Contents
IP address lookup report
After the IP address lookup request is processed, available results are displayed on the report page.
Depending on the IP address's zone, the IP address and its status (Dangerous, Not trusted, Good, or Not categorized) are displayed on a panel in one of the following colors:
- Red—The IP address can be classified as Dangerous.
- Orange—The IP address can be classified as Not trusted and may host malicious objects.
- Yellow—The IP address is classified as Adware and other (Adware, Pornware, and other programs).
- Grey—No data is available for the IP address.
- Green—The IP address does not generate malicious activity.
The flag of the country that the requested IP address belongs to is also displayed. When you hover your mouse over the flag, a tooltip with the country name appears. For reserved IP addresses, the crossed out flag (
) and the Reserved IP address tooltip are displayed. For IP addresses that do not belong to any country, the flag with a question mark (
) and the No information tooltip are displayed.
The report page contains the following:
- Overview—Displays general information about the requested IP address.
- Geography—Displays the world cyber-map and lights up the country that the requested IP address originates from.
- WHOIS—Displays WHOIS information about the IP address.
- Premium content—Displays sections that contain blurred data about the requested IP address. The actual data is available for users with Premium Access to Kaspersky Threat Intelligence Portal. You can request a demo version to view a full report and explore other Kaspersky Threat Intelligence Portal features.
Overview for IP address
Kaspersky Threat Intelligence Portal provides the following general information about a submitted IP address:
General information about IP address
Field name |
Description |
|---|---|
Hits |
Hit number (popularity) of the requested IP address. Hit number is rounded to the nearest power of 10. |
First seen |
Date and time when the requested IP address first appeared in Kaspersky expert systems statistics, according to your computer local time zone. |
Created |
Date when the requested IP address was registered. |
Updated |
Date when information about the requested IP address was last updated. |
Categories |
Categories of the requested IP address. If the IP address does not belong to any of the defined categories, the General category is displayed. |
Geography
Kaspersky Threat Intelligence Portal displays the world cyber-map and lights up the country that the requested IP address originates from.
The cyber-map is displayed only for IP addresses that belong to one known country. Also, the cyber-map is not displayed if the IP address belongs to a reserved range.
Page topWHOIS
Kaspersky Threat Intelligence Portal provides WHOIS information about the requested IP address.
WHOIS information about IP address
Field name |
Description |
|---|---|
IP range |
Range of IP addresses in the network that the requested IP address belongs to. |
Net name |
Name of the network that the requested IP address belongs to. |
Net description |
Description of the network that the requested IP address belongs to. |
Created |
Date when the requested IP address was registered. |
Changed |
Date when information about the requested IP address was last updated. |
AS description |
Autonomous system description. |
ASN |
Autonomous system number. |
Information available to users with Premium Access
Kaspersky Threat Intelligence Portal provides the following detailed information about the requested IP address, if available, to users with Premium Access.
DNS resolutions tab
Information about DNS resolutions
Table name |
Description |
Table fields |
|---|---|---|
DNS resolutions for IP address |
pDNS information for the requested IP address. |
Status—Status of domains. Hits—Number of times that the domain resolved to the requested IP address. Domain—Domain that resolves to the requested IP address. First resolved—Date and time when the domain first resolved to the requested IP address. Last resolved—Date and time when the domain last resolved to the requested IP address. Peak date—Date of maximum number of domain resolutions to the requested IP address. Daily peak—Maximum number of domain resolutions to the requested IP address per day. |
Related files tab
Information about related files
Table name |
Description |
Table fields |
|---|---|---|
Files related to IP address |
MD5 hashes of files downloaded from web addresses containing domains that resolve to the requested IP address. |
Status—Status of downloaded files. Hits—Number of times that a file was downloaded from the requested IP address, as detected by Kaspersky expert systems. File MD5—MD5 hash of the downloaded file. Detection name—Name of the detected object (for example, HEUR:Exploit.Script.Blocker). Web address—Web addresses used to download the file. Last seen—Date and time that the file was last downloaded from the requested IP address. First seen—Date and time the file was first downloaded from the requested IP address. |
Hosted web addresses tab
Information about hosted web addresses
Table name |
Description |
Table fields |
|---|---|---|
Hosted web addresses |
Web addresses of the domain that resolves to the requested IP address. |
Status—Status of web addresses and domains. Hits—Number of web address detections by Kaspersky expert systems. Web address—Detected web address. First seen—Date and time when the web address was first detected. Last seen—Date and time when the web address was last detected. |
Web address masks tab
Information about web address masks
Table name |
Description |
Table fields |
|---|---|---|
Web address masks |
Masks of detected by Kaspersky expert systems addresses that contain the IP addresses and web addresses of the domain that resolves to the requested IP address. |
Status—Status of web addresses covered by the corresponding mask (Dangerous or Adware and other). Type—Type of the mask. Mask—Web address mask. Feeds—Threat Data Feeds that contain the web address mask. |