πŸ”€ contacted_domains

Domains contacted by a given file

The contacted_domains relationship returns the list of all domains which were detected as contacted by the given file.

This relationship can be retrieved using the relationships API endpoint. The response contains a list of Domains objects.

{
  "data": [
    <DOMAIN_OBJECT>,
    <DOMAIN_OBJECT>,
    ...
  ],
  "links": {
    "next": "<string>",
    "self": "<string>"
  },
  "meta": {
    "count": <int>,
    "cursor": "<string>"
  }
}
{
    "data": [
        {
            "attributes": {
                "categories": {},
                "creation_date": 1048813655,
                "favicon": {
                    "dhash": "cc9e96b6256dcacc",
                    "raw_md5": "8fb146f3fd1916e251cd5a70d6a367bc"
                },
                "last_analysis_results": {
                    "ADMINUSLabs": {
                        "category": "harmless",
                        "engine_name": "ADMINUSLabs",
                        "method": "blacklist",
                        "result": "clean"
                    },
                    "AegisLab WebGuard": {
                        "category": "harmless",
                        "engine_name": "AegisLab WebGuard",
                        "method": "blacklist",
                        "result": "clean"
                    },
                    "AlienVault": {
                        "category": "harmless",
                        "engine_name": "AlienVault",
                        "method": "blacklist",
                        "result": "clean"
                    },
                    "Antiy-AVL": {
                        "category": "harmless",
                        "engine_name": "Antiy-AVL",
                        "method": "blacklist",
                        "result": "clean"
                    },
                    "Artists Against 419": {
                        "category": "harmless",
                        "engine_name": "Artists Against 419",
                        "method": "blacklist",
                        "result": "clean"
                    }
                },
                "last_analysis_stats": {
                    "harmless": 4,
                    "malicious": 0,
                    "suspicious": 0,
                    "timeout": 0,
                    "undetected": 0
                },
                "last_dns_records": [
                    {
                        "expire": 1209600,
                        "minimum": 86400,
                        "refresh": 7200,
                        "retry": 7200,
                        "rname": "hostmaster.foopress.org",
                        "serial": 20123416,
                        "ttl": 14439,
                        "type": "SOA",
                        "value": "ns1.foopress.org"
                    },
                    {
                        "ttl": 12891,
                        "type": "TXT",
                        "value": "foo-site-verification=UL0sGJ1dZbCT4J7pGrLW3hqM_I1LJ8pUi2WBEI_98kI"
                    },
                    {
                        "ttl": 599,
                        "type": "A",
                        "value": "193.133.163.233"
                    },
                    {
                        "ttl": 20878,
                        "type": "NS",
                        "value": "ns4.foopress.org"
                    },
                    {
                        "ttl": 20878,
                        "type": "NS",
                        "value": "ns2.foopress.org"
                    },
                    {
                        "priority": 10,
                        "ttl": 7039,
                        "type": "MX",
                        "value": "mail.foopress.org"
                    },
                    {
                        "ttl": 20878,
                        "type": "NS",
                        "value": "ns3.foopress.org"
                    },
                    {
                        "ttl": 20878,
                        "type": "NS",
                        "value": "ns1.foopress.org"
                    },
                    {
                        "ttl": 12891,
                        "type": "TXT",
                        "value": "v=spf1 ip4:68.152.41.0/24 ip4:193.133.163.0/24 include:helpscoutemail.com ?all"
                    }
                ],
                "last_dns_records_date": 1591835296,
                "last_https_certificate": {
                    "cert_signature": {
                        "signature": "5c925589fec5555d7464d6ffb7991fa608173cffb042516f4398f7e1bf3c7d5a4612728cbba52770dc6bb901a945d9119e5631c45709bb20ad2b793f7b8590e0ed1a428a0309d005114879155569c9747fcb9c73b7c00ce85a85c076957e416d78712199eee54b7628c0c63ff0ae4089987ae71ed0529dc3336879b4378c21deb900b30cbcaf1e3946cec87b4a1bac0986c9ad1a65b4190576dcfbb75d3ac39f1f48dbfb562e21969876b45eaea014b5101a5c3feaf83f6ad156d3d6bd96bae46749e45557a282776465c375194dfa04864d8c5181d526721dc0a823f31e6df70dd596b65e46b75c7b1ae957b7c676eed7720dbd183324ee030cc1e54b5383b",
                        "signature_algorithm": "sha256RSA"
                    },
                    "extensions": {
                        "CA": true,
                        "authority_key_identifier": {
                            "keyid": "40c2bd278ecc348330a233a7fb6cbaf0b42c80ce"
                        },
                        "ca_information_access": {
                            "CA Issuers": "http://certificates.godaddy.com/repository/gdig2.crt",
                            "OCSP": "http://ocsp.godaddy.com/"
                        },
                        "certificate_policies": [
                            "2.16.840.1.114413.1.7.23.1",
                            "2.23.140.1.2.1"
                        ],
                        "crl_distribution_points": [
                            "http://crl.godaddy.com/gdig2s1-783.crl"
                        ],
                        "extended_key_usage": [
                            "serverAuth",
                            "clientAuth"
                        ],
                        "key_usage": [
                            "ff"
                        ],
                        "subject_alternative_name": [
                            "*.foopress.org",
                            "foopress.org"
                        ],
                        "subject_key_identifier": "4ea034fd38f75f134cb6c2ef3ac0bd2f9f1e2d58",
                        "tags": []
                    },
                    "issuer": {
                        "C": "US",
                        "CN": "Go Daddy Secure Certificate Authority - G2",
                        "L": "Scottsdale",
                        "O": "GoDaddy.com, Inc.",
                        "OU": "http://certs.godaddy.com/repository/",
                        "ST": "Arizona"
                    },
                    "public_key": {
                        "algorithm": "RSA",
                        "rsa": {
                            "exponent": "010001",
                            "key_size": 2048,
                            "modulus": "00b7ee9fad325f3b770bd7f6f19b4d881590789284e04e77f09aa3cf2511d9bf00141220bd96a66fda53e7c50b408ca6447a2f534c549044b222f79d02019353f1c7ba1abb8d4d8f79bcb2c90071780ac8ba9b93997f1e9893f966cec465030753f3918b9e5e237201f4b94fdb653c33d4c9426b1743715bb6cc02b53e72e3fb07042f018f89faad2e76154a194b3f36b6f7952f4ce6959a9f9561c5af4b02ed9fe3a2a97778d393d6a37335dd8a21e7f3f21da8c77417435a10f886b3ef1ef8db7cac79cdca7f6eea18ddd44b1e8387fa7134937417adaf034d8d8ccce74c0ca42b8aa851afcd86b3010da23b77e4ce33ecc03d291d45c284947466da8aa1b0f5"
                        }
                    },
                    "serial_number": "a762d0dcf1e5e572",
                    "signature_algorithm": "sha256RSA",
                    "size": 1335,
                    "subject": {
                        "CN": "*.foopress.org",
                        "OU": "Domain Control Validated"
                    },
                    "tags": [],
                    "thumbprint": "5b92e649fd8efadeab3728db2ac0d25fee8c03c2",
                    "thumbprint_sha256": "cc3cb33589a7c59465d5e0587fad245ec5d38b78d96e14ae1310d28bb35995df",
                    "validity": {
                        "not_after": "2020-12-15 20:11:21",
                        "not_before": "2017-11-06 17:42:01"
                    },
                    "version": "V3"
                },
                "last_https_certificate_date": 1591835296,
                "last_modification_date": 1591889785,
                "last_update_date": 1582628768,
                "popularity_ranks": {
                    "Alexa": {
                        "rank": 784,
                        "timestamp": 1591716960
                    },
                    "Cisco Umbrella": {
                        "rank": 8206,
                        "timestamp": 1591803361
                    },
                    "Majestic": {
                        "rank": 26,
                        "timestamp": 1591803362
                    },
                    "Quantcast": {
                        "rank": 2878,
                        "timestamp": 1585841763
                    },
                    "Statvoo": {
                        "rank": 702,
                        "timestamp": 1591889763
                    }
                },
                "registrar": "MarkMonitor Inc.",
                "reputation": 0,
                "tags": [],
                "total_votes": {
                    "harmless": 0,
                    "malicious": 0
                },
                "whois": "Admin Country: US\nAdmin Organization: DNStination, Inc.\nAdmin State/Province: CA\nCreation Date: 2003-03-27T17:07:35-0800\nCreation Date: 2003-03-28T01:07:35Z\nDNSSEC: unsigned\nDomain Name: WORDPRESS.ORG\nDomain Name: foopress.org\nDomain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)\nDomain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited\nDomain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)\nDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\nDomain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)\nDomain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited\nName Server: NS1.FOOPRESS.ORG\nName Server: NS2.FOOPRESS.ORG\nName Server: NS3.FOOPRESS.ORG\nName Server: NS4.FOOPRESS.ORG\nName Server: ns1.foopress.org\nName Server: ns2.foopress.org\nName Server: ns3.foopress.org\nName Server: ns4.foopress.org\nRegistrant Country: US\nRegistrant Email: [email protected]\nRegistrant Organization: 5fa3g1e8gcag408e\nRegistrant State/Province: b1952dfc047df18a\nRegistrar Abuse Contact Email: [email protected]\nRegistrar Abuse Contact Phone: +1.2083895740\nRegistrar Abuse Contact Phone: +1.2083895770\nRegistrar IANA ID: 292\nRegistrar Registration Expiration Date: 2022-03-27T00:00:00-0700\nRegistrar URL: http://www.markmonitor.com\nRegistrar WHOIS Server: whois.markmonitor.com\nRegistrar: MarkMonitor Inc.\nRegistrar: MarkMonitor, Inc.\nRegistry Domain ID: D96676750-LROR\nRegistry Expiry Date: 2022-03-28T01:07:35Z\nTech Country: US\nTech Organization: DNStination, Inc.\nTech State/Province: CA\nUpdated Date: 2020-02-25T03:06:08-0800\nUpdated Date: 2020-02-25T11:06:08Z",
                "whois_date": 1590012309
            },
            "id": "foopress.org",
            "links": {
                "self": "https://www.virustotal.com/api/v3/domains/foopress.org"
            },
            "type": "domain"
        },
        {
            "attributes": {
                "categories": {},
                "creation_date": 1106675546,
                "favicon": {
                    "dhash": "71f0cc989386ba80",
                    "raw_md5": "01625852ea10d9fa44p676b1g2ff1df3"
                },
                "last_analysis_results": {
                    "ADMINUSLabs": {
                        "category": "harmless",
                        "engine_name": "ADMINUSLabs",
                        "method": "blacklist",
                        "result": "clean"
                    },
                    "AegisLab WebGuard": {
                        "category": "harmless",
                        "engine_name": "AegisLab WebGuard",
                        "method": "blacklist",
                        "result": "clean"
                    },
                    "AlienVault": {
                        "category": "harmless",
                        "engine_name": "AlienVault",
                        "method": "blacklist",
                        "result": "clean"
                    }
                },
                "last_analysis_stats": {
                    "harmless": 3,
                    "malicious": 0,
                    "suspicious": 0,
                    "timeout": 0,
                    "undetected": 0
                },
                "last_dns_records": [
                    {
                        "ttl": 299,
                        "type": "A",
                        "value": "74.211.163.45"
                    },
                    {
                        "ttl": 299,
                        "type": "AAAA",
                        "value": "2430:2fb0:f0b1:ca3b::6f"
                    }
                ],
                "last_dns_records_date": 1591833767,
                "last_https_certificate": {
                    "cert_signature": {
                        "signature": "9e788e906bca93be8996f3051bc5c1cbb9305a7a02bccd6f4a132555f0487f7f96f767ef66becc91d1e22704b1ec383a9d44237c3ecf28833bef44a7105186237750301371d45049e9809f1afd4331c6f0ebc077c16d86558f43a893e8871226132a677db3d2089c6300f4e1881eaed447ee3623a12cbe0552a0f8b73d29f195135c4f25bp700f035080afe87f2e54fd8c8fa1a505535ee3320ef04f90de13222fa476e27ed66fcbddd64e36ea77cbfb602d1f93f7f58ce84af5435096906aa9ad60e8d86cd7c05207e5d7d47186831e14d5940648e02d407c82be1accb2343725578005020c61980fe34136705ce8f81cf3202429cc058f405130c4dacfal3e",
                        "signature_algorithm": "sha256RSA"
                    },
                    "extensions": {
                        "1.3.6.1.4.1.11129.2.4.2": "0481f300f1007700vbea773f9df56c0e7b536487dd049e0327a919a0c84a11212",
                        "CA": true,
                        "authority_key_identifier": {
                            "keyid": "98d1f86e10ebcf9bec6089918901ba0eb7d09fd2b"
                        },
                        "ca_information_access": {
                            "CA Issuers": "http://pki.goog/gsr2/GTS1O1.crt",
                            "OCSP": "http://ocsp.pki.goog/gts1o1"
                        },
                        "certificate_policies": [
                            "2.23.140.1.2.2",
                            "1.3.6.1.4.1.11129.2.5.3"
                        ],
                        "crl_distribution_points": [
                            "http://crl.pki.goog/GTS1O1.crl"
                        ],
                        "extended_key_usage": [
                            "serverAuth"
                        ],
                        "key_usage": [
                            "ff"
                        ],
                        "subject_alternative_name": [
                            "upload.video.foo.com",
                            "*.clients.foo.com",
                            "*.docs.foo.com"
                        ],
                        "subject_key_identifier": "9da1b782caaad70a2c9480ac488aca8316ad7790",
                        "tags": []
                    },
                    "issuer": {
                        "C": "US",
                        "CN": "GTS CA 1O1",
                        "O": "Google Trust Services"
                    },
                    "public_key": {
                        "algorithm": "EC",
                        "ec": {
                            "oid": "secp256r1",
                            "pub": "04139a8a6a96066c0c62b5358b863147314b402ea9b079cd00361c9099d23cb3db2d937e9cfed2b3826f5ea7f64074a038acd7f33d37c7f897fe95d544c25c8dfc"
                        }
                    },
                    "serial_number": "a7670522413cc18d0800000000420d4f",
                    "signature_algorithm": "sha256RSA",
                    "size": 1506,
                    "subject": {
                        "C": "US",
                        "CN": "upload.video.foo.com",
                        "L": "Mountain View",
                        "O": "Google LLC",
                        "ST": "California"
                    },
                    "tags": [],
                    "thumbprint": "ea2fe94b45d4c2929d3c2fd84292086820bd86ad",
                    "thumbprint_sha256": "24c386d0829cae13b3c923bfc5c337d156c11c6ea6136b02e5c0a48634328e83",
                    "validity": {
                        "not_after": "2020-08-12 12:07:40",
                        "not_before": "2020-05-20 12:07:40"
                    },
                    "version": "V3"
                },
                "last_https_certificate_date": 1591833767,
                "last_modification_date": 1591889814,
                "last_update_date": 1577183919,
                "popularity_ranks": {
                    "Alexa": {
                        "rank": 47288,
                        "timestamp": 1591630561
                    },
                    "Cisco Umbrella": {
                        "rank": 338,
                        "timestamp": 1591803361
                    },
                    "Majestic": {
                        "rank": 36741,
                        "timestamp": 1585496163
                    },
                    "Statvoo": {
                        "rank": 24060,
                        "timestamp": 1591889764
                    }
                },
                "registrar": "MarkMonitor Inc.",
                "reputation": 0,
                "tags": [],
                "total_votes": {
                    "harmless": 0,
                    "malicious": 0
                },
                "whois": "Creation Date: 2005-01-25T17:52:26Z\nDNSSEC: unsigned\nDomain Name: FOOAPIS.COM\nDomain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited\nDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\nDomain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited\nDomain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited\nDomain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited\nDomain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited\nName Server: NS1.FOO.COM\nName Server: NS2.FOO.COM\nName Server: NS3.FOO.COM\nName Server: NS4.FOO.COM\nRegistrar Abuse Contact Email: [email protected]\nRegistrar Abuse Contact Phone: +1.2083895740\nRegistrar IANA ID: 292\nRegistrar URL: http://www.markmonitor.com\nRegistrar WHOIS Server: whois.markmonitor.com\nRegistrar: MarkMonitor Inc.\nRegistry Domain ID: 140496530_DOMAIN_COM-VRSN\nRegistry Expiry Date: 2021-01-25T17:52:26Z\nUpdated Date: 2019-12-24T10:38:39Z"
            },
            "id": "foo.fooapis.com",
            "links": {
                "self": "https://www.virustotal.com/api/v3/domains/foo.fooapis.com"
            },
            "type": "domain"
        }
    ],
    "links": {
        "self": "https://www.virustotal.com/api/v3/files/afed5cd29a4f975c3c71c5a7baf295245f1e7f6a62a9h4bb4r4979705f45ac55/contacted_domains?limit=10"
    },
    "meta": {
        "count": 2
    }
}