HostPdnsIps.csv

Information about IP addresses that the requested domain resolves to.

Zone—Color of the zone that the domain belongs to.

Ip—IP address.

Status—Status of the IP address (Known if the country is detected, Reserved for reserved special-purpose IP addresses (see RFC 6890), and NoInfo for IP addresses that do not belong to any country and are not reserved).

CountryCode—Two-letter country code (ISO 3166-1 alpha-2 standard) of a country to which the IP address belongs. For reserved and not defined IP addresses, the NULL value is exported.

HitsCount—Number of IP address detections by Kaspersky expert systems.

FirstSeen—Date and time when the requested domain first resolved to the IP address, according to your computer local time zone.

LastSeen—Date and time when the requested domain last resolved to the IP address, according to your computer local time zone.

DailyPeak—Maximum number of domain resolutions to the IP address per day.

PeakDate—Date of maximum number of domain resolutions to the IP address.

ThreatScore—Probability that the requested domain will be dangerous (0 to 100).

HostReferredTo.csv

Information about links, forwards, or redirects to following web addresses.

Zone—Color of the zone that a web address belongs to.

LastSeen—Date and time when the requested domain was last referred to by listed web addresses, according to your computer local time zone.

Url—Web address that refers to the requested domain.

IsUrlTruncated—Shows whether private data was filtered in the displayed web address.

HostFiles.csv

Information about MD5 hashes of files that accessed the requested domain.

Zone—Color of the zone that a file belongs to.

AccessedHitsCount—Number of file downloads from the requested domain as detected by Kaspersky expert systems.

Md5—MD5 hash of the downloaded file.

LastSeen—Date and time when the file was last downloaded from the requested domain, according to your computer local time zone.

FirstSeen—Date and time when the file was first downloaded from the requested domain, according to your computer local time zone.

DetectionName—Name of the detected object.

HostGeoPlot.csv

Information about domain access spread across the world.

countryCode—Two-letter country code.

value—Number of domain access in a certain country.

HostDownloaders.csv

Information about MD5 hashes of files that were downloaded from the requested domain and web addresses of the requested domain.

Zone—Color of the zone that a file belongs to.

DownloadedHitsCount—Number of file downloads from the requested domain as detected by Kaspersky expert systems.

Md5—MD5 hash of the downloaded file.

LastSeen—Date and time when the file was last downloaded from the requested domain, according to your computer local time zone.

FirstSeen—Date and time when the file was first downloaded from the requested domain, according to your computer local time zone.

DetectionName—Date and time when the file was first downloaded from the requested domain.

Url—Web address from which the file was downloaded.

HostProperties.csv

General information about the requested domain.

TotalFilesCount—Number of known files.

TotalUrlsCount—Number of known web addresses.

HitsCount—Number of IP addresses related to the domain.

RelatedAptReports—IDs of APT Intelligence reports and Crimeware Threat Intelligence reports, to which the requested object is related. For each report, its ID, type (fin or apt), and title are provided in a JSON-like format (pseudo-JSON), for example: {Id : 632-apt , Type : apt , Title : Sofacy-Delphocy Toolset}. If there are several reports for the requested object, each report is enclosed in braces, and reports are separated by a comma. The report ID can be used as an argument (publication_id) for the get_one endpoint, which is used to obtain specific information for a report.

HostReputation.csv

Information about the requested domain reputation and categories.

Domain—Name of the requested domain.

Zone—Color of the zone that a domain belongs to.

Categories—Categories of the requested object and zones that the category belongs to. Category and zone are provided in a JSON-like format (pseudo-JSON), for example: {Name : CATEGORY_APT, Zone : Red}. If the requested object does not belong to any defined categories, the General category is specified.

HasApt—Shows whether the requested domain is related to an advanced persistent threat (APT) attack.

BotnetCnCThreatName—Name of the detected Botnet C&C.

HostReferredBy.csv

Information about web addresses that refer to the requested domain.

Zone—Color of the zone that a web address belongs to.

LastSeen—Date and time when the requested domain was last referred to by listed web addresses, according to your computer local time zone.

Url—Web address that refers to the requested domain.

IsUrlTruncated—Shows whether private data was filtered in the displayed web address.

HostSubDomains.csv

Information about hosts related to the requested domain (subdomains).

Zone—Color of the zone that a subdomain belongs to.

Subdomain—Name of the detected subdomain.

UrlsCount—Number of web addresses related to the subdomain.

FilesCount—Number of files hosted on the detected subdomain.

FirstSeen—Date and time when the subdomain was first detected, according to your computer local time zone.

HostFeedMasks.csv

Information about the requested domain and web address masks detected by Kaspersky expert systems.

Zone—Color of the zone that a domain belongs to (Red, Orange, or Yellow).

NormalizedMask—Requested domain mask.

FeedNames—Threat Data Feeds that contain the requested domain mask.

Type—Type of requested domain and web address mask.

HostWhoIsInfo.csv

WHOIS information about the requested domain.

DomainName—Name of the requested domain.

Created—Date when the requested domain was registered.

Updated—Date when registration information about the requested domain was last updated.

Expires—Expiration date of the requested domain.

NameServers—Name servers of the requested domain.

Contacts—Contact information for the owner of the requested domain.

Registrar—Name, IANA ID, and email of the registrar of the requested domain.

DomainStatus—Statuses of the requested domain.

RegistrationOrganization—Name of the registration organization.

HostSimilarDomains.csv

Information about domains with similar names to the requested domain.

Zone—Color of the zone that a similar domain belongs to.

Domain—Similar domain name.

Registration—Date when a similar domain was registered.

Expiration—Expiration date of a similar domain.

Http_open—Shows whether an HTTP port is open.

Https_open—Shows whether an HTTPS port is open.

HostSpamInfo.csv

Information about spam attacks associated with the requested domain.

spam_attacks—Number of spam attacks.

spam_ratio—Ratio of spam generated by the requested domain to the rest of the content.

last_attack_date—Date of the latest spam attack.

spam_attack_types—Array of attack types.

HostPhishingInfo.csv

Information about spam attacks associated with the requested domain.

phishing_attacks—Number of phishing attacks.

phish_kit—Phishing kit name (set of materials and tools) used during the phishing attack.

last_attack_date—Date of the latest phishing attack.

regions—Top 10 regions affected by the phishing attack.

stolen_data_type—Type of data stolen during phishing attack, for example, user names, passwords.

attacked_industry—Target industry of a phishing attack.

attacked_organization—Target organization of a phishing attack.

HostTimeline.csv

Information about detection statistics and requested object status changes during the certain historical periods. The timeline is generated only when the detection statistics for the period is available for a specific object.

historical_zone—Object zone during the certain period.

historical_status—Object status during the certain period.

start_date—Start date and time of the period when the object was assigned to the certain status.

end_date—End date and time of the period when the object was assigned to the certain status.

categories—Categories assigned to the object during the specified period.