Kaspersky Threat Intelligence Portal

Looking up a domain

Expand all | Collapse all

Kaspersky Threat Intelligence Portal provides an API for looking up a domain.

Request

Request method: GET

Endpoint: https://opentip.kaspersky.com/api/v1/search/domain

Query parameter: request—Domain that you want to investigate.

cURL command sample:

curl --request GET 'https://opentip.kaspersky.com/api/v1/search/domain?request=<domain>' --header 'x-api-key: <API token>'

Here:

Responses

200 OK

Request processed successfully.

Endpoint returns a JSON object that contains lookup results for the specified domain.

200 OK response parameters

Parameter

Type

Description

Zone

string

Color of the zone that a domain belongs to. Available values:

Red—The domain can be classified as Dangerous.

Orange—The domain can be classified as Not trusted and may host malicious objects.

Yellow—The domain is classified as Adware and other (Adware, Pornware, and other programs).

Grey—No data or not enough information is available for the domain.

Green—The domain has the Good or No threats detected status. The No threats detected status is applied if the domain was not classified by Kaspersky, but it was previously scanned and/or analyzed, and no threats were detected at the time of the analysis.

DomainGeneralInfo

object

General information about the requested domain.

FilesCount

integer

Number of known malicious files.

UrlsCount

integer

Number of known malicious web addresses.

HitsCount

integer

Number of IP addresses related to the domain.

Domain

string

Name of the requested domain.

Ipv4Count

integer

Number of IP addresses (IPv4) for the requested domain.

Categories

Array of strings

Categories of the requested domain.

CategoriesWithZone

Array of objects

Categories of the requested domain and zones that the category belongs to:

Name—Category name.

Zone—Color of the category's zone (Red or Yellow).

DomainWhoIsInfo

object

WHOIS information about the requested domain.

DomainName

string

Name of the requested domain.

Created

string <date-time>

Date when the requested domain was registered.

Updated

string <date-time>

Date when registration information about the requested domain was last updated.

Expires

string <date-time>

Expiration date of the requested domain.

NameServers

Array of strings

Name servers of the requested domain.

Contacts

Array of strings

Contact information for the owner of the requested domain.

Registrar

object

Information about the requested domain's registrar:

Info—Name of the requested domain's registrar.

IanaId—IANA ID of the requested domain's registrar.

DomainStatus

Array of strings

Statuses of the requested domain.

RegistrationOrganization

string

Name of the registration organization.

400 Bad Request

Request not processed: incorrect query.

Make sure you enter the correct parameter, and then try to run the query again.

401 Unauthorized

Request not processed: user authentication failed.

Make sure you enter the correct credentials, and then try to run the query again.

403 Forbidden

Request not processed: quota or request limit exceeded.

Check your quota and limitations, and try to run the query again later.

404 Not Found

Request not processed: requested object lookup results not found.

Make sure the specified object is correct, and then run the query again.

Page top
[Topic DomainLookupAPI]