Kaspersky Threat Intelligence Portal

Looking up a domain

Looking up a domain

Expand all | Collapse all

Kaspersky Threat Intelligence Portal provides an API for looking up a domain.

Request

Request method: GET

Endpoint: https://opentip.kaspersky.com/api/v1/search/domain

Query parameter: request—Domain that you want to investigate.

cURL command sample:

curl --request GET 'https://opentip.kaspersky.com/api/v1/search/domain?request=<domain>' --header 'x-api-key: <API token>'

Here:

<domain>—The domain that you want to investigate.
<API token>—The API token that you requested in the web interface.

Responses

200 OK

Request processed successfully.

Endpoint returns a JSON object that contains lookup results for the specified domain.

200 OK response parameters

Parameter	Type	Description
`Zone`	string	Color of the zone that a domain belongs to. Available values: `Red`—The domain can be classified as Dangerous. `Orange`—The domain can be classified as Not trusted and may host malicious objects. `Yellow`—The domain is classified as Adware and other (Adware, Pornware, and other programs). `Grey`—No data or not enough information is available for the domain. `Green`—The domain has the Good or No threats detected status. The No threats detected status is applied if the domain was not classified by Kaspersky, but it was previously scanned and/or analyzed, and no threats were detected at the time of the analysis.
`DomainGeneralInfo`	object	General information about the requested domain.
`FilesCount`	integer	Number of known malicious files.
`UrlsCount`	integer	Number of known malicious web addresses.
`HitsCount`	integer	Number of IP addresses related to the domain.
`Domain`	string	Name of the requested domain.
`Ipv4Count`	integer	Number of IP addresses (IPv4) for the requested domain.
`Categories`	Array of strings	Categories of the requested domain.
`CategoriesWithZone`	Array of objects	Categories of the requested domain and zones that the category belongs to: `Name`—Category name. `Zone`—Color of the category's zone (Red or Yellow).
`DomainWhoIsInfo`	object	WHOIS information about the requested domain.
`DomainName`	string	Name of the requested domain.
`Created`	string <date-time>	Date when the requested domain was registered.
`Updated`	string <date-time>	Date when registration information about the requested domain was last updated.
`Expires`	string <date-time>	Expiration date of the requested domain.
`NameServers`	Array of strings	Name servers of the requested domain.
`Contacts`	Array of strings	Contact information for the owner of the requested domain.
`Registrar`	object	Information about the requested domain's registrar: `Info`—Name of the requested domain's registrar. `IanaId`—IANA ID of the requested domain's registrar.
`DomainStatus`	Array of strings	Statuses of the requested domain.
`RegistrationOrganization`	string	Name of the registration organization.

400 Bad Request

Request not processed: incorrect query.

Make sure you enter the correct parameter, and then try to run the query again.

401 Unauthorized

Request not processed: user authentication failed.

Make sure you enter the correct credentials, and then try to run the query again.

403 Forbidden

Request not processed: quota or request limit exceeded.

Check your quota and limitations, and try to run the query again later.

404 Not Found

Request not processed: requested object lookup results not found.

Make sure the specified object is correct, and then run the query again.

Page top

Contents

Looking up a domain