Search for IPs that have hosted a given number of domains. Less than and greater than syntax is allowed.įocus on IPs that have a given detection label by at least one blocklist/scanner.įocus on IPs that are detected with a given label by a given blocklist/scanner:įilter IPs according to their reputation among the VirusTotal user base. Search for domains that have been commented by the user with the username provided.įilter IPs according to the number of engines/blocklists that detect them. Search for IPs that have a VirusTotal Community comment containing the word or phrase provided.
#Asn lookup code
ISO ALPHA 2 code required.Ĭontinent where IPs matching a given criteria should be located. Narrow down a search to a given autonomous system (by organization).Ĭountry where IPs matching a given criteria should be located. Narrow down a search to a given autonomous system (by number). Narrow down a search to a given IP address range. The following table describes all the search modifiers (facets) that can be used, you can combine any number of them: For example:Įntity:ip positives:5+ AND (aso:ovh OR aso:google) Note that the assistant will not allow you to build complex searches combining AND, OR and NOT conditions. You can click on the filter icon inside the main search box in order to navigate to an IP address search assistant: For example, let's ask for all those IP addresses that have been detected by more than 5 blocklists: VirusTotal Intelligence searches by default over the historical collection of files, in order to search over IPs you need to add the facet condition entity:ip. For example, you can pivot on SSL certificate fields to try to identify other network infrastructure set up by a given adversary. These searches can act on basically all the metadata generated for IPs: autonomous system, country, whois, SSL certificate, community comments, detections, relationships, etc.
VirusTotal Intelligence allows you to perform advanced faceted searches over the historical collection of IP addresses seen by VirusTotal.
0 kommentar(er)
