HTTP(S) requests section

Kaspersky Threat Intelligence Portal provides information about HTTP and HTTP over TLS (HTTPS) requests that were registered when browsing the web address.

HTTP requests section

Table fields

Description

Status

Status of a web address in the HTTP(S) request. The web address can be assigned one of the following statuses:

Dangerous (there are malicious objects related to the web address).

Not trusted (categorized as Infected or Not trusted).

Adware and other (there are objects related to the web address, which can be classified as Not-a-virus).

Good (the web address is not malicious).

Not categorized (no or not enough information about the web address is available to define the category).

Scheme

Web address scheme that identifies the protocol which was used (HTTP or HTTPS).

URL

Web address to which the request was registered.

IP

IP address that indicates the host. The corresponding flag and the status of the IP address are also displayed.

Request

HTTP(S) request details:

Method—Method of sending an HTTP request. The HTTP method can be one of the following: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, or PATCH.

Scheme—Web address scheme that identifies the protocol which was used (HTTP or HTTPS).

Request body—MD5 hash of a file in the HTTP(S) request. Item is clickable, and navigates to hash investigation results on the Threat Lookup results page.

StatusStatus of a file in the HTTP(S) request.

Detection names—Names of the detected objects (for example, HEUR:Exploit.Script.Blocker).

Size—Size of a file in the HTTP(S) request in bytes.

Type—Content type of the HTTP(S) request.

File type—File type in the HTTP(S) request, which was detected by Kaspersky expert systems.

Request headers—Additional fields displayed as key:value. Standard header names are based on the RFC2616 Hypertext Transfer Protocol -- HTTP/1.1. Custom headers (for example, x-ms-request-id) are highlighted in blue.

Response

Response details:

Code—Response code for the HTTP(S) request.

Response body—MD5 hash of a file in the HTTP(S) response. The item is clickable and navigates to the hash investigation results on the Threat Lookup results page.

StatusStatus of a file in the HTTP(S) response.

Detection names—Names of the detected objects (for example, HEUR:Exploit.Script.Blocker).

Size—Size of a file in the HTTP(S) response in bytes.

Type—Content type of the HTTP(S) response.

File type—File type in the HTTP(S) response, which was detected by Kaspersky expert systems.

Response headers—Additional fields displayed as key:value. Standard header names are based on the RFC2616 Hypertext Transfer Protocol - HTTP/1.1. Custom headers (for example, x-ms-request-id) are highlighted in blue.

Page top