Domain and web address lookup report

After the domain or web address lookup request is processed, available results are displayed on the report page.

A domain lookup report is consistent with a web address lookup report.

In the mobile version of Kaspersky Threat Intelligence Portal, only the following sections are available for the domain or web address: Overview, WHOIS, Dynamic analysis summary, and Sandbox detection names. You can use a desktop version to view the full report.

Depending on the zone of the domain or web address, the requested object and its status (Dangerous, Adware and other, Good, or Not categorized) are displayed on a panel in one of the following colors:

• Red—There are malicious objects related to the domain or web address.
• Orange—The domain or web address can be classified as Not trusted and may host malicious objects.
• Yellow—There are objects related to the domain or web address, which can be classified as Not-a-virus.
• Grey—No data is available for a domain or web address.
• Green—The domain or web address cannot be classified as Dangerous.

The report page contains the following:

• Overview—Displays general information about the requested domain or web address.
• WHOIS—Displays the WHOIS information about the requested domain or web address.
• Premium content—Displays sections that contain blurred data about the requested domain or web address. The actual data is available for users with Premium Access to Kaspersky Threat Intelligence Portal. You can request a demo version to view a full report and explore other Kaspersky Threat Intelligence Portal features.

The following tabs are available if the web address was previously analyzed in Kaspersky Sandbox:

• Detection names—Displays detected items that were registered during the web address analysis.
• Triggered network rules—Displays SNORT and Suricata rules that were triggered during the web address traffic analysis.
• Connected hosts—Displays IP addresses that were accessed in all HTTP and HTTPS requests after the FQDN resolved.
• Suspicious activities—Displays suspicious activities that were registered during the web address analysis.
• HTTP(S) requests—Displays HTTP and HTTPS requests that were registered during the web address analysis.
• DNS requests—Displays DNS requests that were registered during the web address analysis.
• Screenshots—Displays a set of screenshots that were taken during the web address analysis.

Page top