Kaspersky Threat Intelligence Portal

Contents

Lookup requests

This section explains how you can use Kaspersky Threat Intelligence Portal to run lookup requests for hashes, IP addresses, domains, and web addresses. Also, the concept of zones and object lookup results are described.

In this section

Submitting hash, IP address, domain, and web address requests

Hash lookup report

IP address lookup report

Domain and web address lookup report

About zones and statuses
Page top
[Topic LookupRequests]

Submitting hash, IP address, domain, and web address requests

By submitting a lookup request to Kaspersky Threat Intelligence Portal, you agree to our Terms of Use and the Privacy Statement.

To submit a lookup request:

  1. Open Kaspersky Threat Intelligence Portal at: https://opentip.kaspersky.com.
  2. In the Analysis (Sandbox.) section, on the Lookup tab, in the Enter your request here field, enter an object or text you want to investigate in Kaspersky Threat Intelligence Portal:
    • Hash (MD5, SHA1, SHA256).
    • IP address (IPv4).
    • Domain.
    • Web address. Web address length is limited to a maximum of 2000 characters. Other characters will be ignored during a web address investigation.
    • Text. In this case, the Search category is displayed on the Requests page (Request.), but the report is not available.

    Kaspersky Threat Intelligence Portal recognizes the type of the requested object automatically.

  3. If you want to look up the object privately, select the Private submission check box.

    For registered users, the private request results are available on the My requests tab. However, the lookup results can become public only if another user submits the same object publicly.

  4. Press the Enter button.
  5. If necessary, pass the reCAPTCHA test:
    1. Select the I'm not a robot check box in the reCAPTCHA widget.
    2. Follow the instructions to pass the reCAPTCHA test.

The request results are displayed on the report page. The page content varies depending on the requested object type.

Page top
[Topic SubmitRequest]

Hash lookup report

After the hash lookup request is processed, available results are displayed on the report page.

A hash lookup report is consistent with a file analysis report.

In the mobile version of Kaspersky Threat Intelligence Portal, only the basic report for the hash is displayed. You can use a desktop version to view the full report.

Depending on the zone, the hash and its status (Malware, Adware and other, Clean, No threats detected, or Not categorized) are displayed on a panel in one of the following colors:

  • Red—The hash can be classified as Malware.
  • Yellow—The hash is classified as Adware and other (Adware, Pornware, and other programs).
  • Grey—No data is available for the hash.
  • Green—The executed file has Clean or No threats detected status. The No threats detected status is applied if the file was not classified by Kaspersky, but it was previously scanned and/or analyzed, and no threats were detected at the time of the analysis.

The report page contains the following:

  • Overview—Displays general information about the requested hash.
  • Detection names—Displays information about detects related to the requested hash and previously reported in Kaspersky statistics.
  • Dynamic analysis summary—Displays the last file identified by the requested hash scan date and graphics of detects, suspicious activities, extracted files, and network interactions detected by Kaspersky expert systems.
  • Dynamic analysis detects—Displays information about detects registered during the execution of a file identified by the requested hash.
  • Triggered network rules—Displays information about SNORT and Suricata rules triggered during analysis of traffic from the file identified by requested hash.
  • Premium content—Displays sections that contain blurred data about the requested hash. The actual data is available for users with Premium Access to Kaspersky Threat Intelligence Portal. You can request a demo version to view a full report and explore other Kaspersky Threat Intelligence Portal features.

The following tabs are available if the file identified by the requested hash was previously analyzed in Kaspersky Sandbox:

  • Results tab—Displays information about dynamic analysis detects and triggered network rules. For registered users, execution map, information about suspicious activities, and screenshots are also available.
  • Static analysis tab—Displays Portable Executable (PE) information and information about strings extracted during file execution.
  • Tabs that are available for registered users:
    • System activities tab—Displays information about activities that were registered during the file execution.
    • Extracted files tab—Displays information about files that were extracted from network traffic or saved by the executed file during the execution.
    • Network activities tab—Displays information about network activities that were registered during the file execution.
Page top
[Topic HashReport]

Overview for hash

Kaspersky Threat Intelligence Portal provides the following general information about a submitted hash and the file identified by the hash:

General information about hash and file

Field name

Description

Hits

Number of hits (popularity) of the file identified by the requested hash detected by Kaspersky expert systems.

Number of hits is rounded to the nearest power of 10.

First seen

Date and time when the file identified by the requested hash was first detected by Kaspersky expert systems.

Last seen

Date and time when the file identified by the requested hash was last detected by Kaspersky expert systems.

Format

Type of the file identified by the requested hash.

Size

Size of the file identified by the requested hash.

Signed by

Organization that signed the hash.

Packed by

Packer name (if any).

MD5

MD5 hash.

SHA1

SHA1 hash (if available).

SHA256

SHA256 hash.

Page top
[Topic OverviewHash]

Detection names

Kaspersky Threat Intelligence Portal provides the following information about known detects related to the hash and previously reported in Kaspersky statistics:

  • Color of the zone that the detect belongs to (red or yellow).
  • Date and time when the detect was last detected by Kaspersky expert systems.
  • Name of the detect. You can click any entry to view its description on the Kaspersky threats website.
Page top
[Topic DetectionNamesHash]

Dynamic analysis summary

Kaspersky Threat Intelligence Portal provides the following graphical information about detected items, suspicious activities, extracted files, and network interactions detected during execution of the file identified by the requested hash:

Dynamic analysis summary for a hash

Chart name

Description

Detects

The total number of objects detected during execution of the file identified by the requested hash, and the proportion of objects with Malware (red) or Adware and other (yellow) statuses.

Suspicious activities

The total number of suspicious activities registered during execution of the file identified by the requested hash and the proportion of activities with High (red), Medium (yellow), or Low (grey) levels.

Extracted files

The total number of files that were downloaded or dropped by the file identified by the requested hash during the execution process, and the proportion of files with the status of Malicious (extracted files that can be classified as malicious, in red), Adware and other (extracted files that can be classified as Not-a-virus, in yellow), Clean (extracted files that can be classified as not malicious, in green), or Not categorized (no or not enough information about the extracted files is available to define the category, in grey).

Network activities

The total number of registered network activities that the file identified by the requested hash performed during the execution process and the proportion of network interactions with the status of Dangerous (requests to resources with the Dangerous status, in red), Adware and other (requests to resources with the Adware and other status, in yellow), Good (requests to resources with the Good status, in green), or Not categorized (requests to resources with the Not categorized status, in grey).

Page top
[Topic DynamicAnalysisSummaryHash]

Dynamic analysis detects

Kaspersky Threat Intelligence Portal provides the following information about detected objects related to the file identified by the requested hash. If the file identified by the requested hash was previously analyzed in Kaspersky Sandbox, this section is displayed on the Results tab.

Sandbox detection names

Field name

Description

Status

Danger zone (level) associated with object (Malware or Adware and other).

Name

Name of the detected object (for example, HEUR:Exploit.Script.Blocker). Each item in the list is clickable—you can click it to view its description on the Kaspersky threats website.

Page top
[Topic DynamicAnalysisDetectsHash]

Triggered network rules

Kaspersky Threat Intelligence Portal provides the following information about SNORT and Suricata rules triggered during analysis of traffic from the file identified by the requested hash. If the file identified by the requested hash was previously analyzed in Kaspersky Sandbox, this section is displayed on the Results tab.

Triggered network rules

Field name

Description

Zone

Danger zone (level) associated with the network traffic detected by the SNORT or Suricata rule (High, Medium, Low, Info).

Rule

SNORT or Suricata rule name.

Page top
[Topic TriggeredNetworkRulesHash]

Information available to users with Premium Access

Kaspersky Threat Intelligence Portal provides the following detailed information about the requested hash, if available, to users with Premium Access.

Signatures and certificates tab

Information about file signatures and certificates

Table name

Description

Table fields

File signatures and certificates

Information about signatures and certificates of the file identified by the requested hash.

Status—Status of the file certificate.

Vendor—Owner of the certificate.

Publisher—Publisher of the certificate.

Signed—Date and time when the certificate was signed.

Issued—Date and time when the certificate was issued.

Expires—Expiration date of the certificate.

Serial number—Serial number of the certificate.

Container signatures and certificates

Information about signatures and certificates of the container.

Status—Status of the container's certificate.

Container MD5—MD5 hash of the container's file.

Signed—Date and time when the container's certificate was signed.

Issued—Date and time when the container's certificate was issued.

Expires—Expiration date of the container's certificate.

Paths tab

Information about file paths

Table name

Description

Table fields

File paths

Known paths to the file on computers using Kaspersky software.

Hits—Number of path detections by Kaspersky expert systems.

Path—Path to the file on user computers identified by the requested hash.

Location—Root folder or drive where the file identified by the requested hash is located on user computers.

Names tab

Information about file names

Table name

Description

Table fields

File names

Known names of the file on computers using Kaspersky software.

Hits—Number of file name detections by Kaspersky expert systems.

File name—Name of the file identified by the requested hash.

Downloads tab

Information about web addresses from which the file was downloaded

Table name

Description

Table fields

File downloaded from web addresses and domains

Web addresses and domains from which the file was downloaded.

Status—Status of web addresses or domains used to download the file identified by the requested hash.

Web address—Web addresses used to download the file identified by the requested hash.

Last downloaded—Date and time when the file identified by the requested hash was last downloaded from the web address / domain.

Domain—Upper domain of the web address used to download the file identified by the requested hash.

IP count—Number of IP addresses that the domain resolves to.

Web addresses tab

Information about web addresses

Table name

Description

Table fields

File accessed the following web addresses

Web addresses accessed by the file identified by the requested hash.

Status—Status of accessed web addresses.

Web address—Web addresses accessed by the file identified by the requested hash.

Last accessed—Date and time when the file identified by the requested hash last accessed the web address.

Domain—Upper domain of the web address accessed by the file identified by the requested hash.

IP count—Number of IP addresses that the domain resolves to.

Started objects tab

Information about started objects

Table name

Description

Table fields

File started the following objects

Objects started by the file identified by the requested hash.

Status—Status of started objects.

Hits—Number of times the file identified by the requested hash started the object, as detected by Kaspersky expert systems.

File MD5—MD5 hash of the started object.

Location—Root folder or drive where the started object is located on user computers.

Path—Path to the object on user computers.

File name—Name of the started object.

Last started—Date and time when the object was last started by the file identified by the requested hash.

Detection name—Name of the detected object (for example, HEUR:Exploit.Script.Blocker).

File was started by the following objects

Objects that started the file identified by the requested hash.

Status—Status of objects that started the file identified by the requested hash.

Hits—Number of times the file identified by the requested hash was started, as detected by Kaspersky expert systems.

File MD5—MD5 hash of the object that started the file identified by the requested hash.

Location—Root folder or drive where the object is located on user computers.

Path—Path to the object on user computers.

File name—Name of the object that started the file identified by the requested hash.

Last started—Date and time when the file identified by the requested hash was last started.

Detection name—Name of the detected object (for example, HEUR:Exploit.Script.Blocker).

Downloaded objects tab

Information about downloaded objects

Table name

Description

Table fields

File downloaded the following objects

Objects downloaded by the file identified by the requested hash.

Status—Status of downloaded objects.

Hits—Number of times the object was downloaded, as detected by Kaspersky expert systems.

File MD5—MD5 hash of the downloaded object.

Location—Root folder or drive where the downloaded object is located on user computers.

Path—Path to the downloaded object on user computers.

File name—Name of the downloaded object.

Last downloaded—Date and time when the object was last downloaded by the file identified by the requested hash.

Detection name—Name of the detected object (for example, HEUR:Exploit.Script.Blocker).

File was downloaded by the following objects

Objects that downloaded the file identified by the requested hash.

Status—Status of objects that downloaded the file identified by the requested hash.

Hits—Number of times the file identified by the requested hash was downloaded, as detected by Kaspersky expert systems.

File MD5—MD5 hash of the object that downloaded the file identified by the requested hash.

Location—Root folder or drive where the object is located on user computers.

File name—Name of the object that downloaded the file identified by the requested hash.

Path—Path to the object on user computers.

Last downloaded—Date and time when the file identified by the requested hash was last downloaded.

Detection name—Name of the detected object (for example, HEUR:Exploit.Script.Blocker).

Page top
[Topic PremiumAccessHash]

IP address lookup report

After the IP address lookup request is processed, available results are displayed on the report page.

Depending on the IP address's zone, the IP address and its status (Dangerous, Not trusted, Good, or Not categorized) are displayed on a panel in one of the following colors:

  • Red—The IP address can be classified as Dangerous.
  • Orange—The IP address can be classified as Not trusted and may host malicious objects.
  • Yellow—The IP address is classified as Adware and other (Adware, Pornware, and other programs).
  • Grey—No data is available for the IP address.
  • Green—The IP address does not generate malicious activity.

The flag of the country that the requested IP address belongs to is also displayed. When you hover your mouse over the flag, a tooltip with the country name appears. For reserved IP addresses, the crossed out flag (Crossed out flag.) and the Reserved IP address tooltip are displayed. For IP addresses that do not belong to any country, the flag with a question mark (Flag with question mark.) and the No information tooltip are displayed.

The report page contains the following:

  • Overview—Displays general information about the requested IP address.
  • Geography—Displays the world cyber-map and lights up the country that the requested IP address originates from.
  • WHOIS—Displays WHOIS information about the IP address.
  • Premium content—Displays sections that contain blurred data about the requested IP address. The actual data is available for users with Premium Access to Kaspersky Threat Intelligence Portal. You can request a demo version to view a full report and explore other Kaspersky Threat Intelligence Portal features.
Page top
[Topic IPaddressReport]

Overview for IP address

Kaspersky Threat Intelligence Portal provides the following general information about a submitted IP address:

General information about IP address

Field name

Description

Hits

Hit number (popularity) of the requested IP address.

Hit number is rounded to the nearest power of 10.

First seen

Date and time when the requested IP address first appeared in Kaspersky expert systems statistics, according to your computer local time zone.

Created

Date when the requested IP address was registered.

Updated

Date when information about the requested IP address was last updated.

Categories

Categories of the requested IP address. If the IP address does not belong to any of the defined categories, the General category is displayed.

Page top
[Topic OverviewIP]

Geography

Kaspersky Threat Intelligence Portal displays the world cyber-map and lights up the country that the requested IP address originates from.

The cyber-map is displayed only for IP addresses that belong to one known country. Also, the cyber-map is not displayed if the IP address belongs to a reserved range.

Page top
[Topic Geography]

WHOIS

Kaspersky Threat Intelligence Portal provides WHOIS information about the requested IP address.

WHOIS information about IP address

Field name

Description

IP range

Range of IP addresses in the network that the requested IP address belongs to.

Net name

Name of the network that the requested IP address belongs to.

Net description

Description of the network that the requested IP address belongs to.

Created

Date when the requested IP address was registered.

Changed

Date when information about the requested IP address was last updated.

AS description

Autonomous system description.

ASN

Autonomous system number.

Page top
[Topic WHOIS]

Information available to users with Premium Access

Kaspersky Threat Intelligence Portal provides the following detailed information about the requested IP address, if available, to users with Premium Access.

DNS resolutions tab

Information about DNS resolutions

Table name

Description

Table fields

DNS resolutions for IP address

pDNS information for the requested IP address.

Status—Status of domains.

Hits—Number of times that the domain resolved to the requested IP address.

Domain—Domain that resolves to the requested IP address.

First resolved—Date and time when the domain first resolved to the requested IP address.

Last resolved—Date and time when the domain last resolved to the requested IP address.

Peak date—Date of maximum number of domain resolutions to the requested IP address.

Daily peak—Maximum number of domain resolutions to the requested IP address per day.

Related files tab

Information about related files

Table name

Description

Table fields

Files related to IP address

MD5 hashes of files downloaded from web addresses containing domains that resolve to the requested IP address.

Status—Status of downloaded files.

Hits—Number of times that a file was downloaded from the requested IP address, as detected by Kaspersky expert systems.

File MD5—MD5 hash of the downloaded file.

Detection name—Name of the detected object (for example, HEUR:Exploit.Script.Blocker).

Web address—Web addresses used to download the file.

Last seen—Date and time that the file was last downloaded from the requested IP address.

First seen—Date and time the file was first downloaded from the requested IP address.

Hosted web addresses tab

Information about hosted web addresses

Table name

Description

Table fields

Hosted web addresses

Web addresses of the domain that resolves to the requested IP address.

Status—Status of web addresses and domains.

Hits—Number of web address detections by Kaspersky expert systems.

Web address—Detected web address.

First seen—Date and time when the web address was first detected.

Last seen—Date and time when the web address was last detected.

Web address masks tab

Information about web address masks

Table name

Description

Table fields

Web address masks

Masks of detected by Kaspersky expert systems addresses that contain the IP addresses and web addresses of the domain that resolves to the requested IP address.

Status—Status of web addresses covered by the corresponding mask (Dangerous or Adware and other).

Type—Type of the mask.

Mask—Web address mask.

Feeds—Threat Data Feeds that contain the web address mask.

Page top
[Topic PremiumAccessIP]

Domain and web address lookup report

After the domain or web address lookup request is processed, available results are displayed on the report page.

A domain lookup report is consistent with a web address lookup report.

In the mobile version of Kaspersky Threat Intelligence Portal, only the following sections are available for the domain or web address: Overview, WHOIS, Dynamic analysis summary, and Sandbox detection names. You can use a desktop version to view the full report.

Depending on the zone of the domain or web address, the requested object and its status (Dangerous, Adware and other, Good, or Not categorized) are displayed on a panel in one of the following colors:

  • Red—There are malicious objects related to the domain or web address.
  • Orange—The domain or web address can be classified as Not trusted and may host malicious objects.
  • Yellow—There are objects related to the domain or web address, which can be classified as Not-a-virus.
  • Grey—No data is available for a domain or web address.
  • Green—The domain or web address cannot be classified as Dangerous.

The report page contains the following:

  • Overview—Displays general information about the requested domain or web address.
  • WHOIS—Displays the WHOIS information about the requested domain or web address.
  • Premium content—Displays sections that contain blurred data about the requested domain or web address. The actual data is available for users with Premium Access to Kaspersky Threat Intelligence Portal. You can request a demo version to view a full report and explore other Kaspersky Threat Intelligence Portal features.

The following tabs are available if the web address was previously analyzed in Kaspersky Sandbox:

  • Detection names—Displays detected items that were registered during the web address analysis.
  • Triggered network rules—Displays SNORT and Suricata rules that were triggered during the web address traffic analysis.
  • Connected hosts—Displays IP addresses that were accessed in all HTTP and HTTPS requests after the FQDN resolved.
  • Suspicious activities—Displays suspicious activities that were registered during the web address analysis.
  • HTTP(S) requests—Displays HTTP and HTTPS requests that were registered during the web address analysis.
  • DNS requests—Displays DNS requests that were registered during the web address analysis.
  • Screenshots—Displays a set of screenshots that were taken during the web address analysis.
Page top
[Topic DomainURLReport]

Overview for domain or web address

Kaspersky Threat Intelligence Portal provides the following general information about a submitted domain or web address:

General information about domain or web address

Field name

Description

IPv4 count

Number of known IP addresses that the requested domain or web address resolves to.

Files count

Number of known malicious files related to the requested web address.

Created

Requested domain or web address creation date.

Expires

Requested domain or web address expiration date. /Name of the upper-level domain. /Name of the registration organization. /Name of the domain name registrar.

Categories

Categories of the requested domain or web address. If the domain or web address does not belong to any of the defined categories, the General category is displayed.

Page top
[Topic OverviewDomainWebAddress]

WHOIS

Kaspersky Threat Intelligence Portal provides WHOIS information about the host of the requested web address.

A host may be specified by a fully qualified domain name (FQDN) or by an IP address in dot-decimal notation.

Kaspersky Threat Intelligence Portal does not process web addresses if the host is specified by a local, private, or service IP address. In this case, the lookup results should be interpreted with caution.

Host specified by FQDN

WHOIS section for FQDN as a host

Field name

Description

Domain name

Name of the domain for the analyzed web address.

Domain status

Status of the domain for the analyzed web address.

Created

Date when the domain for the analyzed web address was registered.

Updated

Date when the registration information about the domain for the analyzed web address was last updated.

Paid until

Expiration date of the prepaid domain registration term.

Registrar info

Name of the domain registrar for the analyzed web address.

IANA ID

IANA ID of the domain registrar.

Name servers

List of domain name servers for the analyzed web address.

Host specified by IP address

WHOIS section for IP address as a host

Field name

Description

IP range

Range of IP addresses in the network that the host belongs to. Also, the flag of the country that the IP address belongs to is displayed. When you hover your mouse over the flag, a tooltip with the country name appears.

Net name

Name of the network that the IP address belongs to.

Net description

Description of the network that the IP address belongs to.

Created

Date when the IP address was registered.

Changed

Date when information about the IP address was last updated.

AS description

Autonomous system description.

ASN

Autonomous system number according to RFC 1771 and RFC 4893.

Page top
[Topic WHOISdomain]

Information available to users with Premium Access

Kaspersky Threat Intelligence Portal provides the following detailed information about the requested domain or web address, if available, to users with Premium Access.

DNS resolutions tab

Information about DNS resolutions

Table name

Description

Table fields

DNS resolutions for domain/web address

IP addresses that the requested domain or web address resolves to.

Status—Status of IP address.

Threat score—Probability that the IP address will be dangerous (0 to 100).

Hits—Number of IP address detections by Kaspersky expert systems.

IP—IP addresses.

First resolved—Date and time when the requested domain / web address first resolved to the IP address.

Last resolved—Date and time when the requested domain / web address last resolved to the IP address.

Peak date—Date of maximum number of requested domain / web address resolutions to the IP address.

Daily peak—Maximum number of requested domain / web address resolutions to the IP address per day.

Downloaded files tab

Information about downloaded files

Table name

Description

Table fields

Files downloaded from requested domain / web address

MD5 hashes of files that were downloaded from the requested domain or web address.

Status—Status of files that were downloaded.

Hits—Number of file downloads from the requested domain / web address, as detected by Kaspersky expert systems.

File MD5—MD5 hash of the downloaded file.

Last seen—Date and time when the file was last downloaded from the requested domain / web address.

First seen—Date and time when the file was first downloaded from the requested domain / web address.

Web address—Web addresses used to download the file.

Detection name—Name of the detected object (for example, HEUR:Exploit.Script.Blocker).

Accessed files tab

Information about accessed files

Table name

Description

Table fields

Files accessed requested domain/web address

MD5 hashes of files that accessed the requested domain or web address.

Status—Status of files that accessed the requested domain / web address.

Hits—Number of times the file accessed the requested domain / web address.

File MD5—MD5 hash of the file that accessed the requested domain / web address.

Last seen—Date and time when the file last accessed the requested domain / web address.

First seen—Date and time when the file first accessed the requested domain / web address.

Detection name—Name of the detected object (for example, HEUR:Exploit.Script.Blocker).

Subdomains tab

Information about subdomains

Table name

Description

Table fields

Subdomains

Subdomains for the requested domains.

Status—Status of subdomains.

Subdomain name—Name of the detected subdomain.

Web address count—Number of web addresses related to the subdomain.

Hosted files—Number of files hosted on the detected subdomain.

First seen—Date and time when the subdomain was first detected.

Referrals tab

Information about referrals

Table name

Description

Table fields

Referrals to domain/web address

Web addresses that refer to the requested domain or web address.

Status—Status of web addresses that refer to the requested domain / web address.

Web address—Web address that refers to the requested domain or web address.

Last reference—Date and time when the requested domain / web address was last referred to by listed web addresses.

Domain referrals tab

Information about domain referrals

Table name

Description

Table fields

Domain referred to the following web addresses

Web addresses that the requested domain links, forwards, or redirects to.

Status—Status of web addresses that the requested domain links, forwards, or redirects to.

Web address—Web address accessed by the requested domain.

Last reference—Date and time when the requested domain last linked, forwarded, or redirected to listed web addresses.

Web address masks tab

Information about web address masks

Table name

Description

Table fields

Web address masks

Masks of the requested web address's domain, which were detected by Kaspersky expert systems.

Status—Status of web addresses covered by the corresponding mask (Dangerous or Adware and other).

Type—Type of the mask.

Mask—Requested domain / web address mask.

Feeds—Threat Data Feeds that contain the requested domain mask.

Page top
[Topic PremiumAccessDomainURL]

About zones and statuses

All investigated objects are assigned to zones. A zone indicates the danger level of the object. All related objects are assigned to their own zones. Their zones and the zone of the investigated object may not match.

The list of zones is common for all types of objects, but not all zones can be applied to all types of objects.

Each type of object has its own set of statuses that most accurately describe the danger of objects of this type.

The relationships between the zones and statuses for all object types are provided in the table below.

Zones and statuses

Zone

Danger level

Hash status

IP address status

Domain status

Web address status

Red

High

Malware

Dangerous

Dangerous

Dangerous

Orange

Medium

n/a*

Not trusted

Not trusted

Not trusted

Yellow

Medium

Adware and other

Adware and other

Adware and other

Adware and other

Grey

Info

Not categorized

Not categorized

Not categorized

Not categorized

Green

Low

Clean / No threats detected

Good / No threats detected

Good / No threats detected

Good / No threats detected

* n/a – Not applicable

Page top
[Topic AboutZones]
© 2025 AO Kaspersky Lab