Information available to users with Premium Access

Kaspersky Threat Intelligence Portal provides the following detailed information about the requested domain or web address, if available, to users with Premium Access.

DNS resolutions tab

Information about DNS resolutions

Table name

Description

Table fields

DNS resolutions for domain/web address

IP addresses that the requested domain or web address resolves to.

Status—Status of IP address.

Threat score—Probability that the IP address will be dangerous (0 to 100).

Hits—Number of IP address detections by Kaspersky expert systems.

IP—IP addresses.

First resolved—Date and time when the requested domain / web address first resolved to the IP address.

Last resolved—Date and time when the requested domain / web address last resolved to the IP address.

Peak date—Date of maximum number of requested domain / web address resolutions to the IP address.

Daily peak—Maximum number of requested domain / web address resolutions to the IP address per day.

Downloaded files tab

Information about downloaded files

Table name

Description

Table fields

Files downloaded from requested domain / web address

MD5 hashes of files that were downloaded from the requested domain or web address.

Status—Status of files that were downloaded.

Hits—Number of file downloads from the requested domain / web address, as detected by Kaspersky expert systems.

File MD5—MD5 hash of the downloaded file.

Last seen—Date and time when the file was last downloaded from the requested domain / web address.

First seen—Date and time when the file was first downloaded from the requested domain / web address.

Web address—Web addresses used to download the file.

Detection name—Name of the detected object (for example, HEUR:Exploit.Script.Blocker).

Accessed files tab

Information about accessed files

Table name

Description

Table fields

Files accessed requested domain/web address

MD5 hashes of files that accessed the requested domain or web address.

Status—Status of files that accessed the requested domain / web address.

Hits—Number of times the file accessed the requested domain / web address.

File MD5—MD5 hash of the file that accessed the requested domain / web address.

Last seen—Date and time when the file last accessed the requested domain / web address.

First seen—Date and time when the file first accessed the requested domain / web address.

Detection name—Name of the detected object (for example, HEUR:Exploit.Script.Blocker).

Subdomains tab

Information about subdomains

Table name

Description

Table fields

Subdomains

Subdomains for the requested domains.

Status—Status of subdomains.

Subdomain name—Name of the detected subdomain.

Web address count—Number of web addresses related to the subdomain.

Hosted files—Number of files hosted on the detected subdomain.

First seen—Date and time when the subdomain was first detected.

Referrals tab

Information about referrals

Table name

Description

Table fields

Referrals to domain/web address

Web addresses that refer to the requested domain or web address.

Status—Status of web addresses that refer to the requested domain / web address.

Web address—Web address that refers to the requested domain or web address.

Last reference—Date and time when the requested domain / web address was last referred to by listed web addresses.

Domain referrals tab

Information about domain referrals

Table name

Description

Table fields

Domain referred to the following web addresses

Web addresses that the requested domain links, forwards, or redirects to.

Status—Status of web addresses that the requested domain links, forwards, or redirects to.

Web address—Web address accessed by the requested domain.

Last reference—Date and time when the requested domain last linked, forwarded, or redirected to listed web addresses.

Web address masks tab

Information about web address masks

Table name

Description

Table fields

Web address masks

Masks of the requested web address's domain, which were detected by Kaspersky expert systems.

Status—Status of web addresses covered by the corresponding mask (Dangerous or Adware and other).

Type—Type of the mask.

Mask—Requested domain / web address mask.

Feeds—Threat Data Feeds that contain the requested domain mask.

Page top