Alerts Events

An Alerts Event describes an interaction, event, or relationship seen anywhere in VirusTotal.
It will contain one and only one of the following properties:

  • url_sighting: Describes an Event noticing an URL in VirusTotal. Contains the following properties:

    • url: <UrlEntity> The URL observed.
    • domain: <DomainEntity> The Domain the URL is in.
    • resolutions: <list of IpEntity> The IPs the domain resolves to.
    • embedded_in_file: <FileEntity> The File that contains the URL in the raw binary body (embedded).
  • file_download: Describes an Event noticing a file being downloaded. Contains the following properties:

    • from_url: <UrlEntity> The URL from where the file was downloaded.
    • from_domain: <DomainEntity> The Domain from where the file was downloaded.
    • resolutions: <list of IpEntity> The IPs the URL resolves to.
    • downloaded_file: <FileEntity> The File that was downloaded.
  • file_contacting: Describes an Event noticing a file contacting or calling an URL, Domain, or IP. Contains the following properties:

    • file_contacting: <FileEntity> The file contacting.
    • url_contacted: <UrlEntity> The URL contacted.
    • ip_contacted: <IpEntity> The IP address contacted.
    • domain_contacted: <DomainContacted> The Domain contacted.
  • domain_sighting: Describes an Event noticing a Domain in VirusTotal. Contains the following properties:

    • domain: <DomainEntity> The Domain observed.
    • resolutions: <list of IpEntity> The IPs the domain resolves to.
    • embedded_in_file: <FileEntity> The File that contains the domain embedded in.
  • domain_whois: Describes an Event noticing WHOIS information. Contains the following properties:

    • domain: <DomainEntity> The Domain observed.
    • info: <string> The WHOIS information.
  • ip_sighting: Describes an event noticing an IP address in VirusTotal. Contains the following properties:

    • ip: <IpEntity> The IP address observed.
    • embedded_in_file: <FileEntity> The File that contains the IP address in the raw binary body (embedded).