Search
This action searches any of the following - A file hash A URL A domain A IP address * Tag comments. The request returns a list of objects matching the query.
External Documentation
To learn more, visit the VirusTotal documentation.
Parameters
| Parameter | Description |
|---|---|
| Query | Search any of the following - file hash, URL, domain, IP address, tag comments and returns a list of objects matching the query. |
Example Output
{
"meta": {
"cursor": "Cs8BChEKBGRhdGUSCQiZgtiu3qb7AhK1AWoRc352aXJ1c3RvdGFsY2xvdWRynwELEgNVUkwiQDkyZmU5N2Q0YWQ4ZTQ4YmUyYmY3MmRhYzEyMTQzYjRkODhmNzNkOGYyY2Q2YzY3OTkzOTJiNTEwMjMyN2UyM2YMCxIHQ29tbWVudCJJOTJmZTk3ZDRhZDhlNDhiZTJiZjcyZGFjMTIxNDNiNGQ4OGY3M2Q4ZjJjZDZjNjc5OTM5MmI1MTAyMzI3ZTIzZi1jNTJkZjZjNwwYACAB"
},
"data": [
{
"attributes": {
"date": 1668669950,
"text": "#MAL #DOMAIN",
"votes": {
"positive": 0,
"abuse": 0,
"negative": 0
},
"html": "#MAL #DOMAIN",
"tags": [
"mal",
"domain"
]
},
"type": "comment",
"id": "comment-id-one",
"links": {
"self": "https://www.virustotal.com/api/v3/comments/comment-id-one"
}
},
{
"attributes": {
"date": 1668659501,
"text": "Comment text\nhello world!",
"votes": {
"positive": 0,
"abuse": 0,
"negative": 0
},
"html": "Comment text<br />hello world!",
"tags": [
"net",
"user",
"domain",
"recon"
]
},
"type": "comment",
"id": "comment-id-two",
"links": {
"self": "https://www.virustotal.com/api/v3/comments/comment-id-two"
}
}
],
"links": {
"self": "https://www.virustotal.com/api/v3/search?query=test",
"next": "https://www.virustotal.com/api/v3/search?cursor=Cs8BChEKBGRhdGUSCQiZgtiu3qb7AhK1AWoRc352aXJ1c3RvdGFsY2xvdWRynwELEgNVUkwiQDkyZmU5N2Q0YWQ4ZTQ4YmUyYmY3MmRhYzEyMTQzYjRkODhmNzNkOGYyY2Q2YzY3OTkzOTJiNTEwMjMyN2UyM2YMCxIHQ29tbWVudCJJOTJmZTk3ZDRhZDhlNDhiZTJiZjcyZGFjMTIxNDNiNGQ4OGY3M2Q4ZjJjZDZjNjc5OTM5MmI1MTAyMzI3ZTIzZi1jNTJkZjZjNwwYACAB&query=domain"
}
}
Workflow Library Example
Preview this Workflow on desktop