Exporting results for web address

The contents of the files that are included in the CSV archive are described in the table below. The first string in all files contains column names.

CSV archive contents for web address

File name

Description

Columns

UrlPdnsIps.csv

Information about IP addresses that the domain for the requested web address resolves to.

Zone—Color of the zone that the domain belongs to.

Ip—IP address.

Status—Status of the IP address (Known if the country is detected, Reserved for reserved special-purpose IP addresses (see RFC 6890), and NoInfo for IP addresses that do not belong to any country and are not reserved).

CountryCode—Two-letter country code (ISO 3166-1 alpha-2 standard) of a country to which the IP address belongs. For reserved and not defined IP addresses, the NULL value is exported.

HitsCount—Number of IP address detections by Kaspersky expert systems.

FirstSeen—Date and time when the domain for the requested web address first resolved to the IP address, according to your computer local time zone.

LastSeen—Date and time when the domain for the requested web address last resolved to the IP address, according to your computer local time zone.

DailyPeak—Maximum number of domain resolutions to the IP address per day.

PeakDate—Date of maximum number of domain resolutions to the IP address.

ThreatScore—Probability that the requested web address will be dangerous (0 to 100).

UrlDownloaders.csv

Information about MD5 hashes of files that accessed the requested web address.

Zone—Color of the zone that a file belongs to.

AccessedHitsCount—Number of file downloads from the requested web address as detected by Kaspersky expert systems.

Md5—MD5 hash of the downloaded file.

LastSeen—Date and time when the file was last downloaded from the requested web address, according to your computer local time zone.

FirstSeen—Date and time when the file was first downloaded from the requested web address, according to your computer local time zone.

DetectionName—Name of the detected object.

UrlFiles.csv

Information about objects that were downloaded from the requested web address.

Zone—Color of the zone that a file belongs to.

DownloadedHitsCount—Number of file downloads from the requested web address as detected by Kaspersky expert systems.

Md5—MD5 hash of the downloaded file.

LastSeen—Date and time when the file was last downloaded from the requested web address, according to your computer local time zone.

FirstSeen—Date and time when the file was first downloaded from the requested web address, according to your computer local time zone.

DetectionName—Name of the detected object.

Url—Web address from which the file was downloaded.

UrlFeedMasks.csv

Information about masks of the requested web address domain that are detected by Kaspersky expert systems.

Zone—Color of the zone that a domain belongs to (Red, Orange, or Yellow).

TypeType of the requested domain and web addresses mask.

NormalizedMask—Mask of the requested web address domain.

FeedNames—Threat Data Feeds that contain the mask of the requested web address domain.

UrlGeoPlot.csv

Information about web address access spread across the world.

countryCode—Two-letter country code.

value—Number of web address access in a certain country.

UrlReferredBy.csv

Information about web addresses that refer to the requested web address.

Zone—Color of the zone that a web address belongs to.

LastSeen—Date and time when the requested web address was last referred to, according to your computer local time zone.

Url—Web address that refers to the requested web address.

IsUrlTruncated—Shows whether private data was filtered in the displayed web address.

UrlReferredTo.csv

Information about links, forwards, or redirects to displayed web addresses.

Zone—Color of the zone that a web address belongs to.

LastSeen—Date and time when the requested web address last linked, forwarded, or redirected to listed web addresses, according to your computer local time zone.

Url—Web address accessed by the requested web address.

IsUrlTruncated—Shows whether private data was filtered in the displayed web address.

UrlProperties.csv

General information about the requested web address.

Url—Requested web address.

Host—Name of the upper-level domain of the requested web address.

RelatedAptReports—IDs of APT Intelligence reports and Crimeware Threat Intelligence reports, to which the requested object is related. For each report, its ID, type (fin or apt), and title are provided in a JSON-like format (pseudo-JSON), for example: {Id : 632-apt , Type : apt , Title : Sofacy-Delphocy Toolset}. If there are several reports for the requested object, each report is enclosed in braces, and reports are separated by a comma. The report ID can be used as an argument (publication_id) for the get_one endpoint, which is used to obtain specific information for a report.

UrlReputation.csv

Information about the requested web address reputation and categories.

Url—Requested web address.

Zone—Color of the zone that a web address belongs to.

Categories—Categories of the requested object and zones that the category belongs to. Category and zone are provided in a JSON-like format (pseudo-JSON), for example: {Name : CATEGORY_APT, Zone : Red}. If the requested object does not belong to any defined categories, the General category is specified.

HasApt—Shows whether the requested web address is related to an advanced persistent threat (APT) attack.

BotnetCnCThreatName—Name of the detected Botnet C&C.

UrlWhoIsInfo.csv

WHOIS information about the requested web address.

Type—Object type.

DomainName—Name of the domain of the requested web address.

Created—Date when the domain for the requested web address was registered.

Updated—Date when registration information about the domain for the requested web address was last updated.

Expires—Expiration date of the prepaid domain registration term.

NameserverHostnames—Name servers of the domain for the requested web address.

Contacts—Contact information for the owner of the domain.

Registrar—Name, IANA ID, and email of the registrar of the domain.

DomainStatus—Statuses of the domain.

RegistrationOrganization—Name of the registration organization.

UrlSpamInfo.csv

Information about spam attacks associated with the requested web address.

spam_messages—Number of spam messages containing the requested web address.

UrlPhishingInfo.csv

Information about spam attacks associated with the requested web address.

phishing_status—Shows whether the requested web address can be considered as a phishing one.

phishing_attacks—Number of phishing attacks.

phish_kit—Phishing kit name (set of materials and tools) used during the phishing attack.

last_attack_date—Date of the latest phishing attack.

regions—Top 10 regions affected by the phishing attack.

stolen_data_type—Type of data stolen during phishing attack, for example, user names, passwords.

attacked_industry—Target industry of a phishing attack.

attacked_organization—Target organization of a phishing attack.

UrlTimeline.csv

Information about detection statistics and requested object status changes during the certain historical periods. The timeline is generated only when the detection statistics for the period is available for a specific object.

historical_zone—Object zone during the certain period.

historical_status—Object status during the certain period.

start_date—Start date and time of the period when the object was assigned to the certain status.

end_date—End date and time of the period when the object was assigned to the certain status.

categories—Categories assigned to the object during the specified period.

Page top