Skip to main content

I'm working on a playbook in my SOAR platform and I'm using VirusTotal enrichment for analyzing URLs. I would like to extract the final redirect URL (if any) from a submitted URL, similar to how VirusTotal shows URL redirection chains in its web interface.

So far, I’ve integrated the VirusTotal API and can enrich the URL, but I’m not sure how to get the actual redirect URL(s) from the enrichment result.

Has anyone done this before?

  • Is this information available in the VirusTotal API response?

  • If yes, which field or section contains the redirect/final destination URL?

  • If not, is there another way to capture this within SOAR (e.g., using another integration or a custom script)?

Any pointers, playbook examples, or JSON snippets would be appreciated.

Hey ​@skadav,

 

Can you give an example of URL that has this redirection? I will take internally to check, but if you see the resolved final URL in the UI of VT, then it should be available somewhere in the API response as well.

Also, do you use the VirusTotalV3 integration for this?

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.