VirusTotal Analysis

the virustotal analysis connector enables automated interactions with virustotal's services, allowing for file and url analysis directly from the swimlane platform virustotal is a renowned service for analyzing and detecting malware in files, urls, domains, and ip addresses this connector enables swimlane turbine users to automate the submission and retrieval of analysis reports, enhancing threat intelligence and incident response capabilities by integrating with virustotal analysis, users can efficiently validate and investigate potential threats, streamline security workflows, and contribute to the broader security community's knowledge base prerequisites to effectively utilize the virustotal analysis connector with swimlane turbine, ensure you have the following api key authentication with the necessary parameters url the endpoint url for the virustotal api services api key your personal api key provided by virustotal to access their services public key in order to get the api key, you must first register with the virustotal community by going https //www virustotal com/gui/sign in then click new? join the community provide a name, email, username, and password once complete, click join us an activation link will be sent to the email you provided click on the activation link to activate your virustotal community membership return to the virustotal homepage and click the blue message icon on the lower right hand corner of the homepage this will bring up the virustotal bot window click the option, i have a feed of new files that i can upload, i want free api quota to do so a window opens where you can create a message to virustotal complete the subject and email fields and then include a simple message stating why you need a free api key once virustotal reviews your message, you can sign into your account and find your public api in the corresponding menu item, api key, under your username premium key login to your account click your username and then click api key click request premium api key fill out the request prompt on this page required fields include "company size", "company country", and "already paying customer?" virus total will respond to your request capabilities this connector has the capability to get different kinds of reports including domain, file hash, ip, and url reports virustotal is also able to scan either a file or a url analyse a url analyse file analyses get delete a private file report get a domain report get a file report get a private file report get a url for uploading large files get a url report get a widget rendering url get an ip address report get list of private files get object descriptors related to a file get objects related to a private file reanalyse file and so on asset setup the asset requires an api key to use if your organization requires the use of a proxy, then that proxy can be used during the asset setup the public api is limited to 500 requests per day and a rate of 4 requests per minute must not be used in commercial products or services must not be used in business workflows that do not contribute new files notes for more information on virustotal https //developers virustotal com/v3 0/ https //developers virustotal com/v3 0/reference#public vs premium api https //support virustotal com/hc/en us/articles/115002088769 please give me an api key configurations virustotal api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x apikey api key string required error status code the status codes more than 300 can also be used boolean optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions analyse a url submits a url to virustotal for comprehensive security analysis and returns the results, requiring a data body input endpoint url api/v3/urls method post input argument name type required description data body object required data body data body url string required url to analyse input example {"data body" {"url" "https //example com/api/resource"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data type string response data data id string response data data links object response data data links self string response data output example {"status code" 200,"response headers" {"content type" "application/json","vary" "accept encoding","content encoding" "gzip","x cloud trace context" "bae3ee6e9bb6214c9bd1fe4cd0dab04a;o=1","date" "wed, 06 mar 2024 15 19 50 gmt","server" "google frontend","cache control" "private","transfer encoding" "chunked"},"reason" "ok","json body" {"data" {"type" "analysis","id" "u dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf 1709738102","links" {}}}} analyse file initiates a comprehensive threat analysis on specified files using virustotal, requiring the 'files' input endpoint url api/v3/files method post input argument name type required description files object required file to be analysed files file string optional parameter for analyse file files file name string optional name of the resource input example {"files" {"file" "string","file name" "example name"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data type string response data data id string response data output example {"status code" 200,"response headers" {"cache control" "no cache","content type" "application/json; charset=utf 8","x cloud trace context" "a5acdfac6cf89cdca49f7b3fbc7f5a51","date" "fri, 21 oct 2022 23 00 30 gmt","server" "google frontend","content length" "128"},"reason" "ok","json body" {"data" {"type" "analysis","id" "mgiynmuzmtnlzdrhn2nhnjkwngiwztkznjllnwi5ntc6mty2njm5mzizma=="}}} get analyses retrieve detailed results of a specific virustotal analysis using the provided unique analysis id endpoint url api/v3/analyses/{{id}} method get input argument name type required description path parameters id string required analyses id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta file info object output field meta file info meta file info sha256 string output field meta file info sha256 meta url info object url endpoint for the request meta url info url string url endpoint for the request meta url info id string url endpoint for the request data object response data data attributes object response data data attributes date number response data data attributes status string response data data attributes stats object response data data attributes stats harmless number response data data attributes stats malicious number response data data attributes stats suspicious number response data data attributes stats undetected number response data data attributes stats timeout number response data data attributes results object response data data attributes results cmc threat intelligence object response data data attributes results cmc threat intelligence category string response data data attributes results cmc threat intelligence result string response data data attributes results cmc threat intelligence method string response data data attributes results cmc threat intelligence engine name string response data data attributes results snort ip sample list object response data output example {"status code" 200,"response headers" {"content type" "application/json","x cloud trace context" "9329b5c3a5d9b073bf06159442868317","date" "wed, 12 oct 2022 18 39 23 gmt","server" "google frontend","content length" "21095"},"reason" "ok","json body" {"meta" {"file info" {},"url info" {}},"data" {"attributes" {},"type" "analysis","id" "u c93bb9e8e5bb2cd834049c9640361aeb17a124e95c9f0655eeb6a3a422f4c229 1660246342","links" {}}}} delete a private file report removes a private file and associated data from virustotal storage by using the provided file id, with optional storage only deletion endpoint url api/v3/private/files/{{file id}} method delete input argument name type required description path parameters file id string required file's sha 256 parameters only from storage boolean optional if true, only the file will be deleted from storage, but the generated reports and analyses won't input example {"parameters" {"only from storage"\ false},"path parameters" {"file id" "d5f5219fcedff1bc168504efa3def41d300a9307181a37e31c19aa11b811555c"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 200,"response headers" {"content type" "text/html; charset=utf 8","x cloud trace context" "39a82051ea701901ee7da8de8e56bd36","date" "wed, 12 jun 2024 07 21 32 gmt","server" "google frontend","content length" "0"},"reason" "ok","response text" ""} get a domain report retrieve a comprehensive report for a specific domain from virustotal analysis, detailing security data and activity logs endpoint url /api/v3/domains/{{domain}} method get input argument name type required description path parameters domain string required domain name input example {"path parameters" {"domain" "swimlane com"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data id string response data data type string response data data links object response data data links self string response data data attributes object response data data attributes total votes object response data data attributes total votes harmless number response data data attributes total votes malicious number response data data attributes last https certificate object response data data attributes last https certificate cert signature object response data data attributes last https certificate cert signature signature algorithm string response data data attributes last https certificate cert signature signature string response data data attributes last https certificate extensions object response data data attributes last https certificate extensions key usage array response data data attributes last https certificate extensions extended key usage array response data data attributes last https certificate extensions ca boolean response data data attributes last https certificate extensions subject key identifier string response data data attributes last https certificate extensions authority key identifier object response data data attributes last https certificate extensions ca information access object response data data attributes last https certificate extensions subject alternative name array response data data attributes last https certificate extensions certificate policies array response data data attributes last https certificate extensions 1 3 6 1 4 1 11129 2 4 2 string response data output example {"data" {"id" "12345678 1234 1234 1234 123456789abc","type" "string","links" {"self" "string"},"attributes" {"total votes" {},"last https certificate" {},"popularity ranks" {},"last modification date" 123,"registrar" "string","creation date" 123,"jarm" "string","tags" \[],"last analysis stats" {},"last dns records date" 123,"whois date" 123,"tld" "string","last https certificate date" 123,"last dns records" \[],"last analysis date" 123}}} get a file report retrieve a detailed report on a file's attributes and security assessments from virustotal using the file's unique id endpoint url /api/v3/files/{{id}} method get input argument name type required description path parameters id string required sha 256, sha 1 or md5 identifying the file input example {"path parameters" {"id" "c4f994a3bc2998e15a0c72a355f1ec2e1a03f555a7213237e256caf634084712"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data id string response data data type string response data data links object response data data links self string response data data attributes object response data data attributes last modification date number response data data attributes last analysis stats object response data data attributes last analysis stats malicious number response data data attributes last analysis stats suspicious number response data data attributes last analysis stats undetected number response data data attributes last analysis stats harmless number response data data attributes last analysis stats timeout number response data data attributes last analysis stats confirmed timeout number response data data attributes last analysis stats failure number response data data attributes last analysis stats type unsupported number response data data attributes tags array response data data attributes magic string response data data attributes last analysis date number response data data attributes md5 string response data data attributes ssdeep string response data data attributes sha256 string response data data attributes threat severity object response data output example {"data" {"id" "12345678 1234 1234 1234 123456789abc","type" "string","links" {"self" "string"},"attributes" {"last modification date" 123,"last analysis stats" {},"tags" \[],"magic" "string","last analysis date" 123,"md5" "string","ssdeep" "string","sha256" "string","threat severity" {},"type tags" \[],"bundle info" {},"type extension" "string","exiftool" {},"type description" "string","times submitted" 123}}} get a private file report retrieve a detailed report for a privately scanned file on virustotal using the provided unique file id endpoint url api/v3/private/files/{{file id}} method get input argument name type required description path parameters file id string required file's sha 256 input example {"path parameters" {"file id" "8e958dc75f488ba304bab672366a020b0d2870633a982ce7830f61b4fce4599e"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data id string response data data type string response data data links object response data data links self string response data data attributes object response data data attributes md5 string response data data attributes ssdeep string response data data attributes threat severity object response data data attributes threat severity version number response data data attributes threat severity threat severity level string response data data attributes threat severity threat severity data object response data data attributes threat severity last analysis date string response data data attributes threat severity level description string response data data attributes type extension string response data data attributes sandbox verdicts object response data data attributes sandbox verdicts os x sandbox object response data data attributes sandbox verdicts os x sandbox category string response data data attributes sandbox verdicts os x sandbox malware classification array response data data attributes sandbox verdicts os x sandbox sandbox name string response data data attributes sandbox verdicts os x sandbox confidence number response data data attributes sandbox verdicts zenbox object response data data attributes sandbox verdicts zenbox category string response data output example {"status code" 200,"response headers" {"content type" "application/json","vary" "accept encoding","content encoding" "gzip","x cloud trace context" "3d66aba4cb4dcee73a3382e699c91f80","date" "wed, 12 jun 2024 04 52 01 gmt","server" "google frontend","cache control" "private","transfer encoding" "chunked"},"reason" "ok","json body" {"data" {"id" "8e958dc75f488ba304bab672366a020b0d2870633a982ce7830f61b4fce4599e","type" "private file","links" {},"attributes" {}}}} get a url for uploading large files obtain a single use url from virustotal analysis for submitting large files for scanning and analysis endpoint url api/v3/private/files/upload url method get output parameter type description status code number http status code of the response reason string response reason phrase data string response data output example {"status code" 200,"response headers" {"content type" "application/json","vary" "accept encoding","content encoding" "gzip","x cloud trace context" "7f353f9791ca00df94952eaf34e7250b","date" "wed, 12 jun 2024 04 34 32 gmt","server" "google frontend","cache control" "private","transfer encoding" "chunked"},"reason" "ok","json body" {"data" "https //www virustotal com/ ah/upload/ammfu6y1ddqrvv nd2t8rzto8bafauyiy9bm2emlqq "}} get a url report retrieve a detailed url report from virustotal analysis using the unique identifier endpoint url /api/v3/urls/{{id}} method get input argument name type required description path parameters id string required url identifier or base64 representation of url to scan (w/o padding) input example {"path parameters" {"id" "4671ca02d929289d11f8855e109d4df50495f875f82cac91fce9d31742dad7ae"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data id string response data data type string response data data links object response data data links self string response data data attributes object response data data attributes last analysis results object response data data attributes last analysis results artists against 419 object response data data attributes last analysis results artists against 419 method string response data data attributes last analysis results artists against 419 engine name string response data data attributes last analysis results artists against 419 category string response data data attributes last analysis results artists against 419 result string response data data attributes last analysis results acronis object response data data attributes last analysis results acronis method string response data data attributes last analysis results acronis engine name string response data data attributes last analysis results acronis category string response data data attributes last analysis results acronis result string response data data attributes last analysis date number response data data attributes first submission date number response data data attributes last final url string response data data attributes html meta object response data data attributes html meta og\ image array response data data attributes html meta fb\ app id array response data output example {"data" {"id" "12345678 1234 1234 1234 123456789abc","type" "string","links" {"self" "string"},"attributes" {"last analysis results" {},"last analysis date" 123,"first submission date" 123,"last final url" "string","html meta" {},"times submitted" 123,"last submission date" 123,"favicon" {},"last analysis stats" {},"outgoing links" \[],"threat severity" {},"total votes" {},"last http response content sha256" "string","trackers" {},"last modification date" 123}}} get a widget rendering url generates a temporary url for virustotal visualizations, valid for 72 hours, using the specified 'query' parameter endpoint url /api/v3/widget/url method get input argument name type required description parameters query string required a file hash (md5, sha1 or sha256), url, ip address or a domain parameters fg1 string optional theme primary foreground color in hex notation parameters bg1 string optional theme primary background color in hex notation parameters bg2 string optional theme secondary background color in hex notation parameters bd1 string optional theme border color input example {"parameters" {"query" "google com","fg1" "","bg1" "","bg2" "","bd1" ""}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data id string response data data url string response data data detection ratio object response data data detection ratio detections number response data data detection ratio total number response data data type string response data data found boolean response data output example {"status code" 200,"response headers" {"content type" "application/json","vary" "accept encoding","content encoding" "gzip","x cloud trace context" "aaf8e85aaa1d10216fbefad5e8a52ab1","date" "mon, 06 may 2024 09 51 26 gmt","server" "google frontend","cache control" "private","transfer encoding" "chunked"},"reason" "ok","json body" {"data" {"id" "google com","url" "https //virustotal com/ui/widget/html/z29vz2xllmnvbxx8zg9tywlufhx7imjkmsi6icijng ","detection ratio" {},"type" "domain","found"\ true get an ip address report retrieve a comprehensive report for a specified ip address from virustotal analysis, detailing detected urls, samples, and associated data endpoint url /api/v3/ip addresses/{{ip}} method get input argument name type required description path parameters ip string required ip address input example {"path parameters" {"ip" "1 1 1 1"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data id string response data data type string response data data links object response data data links self string response data data attributes object response data data attributes last https certificate object response data data attributes last https certificate cert signature object response data data attributes last https certificate cert signature signature algorithm string response data data attributes last https certificate cert signature signature string response data data attributes last https certificate extensions object response data data attributes last https certificate extensions authority key identifier object response data data attributes last https certificate extensions subject key identifier string response data data attributes last https certificate extensions subject alternative name array response data data attributes last https certificate extensions certificate policies array response data data attributes last https certificate extensions key usage array response data data attributes last https certificate extensions extended key usage array response data data attributes last https certificate extensions crl distribution points array response data data attributes last https certificate extensions ca information access object response data data attributes last https certificate extensions ca boolean response data data attributes last https certificate extensions 1 3 6 1 4 1 11129 2 4 2 string response data data attributes last https certificate validity object response data data attributes last https certificate validity not after string response data output example {"data" {"id" "12345678 1234 1234 1234 123456789abc","type" "string","links" {"self" "string"},"attributes" {"last https certificate" {},"last analysis results" {},"tags" \[],"total votes" {},"whois date" 123,"jarm" "string","reputation" 123,"last modification date" 123,"whois" "string","network" "string","last https certificate date" 123,"asn" 123,"last analysis stats" {},"as owner" "string","last analysis date" 123}}} get list of private files retrieve a sorted list of private files analyzed by sha256 within virustotal analysis endpoint url api/v3/private/files method get input argument name type required description parameters limit number optional maximum number of files to retrieve (40 max) parameters cursor string optional continuation cursor input example {"parameters" {"limit" 10,"cursor" "test"}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data id string response data data type string response data data links object response data data links self string response data data attributes object response data data attributes type tags array response data data attributes magic string response data data attributes type tag string response data data attributes expiration number response data data attributes last analysis date number response data data attributes exiftool object response data data attributes exiftool ziprequiredversion string response data data attributes exiftool mimetype string response data data attributes exiftool zipcrc string response data data attributes exiftool filetype string response data data attributes exiftool zipcompression string response data data attributes exiftool zipuncompressedsize string response data data attributes exiftool zipcompressedsize string response data data attributes exiftool filetypeextension string response data data attributes exiftool zipfilename string response data data attributes exiftool zipbitflag string response data data attributes exiftool zipmodifydate string response data output example {"status code" 200,"response headers" {"content type" "application/json","vary" "accept encoding","content encoding" "gzip","x cloud trace context" "325dd351a80d08ba6930d367d8333377","date" "wed, 12 jun 2024 03 56 23 gmt","server" "google frontend","cache control" "private","transfer encoding" "chunked"},"reason" "ok","json body" {"data" \[{}],"meta" {"count" 1},"links" {"self" "https //www virustotal com/api/v3/private/files"}}} get object descriptors related to a file retrieve related descriptors for a file in virustotal using its unique id and specified relationship type, with required path parameters endpoint url api/v3/private/files/{{file id}}/relationships/{{relationship}} method get input argument name type required description path parameters file id string required file's sha 256 path parameters relationship string required relationship name parameters limit number optional maximum number of related objects to retrieve parameters cursor string optional continuation cursor input example {"parameters" {"limit" 10,"cursor" "test"},"path parameters" {"file id" "8e958dc75f488ba304bab672366a020b0d2870633a982ce7830f61b4fce4599e","relationship" "dropped files"}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data type string response data data id string response data data context attributes object response data data context attributes type string response data data context attributes paths array response data data context attributes present in public vt boolean response data meta object output field meta meta count number count value links object output field links links self string output field links self links related string output field links related output example {"status code" 200,"response headers" {"content type" "application/json","vary" "accept encoding","content encoding" "gzip","x cloud trace context" "4239f00ca721d6927f7ee1e940e1438f","date" "wed, 12 jun 2024 05 57 26 gmt","server" "google frontend","cache control" "private","transfer encoding" "chunked"},"reason" "ok","json body" {"data" \[{"type" "private file","id" "cf7dd672e9016cd7d582fd9fefb0731738126e15d4de1a27be0a673b40a38963","context attributes" {"type" "text","paths" \["c \\\users\\\user\\\a get objects related to a private file retrieve related urls, domains, ips, or hashes for a private file in virustotal using the file id and relationship type endpoint url api/v3/private/files/{{file id}}/{{relationship}} method get input argument name type required description path parameters file id string required file's sha 256 path parameters relationship string required relationship name parameters limit number optional maximum number of related objects to retrieve parameters cursor string optional continuation cursor input example {"parameters" {"limit" 10,"cursor" "test"},"path parameters" {"file id" "8e958dc75f488ba304bab672366a020b0d2870633a982ce7830f61b4fce4599e","relationship" "dropped files"}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data id string response data data type string response data data error object response data data error code string response data data error message string response data data context attributes object response data data context attributes type string response data data context attributes paths array response data data context attributes present in public vt boolean response data meta object output field meta meta count number count value links object output field links links self string output field links self output example {"status code" 200,"response headers" {"content type" "application/json","vary" "accept encoding","content encoding" "gzip","x cloud trace context" "41bf3f664c70d59d47cb30fb747a07c2","date" "wed, 12 jun 2024 05 26 16 gmt","server" "google frontend","cache control" "private","transfer encoding" "chunked"},"reason" "ok","json body" {"data" \[{"id" "cf7dd672e9016cd7d582fd9fefb0731738126e15d4de1a27be0a673b40a38963","type" "private file","error" {"code" "notfounderror","message" "private file with id reanalyse file initiates a new analysis of a previously submitted file in virustotal using the unique file identifier endpoint url api/v3/files/{{id}}/analyse method post input argument name type required description path parameters id string required sha 256, sha 1 or md5 identifying the file input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data type string response data data id string response data output example {"status code" 200,"response headers" {"cache control" "no cache","content type" "application/json; charset=utf 8","x cloud trace context" "5af2481b95d0acad2274bdbc5533dd7a","date" "wed, 12 oct 2022 18 42 18 gmt","server" "google frontend","content length" "128"},"reason" "ok","json body" {"data" {"type" "analysis","id" "nwrjmgmyotfmotviyji2mzkwnza3odnlmtuyotfinta6mty2ntywmdezoa=="}}} reanalyse url initiates a fresh analysis of a specified url in virustotal using the provided id to update its threat intelligence data endpoint url api/v3/urls/{{id}}/analyse method post input argument name type required description path parameters id string required id of url submission to reanalyse input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data type string response data data id string response data data links object response data data links self string response data output example {"status code" 200,"response headers" {"content type" "application/json","vary" "accept encoding","content encoding" "gzip","x cloud trace context" "8bef927cda509c116ee788b7ad5ea4e3","date" "wed, 06 mar 2024 15 51 25 gmt","server" "google frontend","cache control" "private","transfer encoding" "chunked"},"reason" "ok","json body" {"data" {"type" "analysis","id" "u dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf 1709739902","links" {}}}} rescan a private file initiates a new analysis of a private file on virustotal using the provided sha 256 hash and returns the analysis results endpoint url api/v3/private/files/{{file sha256}}/analyse method post input argument name type required description path parameters file sha256 string required file's sha256 hash parameters interaction sandbox string optional select the sandbox desired for interactive use parameters interaction timeout number optional interaction timeout in seconds, minimum value is 60 (1 minute ) max value is 1800 (30 minutes) input example {"parameters" {"interaction sandbox" "cape win","interaction timeout" 60},"path parameters" {"file sha256" "8e958dc75f488ba304bab672366a020b0d2870633a982ce7830f61b4fce4599e"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data type string response data data id string response data data links object response data data links self string response data output example {"status code" 200,"response headers" {"content type" "application/json","vary" "accept encoding","content encoding" "gzip","x cloud trace context" "d8a0c33bc1243c12385518c093fab11b","date" "wed, 12 jun 2024 06 16 48 gmt","server" "google frontend","cache control" "private","transfer encoding" "chunked"},"reason" "ok","json body" {"data" {"type" "private analysis","id" "ogfkndjmntfmyty3mdczndk0zmi0y2qyotcwmjhlzme6zmjkmtmzzmnhytbjytzjntk0nzdmnjezm2jj ","links" {}}}} retrieve the widgets html content retrieve the html content of a widget report from virustotal analysis using the specified token endpoint url /ui/widget/html/{{token}} method get input argument name type required description path parameters token string required this token is provided by the previous endpoint /widget/url headers object required http headers for the request headers user agent string required user agent input example {"path parameters" {"token" "string"},"headers" {"user agent" "mozilla/5 0"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 2 may 2024 20 37 23 gmt"},"reason" "ok"} search iocs & comments conduct a comprehensive search in virustotal for domains, ip addresses, files, urls, and comments using the 'query' parameter endpoint url api/v3/search method get input argument name type required description parameters query string required query to search input example {"parameters" {"query" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data attributes object response data data attributes last dns records array response data data attributes last dns records type string response data data attributes last dns records value string response data data attributes last dns records ttl number response data data attributes last dns records priority number response data data attributes last dns records rname string response data data attributes last dns records retry number response data data attributes last dns records refresh number response data data attributes last dns records minimum number response data data attributes last dns records expire number response data data attributes last dns records serial number response data data attributes jarm string response data data attributes whois string response data data attributes last https certificate date number response data data attributes tags array response data data attributes tags file name string response data data attributes tags file string response data data attributes popularity ranks object response data data attributes popularity ranks majestic object response data data attributes popularity ranks majestic timestamp number response data data attributes popularity ranks majestic rank number response data output example {"status code" 200,"response headers" {"content type" "application/json","x cloud trace context" "d877bd014fdf9d7d969c9c0bf0863748","date" "fri, 20 jan 2023 15 22 01 gmt","server" "google frontend","content length" "35417"},"reason" "ok","json body" {"data" \[{}],"links" {"self" "https //www virustotal com/api/v3/search?query=swimlane com"}}} search and analyse conduct a comprehensive search and analysis of domains, ips, files, urls, and comments in virustotal using the 'query' parameter endpoint url api/v3/search method get input argument name type required description parameters query string required query to search time delay in sec number optional time delay in seconds between analyses url and get analyses input example {"parameters" {"query" "https //security microsoft com/quarantine?id%3d16b8a2d6 8327 4cb5 e2cc 08dcce00c03b\\\7795a2c4 86b0 1332 694d a979ac6f20c9%26amp;recipientaddress%3d\@enc\@p/4m7sot%2bnpvnczve5vgui/vxve95xqqkgpcwq1e%2bzw59brdyueykfae9ahnqxxn8obw6kh1djnfg/iklbezlymk4f58o6mumvdsjsbaspfmai%2btkmlfar0m7zcfqo9i%26amp;action%3dblock"},"time delay in sec" 2} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data id string response data data type string response data data links object response data data links self string response data data links item string response data data attributes object response data data attributes status string response data data attributes date number response data data attributes stats object response data data attributes stats malicious number response data data attributes stats suspicious number response data data attributes stats undetected number response data data attributes stats harmless number response data data attributes stats timeout number response data data attributes results object response data data attributes results artists against 419 object response data data attributes results artists against 419 method string response data data attributes results artists against 419 engine name string response data data attributes results artists against 419 category string response data data attributes results artists against 419 result string response data data attributes results acronis object response data data attributes results acronis method string response data output example {"status code" 200,"response headers" {"content type" "application/json","vary" "accept encoding","content encoding" "gzip","x cloud trace context" "61a85eaebe158a5dffe86589e322fee5","date" "fri, 06 sep 2024 14 11 40 gmt","server" "google frontend","cache control" "private","transfer encoding" "chunked"},"reason" "ok","json body" {"data" {"id" "u ece7da7e8a4ab52ef6330c5cc94911124fdb42d8ca4180f58f2ae9897e87583e 1725630159","type" "analysis","links" {},"attributes" {}},"meta" {"url info" {},"file submit private url submission submit a private url to virustotal for analysis with the required data body input endpoint url /api/v3/private/urls method post input argument name type required description data body object required response data data body url string required response data input example {"data body" {"url" "http //example com"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data type string response data data id string response data data links object response data data links self string response data output example {"status code" 200,"response headers" {"content type" "application/json","vary" "accept encoding","content encoding" "gzip","x cloud trace context" "19810ab866940083c6b64e2a0bbeab58","date" "thu, 04 jul 2024 08 24 11 gmt","server" "google frontend","cache control" "private","transfer encoding" "chunked"},"reason" "ok","json body" {"data" {"type" "private analysis","id" "ogu2owq3zdq5mjmxy2vkyzlhmti3m2fmowfjmdfkytc6mmexyjqwmjqymgvmndy1nzc0nzfjzgm3nda5 ","links" {}}}} upload a private file privately upload a file to virustotal for analysis, requiring the file as form data endpoint url api/v3/private/files method post input argument name type required description data body object optional response data data body disable sandbox string optional if true, then the file won't be detonated in sandbox environments data body enable internet string optional if the file should have internet access when running in sandboxes data body intercept tls string optional intercept https/tls/ssl communication intercept https to view encypted urls, hostnames and http headers this is detectable by any sample that checks certificates, and makes ja3 hashes unusable data body command line string optional command line arguments to use when running the file in sandboxes data body password string optional optional, password to decompress and scan a file contained in a protected zip file data body retention period days number optional optional, number of days the report and file are kept in vt (between 1 and 28) if not set it defaults to the group's retention policy preference data body interaction sandbox string optional select the sandbox desired for interactive use data body interaction timeout number optional interaction timeout in seconds, minimum value 60(1 minute) max value 1800(30 minutes) data body storage region string optional optional, storage region where the file will be stored by default uses the group's private scanning storage region preference files object required privately upload and analyse a file files file string optional parameter for upload a private file files file name string optional name of the resource input example {"data body" {"disable sandbox" "false","enable internet" "false","intercept tls" "false","command line" "command line","password" "password","retention period days" 1,"storage region" "us"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data type string response data data id string response data data links object response data data links self string response data output example {"status code" 200,"response headers" {"content type" "application/json","vary" "accept encoding","content encoding" "gzip","x cloud trace context" "7f353f9791ca00df94952eaf34e7250b","date" "wed, 12 jun 2024 04 34 32 gmt","server" "google frontend","cache control" "private","transfer encoding" "chunked"},"reason" "ok","json body" {"data" {"type" "private analysis","id" "ogfkndjmntfmyty3mdczndk0zmi0y2qyotcwmjhlzme6otc1zjriowm5nmvjnwrmmdhjyzywmzvhmji2 ","links" {}}}} response headers header description example alt svc http response header alt svc h3=" 443 "; ma=2592000,h3 29=" 443 "; ma=2592000 cache control directives for caching mechanisms no cache content encoding http response header content encoding gzip content length the length of the response body in bytes 128 content type the media type of the resource application/json date the date and time at which the message was originated wed, 06 mar 2024 15 51 25 gmt server information about the software used by the origin server google frontend transfer encoding http response header transfer encoding chunked vary http response header vary accept encoding via http response header via 1 1 google x cloud trace context http response header x cloud trace context 7f353f9791ca00df94952eaf34e7250b