VirusTotal · Capability
VirusTotal API v3 - IoC Investigation — IoC Investigation - URLs
VirusTotal API v3 - IoC Investigation — IoC Investigation - URLs. 9 operations. Lead operation: Scan URL. Self-contained Naftiko capability covering one VirusTotal business surface.
What You Can Do
POST
Scanurl
— VirusTotal Scan URL
/v1/urls
GET
Urlinfo
— VirusTotal Get a URL Report
/v1/urls/{id}
POST
Urlsanalyse
— VirusTotal Request a URL Rescan (re-analyze)
/v1/urls/{id}/analyse
GET
Urlscommentsget
— VirusTotal Get Comments on a URL
/v1/urls/{id}/comments
POST
Urlscommentspost
— VirusTotal Add a Comment on a URL
/v1/urls/{id}/comments
GET
Urlsrelationshipsids
— VirusTotal Get Object Descriptors Related to a URL
/v1/urls/{id}/relationships/{relationship}
GET
Urlsvotesget
— VirusTotal Get Votes on a URL
/v1/urls/{id}/votes
POST
Urlsvotespost
— VirusTotal Add a Vote on a URL
/v1/urls/{id}/votes
GET
Urlsrelationships
— VirusTotal Get Objects Related to a URL
/v1/urls/{id}/{relationship}
MCP Tools
scan-url
VirusTotal Scan URL
get-url-report
VirusTotal Get a URL Report
read-only
idempotent
request-url-rescan-re-analyze
VirusTotal Request a URL Rescan (re-analyze)
get-comments-url
VirusTotal Get Comments on a URL
read-only
idempotent
add-comment-url
VirusTotal Add a Comment on a URL
get-object-descriptors-related-url
VirusTotal Get Object Descriptors Related to a URL
read-only
idempotent
get-votes-url
VirusTotal Get Votes on a URL
read-only
idempotent
add-vote-url
VirusTotal Add a Vote on a URL
get-objects-related-url
VirusTotal Get Objects Related to a URL
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: VirusTotal API v3 - IoC Investigation — IoC Investigation - URLs
description: 'VirusTotal API v3 - IoC Investigation — IoC Investigation - URLs. 9 operations. Lead operation: Scan URL. Self-contained Naftiko capability covering one VirusTotal business surface.'
tags:
- VirusTotal
- IoC Investigation
- URLs
created: '2026-05-29'
modified: '2026-05-29'
binds:
- namespace: env
keys:
VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY
capability:
consumes:
- type: http
namespace: ioc-investigation-ioc-investigation-urls
baseUri: https://www.virustotal.com/api/v3
description: VirusTotal API v3 - IoC Investigation — IoC Investigation - URLs. Self-contained, no shared references.
authentication:
type: apikey
key: x-apikey
value: '{{env.VIRUSTOTAL_API_KEY}}'
placement: header
resources:
- name: urls
path: /urls
operations:
- name: scanUrl
method: POST
description: VirusTotal Scan URL
inputParameters:
- name: body
in: body
type: object
required: false
description: Request body payload.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: urls-id
path: /urls/{id}
operations:
- name: urlInfo
method: GET
description: VirusTotal Get a URL Report
inputParameters:
- name: id
in: path
type: string
required: true
description: URL identifier or base64 representation of URL to scan (w/o padding)
- name: x-tool
in: header
type: string
required: false
description: The name of your tool or service. This is required to obtain the gti_assesment data
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: urls-id-analyse
path: /urls/{id}/analyse
operations:
- name: urlsAnalyse
method: POST
description: VirusTotal Request a URL Rescan (re-analyze)
inputParameters:
- name: id
in: path
type: string
required: true
description: URL identifier
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: urls-id-comments
path: /urls/{id}/comments
operations:
- name: urlsCommentsGet
method: GET
description: VirusTotal Get Comments on a URL
inputParameters:
- name: id
in: path
type: string
required: true
description: URL identifier
- name: limit
in: query
type: integer
required: false
description: Maximum number of comments to retrieve
- name: cursor
in: query
type: string
required: false
description: Continuation cursor
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: urlsCommentsPost
method: POST
description: VirusTotal Add a Comment on a URL
inputParameters:
- name: id
in: path
type: string
required: true
description: URL identifier
- name: body
in: body
type: object
required: false
description: Request body payload.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: urls-id-relationships-relationship
path: /urls/{id}/relationships/{relationship}
operations:
- name: urlsRelationshipsIds
method: GET
description: VirusTotal Get Object Descriptors Related to a URL
inputParameters:
- name: id
in: path
type: string
required: true
description: URL ID
- name: relationship
in: path
type: string
required: true
description: Relationship name (see [table](ref:url-object#relationships))
- name: limit
in: query
type: string
required: false
description: Maximum number of related objects to retrieve
- name: cursor
in: query
type: string
required: false
description: Continuation cursor
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: urls-id-votes
path: /urls/{id}/votes
operations:
- name: urlsVotesGet
method: GET
description: VirusTotal Get Votes on a URL
inputParameters:
- name: id
in: path
type: string
required: true
description: URL identifier
- name: limit
in: query
type: integer
required: false
description: Maximum number of votes to retrieve
- name: cursor
in: query
type: string
required: false
description: Continuation cursor
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: urlsVotesPost
method: POST
description: VirusTotal Add a Vote on a URL
inputParameters:
- name: id
in: path
type: string
required: true
description: URL identifier
- name: body
in: body
type: object
required: false
description: Request body payload.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: urls-id-relationship
path: /urls/{id}/{relationship}
operations:
- name: urlsRelationships
method: GET
description: VirusTotal Get Objects Related to a URL
inputParameters:
- name: id
in: path
type: string
required: true
description: URL identifier
- name: relationship
in: path
type: string
required: true
description: Relationship name (see [table](ref:url-object#relationships))
- name: limit
in: query
type: integer
required: false
description: Maximum number of related objects to retrieve
- name: cursor
in: query
type: string
required: false
description: Continuation cursor
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
exposes:
- type: rest
namespace: ioc-investigation-ioc-investigation-urls-rest
port: 8080
description: REST adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - URLs. One Spectral-compliant resource per consumed operation, prefixed with /v1.
resources:
- path: /v1/urls
name: urls
description: REST surface for /urls.
operations:
- method: POST
name: scanUrl
description: VirusTotal Scan URL
call: ioc-investigation-ioc-investigation-urls.scanUrl
outputParameters:
- type: object
mapping: $.
with:
body: rest.body
- path: /v1/urls/{id}
name: urls-id
description: REST surface for /urls/{id}.
operations:
- method: GET
name: urlInfo
description: VirusTotal Get a URL Report
call: ioc-investigation-ioc-investigation-urls.urlInfo
outputParameters:
- type: object
mapping: $.
with:
id: rest.id
x-tool: rest.x-tool
- path: /v1/urls/{id}/analyse
name: urls-id-analyse
description: REST surface for /urls/{id}/analyse.
operations:
- method: POST
name: urlsAnalyse
description: VirusTotal Request a URL Rescan (re-analyze)
call: ioc-investigation-ioc-investigation-urls.urlsAnalyse
outputParameters:
- type: object
mapping: $.
with:
id: rest.id
- path: /v1/urls/{id}/comments
name: urls-id-comments
description: REST surface for /urls/{id}/comments.
operations:
- method: GET
name: urlsCommentsGet
description: VirusTotal Get Comments on a URL
call: ioc-investigation-ioc-investigation-urls.urlsCommentsGet
outputParameters:
- type: object
mapping: $.
with:
id: rest.id
limit: rest.limit
cursor: rest.cursor
- method: POST
name: urlsCommentsPost
description: VirusTotal Add a Comment on a URL
call: ioc-investigation-ioc-investigation-urls.urlsCommentsPost
outputParameters:
- type: object
mapping: $.
with:
id: rest.id
body: rest.body
- path: /v1/urls/{id}/relationships/{relationship}
name: urls-id-relationships-relationship
description: REST surface for /urls/{id}/relationships/{relationship}.
operations:
- method: GET
name: urlsRelationshipsIds
description: VirusTotal Get Object Descriptors Related to a URL
call: ioc-investigation-ioc-investigation-urls.urlsRelationshipsIds
outputParameters:
- type: object
mapping: $.
with:
id: rest.id
relationship: rest.relationship
limit: rest.limit
cursor: rest.cursor
- path: /v1/urls/{id}/votes
name: urls-id-votes
description: REST surface for /urls/{id}/votes.
operations:
- method: GET
name: urlsVotesGet
description: VirusTotal Get Votes on a URL
call: ioc-investigation-ioc-investigation-urls.urlsVotesGet
outputParameters:
- type: object
mapping: $.
with:
id: rest.id
limit: rest.limit
cursor: rest.cursor
- method: POST
name: urlsVotesPost
description: VirusTotal Add a Vote on a URL
call: ioc-investigation-ioc-investigation-urls.urlsVotesPost
outputParameters:
- type: object
mapping: $.
with:
id: rest.id
body: rest.body
- path: /v1/urls/{id}/{relationship}
name: urls-id-relationship
description: REST surface for /urls/{id}/{relationship}.
operations:
- method: GET
name: urlsRelationships
description: VirusTotal Get Objects Related to a URL
call: ioc-investigation-ioc-investigation-urls.urlsRelationships
outputParameters:
- type: object
mapping: $.
with:
id: rest.id
relationship: rest.relationship
limit: rest.limit
cursor: rest.cursor
- type: mcp
namespace: ioc-investigation-ioc-investigation-urls-mcp
port: 9090
transport: http
description: MCP adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - URLs. One tool per consumed operation, routed inline through this capability's consumes block.
tools:
- name: scan-url
description: VirusTotal Scan URL
hints:
readOnly: false
destructive: false
idempotent: false
call: ioc-investigation-ioc-investigation-urls.scanUrl
outputParameters:
- type: object
mapping: $.
with:
body: tools.body
- name: get-url-report
description: VirusTotal Get a URL Report
hints:
readOnly: true
destructive: false
idempotent: true
call: ioc-investigation-ioc-investigation-urls.urlInfo
outputParameters:
- type: object
mapping: $.
with:
id: tools.id
x-tool: tools.x-tool
- name: request-url-rescan-re-analyze
description: VirusTotal Request a URL Rescan (re-analyze)
hints:
readOnly: false
destructive: false
idempotent: false
call: ioc-investigation-ioc-investigation-urls.urlsAnalyse
outputParameters:
- type: object
mapping: $.
with:
id: tools.id
- name: get-comments-url
description: VirusTotal Get Comments on a URL
hints:
readOnly: true
destructive: false
idempotent: true
call: ioc-investigation-ioc-investigation-urls.urlsCommentsGet
outputParameters:
- type: object
mapping: $.
with:
id: tools.id
limit: tools.limit
cursor: tools.cursor
- name: add-comment-url
description: VirusTotal Add a Comment on a URL
hints:
readOnly: false
destructive: false
idempotent: false
call: ioc-investigation-ioc-investigation-urls.urlsCommentsPost
outputParameters:
- type: object
mapping: $.
with:
id: tools.id
body: tools.body
- name: get-object-descriptors-related-url
description: VirusTotal Get Object Descriptors Related to a URL
hints:
readOnly: true
destructive: false
idempotent: true
call: ioc-investigation-ioc-investigation-urls.urlsRelationshipsIds
outputParameters:
- type: object
mapping: $.
with:
id: tools.id
relationship: tools.relationship
limit: tools.limit
cursor: tools.cursor
- name: get-votes-url
description: VirusTotal Get Votes on a URL
hints:
readOnly: true
destructive: false
idempotent: true
call: ioc-investigation-ioc-investigation-urls.urlsVotesGet
outputParameters:
- type: object
mapping: $.
with:
id: tools.id
limit: tools.limit
cursor: tools.cursor
- name: add-vote-url
description: VirusTotal Add a Vote on a URL
hints:
readOnly: false
destructive: false
idempotent: false
call: ioc-investigation-ioc-investigation-urls.urlsVotesPost
outputParameters:
- type: object
mapping: $.
with:
id: tools.id
body: tools.body
- name: get-objects-related-url
description: VirusTotal Get Objects Related to a URL
hints:
readOnly: true
destructive: false
idempotent: true
call: ioc-investigation-ioc-investigation-urls.urlsRelationships
outputParameters:
- type: object
mapping: $.
with:
id: tools.id
relationship: tools.relationship
limit: tools.limit
cursor: tools.cursor