Virus Total icon

Virus Total

Consume VirusTotal API

Overview

This n8n node interacts with the VirusTotal API to retrieve detailed reports about a specified domain. It is particularly useful for security analysts, IT professionals, or automation workflows that require threat intelligence or reputation checks on domains. For example, you can use this node to automatically check if a domain is associated with malicious activity before allowing user access, or to enrich incident response data with up-to-date DNS and WHOIS information.

Properties

Name Type Meaning
Domain String The domain name to get a report for (e.g., "example.com").
Limit Output Boolean Whether to limit the JSON output to only the selected attribute ("Type") instead of the full report.
Type Options When "Limit Output" is enabled, specifies which attribute to return: "Last Dns Records" or "Whois".

Output

  • By default, the node outputs the full JSON response from the VirusTotal API for the queried domain. This includes comprehensive details such as DNS records, WHOIS information, reputation scores, and more.
  • If "Limit Output" is enabled, the output will be limited to the specific attribute selected in "Type":
    • Last Dns Records: Outputs only the latest DNS records for the domain.
    • Whois: Outputs only the WHOIS information for the domain.

Example output when "Limit Output" is enabled and "Type" is set to "whois":

{
  "output": {
    /* WHOIS information fields */
  }
}

Example output when "Limit Output" is disabled:

{
  "data": {
    "attributes": {
      /* Full set of domain attributes including DNS, WHOIS, etc. */
    }
  }
}

Dependencies

  • VirusTotal API Key: You must configure valid VirusTotal API credentials in n8n under the name virusTotalApi.
  • Internet Access: The node makes HTTP requests to https://www.virustotal.com/api/v3/domains/{domain}.

Troubleshooting

  • Invalid API Key / Authentication Error: If your API key is missing or incorrect, the node will fail with an authentication error. Ensure your VirusTotal API credentials are correctly set up in n8n.
  • Domain Not Found: If the specified domain does not exist or VirusTotal has no data, the output may be empty or contain an error message from the API.
  • Rate Limiting: VirusTotal enforces rate limits. If you exceed your quota, you may receive errors indicating too many requests. Consider upgrading your API plan or reducing request frequency.
  • Missing Attribute: If "Limit Output" is enabled and the selected "Type" attribute is not present in the API response, the output will be empty or missing the expected field.

Links and References

Discussion