In [10]:
import os
from dotenv import load_dotenv
load_dotenv()
import requests
import logging
from typing import List, Dict
import base64

In [11]:
VIRUSTOTAL_API_KEY = os.getenv('VIRUSTOTAL_API_KEY')
logger = logging.getLogger(__name__)

In [None]:
def collect_virustotal_threats(url:str) -> List[Dict]:
    try:
        url_encode=base64.urlsafe_b64encode(url.encode()).decode().strip('=')
        headers = {
            'x-apikey': VIRUSTOTAL_API_KEY
        }
        url_id = requests.get(
            f'https://www.virustotal.com/api/v3/urls/{url_encode}',
            headers=headers
        ).json()
        analysis_response = requests.get(
            f'https://www.virustotal.com/api/v3/analyses/{url_id["data"]["id"]}',
            headers=headers
        ).json()
        return {
            'malicious_count': analysis_response.get('malicious', 0),
            'suspicious_count': analysis_response.get('suspicious', 0),
            'harmless_count': analysis_response.get('harmless', 0),
            'undetected_count': analysis_response.get('undetected', 0)
        }
    
    except Exception as e:
        logger.error(f"VirusTotal Analysis Error: {e}")
        return {'error': str(e)}

In [16]:
collect_virustotal_threats("https://example.com")

aHR0cHM6Ly9leGFtcGxlLmNvbQ
{'data': {'id': '0f115db062b7c0dd030b16878c99dea5c354b49dc37b38eb8846179c7783e9d7', 'type': 'url', 'links': {'self': 'https://www.virustotal.com/api/v3/urls/0f115db062b7c0dd030b16878c99dea5c354b49dc37b38eb8846179c7783e9d7'}, 'attributes': {'last_http_response_content_sha256': 'ea8fac7c65fb589b0d53560f5251f74f9e9b243478dcb6b3ea79b5e36449c8d9', 'url': 'https://example.com/', 'redirection_chain': ['https://example.com/'], 'threat_names': [], 'targeted_brand': {'SafeToOpen': ''}, 'last_http_response_code': 200, 'total_votes': {'harmless': 13, 'malicious': 2}, 'crowdsourced_context': [{'source': 'ArcSight Threat Intelligence', 'timestamp': 1692891969, 'details': "Contextual Indicators: The domain’s Cisco Umbrella rank is 8898\n\nContextual Indicators: The URL is known benign by Check Point's Threat Cloud\n\nContextual Indicators: The domain is popular among websites with good reputation\n\nContextual Indicators: The domain is popular in the world\n\nCreated On: 19

{'malicious_count': 0,
 'suspicious_count': 0,
 'harmless_count': 0,
 'undetected_count': 0}