Analyze suspicious hashes, URLs, domains, and IP addresses.
-
Navigate to Settings > Integrations > Servers & Services.
-
Search for VirusTotal.
-
Click Add instance to create and configure a new integration instance.
Parameter Description Required Server URL (e.g. https://192.168.0.1) True API Key True Source Reliability Reliability of the source providing the intelligence data. True Use system proxy settings False Trust any certificate (not secure) False File Threshold. Minimum number of positive results from VT scanners to consider the file malicious. False IP Threshold. Minimum number of positive results from VT scanners to consider the IP malicious. False URL Threshold. Minimum number of positive results from VT scanners to consider the URL malicious. False Domain Threshold. Minimum number of positive results from VT scanners to consider the domain malicious. False Preferred Vendors List. CSV list of vendors which are considered more trustworthy. False Preferred Vendor Threshold. The minimum number of highly trusted vendors required to consider a domain, IP address, URL, or file as malicious. False Determines whether to return all results, which can number in the thousands. If “true”, returns all results and overrides the fullResponse, long arguments (if set to “false”) in a command. If “false”, the fullResponse, long arguments in the command determines how results are returned. False IP Relationships Select the list of relationships to retrieve from the API. Some of the relationships are signed with * key which indicates that they are available only when using a premium API key. False Domain Relationships Select the list of relationships to retrieve from the API. Some of the relationships are signed with * key which indicates that they are available only when using a premium API key. False URL Relationships Select the list of relationships to retrieve from the API. Some of the relationships are signed with * key which indicates that they are available only when using a premium API key. False File Relationships Select the list of relationships to retrieve from the API. Some of the relationships are signed with * key which indicates that they are available only when using a premium API key. False -
Click Test to validate the URLs, token, and connection.
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Checks the file reputation of the specified hash.
file
| Argument Name | Description | Required |
|---|---|---|
| file | A CSV list of hashes of the file to query. Supports MD5, SHA1, and SHA256. | Required |
| long | Whether to return full response for scans. Default is "false". Possible values are: true, false. Default is false. | Optional |
| threshold | If the number of positives is higher than the threshold, the file will be considered malicious. If the threshold is not specified, the default file threshold, as configured in the instance settings, will be used. | Optional |
| wait | Time (in seconds) to wait between tries if the API rate limit is reached. Default is "60". Default is 60. | Optional |
| retries | Number of retries for the API rate limit. Default is "0". Default is 0. | Optional |
| Path | Type | Description |
|---|---|---|
| File.MD5 | unknown | Bad MD5 hash. |
| File.SHA1 | unknown | Bad SHA1 hash. |
| File.SHA256 | unknown | Bad SHA256 hash. |
| File.Malicious.Vendor | unknown | For malicious files, the vendor that made the decision. |
| File.Malicious.Detections | unknown | For malicious files, the total number of detections. |
| File.Malicious.TotalEngines | unknown | For malicious files, the total number of engines that checked the file hash. |
| DBotScore.Indicator | String | The indicator that was tested. |
| DBotScore.Type | String | The indicator type. |
| DBotScore.Vendor | String | The vendor used to calculate the score. |
| DBotScore.Score | Number | The actual score. |
| DBotScore.Reliability | String | Reliability of the source providing the intelligence data. |
| File.VirusTotal.Scans.Source | unknown | Vendor used to scan the hash. |
| File.VirusTotal.Scans.Detected | unknown | Scan detection for this hash (True or False). |
| File.VirusTotal.Scans.Result | unknown | Scan result for this hash, for example, signature. |
| File.VirusTotal.ScanID | string | Scan ID for this hash. |
| File.PositiveDetections | number | Number of engines that positively detected the indicator as malicious. |
| File.DetectionEngines | number | Total number of engines that checked the indicator. |
| File.VirusTotal.vtLink | string | Virus Total permanent link. |
Checks the reputation of an IP address.
ip
| Argument Name | Description | Required |
|---|---|---|
| ip | IP address to check. | Required |
| long | Whether to return a full response for detected URLs. Default is "false". Possible values are: "true" and "false". | Optional |
| threshold | If the number of positives is higher than the threshold, the IP address will be considered malicious. If the threshold is not specified, the default IP threshold, as configured in the instance settings, will be used. | Optional |
| sampleSize | The number of samples from each type (resolutions, detections, etc.) to display in the long format. Default is "10". | Optional |
| wait | Time (in seconds) to wait between tries if the API rate limit is reached. Default is "60". | Optional |
| retries | Number of retries for the API rate limit. Default is "0". | Optional |
| fullResponse | Whether to return all results, which can be thousands. We recommend that you don't return full results in playbooks. Possible values are: "true" and "false". Default is "false". | Optional |
| Path | Type | Description |
|---|---|---|
| IP.Address | unknown | Bad IP address. |
| IP.ASN | unknown | Bad IP ASN. |
| IP.Geo.Country | unknown | Bad IP country. |
| IP.Malicious.Vendor | unknown | For malicious IPs, the vendor that made the decision. |
| IP.Malicious.Description | unknown | For malicious IPs, the reason that the vendor made the decision. |
| DBotScore.Indicator | String | The indicator that was tested. |
| DBotScore.Type | String | The indicator type. |
| DBotScore.Vendor | String | The vendor used to calculate the score. |
| DBotScore.Score | Number | The actual score. |
| DBotScore.Reliability | String | Reliability of the source providing the intelligence data. |
| IP.VirusTotal.DownloadedHashes | unknown | Latest files that were detected by at least one antivirus solution, and were downloaded by VirusTotal from the IP address. |
| IP.VirusTotal.UnAVDetectedDownloadedHashes | unknown | Latest files that were not detected by any antivirus solution, and were downloaded by VirusTotal from the specified IP address. |
| IP.VirusTotal.DetectedURLs | unknown | Latest URLs hosted in this IP address that were detected by at least one URL scanner. |
| IP.VirusTotal.CommunicatingHashes | unknown | Latest detected files that communicate with this IP address. |
| IP.VirusTotal.UnAVDetectedCommunicatingHashes | unknown | Latest undetected files that communicate with this IP address. |
| IP.VirusTotal.Resolutions.hostname | unknown | Domains that resolved to the specified IP address. |
| IP.VirusTotal.ReferrerHashes | unknown | Latest detected files that embed this IP address in their strings. |
| IP.VirusTotal.UnAVDetectedReferrerHashes | unknown | Latest undetected files that embed this IP address in their strings. |
| IP.VirusTotal.Resolutions.last_resolved | unknown | Last resolution times of the domains that resolved to the specified IP address. |
Checks the reputation of a URL.
url
| Argument Name | Description | Required |
|---|---|---|
| url | A comma-separated list of URLs to check. This command will not work properly on URLs containing commas. | Required |
| sampleSize | The number of samples from each type (resolutions, detections, etc.) to display for long format. Default is "10". | Optional |
| long | Whether to return the full response for the detected URLs. Possible values are: "true" and "false". Default is "false". | Optional |
| threshold | If the number of positives is higher than the threshold, the URL will be considered malicious. If the threshold is not specified, the default URL threshold, as configured in the instance settings, will be used. | Optional |
| submitWait | Time (in seconds) to wait if the URL does not exist and is submitted for scanning. Default is "0". | Optional |
| wait | Time (in seconds) to wait between tries if the API rate limit is reached. Default is "60". | Optional |
| retries | Number of retries for the API rate limit. Default is "0". | Optional |
| Path | Type | Description |
|---|---|---|
| URL.Data | unknown | Bad URLs found. |
| URL.Malicious.Vendor | unknown | For malicious URLs, the vendor that made the decision. |
| URL.Malicious.Description | unknown | For malicious URLs, the reason that the vendor made the decision. |
| DBotScore.Indicator | String | The indicator that was tested. |
| DBotScore.Type | String | The indicator type. |
| DBotScore.Vendor | String | The vendor used to calculate the score. |
| DBotScore.Score | Number | The actual score. |
| DBotScore.Reliability | String | Reliability of the source providing the intelligence data. |
| URL.VirusTotal.Scans.Source | unknown | Vendor that scanned this URL. |
| URL.VirusTotal.Scans.Detected | unknown | Scan detection for this URL (True or False). |
| URL.VirusTotal.Scans.Result | unknown | Scan result for this URL, for example, signature. |
| URL.DetectionEngines | number | Total number of engines that checked the indicator. |
| URL.PositiveDetections | number | Number of engines that positively detected the indicator as malicious. |
| url.VirusTotal.ScanID | string | Scan ID for this URL. |
| File.VirusTotal.vtLink | string | Virus Total permanent link. |
!url url=https://example.com using=vt
{
"DBotScore": {
"Indicator": "https://example.com",
"Reliability": "C - Fairly reliable",
"Score": 1,
"Type": "url",
"Vendor": "VirusTotal"
},
"URL": {
"Data": "https://example.com",
"DetectionEngines": 87,
"PositiveDetections": 2,
"VirusTotal": {
"ScanID": "0f115db062b7c0dd030b16878c99dea5c354b49dc37b38eb8846179c7783e9d7-1618315592",
"vtLink": "https://www.virustotal.com/gui/url/0f115db062b7c0dd030b16878c99dea5c354b49dc37b38eb8846179c7783e9d7/detection/u-0f115db062b7c0dd030b16878c99dea5c354b49dc37b38eb8846179c7783e9d7-1618315592"
}
}
}VirusTotal URL Reputation for: https://example.com
Last scan date: 2021-04-13 12:06:32 Total scans: 87 Positive scans: 2 VT Link: https://example.com
Checks the reputation of a domain.
domain
| Argument Name | Description | Required |
|---|---|---|
| domain | Domain name to check. | Required |
| long | Whether to return the full response for detected URLs. Default is "false". Possible values are: true, false. Default is false. | Optional |
| sampleSize | The number of samples from each type (resolutions, detections, etc.) to display for long format. Default is 10. | Optional |
| threshold | If the number of positives is higher than the threshold, the domain will be considered malicious. If the threshold is not specified, the default domain threshold, as configured in the instance settings, will be used. | Optional |
| wait | Time (in seconds) to wait between tries if the API rate limit is reached. Default is "60". Default is 60. | Optional |
| retries | Number of retries for API rate limit. Default is "0". Default is 0. | Optional |
| fullResponse | Whether to return all results, which can be thousands. Default is "false". We recommend that you don't return full results in playbooks. Possible values are: true, false. Default is false. | Optional |
| Path | Type | Description |
|---|---|---|
| Domain.Name | unknown | Bad domain found. |
| Domain.Malicious.Vendor | unknown | For malicious domains, the vendor that made the decision. |
| Domain.Malicious.Description | unknown | For malicious domains, the reason that the vendor made the decision. |
| DBotScore.Indicator | String | The indicator that was tested. |
| DBotScore.Type | String | The indicator type. |
| DBotScore.Vendor | String | The vendor used to calculate the score. |
| DBotScore.Score | Number | The actual score. |
| DBotScore.Reliability | String | Reliability of the source providing the intelligence data. |
| Domain.VirusTotal.DownloadedHashes | unknown | Hashes of files that were downloaded from this domain. |
| Domain.VirusTotal.CommunicatingHashes | unknown | Hashes of files that communicated with this domain in a sandbox. |
| Domain.VirusTotal.Resolutions.ip_address | unknown | IP addresses that resolved to this domain. |
| Domain.VirusTotal.Whois | unknown | Whois report. |
| Domain.VirusTotal.Subdomains | unknown | Subdomains. |
| Domain.VirusTotal.UnAVDetectedDownloadedHashes | unknown | Latest files that were not detected by any antivirus solution, and were downloaded by VirusTotal from the specified IP address. |
| Domain.VirusTotal.DetectedURLs | unknown | Latest URLs hosted in this domain address that were detected by at least one URL scanner. |
| Domain.VirusTotal.ReferrerHashes | unknown | Latest detected files that embed this domain address in their strings. |
| Domain.VirusTotal.UnAVDetectedReferrerHashes | unknown | Latest undetected files that embed this domain address in their strings. |
| Domain.VirusTotal.UnAVDetectedCommunicatingHashes | unknown | Latest undetected files that communicated with this domain in a sandbox. |
| Domain.VirusTotal.Resolutions.last_resolved | unknown | Last resolution times of the IP addresses that resolve to this domain. |
!domain domain=example.com using=vt
{
"DBotScore": {
"Indicator": "example.com",
"Reliability": "C - Fairly reliable",
"Score": 1,
"Type": "domain",
"Vendor": "VirusTotal"
},
"Domain": {
"Name": "example.com",
"VirusTotal": {
"CommunicatingHashes": [
{
"date": "2021-04-12 09:26:02",
"positives": 57,
"sha256": "6a5ac92cbc785fc963b4864db51c8aa3f1dae9e85d4fe20bd05816be301355cf",
"total": 75
},
{
"date": "2021-04-11 13:15:27",
"positives": 50,
"sha256": "d0a08d52eb9e5446b701f01ee13b361d4d9109af7f434e71bbfbc8d485277eea",
"total": 74
},
{
"date": "2021-04-11 13:07:33",
"positives": 53,
"sha256": "0c3ed8d6f0261ac2ad08a3a73a61f0bf6796e3169790cdb20aa1e08846a972cc",
"total": 75
},
{
"date": "2021-04-11 11:12:34",
"positives": 8,
"sha256": "ffdedea9146387fa9bbacfa309e805bb2300b43fddc00bb8397c4fb0f85b5501",
"total": 74
},
{
"date": "2021-04-03 23:26:17",
"positives": 50,
"sha256": "7dbc608ef30c02bf02b1f88fbe386bfd4e8ba103cc23788df8a418d897b27e1d",
"total": 75
},
{
"date": "2021-04-07 17:43:15",
"positives": 8,
"sha256": "735ca98e2f84b9d08c2cba3b89e3e764083e5477ff0e0d941a1eeeda729a8911",
"total": 74
},
{
"date": "2021-04-07 14:40:22",
"positives": 1,
"sha256": "06fd36ed7c44f84397f07cca63ac2e82fd30587d00f0affef5bbac6ff41ccda3",
"total": 74
},
{
"date": "2021-04-07 10:57:59",
"positives": 7,
"sha256": "2e962f34024aa2791b4c906ff525ff3a9a077334cb62171f7ac94071b4043383",
"total": 73
},
{
"date": "2021-04-06 03:54:19",
"positives": 21,
"sha256": "a4a5bc74a7781871b3a42aaf14b08defee495a3c68815b5bdbd1848bf96699ab",
"total": 74
},
{
"date": "2021-04-05 05:20:13",
"positives": 57,
"sha256": "07ff0e704905783cc89e465e98e9fa99180333849a4bffd42a0c7e45598c2a94",
"total": 75
},
{
"date": "2021-04-05 09:57:27",
"positives": 56,
"sha256": "e97ff8d59861937e89ba807b8b6319d4ff35d07c49333627267929797ae20b49",
"total": 75
},
{
"date": "2021-04-05 03:35:28",
"positives": 56,
"sha256": "723b542d0e9c9dfb1e7afe2b8a80d0f483afc4dd052a8f5e434d6f81dfa2ff8a",
"total": 75
},
{
"date": "2021-04-05 10:56:01",
"positives": 56,
"sha256": "d87d92ee041dc88a23bd07667fbea624efc12855645122a7e86e9ebcbe8b2a6b",
"total": 75
},
{
"date": "2021-04-05 03:04:54",
"positives": 56,
"sha256": "01b4d96e716e7fc862a34e7bdb0b245071e9b4d4e1303d00735e8faea4cb99c8",
"total": 75
},
{
"date": "2021-04-04 21:03:52",
"positives": 56,
"sha256": "acffdd944badb0f6e6d5d145351fa7a672186e48c94181902f7eb5b730d841c8",
"total": 75
},
{
"date": "2021-04-05 17:22:20",
"positives": 1,
"sha256": "ccc2e90645b94d52e6b8f38de03ca281397673e546f620fd61a91a21985759e5",
"total": 73
},
{
"date": "2021-04-05 15:41:30",
"positives": 1,
"sha256": "4aa5c9349b5fce3af90f9d28f9520f0281db62ed346d54af9d8ead5b7e2f5921",
"total": 74
},
{
"date": "2021-04-04 13:29:47",
"positives": 33,
"sha256": "e52c38ba6c1a046fb4086946c6f8821074084758df5dff7d7ee554f5360e8b7b",
"total": 74
},
{
"date": "2021-04-02 05:31:33",
"positives": 18,
"sha256": "255f91ad437f817eb9d747cd08566b67613f500e306001c4f7c0ee94557f39a3",
"total": 77
},
{
"date": "2021-04-02 06:31:22",
"positives": 1,
"sha256": "5c84c2ba0834908eb07f75b9ba69d4b6aa23b61b7e93569671a094ca9c8e13c4",
"total": 74
},
{
"date": "2021-04-02 06:19:55",
"positives": 1,
"sha256": "a4d82173a09d6a8db5b1a44368ce49219be6f73af0f0700a872c47cb47dbb8ed",
"total": 74
},
{
"date": "2021-03-31 05:59:30",
"positives": 26,
"sha256": "be0a2ead16231cf5930c2da7f4edd8d858277bc3ead7e92d261093ed7c584046",
"total": 72
},
{
"date": "2021-03-31 05:56:45",
"positives": 30,
"sha256": "8ea80869b77006c0a20831d36ee0d2d0c28da79b5e9a99d52cdf81ff18b19520",
"total": 74
},
{
"date": "2021-03-30 06:08:32",
"positives": 34,
"sha256": "94bcc974165ba9ec90dfc40d0438b5cfdba7969032c82a53981e3af513164f2f",
"total": 75
},
{
"date": "2021-03-31 01:45:41",
"positives": 53,
"sha256": "853a44dbfe639a6c1e6dcf1a994f88363db62a9ec6e62ebf05b23b6ffb1e6d7d",
"total": 75
},
{
"date": "2021-03-31 12:52:49",
"positives": 32,
"sha256": "256390f58c23ca6dba40bc47dafd6edc2ab4cd25ac8c2eeb6e7ad6d6033437b8",
"total": 75
},
{
"date": "2021-03-31 11:25:49",
"positives": 1,
"sha256": "627f76e441e262e5e70a72c56d9786aad0419047f305c16990fc9bc206161644",
"total": 74
},
{
"date": "2021-03-31 00:02:58",
"positives": 49,
"sha256": "88412954cbbe227fecaeaab582ee6e39cd4c804510f60829601a18bbce50b60a",
"total": 75
},
{
"date": "2021-03-29 12:34:56",
"positives": 4,
"sha256": "8ac46f12d893ce84faab11d07b8c76fe7b0516dfc8506df70b0edcca43114de4",
"total": 73
},
{
"date": "2021-03-30 11:32:14",
"positives": 7,
"sha256": "8cfb1b8afecda4772031f37fd4aa00b024cd2874b797352c949dfbd751fc062a",
"total": 74
},
{
"date": "2021-03-30 10:06:58",
"positives": 1,
"sha256": "c3c0df231c0b9d294c795aa9fac2f1308eb2bc1bcdd705ef6d2af8452227b02c",
"total": 74
},
{
"date": "2021-03-30 08:29:41",
"positives": 13,
"sha256": "cffde7d6b903801343146e003a11eba0ac619298191424358e30befdc1391beb",
"total": 74
},
{
"date": "2021-03-25 04:25:38",
"positives": 50,
"sha256": "81ae5f6bbae13b0890578ff3ec885cba237e176401af21d7a9eea8a0d4b22e29",
"total": 76
},
{
"date": "2021-03-21 01:06:53",
"positives": 58,
"sha256": "7aa0a8b91487ff2949595271c3bfe0f07f09ce87292f0006498dc1ed5241c167",
"total": 76
},
{
"date": "2021-03-21 01:00:45",
"positives": 61,
"sha256": "d989c2c04ee6cb62296dcad1c8cbc27d5279190741306fee1afcf531e2c2fa25",
"total": 76
},
{
"date": "2021-03-22 01:03:13",
"positives": 2,
"sha256": "d14e0419671b376f3a59bd2a1354672951ae02e2b8fd9a7797e9e5050b0d6ec9",
"total": 75
},
{
"date": "2021-03-22 00:08:29",
"positives": 2,
"sha256": "1aafb6f2f4c5efc0c452cf0e2836932b0902929838bf3971e0e252251b23e83c",
"total": 75
},
{
"date": "2021-03-20 09:34:18",
"positives": 59,
"sha256": "a08f569f3bdd6b520013304aef6ed5f35830cf3002744c4cda6924801947ca1c",
"total": 76
},
{
"date": "2021-03-20 09:30:13",
"positives": 56,
"sha256": "a8e648026dbd8f36f01c6c5aa9a623efad26668e2ab762c26e8be70eef23cf66",
"total": 75
},
{
"date": "2021-03-20 08:49:18",
"positives": 55,
"sha256": "7debc7a47d65fcbfaa3382d2e89d85a52c55c10a6db561f52991054088923294",
"total": 76
},
{
"date": "2021-03-20 07:25:24",
"positives": 56,
"sha256": "a820eed0dfe429b760c0b47fbb1e493d8490aef6cd30c590165cc2fe9eede6d7",
"total": 76
},
{
"date": "2020-12-22 15:25:58",
"positives": 51,
"sha256": "d0f734894dc7b566c1f5ace8ac310544c645f14e80a234f4a5047bb42e702a8b",
"total": 77
},
{
"date": "2020-01-17 13:09:05",
"positives": 37,
"sha256": "41996bbd9ca19c2059338a9da58beb6f69a20cc71028f37da6daff0b31888437",
"total": 75
},
{
"date": "2019-10-07 23:36:41",
"positives": 45,
"sha256": "e9919f7b2dd46796bb1f07d6a43203a999e4d433558a7dea2dd48318e5691547",
"total": 72
},
{
"date": "2021-03-19 08:26:29",
"positives": 52,
"sha256": "da952562e7781cf8378a3347743d5f2007634a2b213d901b78629403f6df257f",
"total": 77
},
{
"date": "2021-03-19 08:21:47",
"positives": 56,
"sha256": "984511529324f7274de09d07c34453ede6208c4e2a65c3b3abe327e266cf8c0c",
"total": 76
},
{
"date": "2021-03-19 07:40:38",
"positives": 54,
"sha256": "a89dd2d356bccbe088bc8f0bee75c51e1d445a0062b40952c80c1dd004edb122",
"total": 76
},
{
"date": "2021-03-19 06:17:54",
"positives": 58,
"sha256": "d923610aed1d4118e26b249bbbf77d2e392c20e7c551e733dfdab62d5899b3e2",
"total": 76
},
{
"date": "2021-03-19 03:10:38",
"positives": 51,
"sha256": "0c6bc15182a12afdd5e159b897bac95761c3cd0fd34f61a63c50208703661f4a",
"total": 75
},
{
"date": "2021-03-19 13:25:34",
"positives": 49,
"sha256": "9b692f46029dede131518da13ea94528328bc24183d97218ab8d237837f01598",
"total": 76
}
],
"DetectedURLs": [
{
"positives": 2,
"scan_date": "2021-04-11 11:17:31",
"total": 85,
"url": "http://example.com/"
},
{
"positives": 2,
"scan_date": "2021-04-10 14:06:18",
"total": 85,
"url": "https://example.com/blackhole/"
},
{
"positives": 2,
"scan_date": "2021-04-10 04:39:45",
"total": 85,
"url": "http://example.com/evil.ps1"
},
{
"positives": 2,
"scan_date": "2021-04-09 00:59:51",
"total": 85,
"url": "http://example.com/foo.jpg"
},
{
"positives": 1,
"scan_date": "2021-04-05 13:49:23",
"total": 85,
"url": "http://example.com/player?id=123"
},
{
"positives": 1,
"scan_date": "2021-04-03 13:53:06",
"total": 85,
"url": "http://example.com/foo/bar"
},
{
"positives": 1,
"scan_date": "2021-04-02 13:51:01",
"total": 85,
"url": "http://example.com/great-multiplication-intro.html"
},
{
"positives": 1,
"scan_date": "2021-03-30 07:21:30",
"total": 85,
"url": "https://example.com/"
},
{
"positives": 1,
"scan_date": "2021-03-26 16:20:25",
"total": 85,
"url": "http://example.com/z1vey0sjjfm"
},
{
"positives": 1,
"scan_date": "2021-03-24 04:02:11",
"total": 85,
"url": "http://example.com/music-videos/"
},
{
"positives": 1,
"scan_date": "2021-03-23 01:00:01",
"total": 85,
"url": "http://example.com/http"
},
{
"positives": 1,
"scan_date": "2021-03-16 03:39:30",
"total": 85,
"url": "http://example.com/?goal=0_1dfca2ec74-7d92b78da0-133981889&mc_cid=7d92b78da0&mc_eid=UNIQID"
},
{
"positives": 1,
"scan_date": "2021-03-14 17:59:45",
"total": 85,
"url": "https://example.com/?firstName=John&lastName=Adams&dateOfBirth=March%204,%201797&address=Braintree,%20MA"
},
{
"positives": 1,
"scan_date": "2021-03-13 03:14:44",
"total": 85,
"url": "https://yygelbbkauxnbcqliovy-dot-level-elevator-279110.nw.r.appspot.com%23example@example.com/"
},
{
"positives": 1,
"scan_date": "2021-03-12 03:00:59",
"total": 85,
"url": "http://example.com/ns/leafref"
},
{
"positives": 1,
"scan_date": "2021-03-12 02:54:31",
"total": 85,
"url": "http://example.com/media/orudie/orujeinaia-kollekciia-i-lichnoe-orujie-stalina-i-gitlera-5c0d1f3006bd7000abdb7c31/"
},
{
"positives": 1,
"scan_date": "2021-03-11 13:00:45",
"total": 85,
"url": "http://example.com/page.php"
},
{
"positives": 1,
"scan_date": "2021-03-10 10:20:23",
"total": 84,
"url": "http://example.com/@clickme"
},
{
"positives": 1,
"scan_date": "2021-03-10 02:22:07",
"total": 84,
"url": "http://example.com/login"
},
{
"positives": 1,
"scan_date": "2021-03-09 22:03:10",
"total": 84,
"url": "http://example.com/cancel/"
},
{
"positives": 1,
"scan_date": "2021-03-09 01:21:40",
"total": 84,
"url": "http://example.com/maps/"
},
{
"positives": 1,
"scan_date": "2021-03-07 11:41:07",
"total": 84,
"url": "http://example.com/media/nauka/amerikancy-sozdali-perchatki-chelovekapauka-5bb4833889643a00ad010bdb/"
},
{
"positives": 1,
"scan_date": "2021-03-07 10:49:34",
"total": 84,
"url": "http://example.com/downloads/7tt_setup.exe"
},
{
"positives": 1,
"scan_date": "2021-03-07 10:45:39",
"total": 84,
"url": "http://example.com/cmd_get/cmd_get.jsp"
},
{
"positives": 1,
"scan_date": "2021-03-06 15:16:46",
"total": 84,
"url": "https://example.com/foo/bar"
},
{
"positives": 1,
"scan_date": "2021-03-05 13:08:26",
"total": 84,
"url": "https://example.com/reauth"
},
{
"positives": 1,
"scan_date": "2021-03-04 05:34:22",
"total": 84,
"url": "https://example.com/example/path"
},
{
"positives": 1,
"scan_date": "2021-03-02 21:18:52",
"total": 84,
"url": "https://example.com/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php?form=f&control="
},
{
"positives": 1,
"scan_date": "2021-02-27 13:46:44",
"total": 84,
"url": "example.comhttp://example.com/files.lst.bz2"
},
{
"positives": 1,
"scan_date": "2021-02-20 09:41:25",
"total": 83,
"url": "http://example.com/maps/?freehaiku_stats=saskia99@famwinkel.nl&src=pnl"
},
{
"positives": 1,
"scan_date": "2021-02-19 17:43:05",
"total": 83,
"url": "http://example.com/files.lst.bz2"
},
{
"positives": 1,
"scan_date": "2021-02-17 11:35:45",
"total": 83,
"url": "https://example.com/app/uploads/2021/02/image_602cf5656e71a-150x150.jpg"
},
{
"positives": 1,
"scan_date": "2021-02-15 00:46:40",
"total": 83,
"url": "https://example.com/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php?form=f&control=</script><svg/onload=alert(/XSS-control"
},
{
"positives": 1,
"scan_date": "2021-02-14 10:19:23",
"total": 83,
"url": "http://example.com/clickme"
},
{
"positives": 1,
"scan_date": "2021-02-13 14:52:43",
"total": 83,
"url": "http://example.com/?a=1&b=2"
},
{
"positives": 1,
"scan_date": "2021-02-13 11:07:22",
"total": 83,
"url": "http://example.com/hop.php?/12345"
},
{
"positives": 1,
"scan_date": "2021-01-29 01:31:32",
"total": 83,
"url": "https://example.com/remoteDesktopGateway/"
},
{
"positives": 1,
"scan_date": "2021-01-23 05:18:11",
"total": 83,
"url": "https://example.com/evil.xsl"
},
{
"positives": 1,
"scan_date": "2021-01-19 10:17:45",
"total": 83,
"url": "https://example.com/route/that/will/404"
},
{
"positives": 1,
"scan_date": "2021-01-18 17:17:29",
"total": 83,
"url": "https://example.com/key/repo-key.gpg"
},
{
"positives": 1,
"scan_date": "2021-01-13 12:08:51",
"total": 83,
"url": "http://example.com/?q=..\\..\\log"
},
{
"positives": 1,
"scan_date": "2021-01-13 12:07:42",
"total": 83,
"url": "http://example.com/?q=<sCrIPt>aLerT()</sCripT>"
},
{
"positives": 1,
"scan_date": "2020-07-22 18:23:26",
"total": 79,
"url": "https://ncguyixqhjhoifmwcgjg-dot-level-elevator-279110.nw.r.appspot.com%23example@example.com/"
},
{
"positives": 1,
"scan_date": "2020-07-15 06:10:04",
"total": 79,
"url": "https://cloanfiwhugwxuasvjgh-dot-level-elevator-279110.nw.r.appspot.com%23example@example.com/"
},
{
"positives": 1,
"scan_date": "2019-01-02 16:53:24",
"total": 70,
"url": "http://example.com/media/usedcars/krossover-ot-datsun-za-235-tysiach-rublei-skoro-startuiut-prodaji-5c18d81892487b00aa3e270e/"
},
{
"positives": 1,
"scan_date": "2019-01-02 12:53:42",
"total": 70,
"url": "http://example.com/media/lubopytnaya_istoria/zverstva-nemcev-v-russkih-derevniah-5c288b5987b8d700aa621dc5/"
},
{
"positives": 1,
"scan_date": "2019-01-02 11:53:46",
"total": 70,
"url": "http://example.com/b/ss/undefined/1/JS-2.2.0/s74246280472176/"
},
{
"positives": 1,
"scan_date": "2019-01-01 01:52:25",
"total": 70,
"url": "http://example.com/b/ss/undefined/1/JS-2.2.0/s64779176403000/"
},
{
"positives": 1,
"scan_date": "2018-12-30 13:52:22",
"total": 70,
"url": "http://example.com/media/history_of_weapons/besshumnyi-revolver-gurevicha-s-jidkostnymi-patronami-5bdaac646fa35900ab19ba43/"
},
{
"positives": 1,
"scan_date": "2018-12-30 11:52:39",
"total": 70,
"url": "http://example.com/media/vzglyad_naroda/zapadnye-ukraincy-rasskazali-chto-gotovy-progolosovat-za-poroshenko-lish-by-ne-bylo-timoshenko-5c15ed4cb42df700ae52834f/"
}
],
"DownloadedHashes": [],
"ReferrerHashes": [
{
"date": "2021-04-13 12:03:36",
"positives": 2,
"sha256": "d3bee955045b8b38f32be52408d13995076c322fdb416991c905793e2394ee4a",
"total": 74
},
{
"date": "2018-08-26 07:38:59",
"positives": 16,
"sha256": "8c9bd61e30edfe0a5c1f17b0deaebd3a92f69bd319cb73fa9d7a10d187a6ff20",
"total": 71
},
{
"date": "2021-04-13 12:11:39",
"positives": 4,
"sha256": "a948e9d7923d45802d5343c1a1a9d127a3223f4cd002a3a56ce5fe6919a5de06",
"total": 74
},
{
"date": "2021-04-13 12:09:11",
"positives": 1,
"sha256": "d71de33f3f2a9df915e231ba9cc76fb5c024dada8301fc62bbeb41c0b07e5a15",
"total": 74
},
{
"date": "2021-04-13 12:04:59",
"positives": 31,
"sha256": "8f8e30556a96475a39234b2e03aa77a7a0a2716e9077d99c5784cb5c37ed67a0",
"total": 75
},
{
"date": "2021-04-13 12:05:10",
"positives": 2,
"sha256": "e49097755b5cc3b25ee3d7c590e6087dcd3e17962a7758313aac17fffa53583f",
"total": 74
},
{
"date": "2021-04-13 12:01:49",
"positives": 1,
"sha256": "4eef8b6e4f6f4808803b92f51f4a2d37b9ccaef1c18af62e5204641b3023c2f5",
"total": 73
},
{
"date": "2021-04-06 06:34:41",
"positives": 31,
"sha256": "52f79b45b79455b2a35c609c613c586197d1a2d09c5391861683680f43166b2d",
"total": 74
},
{
"date": "2021-04-13 11:59:01",
"positives": 53,
"sha256": "8c968e692366e2fad68120c8a4e81706dd9d105f15c47d7f4850b506b46b5dab",
"total": 75
},
{
"date": "2018-06-03 17:13:40",
"positives": 7,
"sha256": "8c949d2dd011a35ae7b6c5c0bb4e795dd90197189c2c5802aa7a63d5693f0765",
"total": 71
},
{
"date": "2021-04-13 11:35:09",
"positives": 51,
"sha256": "8ce04cbf12a0904cd86a59b8f6d49723e3d008cb45a5d060e264ade7a23aa136",
"total": 75
},
{
"date": "2021-04-13 11:47:58",
"positives": 1,
"sha256": "f3c2c933c1bf864d0723995ec580a931e788b6e625b5d3906be24995ac1e24a8",
"total": 74
},
{
"date": "2021-04-13 11:49:01",
"positives": 10,
"sha256": "569c74eaeb3ae682b11fcc6d047f0f4d9f24a27665478ac32510b77c798dc4ae",
"total": 74
},
{
"date": "2021-04-13 11:34:44",
"positives": 1,
"sha256": "f105e2f9f07c1a0ccb6dface42bf7e5aceed7ea1bed708f77960662ba57948c0",
"total": 74
},
{
"date": "2021-04-13 11:41:56",
"positives": 47,
"sha256": "8c9e609fc3b4fc55b79ee32f7f673897b4c9f8b538614730db7d5838f6ab00d3",
"total": 75
},
{
"date": "2018-05-07 17:04:23",
"positives": 35,
"sha256": "8c984efa63dcf0f25264d02b4235d70dd486b14a76d20607e001b1eb0996380a",
"total": 71
},
{
"date": "2021-04-13 11:35:00",
"positives": 1,
"sha256": "49e5120d299c41cb9e6de4661db6a990f2e013909c00b4955368f3442a8afc9b",
"total": 74
},
{
"date": "2021-04-06 11:36:16",
"positives": 2,
"sha256": "8a836b9e25320896fa970b4ec3a9d107fbabf35aa3711e6809863d9eacffd520",
"total": 74
},
{
"date": "2021-04-13 11:35:12",
"positives": 16,
"sha256": "e437c669788cd5d3714d3fcec89d69457ecd61adc3ce3b3451354c7c705fce9f",
"total": 74
},
{
"date": "2021-04-13 11:07:59",
"positives": 17,
"sha256": "c7c1d6fe52ffed91223284ac38b6e5ae089b268a145e2f9f11a47d35bd18f965",
"total": 74
},
{
"date": "2021-03-29 02:20:12",
"positives": 2,
"sha256": "b9f2c0da284ee280575d32dd84b3dac78c7a26988490fe101f18f39dfbc3e593",
"total": 74
},
{
"date": "2021-04-13 11:30:00",
"positives": 49,
"sha256": "6d16a19819ab3109a232fafe0e41065a71a5d6d5aa94621e0f6dc86ca9dbe211",
"total": 75
},
{
"date": "2021-03-29 02:13:56",
"positives": 4,
"sha256": "31865f8fa4485a5b0be98e0201695aa088bc990e91fdd7e76d4edcfc727d909b",
"total": 74
},
{
"date": "2021-04-13 11:24:03",
"positives": 53,
"sha256": "8c88519cc8e6fa7f6aa5aec64cac379926057eb18b34094a20c8100f66f38a6d",
"total": 75
},
{
"date": "2021-04-13 11:20:14",
"positives": 27,
"sha256": "8c924794d3923a6f51a496fc84a9f0037ce4f451e7c0fadb830cf76fa41e49c0",
"total": 74
},
{
"date": "2021-04-13 11:21:36",
"positives": 39,
"sha256": "8c8e4869d70d0330bb2d246157ac6eda4fafdb0a49f0b02be08602a6ec1dd762",
"total": 74
},
{
"date": "2021-04-13 11:17:53",
"positives": 38,
"sha256": "8c8972e2bab903ada41cb7e1d9db833b9ef7164d799c5d18a00b0f7e72ae7b91",
"total": 74
},
{
"date": "2021-04-13 11:12:39",
"positives": 55,
"sha256": "c71fed9fdcf7b01142792628d809a476a2a6cee7382425d3e4c1257b53605f98",
"total": 75
},
{
"date": "2021-04-13 11:11:40",
"positives": 55,
"sha256": "8c89bcab68f478830cd3b8e221060e6cf8f6986cd24c8be3e194c7b5bbf97917",
"total": 75
},
{
"date": "2021-04-13 11:04:54",
"positives": 59,
"sha256": "8bcdaa5c203e5b0e3625ffa74450e926afcf68fe884016f7dc8af5d9dc624588",
"total": 75
},
{
"date": "2021-04-13 11:05:05",
"positives": 58,
"sha256": "8bec045a9fd5a773a0003f59034c5f1f9aefcb58581410ace75076170b85ee93",
"total": 75
},
{
"date": "2021-04-13 11:05:08",
"positives": 58,
"sha256": "8bf5e163fdd195916e72c5a9292fb2c376354906b0fd3924e6416dc4e47aa632",
"total": 75
},
{
"date": "2021-04-13 11:04:52",
"positives": 56,
"sha256": "8bb65409c4b912be8eccc84e4c170c829b622832c930d972762905a1dfecfaf8",
"total": 75
},
{
"date": "2021-04-12 12:06:21",
"positives": 26,
"sha256": "8bda235e48d9da651e759a2a62ab9bb3a6952536e75c96eb5c163b728f5a167f",
"total": 75
},
{
"date": "2021-04-12 08:22:03",
"positives": 33,
"sha256": "8bbb95d7371101e68c47323d3a9aad2858e9bf76b5d46dcaab836c651dadcf1d",
"total": 75
},
{
"date": "2021-04-13 10:56:02",
"positives": 33,
"sha256": "8c91a402dc909ed3cf63e6a9586bf6e05ee518c4b693e64c902cf97816d150f7",
"total": 75
},
{
"date": "2021-04-13 10:56:06",
"positives": 3,
"sha256": "459d071829a5977e8c0f288be2cb473cd8cc44f450b65e8d8ddb240bccd59f84",
"total": 74
}
],
"Resolutions": [
{
"ip_address": "x.x.x.x",
"last_resolved": "2013-07-27 00:00:00"
},
{
"ip_address": "x.x.x.x",
"last_resolved": "2019-11-04 09:44:13"
},
],
"Subdomains": [],
"UnAVDetectedCommunicatingHashes": [
{
"date": "2021-04-13 08:44:59",
"positives": 0,
"sha256": "9ff8e09233ae7d2a31e2af560d0f23c30046bb1cdd7a2fcb9393d09c6bd4a925",
"total": 74
},
{
"date": "2021-04-13 07:58:52",
"positives": 0,
"sha256": "9d5e14e02a3adcc7972e43279f4147ef8d2073a57f5698f2d93f626e8807d817",
"total": 0
},
{
"date": "2021-04-13 06:57:53",
"positives": 0,
"sha256": "33730737dff653312e84d12a3d524b8aa5e19aaf91068c40c04385e5a415936e",
"total": 73
},
{
"date": "2021-04-12 07:13:43",
"positives": 0,
"sha256": "cebffba34f248b5ed6cd672d9c191459d8bf519e04b0c692dc86c8df853444fc",
"total": 74
},
{
"date": "2021-04-12 06:00:33",
"positives": 0,
"sha256": "9aeb15a10958fb07c2fd42180340a60eacf6b5eae0cfdc6c9593401403be3400",
"total": 0
},
{
"date": "2021-04-12 05:20:43",
"positives": 0,
"sha256": "073b67c61e60bd0a704c2bfcf3e10a5544a055a0ee367b90412c1a1257a1d3da",
"total": 74
},
{
"date": "2021-04-11 08:36:18",
"positives": 0,
"sha256": "3958f0c07a3e9c0f476ab5b87360f40182c7fdca523b5cc69b6479a88a059452",
"total": 74
},
{
"date": "2021-04-10 05:13:04",
"positives": 0,
"sha256": "083fdacff6294ad3c2aa9722a2a211060961e47c348643ce5d87e9863a2b70b7",
"total": 0
},
{
"date": "2021-04-09 14:27:00",
"positives": 0,
"sha256": "8c2090b65d25bfc863033dfc9767ebbed9792ffb2e70a090f22aa4d689956cea",
"total": 74
},
{
"date": "2021-04-08 22:48:26",
"positives": 0,
"sha256": "2ec98d41654712f8e514ae4289c6a1c65f62a291b80c017cbf50e31393dbba2c",
"total": 74
},
{
"date": "2021-04-08 06:40:33",
"positives": 0,
"sha256": "c54867b37513970f1585b4176642e0b914cc104979e905e6add47dfb6899b79e",
"total": 74
},
{
"date": "2021-04-08 03:49:47",
"positives": 0,
"sha256": "81b85ab7f868a2644bf65f24dbea9a5d5fb0980add17602c0179f65ae4b24e9f",
"total": 73
},
{
"date": "2021-04-07 10:19:10",
"positives": 0,
"sha256": "a333e59a164cd8003029e07e57c8656710a8b52b885aae826351677c5bee3f5f",
"total": 0
},
{
"date": "2021-04-07 10:10:57",
"positives": 0,
"sha256": "2205fe299eb92849d17b0efc5cb53db1369be40a845f88d3f4908e394d647909",
"total": 74
},
{
"date": "2021-04-07 07:52:59",
"positives": 0,
"sha256": "ecf3fd62079f659d31ff2293e782e13c1acd16c6341757a788722467f6136911",
"total": 0
},
{
"date": "2021-04-05 14:16:28",
"positives": 0,
"sha256": "30f86152b3ed7f6255ca10b0568f6ac71ae4674fd146b250832fea7c08e12a28",
"total": 74
},
{
"date": "2021-04-04 14:02:52",
"positives": 0,
"sha256": "ff43358c0bbdc1fa21234eaab2d091f5cab07a08bbcfd2e9c4fbbb2c888b9bdd",
"total": 75
},
{
"date": "2021-04-05 12:21:35",
"positives": 0,
"sha256": "d1f8b548a13f9163404149b822623ef66b42259f1dbf822bb3f45e200e5df837",
"total": 74
},
{
"date": "2021-04-02 15:50:25",
"positives": 0,
"sha256": "32acedef4dade6fed034179f5ea7471ae8afb3c5a375ed8748088d686077523d",
"total": 73
},
{
"date": "2021-04-01 16:52:38",
"positives": 0,
"sha256": "28612ccdfbd56ff674d1a6a132ebdb60e370976b03fada2dc20b53bed3531758",
"total": 0
},
{
"date": "2021-03-24 03:31:15",
"positives": 0,
"sha256": "376ed48303a45425e95e674f7a59c05d58bbf897a97e1753a74a3ce448dfc6e3",
"total": 75
},
{
"date": "2021-03-24 03:31:17",
"positives": 0,
"sha256": "07e2f15e7c2805defa7b34ee8086114525c7a75921430792894a94dc17852579",
"total": 75
},
{
"date": "2021-03-30 17:21:48",
"positives": 0,
"sha256": "01a3ecb648878993c59ec4a8c5113df381985b359ec3620ed98a7082e5f1b8fa",
"total": 0
},
{
"date": "2021-03-30 12:00:51",
"positives": 0,
"sha256": "464220016d9d1475ed3e3a7460e37f0468733a70e76b4372b05a56a24e782a31",
"total": 72
},
{
"date": "2021-03-30 09:31:18",
"positives": 0,
"sha256": "a8234d9240264b17c0e202ef4a521451cf91a7436671472f539e23768597a3e7",
"total": 74
},
{
"date": "2021-03-30 01:19:33",
"positives": 0,
"sha256": "a378b9128082b3c311a3305448dbb13b6e85b121f164602befbd4f6b6cf64012",
"total": 75
},
{
"date": "2021-03-21 10:30:57",
"positives": 0,
"sha256": "ff05ea38620518bae86f9213ede8ceb43b23f71d299802e87c531c2391659e16",
"total": 75
},
{
"date": "2021-03-28 07:13:43",
"positives": 0,
"sha256": "1ef52b71b557b2f4de5112aa52bdcb9d27368434550bdc707cc3a70c3d30cf1c",
"total": 74
},
{
"date": "2021-03-27 18:51:47",
"positives": 0,
"sha256": "90b52b9d8be0110d19a1e66ff4afc88f161d8a42b00c2899b1461f204fce1ce2",
"total": 0
},
{
"date": "2021-03-27 16:06:34",
"positives": 0,
"sha256": "38bdf7ec57cd818363335e41e84e6557b88666a53547c5d9f43f98fc2d4654c6",
"total": 0
},
{
"date": "2021-03-27 12:09:44",
"positives": 0,
"sha256": "9ceb70eba03e49782693d42fb8bd7eeaa4dfef58ab6a74c25b7973dee9a393cb",
"total": 0
},
{
"date": "2021-03-27 07:31:00",
"positives": 0,
"sha256": "a2ded103297b1556dc1c65b78f2f38c9157b7f4ad45802118afe552385f49ee4",
"total": 74
},
{
"date": "2021-03-26 01:19:18",
"positives": 0,
"sha256": "72d1ebd2df546ed67f8ceb269c56a9db15b494a0b4694fe566e909fed8856887",
"total": 75
},
{
"date": "2021-03-25 04:51:39",
"positives": 0,
"sha256": "b7f2d0479a6ba57321a60162fddea73bc556d907bad1717af352badd967d0eb3",
"total": 74
},
{
"date": "2021-03-23 08:48:29",
"positives": 0,
"sha256": "8a788af40d529d8720725fdc3cf9e4dcd6819c2bbdc74040471a56235fe6ed44",
"total": 75
},
{
"date": "2021-03-23 04:55:34",
"positives": 0,
"sha256": "2c4fb6fdef39ca787e8ca8d07529e6ab14429c9c31e1e2717aa5bef38b40547d",
"total": 75
},
{
"date": "2021-03-22 07:45:37",
"positives": 0,
"sha256": "4a99fbf9d7c4ba70536ee59990f2b91b1c36ecda78b8075338441509d4165e0f",
"total": 75
},
{
"date": "2021-03-22 01:07:30",
"positives": 0,
"sha256": "edf70fcaa011f53a014f7ee65d66be0515fc8ee567b7b543f38c822f1cee2abf",
"total": 73
},
{
"date": "2021-03-22 01:06:33",
"positives": 0,
"sha256": "3eeae2cba7ca59ce61fa085ab3afa7c43894c181fd5c8ed00eebae2518e06561",
"total": 75
},
{
"date": "2021-03-22 01:04:33",
"positives": 0,
"sha256": "55fd6c3125e8fefc3a0a730c17d6895b6525451924a18777ec60ad69b02d7f9b",
"total": 75
},
{
"date": "2021-03-22 01:03:56",
"positives": 0,
"sha256": "f06586ecc69360c30f8634172208a12a894a1ad8f3b20ab910b59923e395b564",
"total": 73
},
{
"date": "2021-03-20 15:44:12",
"positives": 0,
"sha256": "3403b62ce4ad37a968bf9d3a841fa0a7f1f48b91da2c550b502a24a65cb9126e",
"total": 0
},
{
"date": "2021-03-20 12:20:08",
"positives": 0,
"sha256": "d55db1b78c494e80907f5ef249d6ef5ba895568e9370e2473cfe0fa47cc76aa0",
"total": 75
},
{
"date": "2021-03-18 00:46:08",
"positives": 0,
"sha256": "4d661d8e1257f35d4a3ff9fbb59e469e4a324c64a05fa65d246bb2479a86cee6",
"total": 0
},
{
"date": "2021-03-17 08:27:43",
"positives": 0,
"sha256": "2414ff9def2f33ac6c9adb8e4c56a1c79c6410940052faa15c91f619368ca945",
"total": 74
},
{
"date": "2021-03-17 02:51:59",
"positives": 0,
"sha256": "ec199cde83563c4bdf8551265054e3c558066933920f34c6a24e96508e6ab5af",
"total": 75
},
{
"date": "2021-03-16 21:44:35",
"positives": 0,
"sha256": "9961267c1210a290f43eaddbc9e1a68b1e15a15b964e841f68309a759c55e722",
"total": 75
},
{
"date": "2021-03-16 09:39:26",
"positives": 0,
"sha256": "926d501053710dd3bb6b8bc08f6432f633349fddc0f279cbc4c20ee5c1cf4293",
"total": 0
},
{
"date": "2021-03-16 07:52:37",
"positives": 0,
"sha256": "1c41d2657116754078cadc0d46d154e118cbf3bcdbb054ee19ca21a869ff71bb",
"total": 74
},
{
"date": "2021-03-15 22:43:10",
"positives": 0,
"sha256": "ff19eee38b60874aff7611df12870d3873cf79a9e7e478b849f2c77838e9115b",
"total": 73
}
],
"UnAVDetectedDownloadedHashes": [
{
"date": "2021-03-27 08:16:44",
"positives": 0,
"sha256": "ea8fac7c65fb589b0d53560f5251f74f9e9b243478dcb6b3ea79b5e36449c8d9",
"total": 74
},
{
"date": "2019-06-11 23:35:41",
"positives": 0,
"sha256": "4ff8742a8007a9fd554675e6d94f94e72d74163871961952e44449cfb1907851",
"total": 71
},
{
"date": "2019-10-14 07:58:03",
"positives": 0,
"sha256": "3587cb776ce0e4e8237f215800b7dffba0f25865cb84550e87ea8bbac838c423",
"total": 70
},
{
"date": "2018-05-14 00:07:24",
"positives": 0,
"sha256": "1c11c4246b306b5d74cea14ff787b4763bd6413d9b8c37e40f20a6b21b603c79",
"total": 57
},
{
"date": "2018-05-03 00:06:02",
"positives": 0,
"sha256": "ba85b4903f044b3eb20df400f97f33d8ed96dd8d43edd9cb84e3bcfc900649ff",
"total": 60
},
{
"date": "2017-10-24 23:23:47",
"positives": 0,
"sha256": "d9f7e0aa1bff501986995b7c69742a14f373819ab6ecd599af29d67f9d8b4794",
"total": 60
},
{
"date": "2017-06-28 09:57:27",
"positives": 0,
"sha256": "991d8e217a039406c56753de79744d7a02c6a86ee2a97d740b8815e9f42c5d29",
"total": 56
},
{
"date": "2017-02-11 20:10:52",
"positives": 0,
"sha256": "2000f27da89d0034703895d71bb046b89b58ff64d08bf506824bd3bcae56b334",
"total": 55
},
{
"date": "2013-04-25 11:05:19",
"positives": 0,
"sha256": "9332592b1b6ee784ab0c775cbf511fb339c5687c21900bdbc9bb44a44aa330d3",
"total": 46
}
],
"UnAVDetectedReferrerHashes": [
{
"date": "2021-04-13 12:10:17",
"positives": 0,
"sha256": "42d4d43c64d9f9d2238dd9f5eca711f1b429dcdc867fc3988e22fa1518a27cc3",
"total": 75
},
{
"date": "2021-04-13 12:08:08",
"positives": 0,
"sha256": "0e98240f3654c63cf599927b35a4ca30b2abbc13dd8b75936f7223be074e188c",
"total": 74
},
{
"date": "2021-04-13 12:02:48",
"positives": 0,
"sha256": "59fec080c5297cc6ca47a1c362aed12c63458f44eca2890871472c0a3e008309",
"total": 74
},
{
"date": "2021-04-13 11:57:36",
"positives": 0,
"sha256": "31ccb44717eeab6fa2d648f7161db368d3696d80d1adb3537d440c0dad2b67d9",
"total": 74
},
{
"date": "2021-04-13 11:43:34",
"positives": 0,
"sha256": "8b1a9566070e5d937a8b27394beeedbc50c3b390656ea7250bab9bac8c28840d",
"total": 74
},
{
"date": "2021-04-13 11:57:29",
"positives": 0,
"sha256": "405ecd80c2ef2618ac60a68d514498cc99a86f17ebd0a2c7478bb8d5700a04e3",
"total": 72
},
{
"date": "2021-04-13 11:53:58",
"positives": 0,
"sha256": "51660ab4e7e4c5588424577d34697f7b5d2474dfc376047ad7ada9dd38061b3c",
"total": 73
},
{
"date": "2021-04-13 11:42:46",
"positives": 0,
"sha256": "c0ae9cc4e8ace5539bdf82aeba8ef4b55489799639e0d88179cb671b50e733bc",
"total": 74
},
{
"date": "2021-04-13 11:51:54",
"positives": 0,
"sha256": "5689671d166dfb4859b1b9cc02d7af2f3dc6ace98f564a53993f9a2789a4c4a0",
"total": 74
},
{
"date": "2021-04-13 11:50:48",
"positives": 0,
"sha256": "6301b609b945297f02b33cd14c1ac6002177ed3b84da3ca84f6774ad30df1967",
"total": 74
},
{
"date": "2021-04-13 11:47:12",
"positives": 0,
"sha256": "f7248c83625c4ad8d1b9c3a0fdf23deff11cbff7c25d5b2942acba95e92a4e31",
"total": 74
},
{
"date": "2021-04-13 11:35:20",
"positives": 0,
"sha256": "76e5558fb3552de0bb7e4db65d2c0c3e9d41179a5e2ca1fd2dcd4bba4544e8d2",
"total": 74
},
{
"date": "2021-04-13 11:42:35",
"positives": 0,
"sha256": "8c7c6c2ad4be26fc24247c7c5b254cf520602e2b598fb648c6fc66faa5defbda",
"total": 74
},
{
"date": "2021-04-13 11:38:11",
"positives": 0,
"sha256": "ffad7aae49dd1349114b6efd2ca6c9fefba63cec5c8dbba6a73276fe7657df32",
"total": 74
},
{
"date": "2021-04-13 11:30:08",
"positives": 0,
"sha256": "12feafe949b47c97fe1f485b04e4643e7f0fd7e74259912795ee61d878c54fc3",
"total": 74
},
{
"date": "2021-04-13 11:10:42",
"positives": 0,
"sha256": "d8e24b79e82f272d2f07d16b900221cec8d89aa20958b9c31aaab23c25c73306",
"total": 74
},
{
"date": "2021-04-13 11:31:56",
"positives": 0,
"sha256": "4073952c7de8c93359294ebabaa072e0517f4e178d33b5470c5c59016e8c0b57",
"total": 73
},
{
"date": "2021-04-13 11:30:02",
"positives": 0,
"sha256": "c7802d36322159fbd4b0102fdd1ed2eab4c08c6cd864f5ebbca7a14120782ee9",
"total": 72
},
{
"date": "2021-04-13 10:56:04",
"positives": 0,
"sha256": "969dfdfa27ea0dd21b0d29a75e51dd0803a34c24f99e66fb5b7c14ac3871328b",
"total": 75
},
{
"date": "2021-04-13 11:17:39",
"positives": 0,
"sha256": "d9bcc103dfb10fc11c7c6f5360a377c8e5902040be6b4ad3fcc13d44d26cdfcc",
"total": 74
},
{
"date": "2021-04-13 11:22:02",
"positives": 0,
"sha256": "18c284237c17282ef786cd14d8b41b151458397661aaf46d9081745bb763a4de",
"total": 74
},
{
"date": "2021-04-13 11:12:49",
"positives": 0,
"sha256": "c6ce3196f8ebbaa8fd34efac23e742be0ceece3a637ae7ecdb0ea410237423d6",
"total": 74
},
{
"date": "2021-04-13 11:16:46",
"positives": 0,
"sha256": "08b310f469487c3e19e5ecb871aa16973be1adca882a87c1650eb49580086fcc",
"total": 74
},
{
"date": "2021-04-13 11:15:55",
"positives": 0,
"sha256": "e7e98804bc4aac970de3807e5b3e4b27eb8e8ee3c965b3883f52793991c3dba7",
"total": 74
},
{
"date": "2021-04-13 11:11:01",
"positives": 0,
"sha256": "166774884d53f94db1e0b1a058ff1c31a788df64580b72094f2e3b4712a6d105",
"total": 74
},
{
"date": "2021-04-13 11:11:28",
"positives": 0,
"sha256": "32761230ba1f96e63be016eaa95b2800057e4fe217d4bc9bd5e7a80967470129",
"total": 73
},
{
"date": "2021-04-13 10:51:33",
"positives": 0,
"sha256": "984eae0809959efd8d503e3b1b68d1bfef58df46f50357bcbbcab029cf7f3531",
"total": 74
},
{
"date": "2021-04-13 10:58:33",
"positives": 0,
"sha256": "0f3d1caadb32d9eba8759b8c7108ad04a596167adf15e9be3b493936f4b90265",
"total": 74
},
{
"date": "2021-04-13 10:58:57",
"positives": 0,
"sha256": "9e0a6f55801d11b354d6e372ab1da816ab2d982f7755725ce59442507062d946",
"total": 73
},
{
"date": "2021-04-13 10:55:31",
"positives": 0,
"sha256": "26531f10c9021541eadf37921805e49ef32dbf621a872f82b9a636ad70429086",
"total": 74
},
{
"date": "2021-04-13 10:53:13",
"positives": 0,
"sha256": "eb9834e0e22049e68f7b84bce3ac0da93f8396c958e77f4c886100e9f148e01e",
"total": 74
},
{
"date": "2021-04-13 10:46:18",
"positives": 0,
"sha256": "e68c0e2cfb2a2b33e5268f6343cbf0b68b8e332eb13d5b36bc5288b96f797be6",
"total": 74
},
{
"date": "2021-04-13 10:44:03",
"positives": 0,
"sha256": "f828458311f5c2020a559fb237d87e8be3a020debbe17ac7750aa8c07f05ef92",
"total": 74
},
{
"date": "2021-04-13 10:45:08",
"positives": 0,
"sha256": "151fce19a2131e99c396eb8616ffe9064fee2006b801f6efcd19acaba96752af",
"total": 74
},
{
"date": "2021-04-13 10:42:56",
"positives": 0,
"sha256": "b71a84c24023945b5e7d775cc953a58fc73212bfc07c9e3ea269c740f1bfa17f",
"total": 73
},
{
"date": "2021-04-13 10:39:14",
"positives": 0,
"sha256": "ce3af97a274fc0ff0c28d4025e3ba4da7e8c46eab088a9e6d2aa62b5dc34b8d2",
"total": 73
},
{
"date": "2021-04-13 10:38:19",
"positives": 0,
"sha256": "d28c11ec140cf749dcbd9f6f8f5c98a8bd8068770f586ba6ac9f53de81edd691",
"total": 74
},
{
"date": "2021-04-13 10:34:41",
"positives": 0,
"sha256": "fc8b6f2666973c890ed34b2dbd15e74d834ce761d2d82e048cb6b38797a18a71",
"total": 74
},
{
"date": "2021-04-13 10:34:25",
"positives": 0,
"sha256": "5753f0d3556c3c7ccdc3a16d21246f76c6ad323b2b55ceed5175960e7a6ea476",
"total": 74
},
{
"date": "2021-04-13 10:14:33",
"positives": 0,
"sha256": "02b1913e506dd88b5200ec3e846c46c7832ee8992045628706ca1cc87ad7d0ef",
"total": 74
},
{
"date": "2021-04-13 10:17:31",
"positives": 0,
"sha256": "ffc2ee00007156875f579937e07021e0fc493184018814520cb9430480054e33",
"total": 74
},
{
"date": "2021-04-13 10:03:38",
"positives": 0,
"sha256": "a714741710992455a1a71163755b2c8396a53a9882e5714864a6460b47f69d8e",
"total": 73
},
{
"date": "2021-04-13 10:10:43",
"positives": 0,
"sha256": "c58426d8cd15d978f4211678bb80056496184068850c3bbc532909efa55dabe9",
"total": 73
},
{
"date": "2021-04-13 10:06:16",
"positives": 0,
"sha256": "e6bef08d062627965174eb9f48ae2f6165d15c9804107a249f54f62a91204511",
"total": 73
},
{
"date": "2021-04-13 10:05:17",
"positives": 0,
"sha256": "670c1734c279205a4abafd18d859172f12083f6d1d33b2fc8a1a1b37f85c2458",
"total": 74
},
{
"date": "2021-04-13 10:00:17",
"positives": 0,
"sha256": "f52b47763375603157e3e79f290ab0ae5d6b2bef6c5d04861a9714043eac9555",
"total": 74
},
{
"date": "2021-04-13 09:59:06",
"positives": 0,
"sha256": "fc0a99614f754dc863528ceca5f166e3d81c9a641cae2f458e4972791b431db6",
"total": 74
},
{
"date": "2021-04-13 09:40:33",
"positives": 0,
"sha256": "63fb10579256883326391291c451de9ecd7e6831ed3edd51535376b882d5b333",
"total": 74
},
{
"date": "2021-04-13 09:31:56",
"positives": 0,
"sha256": "53afe10be3ef39bd2ba8233cd058057683dea6c02805011d5331ee7a795bb9ba",
"total": 74
},
{
"date": "2021-04-13 09:44:27",
"positives": 0,
"sha256": "3f3d834df6b986189780b68cc058ae239f6bd554bba4807a9c8e9a41a0df0266",
"total": 73
}
],
"Whois": "Creation Date: 1995-08-14T04:00:00Z\nDNSSEC: signedDelegation\nDomain Name: EXAMPLE.COM\nDomain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited\nDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\nDomain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited\nName Server: A.IANA-SERVERS.NET\nName Server: B.IANA-SERVERS.NET\nRegistrar IANA ID: 376\nRegistrar URL: http://example.example.org\nRegistrar WHOIS Server: whois.iana.org\nRegistrar: RESERVED-Internet Assigned Numbers Authority\nRegistry Domain ID: 2336799_DOMAIN_COM-VRSN\nRegistry Expiry Date: 2021-08-13T04:00:00Z\nUpdated Date: 2020-08-14T07:02:37Z\ncreated: 1992-01-01\ndomain: EXAMPLE.COM\norganisation: Internet Assigned Numbers Authority\nsource: IANA"
}
}
}VT Link: example.com Detected URL count: 100 Detected downloaded sample count: 0 Undetected downloaded sample count: 9 Detected communicating sample count: 100 Undetected communicating sample count: 100 Detected referrer sample count: 100 Undetected referrer sample count: 100 Resolutions count: 4
Creation Date: 1995-08-14T04:00:00Z DNSSEC: signedDelegation Domain Name: EXAMPLE.COM Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: A.IANA-SERVERS.NET Name Server: B.IANA-SERVERS.NET Registrar IANA ID: 376 Registrar URL: http://example.example.org Registrar WHOIS Server: whois.iana.org Registrar: RESERVED-Internet Assigned Numbers Authority Registry Domain ID: 2336799_DOMAIN_COM-VRSN Registry Expiry Date: 2021-08-13T04:00:00Z Updated Date: 2020-08-14T07:02:37Z created: 1992-01-01 domain: EXAMPLE.COM organisation: Internet Assigned Numbers Authority source: IANA
Submits a file for scanning.
file-scan
| Argument Name | Description | Required |
|---|---|---|
| entryID | The file entry ID to submit. | Required |
| uploadURL | Private API extension. Special upload URL for files larger than 32 MB. | Optional |
| Path | Type | Description |
|---|---|---|
| vtScanID | unknown | Scan IDs of the submitted files. |
| vtLink | string | Virus Total permanent link. |
Re-scans an already submitted file. This avoids having to upload the file again.
file-rescan
| Argument Name | Description | Required |
|---|---|---|
| file | Hash of the file to re-scan. Supports MD5, SHA1, and SHA256. | Required |
| Path | Type | Description |
|---|---|---|
| vtScanID | unknown | Scan IDs of the submitted files. |
| vtLink | string | Virus Total permanent link. |
Scans a specified URL.
url-scan
| Argument Name | Description | Required |
|---|---|---|
| url | The URL to scan. | Required |
| Path | Type | Description |
|---|---|---|
| vtScanID | unknown | Scan IDs of the submitted URLs. |
| vtLink | string | Virus Total permanent link. |
!url-scan url=https://example.com using=vt
{
"vtLink": [
"https://www.virustotal.com/gui/url/0f115db062b7c0dd030b16878c99dea5c354b49dc37b38eb8846179c7783e9d7/detection/u-0f115db062b7c0dd030b16878c99dea5c354b49dc37b38eb8846179c7783e9d7-1618315592"
],
"vtScanID": [
"0f115db062b7c0dd030b16878c99dea5c354b49dc37b38eb8846179c7783e9d7-1618315592"
]
}VirusTotal URL scan for: https://example.com/
Scan ID: 0f115db062b7c0dd030b16878c99dea5c354b49dc37b38eb8846179c7783e9d7-1618315592 Scan Date: 2021-04-13 12:16:00
Adds comments to files and URLs.
vt-comments-add
| Argument Name | Description | Required |
|---|---|---|
| resource | The file hash (MD5, SHA1, or SHA256) or URL on which you're commenting. | Required |
| comment | The actual review, which you can tag by using the "#" twitter-like syntax, for example, #disinfection #zbot, and reference users using the "@" syntax, for example, @VirusTotalTeam). | Required |
There is no context output for this command.
!vt-comments-add resource=paloaltonetworks.com resource_type=domain comment="this is a comment" using=vt
Invalid resource
Private API. Get a special URL for files larger than 32 MB.
vt-file-scan-upload-url
| Argument Name | Description | Required |
|---|
| Path | Type | Description |
|---|---|---|
| vtUploadURL | unknown | The special upload URL for large files. |
Private API. Retrieves comments for a given resource.
vt-comments-get
| Argument Name | Description | Required |
|---|---|---|
| resource | The file hash (MD5, SHA1, orSHA256) or URL from which you're retrieving comments. | Required |
| before | Datetime token in the format YYYYMMDDHHMISS. You can use this for paging. | Optional |
There is no context output for this command.
!vt-comments-get resource=https://paloaltonetworks.com using=vt