× Cookies are disabled! אתר זה דורש שקבצי Cookie יהיו זמינים על מנת שיוכל לפעול כראוי

VirusTotal stores the reports for every single scan requested by its users. This allows users to query and render them without having to submit the items (URLs and files) for scanning. The search feature can retrieve file reports, URL reports, domain and IP address reports (including our Passive DNS information), VirusTotal Community users and VirusTotal Community comments.

No automations! This search feature should not be used as a programmatic interface to retrieve VirusTotal reports, we will ban any scripts using this interface as if it were an API. If you want to use VirusTotal's dataset programmatically you should be looking at the VirusTotal Public API.

This search feature is a free service, available to any user. The search functionality should not be used in commercial products or services. VirusTotal also develops a premium service called VirusTotal Intelligence that offers advanced searching capabilities. Intelligence allows you to go from sample characteristics (antivirus detection names, size, file type, behaviour patterns, drive-by-download URLs, etc.) to a list of samples matching your criteria. These malware samples can be downloaded for further scrutiny. The research platform contains other features such as Yara rule matching on VirusTotal's live submissions, sample clustering, etc.

Contents

Audience
Getting started
Searching for file scan reports
Searching for URL scan reports
Searching for IP address information
Searching for domain information
Searching for VirusTotal Community users
Searching through VirusTotal Community comments

Audience

This document is intended for any VirusTotal user that wants to search through the dataset of past scans. No particular technical knowledge is required to understand the document.

Getting started

In order to get started you just have to refer to VirusTotal's search form and follow the instructions detailed in the next sections.

Searching for file scan reports

In order to search for the last VirusTotal report on a given file just enter its hash. Currently the allowed hashes are MD5, SHA1 and SHA256.

Search file scans in VirusTotal

Some users might also be interested in searching for particular file scan reports (e.g. identified by a scan_id returned by the Public API), this can also be done, you just have to insert the scan identifier (sha256-timestamp_epoch). This will return the file scan for a given point in time rather than its last analysis.

Searching for URL scan reports

URL searches are simple, you just have to type in the given URL, the web application will normalize it and compare it with the items in VirusTotal's dataset. Specifying the URL will return the latest report on it.

Search for URL scans in VirusTotal

Some users might also be interested in searching for particular URL scan reports (e.g. identified by a scan_id returned by the Public API), this can also be done, you just have to insert the scan identifier with the string "u:" prepended (u:sha256-timestamp_epoch). This will return the URL scan for a given point in time rather than its last analysis.

Searching for IP address information

VirusTotal runs its own passive DNS replication service, built by storing DNS resolutions performed when visiting URLs and executing malware samples submitted by users. In order to retrieve the information we have on a given IP address you just have to type it into the search box.

This report includes other details such as all the incidents seen related to such IP address: malware samples downloaded from the given server, specimens communicating with it, etc.

Searching for domain information

VirusTotal runs its own passive DNS replication service, built by storing DNS resolutions performed when visiting URLs and executing malware samples submitted by users. In order to retrieve the information we have on a given domain you just have to use the domain: search modifier in the search box.

Search for domain information in VirusTotal

This report includes other details such as all the incidents seen related to such domain: malware samples downloaded from the given domain, specimens communicating with it, etc.

Searching for VirusTotal Community users

Do you want to know whether a friend has a VT Community account? Simply type in their nick preceeded by the symbol "@", e.g. @VirusTotalTeam. Of course, in order to perform such a search you must first know his VirusTotal Community nick, the search feature will lead you to his VirusTotal Community profile page.

Search for users in VirusTotal

Searching through VirusTotal Community comments

The comments in VirusTotal Community may often help in disinfecting your PC or may proof themselves useful when analysing a particular malware sample, comment tags enable users to search through the VirusTotal Community reviews. Just type in a tag, e.g. "#zbot".

Search through VirusTotal Community comments