reliability": "C - Fairly reliable",
"Score": 1,
"Type": "domain",
"Vendor": "VirusTotal"
},
"Domain": {
"Name": "example.com",
"VirusTotal": {
"CommunicatingHashes": [
{
"date": "2021-04-12 09:26:02",
"positives": 57,
"sha256": "6a5ac92cbc785fc963b4864db51c8aa3f1dae9e85d4fe20bd05816be301355cf",
"total": 75
},
{
"date": "2021-04-11 13:15:27",
"positives": 50,
"sha256": "d0a08d52eb9e5446b701f01ee13b361d4d9109af7f434e71bbfbc8d485277eea",
"total": 74
},
{
"date": "2021-04-11 13:07:33",
"positives": 53,
"sha256": "0c3ed8d6f0261ac2ad08a3a73a61f0bf6796e3169790cdb20aa1e08846a972cc",
"total": 75
},
{
"date": "2021-04-11 11:12:34",
"positives": 8,
"sha256": "ffdedea9146387fa9bbacfa309e805bb2300b43fddc00bb8397c4fb0f85b5501",
"total": 74
},
{
"date": "2021-04-03 23:26:17",
"positives": 50,
"sha256": "7dbc608ef30c02bf02b1f88fbe386bfd4e8ba103cc23788df8a418d897b27e1d",
"total": 75
},
{
"date": "2021-04-07 17:43:15",
"positives": 8,
"sha256": "735ca98e2f84b9d08c2cba3b89e3e764083e5477ff0e0d941a1eeeda729a8911",
"total": 74
},
{
"date": "2021-04-07 14:40:22",
"positives": 1,
"sha256": "06fd36ed7c44f84397f07cca63ac2e82fd30587d00f0affef5bbac6ff41ccda3",
"total": 74
},
{
"date": "2021-04-07 10:57:59",
"positives": 7,
"sha256": "2e962f34024aa2791b4c906ff525ff3a9a077334cb62171f7ac94071b4043383",
"total": 73
},
{
"date": "2021-04-06 03:54:19",
"positives": 21,
"sha256": "a4a5bc74a7781871b3a42aaf14b08defee495a3c68815b5bdbd1848bf96699ab",
"total": 74
},
{
"date": "2021-04-05 05:20:13",
"positives": 57,
"sha256": "07ff0e704905783cc89e465e98e9fa99180333849a4bffd42a0c7e45598c2a94",
"total": 75
},
{
"date": "2021-04-05 09:57:27",
"positives": 56,
"sha256": "e97ff8d59861937e89ba807b8b6319d4ff35d07c49333627267929797ae20b49",
"total": 75
},
{
"date": "2021-04-05 03:35:28",
"positives": 56,
"sha256": "723b542d0e9c9dfb1e7afe2b8a80d0f483afc4dd052a8f5e434d6f81dfa2ff8a",
"total": 75
},
{
"date": "2021-04-05 10:56:01",
"positives": 56,
"sha256": "d87d92ee041dc88a23bd07667fbea624efc12855645122a7e86e9ebcbe8b2a6b",
"total": 75
},
{
"date": "2021-04-05 03:04:54",
"positives": 56,
"sha256": "01b4d96e716e7fc862a34e7bdb0b245071e9b4d4e1303d00735e8faea4cb99c8",
"total": 75
},
{
"date": "2021-04-04 21:03:52",
"positives": 56,
"sha256": "acffdd944badb0f6e6d5d145351fa7a672186e48c94181902f7eb5b730d841c8",
"total": 75
},
{
"date": "2021-04-05 17:22:20",
"positives": 1,
"sha256": "ccc2e90645b94d52e6b8f38de03ca281397673e546f620fd61a91a21985759e5",
"total": 73
},
{
"date": "2021-04-05 15:41:30",
"positives": 1,
"sha256": "4aa5c9349b5fce3af90f9d28f9520f0281db62ed346d54af9d8ead5b7e2f5921",
"total": 74
},
{
"date": "2021-04-04 13:29:47",
"positives": 33,
"sha256": "e52c38ba6c1a046fb4086946c6f8821074084758df5dff7d7ee554f5360e8b7b",
"total": 74
},
{
"date": "2021-04-02 05:31:33",
"positives": 18,
"sha256": "255f91ad437f817eb9d747cd08566b67613f500e306001c4f7c0ee94557f39a3",
"total": 77
},
{
"date": "2021-04-02 06:31:22",
"positives": 1,
"sha256": "5c84c2ba0834908eb07f75b9ba69d4b6aa23b61b7e93569671a094ca9c8e13c4",
"total": 74
},
{
"date": "2021-04-02 06:19:55",
"positives": 1,
"sha256": "a4d82173a09d6a8db5b1a44368ce49219be6f73af0f0700a872c47cb47dbb8ed",
"total": 74
},
{
"date": "2021-03-31 05:59:30",
"positives": 26,
"sha256": "be0a2ead16231cf5930c2da7f4edd8d858277bc3ead7e92d261093ed7c584046",
"total": 72
},
{
"date": "2021-03-31 05:56:45",
"positives": 30,
"sha256": "8ea80869b77006c0a20831d36ee0d2d0c28da79b5e9a99d52cdf81ff18b19520",
"total": 74
},
{
"date": "2021-03-30 06:08:32",
"positives": 34,
"sha256": "94bcc974165ba9ec90dfc40d0438b5cfdba7969032c82a53981e3af513164f2f",
"total": 75
},
{
"date": "2021-03-31 01:45:41",
"positives": 53,
"sha256": "853a44dbfe639a6c1e6dcf1a994f88363db62a9ec6e62ebf05b23b6ffb1e6d7d",
"total": 75
},
{
"date": "2021-03-31 12:52:49",
"positives": 32,
"sha256": "256390f58c23ca6dba40bc47dafd6edc2ab4cd25ac8c2eeb6e7ad6d6033437b8",
"total": 75
},
{
"date": "2021-03-31 11:25:49",
"positives": 1,
"sha256": "627f76e441e262e5e70a72c56d9786aad0419047f305c16990fc9bc206161644",
"total": 74
},
{
"date": "2021-03-31 00:02:58",
"positives": 49,
"sha256": "88412954cbbe227fecaeaab582ee6e39cd4c804510f60829601a18bbce50b60a",
"total": 75
},
{
"date": "2021-03-29 12:34:56",
"positives": 4,
"sha256": "8ac46f12d893ce84faab11d07b8c76fe7b0516dfc8506df70b0edcca43114de4",
"total": 73
},
{
"date": "2021-03-30 11:32:14",
"positives": 7,
"sha256": "8cfb1b8afecda4772031f37fd4aa00b024cd2874b797352c949dfbd751fc062a",
"total": 74
},
{
"date": "2021-03-30 10:06:58",
"positives": 1,
"sha256": "c3c0df231c0b9d294c795aa9fac2f1308eb2bc1bcdd705ef6d2af8452227b02c",
"total": 74
},
{
"date": "2021-03-30 08:29:41",
"positives": 13,
"sha256": "cffde7d6b903801343146e003a11eba0ac619298191424358e30befdc1391beb",
"total": 74
},
{
"date": "2021-03-25 04:25:38",
"positives": 50,
"sha256": "81ae5f6bbae13b0890578ff3ec885cba237e176401af21d7a9eea8a0d4b22e29",
"total": 76
},
{
"date": "2021-03-21 01:06:53",
"positives": 58,
"sha256": "7aa0a8b91487ff2949595271c3bfe0f07f09ce87292f0006498dc1ed5241c167",
"total": 76
},
{
"date": "2021-03-21 01:00:45",
"positives": 61,
"sha256": "d989c2c04ee6cb62296dcad1c8cbc27d5279190741306fee1afcf531e2c2fa25",
"total": 76
},
{
"date": "2021-03-22 01:03:13",
"positives": 2,
"sha256": "d14e0419671b376f3a59bd2a1354672951ae02e2b8fd9a7797e9e5050b0d6ec9",
"total": 75
},
{
"date": "2021-03-22 00:08:29",
"positives": 2,
"sha256": "1aafb6f2f4c5efc0c452cf0e2836932b0902929838bf3971e0e252251b23e83c",
"total": 75
},
{
"date": "2021-03-20 09:34:18",
"positives": 59,
"sha256": "a08f569f3bdd6b520013304aef6ed5f35830cf3002744c4cda6924801947ca1c",
"total": 76
},
{
"date": "2021-03-20 09:30:13",
"positives": 56,
"sha256": "a8e648026dbd8f36f01c6c5aa9a623efad26668e2ab762c26e8be70eef23cf66",
"total": 75
},
{
"date": "2021-03-20 08:49:18",
"positives": 55,
"sha256": "7debc7a47d65fcbfaa3382d2e89d85a52c55c10a6db561f52991054088923294",
"total": 76
},
{
"date": "2021-03-20 07:25:24",
"positives": 56,
"sha256": "a820eed0dfe429b760c0b47fbb1e493d8490aef6cd30c590165cc2fe9eede6d7",
"total": 76
},
{
"date": "2020-12-22 15:25:58",
"positives": 51,
"sha256": "d0f734894dc7b566c1f5ace8ac310544c645f14e80a234f4a5047bb42e702a8b",
"total": 77
},
{
"date": "2020-01-17 13:09:05",
"positives": 37,
"sha256": "41996bbd9ca19c2059338a9da58beb6f69a20cc71028f37da6daff0b31888437",
"total": 75
},
{
"date": "2019-10-07 23:36:41",
"positives": 45,
"sha256": "e9919f7b2dd46796bb1f07d6a43203a999e4d433558a7dea2dd48318e5691547",
"total": 72
},
{
"date": "2021-03-19 08:26:29",
"positives": 52,
"sha256": "da952562e7781cf8378a3347743d5f2007634a2b213d901b78629403f6df257f",
"total": 77
},
{
"date": "2021-03-19 08:21:47",
"positives": 56,
"sha256": "984511529324f7274de09d07c34453ede6208c4e2a65c3b3abe327e266cf8c0c",
"total": 76
},
{
"date": "2021-03-19 07:40:38",
"positives": 54,
"sha256": "a89dd2d356bccbe088bc8f0bee75c51e1d445a0062b40952c80c1dd004edb122",
"total": 76
},
{
"date": "2021-03-19 06:17:54",
"positives": 58,
"sha256": "d923610aed1d4118e26b249bbbf77d2e392c20e7c551e733dfdab62d5899b3e2",
"total": 76
},
{
"date": "2021-03-19 03:10:38",
"positives": 51,
"sha256": "0c6bc15182a12afdd5e159b897bac95761c3cd0fd34f61a63c50208703661f4a",
"total": 75
},
{
"date": "2021-03-19 13:25:34",
"positives": 49,
"sha256": "9b692f46029dede131518da13ea94528328bc24183d97218ab8d237837f01598",
"total": 76
}
],
"DetectedURLs": [
{
"positives": 2,
"scan_date": "2021-04-11 11:17:31",
"total": 85,
"url": "http://example.com/"
},
{
"positives": 2,
"scan_date": "2021-04-10 14:06:18",
"total": 85,
"url": "https://example.com/blackhole/"
},
{
"positives": 2,
"scan_date": "2021-04-10 04:39:45",
"total": 85,
"url": "http://example.com/evil.ps1"
},
{
"positives": 2,
"scan_date": "2021-04-09 00:59:51",
"total": 85,
"url": "http://example.com/foo.jpg"
},
{
"positives": 1,
"scan_date": "2021-04-05 13:49:23",
"total": 85,
"url": "http://example.com/player?id=123"
},
{
"positives": 1,
"scan_date": "2021-04-03 13:53:06",
"total": 85,
"url": "http://example.com/foo/bar"
},
{
"positives": 1,
"scan_date": "2021-04-02 13:51:01",
"total": 85,
"url": "http://example.com/great-multiplication-intro.html"
},
{
"positives": 1,
"scan_date": "2021-03-30 07:21:30",
"total": 85,
"url": "https://example.com/"
},
{
"positives": 1,
"scan_date": "2021-03-26 16:20:25",
"total": 85,
"url": "http://example.com/z1vey0sjjfm"
},
{
"positives": 1,
"scan_date": "2021-03-24 04:02:11",
"total": 85,
"url": "http://example.com/music-videos/"
},
{
"positives": 1,
"scan_date": "2021-03-23 01:00:01",
"total": 85,
"url": "http://example.com/http"
},
{
"positives": 1,
"scan_date": "2021-03-16 03:39:30",
"total": 85,
"url": "http://example.com/?goal=0_1dfca2ec74-7d92b78da0-133981889&mc_cid=7d92b78da0&mc_eid=UNIQID"
},
{
"positives": 1,
"scan_date": "2021-03-14 17:59:45",
"total": 85,
"url": "https://example.com/?firstName=John&lastName=Adams&dateOfBirth=March%204,%201797&address=Braintree,%20MA"
},
{
"positives": 1,
"scan_date": "2021-03-13 03:14:44",
"total": 85,
"url": "https://yygelbbkauxnbcqliovy-dot-level-elevator-279110.nw.r.appspot.com%23example@example.com/"
},
{
"positives": 1,
"scan_date": "2021-03-12 03:00:59",
"total": 85,
"url": "http://example.com/ns/leafref"
},
{
"positives": 1,
"scan_date": "2021-03-12 02:54:31",
"total": 85,
"url": "http://example.com/media/orudie/orujeinaia-kollekciia-i-lichnoe-orujie-stalina-i-gitlera-5c0d1f3006bd7000abdb7c31/"
},
{
"positives": 1,
"scan_date": "2021-03-11 13:00:45",
"total": 85,
"url": "http://example.com/page.php"
},
{
"positives": 1,
"scan_date": "2021-03-10 10:20:23",
"total": 84,
"url": "http://example.com/@clickme"
},
{
"positives": 1,
"scan_date": "2021-03-10 02:22:07",
"total": 84,
"url": "http://example.com/login"
},
{
"positives": 1,
"scan_date": "2021-03-09 22:03:10",
"total": 84,
"url": "http://example.com/cancel/"
},
{
"positives": 1,
"scan_date": "2021-03-09 01:21:40",
"total": 84,
"url": "http://example.com/maps/"
},
{
"positives": 1,
"scan_date": "2021-03-07 11:41:07",
"total": 84,
"url": "http://example.com/media/nauka/amerikancy-sozdali-perchatki-chelovekapauka-5bb4833889643a00ad010bdb/"
},
{
"positives": 1,
"scan_date": "2021-03-07 10:49:34",
"total": 84,
"url": "http://example.com/downloads/7tt_setup.exe"
},
{
"positives": 1,
"scan_date": "2021-03-07 10:45:39",
"total": 84,
"url": "http://example.com/cmd_get/cmd_get.jsp"
},
{
"positives": 1,
"scan_date": "2021-03-06 15:16:46",
"total": 84,
"url": "https://example.com/foo/bar"
},
{
"positives": 1,
"scan_date": "2021-03-05 13:08:26",
"total": 84,
"url": "https://example.com/reauth"
},
{
"positives": 1,
"scan_date": "2021-03-04 05:34:22",
"total": 84,
"url": "https://example.com/example/path"
},
{
"positives": 1,
"scan_date": "2021-03-02 21:18:52",
"total": 84,
"url": "https://example.com/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php?form=f&control="
},
{
"positives": 1,
"scan_date": "2021-02-27 13:46:44",
"total": 84,
"url": "example.comhttp://example.com/files.lst.bz2"
},
{
"positives": 1,
"scan_date": "2021-02-20 09:41:25",
"total": 83,
"url": "http://example.com/maps/?freehaiku_stats=saskia99@famwinkel.nl&src=pnl"
},
{
"positives": 1,
"scan_date": "2021-02-19 17:43:05",
"total": 83,
"url": "http://example.com/files.lst.bz2"
},
{
"positives": 1,
"scan_date": "2021-02-17 11:35:45",
"total": 83,
"url": "https://example.com/app/uploads/2021/02/image_602cf5656e71a-150x150.jpg"
},
{
"positives": 1,
"scan_date": "2021-02-15 00:46:40",
"total": 83,
"url": "https://example.com/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php?form=f&control=</script><svg/onload=alert(/XSS-control"
},
{
"positives": 1,
"scan_date": "2021-02-14 10:19:23",
"total": 83,
"url": "http://example.com/clickme"
},
{
"positives": 1,
"scan_date": "2021-02-13 14:52:43",
"total": 83,
"url": "http://example.com/?a=1&b=2"
},
{
"positives": 1,
"scan_date": "2021-02-13 11:07:22",
"total": 83,
"url": "http://example.com/hop.php?/12345"
},
{
"positives": 1,
"scan_date": "2021-01-29 01:31:32",
"total": 83,
"url": "https://example.com/remoteDesktopGateway/"
},
{
"positives": 1,
"scan_date": "2021-01-23 05:18:11",
"total": 83,
"url": "https://example.com/evil.xsl"
},
{
"positives": 1,
"scan_date": "2021-01-19 10:17:45",
"total": 83,
"url": "https://example.com/route/that/will/404"
},
{
"positives": 1,
"scan_date": "2021-01-18 17:17:29",
"total": 83,
"url": "https://example.com/key/repo-key.gpg"
},
{
"positives": 1,
"scan_date": "2021-01-13 12:08:51",
"total": 83,
"url": "http://example.com/?q=..\\..\\log"
},
{
"positives": 1,
"scan_date": "2021-01-13 12:07:42",
"total": 83,
"url": "http://example.com/?q=<sCrIPt>aLerT()</sCripT>"
},
{
"positives": 1,
"scan_date": "2020-07-22 18:23:26",
"total": 79,
"url": "https://ncguyixqhjhoifmwcgjg-dot-level-elevator-279110.nw.r.appspot.com%23example@example.com/"
},
{
"positives": 1,
"scan_date": "2020-07-15 06:10:04",
"total": 79,
"url": "https://cloanfiwhugwxuasvjgh-dot-level-elevator-279110.nw.r.appspot.com%23example@example.com/"
},
{
"positives": 1,
"scan_date": "2019-01-02 16:53:24",
"total": 70,
"url": "http://example.com/media/usedcars/krossover-ot-datsun-za-235-tysiach-rublei-skoro-startuiut-prodaji-5c18d81892487b00aa3e270e/"
},
{
"positives": 1,
"scan_date": "2019-01-02 12:53:42",
"total": 70,
"url": "http://example.com/media/lubopytnaya_istoria/zverstva-nemcev-v-russkih-derevniah-5c288b5987b8d700aa621dc5/"
},
{
"positives": 1,
"scan_date": "2019-01-02 11:53:46",
"total": 70,
"url": "http://example.com/b/ss/undefined/1/JS-2.2.0/s74246280472176/"
},
{
"positives": 1,
"scan_date": "2019-01-01 01:52:25",
"total": 70,
"url": "http://example.com/b/ss/undefined/1/JS-2.2.0/s64779176403000/"
},
{
"positives": 1,
"scan_date": "2018-12-30 13:52:22",
"total": 70,
"url": "http://example.com/media/history_of_weapons/besshumnyi-revolver-gurevicha-s-jidkostnymi-patronami-5bdaac646fa35900ab19ba43/"
},
{
"positives": 1,
"scan_date": "2018-12-30 11:52:39",
"total": 70,
"url": "http://example.com/media/vzglyad_naroda/zapadnye-ukraincy-rasskazali-chto-gotovy-progolosovat-za-poroshenko-lish-by-ne-bylo-timoshenko-5c15ed4cb42df700ae52834f/"
}
],
"DownloadedHashes": [],
"ReferrerHashes": [
{
"date": "2021-04-13 12:03:36",
"positives": 2,
"sha256": "d3bee955045b8b38f32be52408d13995076c322fdb416991c905793e2394ee4a",
"total": 74
},
{
"date": "2018-08-26 07:38:59",
"positives": 16,
"sha256": "8c9bd61e30edfe0a5c1f17b0deaebd3a92f69bd319cb73fa9d7a10d187a6ff20",
"total": 71
},
{
"date": "2021-04-13 12:11:39",
"positives": 4,
"sha256": "a948e9d7923d45802d5343c1a1a9d127a3223f4cd002a3a56ce5fe6919a5de06",
"total": 74
},
{
"date": "2021-04-13 12:09:11",
"positives": 1,
"sha256": "d71de33f3f2a9df915e231ba9cc76fb5c024dada8301fc62bbeb41c0b07e5a15",
"total": 74
},
{
"date": "2021-04-13 12:04:59",
"positives": 31,
"sha256": "8f8e30556a96475a39234b2e03aa77a7a0a2716e9077d99c5784cb5c37ed67a0",
"total": 75
},
{
"date": "2021-04-13 12:05:10",
"positives": 2,
"sha256": "e49097755b5cc3b25ee3d7c590e6087dcd3e17962a7758313aac17fffa53583f",
"total": 74
},
{
"date": "2021-04-13 12:01:49",
"positives": 1,
"sha256": "4eef8b6e4f6f4808803b92f51f4a2d37b9ccaef1c18af62e5204641b3023c2f5",
"total": 73
},
{
"date": "2021-04-06 06:34:41",
"positives": 31,
"sha256": "52f79b45b79455b2a35c609c613c586197d1a2d09c5391861683680f43166b2d",
"total": 74
},
{
"date": "2021-04-13 11:59:01",
"positives": 53,
"sha256": "8c968e692366e2fad68120c8a4e81706dd9d105f15c47d7f4850b506b46b5dab",
"total": 75
},
{
"date": "2018-06-03 17:13:40",
"positives": 7,
"sha256": "8c949d2dd011a35ae7b6c5c0bb4e795dd90197189c2c5802aa7a63d5693f0765",
"total": 71
},
{
"date": "2021-04-13 11:35:09",
"positives": 51,
"sha256": "8ce04cbf12a0904cd86a59b8f6d49723e3d008cb45a5d060e264ade7a23aa136",
"total": 75
},
{
"date": "2021-04-13 11:47:58",
"positives": 1,
"sha256": "f3c2c933c1bf864d0723995ec580a931e788b6e625b5d3906be24995ac1e24a8",
"total": 74
},
{
"date": "2021-04-13 11:49:01",
"positives": 10,
"sha256": "569c74eaeb3ae682b11fcc6d047f0f4d9f24a27665478ac32510b77c798dc4ae",
"total": 74
},
{
"date": "2021-04-13 11:34:44",
"positives": 1,
"sha256": "f105e2f9f07c1a0ccb6dface42bf7e5aceed7ea1bed708f77960662ba57948c0",
"total": 74
},
{
"date": "2021-04-13 11:41:56",
"positives": 47,
"sha256": "8c9e609fc3b4fc55b79ee32f7f673897b4c9f8b538614730db7d5838f6ab00d3",
"total": 75
},
{
"date": "2018-05-07 17:04:23",
"positives": 35,
"sha256": "8c984efa63dcf0f25264d02b4235d70dd486b14a76d20607e001b1eb0996380a",
"total": 71
},
{
"date": "2021-04-13 11:35:00",
"positives": 1,
"sha256": "49e5120d299c41cb9e6de4661db6a990f2e013909c00b4955368f3442a8afc9b",
"total": 74
},
{
"date": "2021-04-06 11:36:16",
"positives": 2,
"sha256": "8a836b9e25320896fa970b4ec3a9d107fbabf35aa3711e6809863d9eacffd520",
"total": 74
},
{
"date": "2021-04-13 11:35:12",
"positives": 16,
"sha256": "e437c669788cd5d3714d3fcec89d69457ecd61adc3ce3b3451354c7c705fce9f",
"total": 74
},
{
"date": "2021-04-13 11:07:59",
"positives": 17,
"sha256": "c7c1d6fe52ffed91223284ac38b6e5ae089b268a145e2f9f11a47d35bd18f965",
"total": 74
},
{
"date": "2021-03-29 02:20:12",
"positives": 2,
"sha256": "b9f2c0da284ee280575d32dd84b3dac78c7a26988490fe101f18f39dfbc3e593",
"total": 74
},
{
"date": "2021-04-13 11:30:00",
"positives": 49,
"sha256": "6d16a19819ab3109a232fafe0e41065a71a5d6d5aa94621e0f6dc86ca9dbe211",
"total": 75
},
{
"date": "2021-03-29 02:13:56",
"positives": 4,
"sha256": "31865f8fa4485a5b0be98e0201695aa088bc990e91fdd7e76d4edcfc727d909b",
"total": 74
},
{
"date": "2021-04-13 11:24:03",
"positives": 53,
"sha256": "8c88519cc8e6fa7f6aa5aec64cac379926057eb18b34094a20c8100f66f38a6d",
"total": 75
},
{
"date": "2021-04-13 11:20:14",
"positives": 27,
"sha256": "8c924794d3923a6f51a496fc84a9f0037ce4f451e7c0fadb830cf76fa41e49c0",
"total": 74
},
{
"date": "2021-04-13 11:21:36",
"positives": 39,
"sha256": "8c8e4869d70d0330bb2d246157ac6eda4fafdb0a49f0b02be08602a6ec1dd762",
"total": 74
},
{
"date": "2021-04-13 11:17:53",
"positives": 38,
"sha256": "8c8972e2bab903ada41cb7e1d9db833b9ef7164d799c5d18a00b0f7e72ae7b91",
"total": 74
},
{
"date": "2021-04-13 11:12:39",
"positives": 55,
"sha256": "c71fed9fdcf7b01142792628d809a476a2a6cee7382425d3e4c1257b53605f98",
"total": 75
},
{
"date": "2021-04-13 11:11:40",
"positives": 55,
"sha256": "8c89bcab68f478830cd3b8e221060e6cf8f6986cd24c8be3e194c7b5bbf97917",
"total": 75
},
{
"date": "2021-04-13 11:04:54",
"positives": 59,
"sha256": "8bcdaa5c203e5b0e3625ffa74450e926afcf68fe884016f7dc8af5d9dc624588",
"total": 75
},
{
"date": "2021-04-13 11:05:05",
"positives": 58,
"sha256": "8bec045a9fd5a773a0003f59034c5f1f9aefcb58581410ace75076170b85ee93",
"total": 75
},
{
"date": "2021-04-13 11:05:08",
"positives": 58,
"sha256": "8bf5e163fdd195916e72c5a9292fb2c376354906b0fd3924e6416dc4e47aa632",
"total": 75
},
{
"date": "2021-04-13 11:04:52",
"positives": 56,
"sha256": "8bb65409c4b912be8eccc84e4c170c829b622832c930d972762905a1dfecfaf8",
"total": 75
},
{
"date": "2021-04-12 12:06:21",
"positives": 26,
"sha256": "8bda235e48d9da651e759a2a62ab9bb3a6952536e75c96eb5c163b728f5a167f",
"total": 75
},
{
"date": "2021-04-12 08:22:03",
"positives": 33,
"sha256": "8bbb95d7371101e68c47323d3a9aad2858e9bf76b5d46dcaab836c651dadcf1d",
"total": 75
},
{
"date": "2021-04-13 10:56:02",
"positives": 33,
"sha256": "8c91a402dc909ed3cf63e6a9586bf6e05ee518c4b693e64c902cf97816d150f7",
"total": 75
},
{
"date": "2021-04-13 10:56:06",
"positives": 3,
"sha256": "459d071829a5977e8c0f288be2cb473cd8cc44f450b65e8d8ddb240bccd59f84",
"total": 74
}
],
"Resolutions": [
{
"ip_address": "x.x.x.x",
"last_resolved": "2013-07-27 00:00:00"
},
{
"ip_address": "x.x.x.x",
"last_resolved": "2019-11-04 09:44:13"
},
],
"Subdomains": [],
"UnAVDetectedCommunicatingHashes": [
{
"date": "2021-04-13 08:44:59",
"positives": 0,
"sha256": "9ff8e09233ae7d2a31e2af560d0f23c30046bb1cdd7a2fcb9393d09c6bd4a925",
"total": 74
},
{
"date": "2021-04-13 07:58:52",
"positives": 0,
"sha256": "9d5e14e02a3adcc7972e43279f4147ef8d2073a57f5698f2d93f626e8807d817",
"total": 0
},
{
"date": "2021-04-13 06:57:53",
"positives": 0,
"sha256": "33730737dff653312e84d12a3d524b8aa5e19aaf91068c40c04385e5a415936e",
"total": 73
},
{
"date": "2021-04-12 07:13:43",
"positives": 0,
"sha256": "cebffba34f248b5ed6cd672d9c191459d8bf519e04b0c692dc86c8df853444fc",
"total": 74
},
{
"date": "2021-04-12 06:00:33",
"positives": 0,
"sha256": "9aeb15a10958fb07c2fd42180340a60eacf6b5eae0cfdc6c9593401403be3400",
"total": 0
},
{
"date": "2021-04-12 05:20:43",
"positives": 0,
"sha256": "073b67c61e60bd0a704c2bfcf3e10a5544a055a0ee367b90412c1a1257a1d3da",
"total": 74
},
{
"date": "2021-04-11 08:36:18",
"positives": 0,
"sha256": "3958f0c07a3e9c0f476ab5b87360f40182c7fdca523b5cc69b6479a88a059452",
"total": 74
},
{
"date": "2021-04-10 05:13:04",
"positives": 0,
"sha256": "083fdacff6294ad3c2aa9722a2a211060961e47c348643ce5d87e9863a2b70b7",
"total": 0
},
{
"date": "2021-04-09 14:27:00",
"positives": 0,
"sha256": "8c2090b65d25bfc863033dfc9767ebbed9792ffb2e70a090f22aa4d689956cea",
"total": 74
},
{
"date": "2021-04-08 22:48:26",
"positives": 0,
"sha256": "2ec98d41654712f8e514ae4289c6a1c65f62a291b80c017cbf50e31393dbba2c",
"total": 74
},
{
"date": "2021-04-08 06:40:33",
"positives": 0,
"sha256": "c54867b37513970f1585b4176642e0b914cc104979e905e6add47dfb6899b79e",
"total": 74
},
{
"date": "2021-04-08 03:49:47",
"positives": 0,
"sha256": "81b85ab7f868a2644bf65f24dbea9a5d5fb0980add17602c0179f65ae4b24e9f",
"total": 73
},
{
"date": "2021-04-07 10:19:10",
"positives": 0,
"sha256": "a333e59a164cd8003029e07e57c8656710a8b52b885aae826351677c5bee3f5f",
"total": 0
},
{
"date": "2021-04-07 10:10:57",
"positives": 0,
"sha256": "2205fe299eb92849d17b0efc5cb53db1369be40a845f88d3f4908e394d647909",
"total": 74
},
{
"date": "2021-04-07 07:52:59",
"positives": 0,
"sha256": "ecf3fd62079f659d31ff2293e782e13c1acd16c6341757a788722467f6136911",
"total": 0
},
{
"date": "2021-04-05 14:16:28",
"positives": 0,
"sha256": "30f86152b3ed7f6255ca10b0568f6ac71ae4674fd146b250832fea7c08e12a28",
"total": 74
},
{
"date": "2021-04-04 14:02:52",
"positives": 0,
"sha256": "ff43358c0bbdc1fa21234eaab2d091f5cab07a08bbcfd2e9c4fbbb2c888b9bdd",
"total": 75
},
{
"date": "2021-04-05 12:21:35",
"positives": 0,
"sha256": "d1f8b548a13f9163404149b822623ef66b42259f1dbf822bb3f45e200e5df837",
"total": 74
},
{
"date": "2021-04-02 15:50:25",
"positives": 0,
"sha256": "32acedef4dade6fed034179f5ea7471ae8afb3c5a375ed8748088d686077523d",
"total": 73
},
{
"date": "2021-04-01 16:52:38",
"positives": 0,
"sha256": "28612ccdfbd56ff674d1a6a132ebdb60e370976b03fada2dc20b53bed3531758",
"total": 0
},
{
"date": "2021-03-24 03:31:15",
"positives": 0,
"sha256": "376ed48303a45425e95e674f7a59c05d58bbf897a97e1753a74a3ce448dfc6e3",
"total": 75
},
{
"date": "2021-03-24 03:31:17",
"positives": 0,
"sha256": "07e2f15e7c2805defa7b34ee8086114525c7a75921430792894a94dc17852579",
"total": 75
},
{
"date": "2021-03-30 17:21:48",
"positives": 0,
"sha256": "01a3ecb648878993c59ec4a8c5113df381985b359ec3620ed98a7082e5f1b8fa",
"total": 0
},
{
"date": "2021-03-30 12:00:51",
"positives": 0,
"sha256": "464220016d9d1475ed3e3a7460e37f0468733a70e76b4372b05a56a24e782a31",
"total": 72
},
{
"date": "2021-03-30 09:31:18",
"positives": 0,
"sha256": "a8234d9240264b17c0e202ef4a521451cf91a7436671472f539e23768597a3e7",
"total": 74
},
{
"date": "2021-03-30 01:19:33",
"positives": 0,
"sha256": "a378b9128082b3c311a3305448dbb13b6e85b121f164602befbd4f6b6cf64012",
"total": 75
},
{
"date": "2021-03-21 10:30:57",
"positives": 0,
"sha256": "ff05ea38620518bae86f9213ede8ceb43b23f71d299802e87c531c2391659e16",
"total": 75
},
{
"date": "2021-03-28 07:13:43",
"positives": 0,
"sha256": "1ef52b71b557b2f4de5112aa52bdcb9d27368434550bdc707cc3a70c3d30cf1c",
"total": 74
},
{
"date": "2021-03-27 18:51:47",
"positives": 0,
"sha256": "90b52b9d8be0110d19a1e66ff4afc88f161d8a42b00c2899b1461f204fce1ce2",
"total": 0
},
{
"date": "2021-03-27 16:06:34",
"positives": 0,
"sha256": "38bdf7ec57cd818363335e41e84e6557b88666a53547c5d9f43f98fc2d4654c6",
"total": 0
},
{
"date": "2021-03-27 12:09:44",
"positives": 0,
"sha256": "9ceb70eba03e49782693d42fb8bd7eeaa4dfef58ab6a74c25b7973dee9a393cb",
"total": 0
},
{
"date": "2021-03-27 07:31:00",
"positives": 0,
"sha256": "a2ded103297b1556dc1c65b78f2f38c9157b7f4ad45802118afe552385f49ee4",
"total": 74
},
{
"date": "2021-03-26 01:19:18",
"positives": 0,
"sha256": "72d1ebd2df546ed67f8ceb269c56a9db15b494a0b4694fe566e909fed8856887",
"total": 75
},
{
"date": "2021-03-25 04:51:39",
"positives": 0,
"sha256": "b7f2d0479a6ba57321a60162fddea73bc556d907bad1717af352badd967d0eb3",
"total": 74
},
{
"date": "2021-03-23 08:48:29",
"positives": 0,
"sha256": "8a788af40d529d8720725fdc3cf9e4dcd6819c2bbdc74040471a56235fe6ed44",
"total": 75
},
{
"date": "2021-03-23 04:55:34",
"positives": 0,
"sha256": "2c4fb6fdef39ca787e8ca8d07529e6ab14429c9c31e1e2717aa5bef38b40547d",
"total": 75
},
{
"date": "2021-03-22 07:45:37",
"positives": 0,
"sha256": "4a99fbf9d7c4ba70536ee59990f2b91b1c36ecda78b8075338441509d4165e0f",
"total": 75
},
{
"date": "2021-03-22 01:07:30",
"positives": 0,
"sha256": "edf70fcaa011f53a014f7ee65d66be0515fc8ee567b7b543f38c822f1cee2abf",
"total": 73
},
{
"date": "2021-03-22 01:06:33",
"positives": 0,
"sha256": "3eeae2cba7ca59ce61fa085ab3afa7c43894c181fd5c8ed00eebae2518e06561",
"total": 75
},
{
"date": "2021-03-22 01:04:33",
"positives": 0,
"sha256": "55fd6c3125e8fefc3a0a730c17d6895b6525451924a18777ec60ad69b02d7f9b",
"total": 75
},
{
"date": "2021-03-22 01:03:56",
"positives": 0,
"sha256": "f06586ecc69360c30f8634172208a12a894a1ad8f3b20ab910b59923e395b564",
"total": 73
},
{
"date": "2021-03-20 15:44:12",
"positives": 0,
"sha256": "3403b62ce4ad37a968bf9d3a841fa0a7f1f48b91da2c550b502a24a65cb9126e",
"total": 0
},
{
"date": "2021-03-20 12:20:08",
"positives": 0,
"sha256": "d55db1b78c494e80907f5ef249d6ef5ba895568e9370e2473cfe0fa47cc76aa0",
"total": 75
},
{
"date": "2021-03-18 00:46:08",
"positives": 0,
"sha256": "4d661d8e1257f35d4a3ff9fbb59e469e4a324c64a05fa65d246bb2479a86cee6",
"total": 0
},
{
"date": "2021-03-17 08:27:43",
"positives": 0,
"sha256": "2414ff9def2f33ac6c9adb8e4c56a1c79c6410940052faa15c91f619368ca945",
"total": 74
},
{
"date": "2021-03-17 02:51:59",
"positives": 0,
"sha256": "ec199cde83563c4bdf8551265054e3c558066933920f34c6a24e96508e6ab5af",
"total": 75
},
{
"date": "2021-03-16 21:44:35",
"positives": 0,
"sha256": "9961267c1210a290f43eaddbc9e1a68b1e15a15b964e841f68309a759c55e722",
"total": 75
},
{
"date": "2021-03-16 09:39:26",
"positives": 0,
"sha256": "926d501053710dd3bb6b8bc08f6432f633349fddc0f279cbc4c20ee5c1cf4293",
"total": 0
},
{
"date": "2021-03-16 07:52:37",
"positives": 0,
"sha256": "1c41d2657116754078cadc0d46d154e118cbf3bcdbb054ee19ca21a869ff71bb",
"total": 74
},
{
"date": "2021-03-15 22:43:10",
"positives": 0,
"sha256": "ff19eee38b60874aff7611df12870d3873cf79a9e7e478b849f2c77838e9115b",
"total": 73
}
],
"UnAVDetectedDownloadedHashes": [
{
"date": "2021-03-27 08:16:44",
"positives": 0,
"sha256": "ea8fac7c65fb589b0d53560f5251f74f9e9b243478dcb6b3ea79b5e36449c8d9",
"total": 74
},
{
"date": "2019-06-11 23:35:41",
"positives": 0,
"sha256": "4ff8742a8007a9fd554675e6d94f94e72d74163871961952e44449cfb1907851",
"total": 71
},
{
"date": "2019-10-14 07:58:03",
"positives": 0,
"sha256": "3587cb776ce0e4e8237f215800b7dffba0f25865cb84550e87ea8bbac838c423",
"total": 70
},
{
"date": "2018-05-14 00:07:24",
"positives": 0,
"sha256": "1c11c4246b306b5d74cea14ff787b4763bd6413d9b8c37e40f20a6b21b603c79",
"total": 57
},
{
"date": "2018-05-03 00:06:02",
"positives": 0,
"sha256": "ba85b4903f044b3eb20df400f97f33d8ed96dd8d43edd9cb84e3bcfc900649ff",
"total": 60
},
{
"date": "2017-10-24 23:23:47",
"positives": 0,
"sha256": "d9f7e0aa1bff501986995b7c69742a14f373819ab6ecd599af29d67f9d8b4794",
"total": 60
},
{
"date": "2017-06-28 09:57:27",
"positives": 0,
"sha256": "991d8e217a039406c56753de79744d7a02c6a86ee2a97d740b8815e9f42c5d29",
"total": 56
},
{
"date": "2017-02-11 20:10:52",
"positives": 0,
"sha256": "2000f27da89d0034703895d71bb046b89b58ff64d08bf506824bd3bcae56b334",
"total": 55
},
{
"date": "2013-04-25 11:05:19",
"positives": 0,
"sha256": "9332592b1b6ee784ab0c775cbf511fb339c5687c21900bdbc9bb44a44aa330d3",
"total": 46
}
],
"UnAVDetectedReferrerHashes": [
{
"date": "2021-04-13 12:10:17",
"positives": 0,
"sha256": "42d4d43c64d9f9d2238dd9f5eca711f1b429dcdc867fc3988e22fa1518a27cc3",
"total": 75
},
{
"date": "2021-04-13 12:08:08",
"positives": 0,
"sha256": "0e98240f3654c63cf599927b35a4ca30b2abbc13dd8b75936f7223be074e188c",
"total": 74
},
{
"date": "2021-04-13 12:02:48",
"positives": 0,
"sha256": "59fec080c5297cc6ca47a1c362aed12c63458f44eca2890871472c0a3e008309",
"total": 74
},
{
"date": "2021-04-13 11:57:36",
"positives": 0,
"sha256": "31ccb44717eeab6fa2d648f7161db368d3696d80d1adb3537d440c0dad2b67d9",
"total": 74
},
{
"date": "2021-04-13 11:43:34",
"positives": 0,
"sha256": "8b1a9566070e5d937a8b27394beeedbc50c3b390656ea7250bab9bac8c28840d",
"total": 74
},
{
"date": "2021-04-13 11:57:29",
"positives": 0,
"sha256": "405ecd80c2ef2618ac60a68d514498cc99a86f17ebd0a2c7478bb8d5700a04e3",
"total": 72
},
{
"date": "2021-04-13 11:53:58",
"positives": 0,
"sha256": "51660ab4e7e4c5588424577d34697f7b5d2474dfc376047ad7ada9dd38061b3c",
"total": 73
},
{
"date": "2021-04-13 11:42:46",
"positives": 0,
"sha256": "c0ae9cc4e8ace5539bdf82aeba8ef4b55489799639e0d88179cb671b50e733bc",
"total": 74
},
{
"date": "2021-04-13 11:51:54",
"positives": 0,
"sha256": "5689671d166dfb4859b1b9cc02d7af2f3dc6ace98f564a53993f9a2789a4c4a0",
"total": 74
},
{
"date": "2021-04-13 11:50:48",
"positives": 0,
"sha256": "6301b609b945297f02b33cd14c1ac6002177ed3b84da3ca84f6774ad30df1967",
"total": 74
},
{
"date": "2021-04-13 11:47:12",
"positives": 0,
"sha256": "f7248c83625c4ad8d1b9c3a0fdf23deff11cbff7c25d5b2942acba95e92a4e31",
"total": 74
},
{
"date": "2021-04-13 11:35:20",
"positives": 0,
"sha256": "76e5558fb3552de0bb7e4db65d2c0c3e9d41179a5e2ca1fd2dcd4bba4544e8d2",
"total": 74
},
{
"date": "2021-04-13 11:42:35",
"positives": 0,
"sha256": "8c7c6c2ad4be26fc24247c7c5b254cf520602e2b598fb648c6fc66faa5defbda",
"total": 74
},
{
"date": "2021-04-13 11:38:11",
"positives": 0,
"sha256": "ffad7aae49dd1349114b6efd2ca6c9fefba63cec5c8dbba6a73276fe7657df32",
"total": 74
},
{
"date": "2021-04-13 11:30:08",
"positives": 0,
"sha256": "12feafe949b47c97fe1f485b04e4643e7f0fd7e74259912795ee61d878c54fc3",
"total": 74
},
{
"date": "2021-04-13 11:10:42",
"positives": 0,
"sha256": "d8e24b79e82f272d2f07d16b900221cec8d89aa20958b9c31aaab23c25c73306",
"total": 74
},
{
"date": "2021-04-13 11:31:56",
"positives": 0,
"sha256": "4073952c7de8c93359294ebabaa072e0517f4e178d33b5470c5c59016e8c0b57",
"total": 73
},
{
"date": "2021-04-13 11:30:02",
"positives": 0,
"sha256": "c7802d36322159fbd4b0102fdd1ed2eab4c08c6cd864f5ebbca7a14120782ee9",
"total": 72
},
{
"date": "2021-04-13 10:56:04",
"positives": 0,
"sha256": "969dfdfa27ea0dd21b0d29a75e51dd0803a34c24f99e66fb5b7c14ac3871328b",
"total": 75
},
{
"date": "2021-04-13 11:17:39",
"positives": 0,
"sha256": "d9bcc103dfb10fc11c7c6f5360a377c8e5902040be6b4ad3fcc13d44d26cdfcc",
"total": 74
},
{
"date": "2021-04-13 11:22:02",
"positives": 0,
"sha256": "18c284237c17282ef786cd14d8b41b151458397661aaf46d9081745bb763a4de",
"total": 74
},
{
"date": "2021-04-13 11:12:49",
"positives": 0,
"sha256": "c6ce3196f8ebbaa8fd34efac23e742be0ceece3a637ae7ecdb0ea410237423d6",
"total": 74
},
{
"date": "2021-04-13 11:16:46",
"positives": 0,
"sha256": "08b310f469487c3e19e5ecb871aa16973be1adca882a87c1650eb49580086fcc",
"total": 74
},
{
"date": "2021-04-13 11:15:55",
"positives": 0,
"sha256": "e7e98804bc4aac970de3807e5b3e4b27eb8e8ee3c965b3883f52793991c3dba7",
"total": 74
},
{
"date": "2021-04-13 11:11:01",
"positives": 0,
"sha256": "166774884d53f94db1e0b1a058ff1c31a788df64580b72094f2e3b4712a6d105",
"total": 74
},
{
"date": "2021-04-13 11:11:28",
"positives": 0,
"sha256": "32761230ba1f96e63be016eaa95b2800057e4fe217d4bc9bd5e7a80967470129",
"total": 73
},
{
"date": "2021-04-13 10:51:33",
"positives": 0,
"sha256": "984eae0809959efd8d503e3b1b68d1bfef58df46f50357bcbbcab029cf7f3531",
"total": 74
},
{
"date": "2021-04-13 10:58:33",
"positives": 0,
"sha256": "0f3d1caadb32d9eba8759b8c7108ad04a596167adf15e9be3b493936f4b90265",
"total": 74
},
{
"date": "2021-04-13 10:58:57",
"positives": 0,
"sha256": "9e0a6f55801d11b354d6e372ab1da816ab2d982f7755725ce59442507062d946",
"total": 73
},
{
"date": "2021-04-13 10:55:31",
"positives": 0,
"sha256": "26531f10c9021541eadf37921805e49ef32dbf621a872f82b9a636ad70429086",
"total": 74
},
{
"date": "2021-04-13 10:53:13",
"positives": 0,
"sha256": "eb9834e0e22049e68f7b84bce3ac0da93f8396c958e77f4c886100e9f148e01e",
"total": 74
},
{
"date": "2021-04-13 10:46:18",
"positives": 0,
"sha256": "e68c0e2cfb2a2b33e5268f6343cbf0b68b8e332eb13d5b36bc5288b96f797be6",
"total": 74
},
{
"date": "2021-04-13 10:44:03",
"positives": 0,
"sha256": "f828458311f5c2020a559fb237d87e8be3a020debbe17ac7750aa8c07f05ef92",
"total": 74
},
{
"date": "2021-04-13 10:45:08",
"positives": 0,
"sha256": "151fce19a2131e99c396eb8616ffe9064fee2006b801f6efcd19acaba96752af",
"total": 74
},
{
"date": "2021-04-13 10:42:56",
"positives": 0,
"sha256": "b71a84c24023945b5e7d775cc953a58fc73212bfc07c9e3ea269c740f1bfa17f",
"total": 73
},
{
"date": "2021-04-13 10:39:14",
"positives": 0,
"sha256": "ce3af97a274fc0ff0c28d4025e3ba4da7e8c46eab088a9e6d2aa62b5dc34b8d2",
"total": 73
},
{
"date": "2021-04-13 10:38:19",
"positives": 0,
"sha256": "d28c11ec140cf749dcbd9f6f8f5c98a8bd8068770f586ba6ac9f53de81edd691",
"total": 74
},
{
"date": "2021-04-13 10:34:41",
"positives": 0,
"sha256": "fc8b6f2666973c890ed34b2dbd15e74d834ce761d2d82e048cb6b38797a18a71",
"total": 74
},
{
"date": "2021-04-13 10:34:25",
"positives": 0,
"sha256": "5753f0d3556c3c7ccdc3a16d21246f76c6ad323b2b55ceed5175960e7a6ea476",
"total": 74
},
{
"date": "2021-04-13 10:14:33",
"positives": 0,
"sha256": "02b1913e506dd88b5200ec3e846c46c7832ee8992045628706ca1cc87ad7d0ef",
"total": 74
},
{
"date": "2021-04-13 10:17:31",
"positives": 0,
"sha256": "ffc2ee00007156875f579937e07021e0fc493184018814520cb9430480054e33",
"total": 74
},
{
"date": "2021-04-13 10:03:38",
"positives": 0,
"sha256": "a714741710992455a1a71163755b2c8396a53a9882e5714864a6460b47f69d8e",
"total": 73
},
{
"date": "2021-04-13 10:10:43",
"positives": 0,
"sha256": "c58426d8cd15d978f4211678bb80056496184068850c3bbc532909efa55dabe9",
"total": 73
},
{
"date": "2021-04-13 10:06:16",
"positives": 0,
"sha256": "e6bef08d062627965174eb9f48ae2f6165d15c9804107a249f54f62a91204511",
"total": 73
},
{
"date": "2021-04-13 10:05:17",
"positives": 0,
"sha256": "670c1734c279205a4abafd18d859172f12083f6d1d33b2fc8a1a1b37f85c2458",
"total": 74
},
{
"date": "2021-04-13 10:00:17",
"positives": 0,
"sha256": "f52b47763375603157e3e79f290ab0ae5d6b2bef6c5d04861a9714043eac9555",
"total": 74
},
{
"date": "2021-04-13 09:59:06",
"positives": 0,
"sha256": "fc0a99614f754dc863528ceca5f166e3d81c9a641cae2f458e4972791b431db6",
"total": 74
},
{
"date": "2021-04-13 09:40:33",
"positives": 0,
"sha256": "63fb10579256883326391291c451de9ecd7e6831ed3edd51535376b882d5b333",
"total": 74
},
{
"date": "2021-04-13 09:31:56",
"positives": 0,
"sha256": "53afe10be3ef39bd2ba8233cd058057683dea6c02805011d5331ee7a795bb9ba",
"total": 74
},
{
"date": "2021-04-13 09:44:27",
"positives": 0,
"sha256": "3f3d834df6b986189780b68cc058ae239f6bd554bba4807a9c8e9a41a0df0266",
"total": 73
}
],
"Whois": "Creation Date: 1995-08-14T04:00:00Z\nDNSSEC: signedDelegation\nDomain Name: EXAMPLE.COM\nDomain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited\nDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\nDomain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited\nName Server: A.IANA-SERVERS.NET\nName Server: B.IANA-SERVERS.NET\nRegistrar IANA ID: 376\nRegistrar URL: http://example.example.org\nRegistrar WHOIS Server: whois.iana.org\nRegistrar: RESERVED-Internet Assigned Numbers Authority\nRegistry Domain ID: 2336799_DOMAIN_COM-VRSN\nRegistry Expiry Date: 2021-08-13T04:00:00Z\nUpdated Date: 2020-08-14T07:02:37Z\ncreated: 1992-01-01\ndomain: EXAMPLE.COM\norganisation: Internet Assigned Numbers Authority\nsource: IANA"
}
}
}

Human Readable Output#

VirusTotal Domain Reputation for: example.com#

Domain categories: undefined#

VT Link: example.com Detected URL count: 100 Detected downloaded sample count: 0 Undetected downloaded sample count: 9 Detected communicating sample count: 100 Undetected communicating sample count: 100 Detected referrer sample count: 100 Undetected referrer sample count: 100 Resolutions count: 4

Whois Lookup#

Creation Date: 1995-08-14T04:00:00Z DNSSEC: signedDelegation Domain Name: EXAMPLE.COM Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: A.IANA-SERVERS.NET Name Server: B.IANA-SERVERS.NET Registrar IANA ID: 376 Registrar URL: http://example.example.org Registrar WHOIS Server: whois.iana.org Registrar: RESERVED-Internet Assigned Numbers Authority Registry Domain ID: 2336799_DOMAIN_COM-VRSN Registry Expiry Date: 2021-08-13T04:00:00Z Updated Date: 2020-08-14T07:02:37Z created: 1992-01-01 domain: EXAMPLE.COM organisation: Internet Assigned Numbers Authority source: IANA

file-scan#


Submits a file for scanning.

Base Command#

file-scan

Input#

Argument NameDescriptionRequired
entryIDThe file entry ID to submit.Required
uploadURLPrivate API extension. Special upload URL for files larger than 32 MB.Optional

Context Output#

PathTypeDescription
vtScanIDunknownScan IDs of the submitted files.
vtLinkstringVirus Total permanent link.

Command Example#

Human Readable Output#

file-rescan#


Re-scans an already submitted file. This avoids having to upload the file again.

Base Command#

file-rescan

Input#

Argument NameDescriptionRequired
fileHash of the file to re-scan. Supports MD5, SHA1, and SHA256.Required

Context Output#

PathTypeDescription
vtScanIDunknownScan IDs of the submitted files.
vtLinkstringVirus Total permanent link.

Command Example#

Human Readable Output#

url-scan#


Scans a specified URL.

Base Command#

url-scan

Input#

Argument NameDescriptionRequired
urlThe URL to scan.Required

Context Output#

PathTypeDescription
vtScanIDunknownScan IDs of the submitted URLs.
vtLinkstringVirus Total permanent link.

Command Example#

!url-scan url=https://example.com using=vt

Context Example#

{
"vtLink": [
"https://www.virustotal.com/gui/url/0f115db062b7c0dd030b16878c99dea5c354b49dc37b38eb8846179c7783e9d7/detection/u-0f115db062b7c0dd030b16878c99dea5c354b49dc37b38eb8846179c7783e9d7-1618315592"
],
"vtScanID": [
"0f115db062b7c0dd030b16878c99dea5c354b49dc37b38eb8846179c7783e9d7-1618315592"
]
}

Human Readable Output#

VirusTotal URL scan for: https://example.com/#

Scan ID: 0f115db062b7c0dd030b16878c99dea5c354b49dc37b38eb8846179c7783e9d7-1618315592 Scan Date: 2021-04-13 12:16:00

vt-comments-add#


Adds comments to files and URLs.

Base Command#

vt-comments-add

Input#

Argument NameDescriptionRequired
resourceThe file hash (MD5, SHA1, or SHA256) or URL on which you're commenting.Required
commentThe actual review, which you can tag by using the "#" twitter-like syntax, for example, #disinfection #zbot, and reference users using the "@" syntax, for example, @VirusTotalTeam).Required

Context Output#

There is no context output for this command.

Command Example#

!vt-comments-add resource=paloaltonetworks.com resource_type=domain comment="this is a comment" using=vt

Human Readable Output#

Invalid resource

vt-file-scan-upload-url#


Private API. Get a special URL for files larger than 32 MB.

Base Command#

vt-file-scan-upload-url

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
vtUploadURLunknownThe special upload URL for large files.

Command Example#

Human Readable Output#

vt-comments-get#


Private API. Retrieves comments for a given resource.

Base Command#

vt-comments-get

Input#

Argument NameDescriptionRequired
resourceThe file hash (MD5, SHA1, orSHA256) or URL from which you're retrieving comments.Required
beforeDatetime token in the format YYYYMMDDHHMISS. You can use this for paging.Optional

Context Output#

There is no context output for this command.

Command Example#

!vt-comments-get resource=https://paloaltonetworks.com using=vt

Human Readable Output#