The table below contains possible sections available for a web address investigation in JSON format.
Section in API
|
Section in web interface
|
Description
|
LicenseInfo
|
—
|
Information on the license used.
AccessType—License type ("Commercial" or "Trial").
DayRequests—Number of requests performed in the current day (for a commercial license).
DayQuota—Daily limit of requests (for a commercial license).
TokenExpirationDate—Date when an API token expires. If there is no API token requested, the null value is returned.
|
Zone
|
On the Threat Lookup results page, the panel with the requested object and its status appears in a certain color, depending on the zone of the investigated object.
|
Color of the zone that a web address belongs to.
|
RelatedObjects
|
—
|
Information about the presence of malicious objects associated with the indicator.
HasRedZone—Shows whether there are malicious objects (zone=red) related to the indicator: true—there are related malicious objects; false—no related malicious objects.
|
UrlGeneralInfo
|
Overview
|
General information about the requested web address.
Url—Requested web address.
Host—Name of the upper-level domain of the requested web address.
Ipv4Count—Number of IP addresses (IPv4) for the requested web address.
FilesCount—Number of files for the requested web address.
Categories—Categories of the requested web address.
CategoriesWithZone—Categories of the requested web address and zones that the category belongs to.
HasApt—Shows whether the requested web address is related to an advanced persistent threat (APT) attack.
RelatedAptReports—Array of objects that describe APT Intelligence reports, Crimeware Threat Intelligence reports, and Industrial Threat Intelligence reports, to which the requested web address is related. Each object contains a report's ID, type, and title. The report ID can be used as an argument (publication_id) for the get_one endpoint, which is used to obtain specific information for a report. If the requested web address is not related to reports, an empty array is returned.
|
FilesAccessed
|
Files that accessed requested URL
|
Information about MD5 hashes of files that accessed the requested web address.
Zone—Color of the zone that a file belongs to.
AccessedHitsCount—Number of file downloads from the requested web address as detected by Kaspersky expert systems.
Md5—MD5 hash of the downloaded file.
LastSeen—Date and time when the file was last downloaded from the requested web address, according to your computer local time zone.
FirstSeen—Date and time when the file was first downloaded from the requested web address, according to your computer local time zone.
DetectionName—Name of the detected object.
|
FilesDownloaded
|
Files downloaded from requested URL
|
Information about objects that were downloaded from the requested web address.
Zone—Color of the zone that a file belongs to.
DownloadedHitsCount—Number of file downloads from the requested web address as detected by Kaspersky expert systems.
Md5—MD5 hash of the downloaded file.
LastSeen—Date and time when the file was last downloaded from the requested web address, according to your computer local time zone.
FirstSeen—Date and time when the file was first downloaded from the requested web address, according to your computer local time zone.
DetectionName—Name of the detected object.
|
UrlReferrals
|
Referrals to requested URL
|
Information about web addresses that refer to the requested web address.
Zone—Color of the zone that a web address belongs to.
LastSeen—Date and time when the requested web address was last referred to, according to your computer local time zone.
Url—Web address that refers to the requested web address.
IsUrlTruncated—Shows whether private data was filtered in the displayed web address.
|
UrlReferredTo
|
Requested object linked, forwarded, or redirected to the following URLs
|
Information about web addresses that the requested object linked, forwarded, or redirected to.
Zone—Color of the zone that a web address belongs to.
LastSeen—Date and time when the requested web address last linked, forwarded, or redirected to listed web addresses, according to your computer local time zone.
Url—Web address accessed by the requested web address.
IsUrlTruncated—Shows whether private data was filtered in the displayed web address.
|
UrlDomainWhoIs
|
WHOIS
|
Information about the requested web address will be provided.
DomainName—Name of the domain of the requested web address.
Created—Date when the domain for the requested web address was registered.
Updated—Date when registration information about the domain for the requested web address was last updated.
Expires—Expiration date of the prepaid domain registration term.
NameServers—Name servers of the domain for the requested web address.
Contacts—Contact information for the owner of the domain, including:
ContactType
Name
Organization
Address
City
State
PostalCode
CountryCode
Phone
Fax
Email
Registrar—Name, IANA ID, and email of the registrar of the domain.
DomainStatus—Statuses of the domain.
RegistrationOrganization—Name of the registration organization.
Asn—Autonomous system number, including:
Number
Description
Net—Information about the network, including:
RangeStart
RangeEnd
Created
Changed
Name
Description
|
DomainDnsResolutions
|
DNS resolutions for domain
|
Information about the requested web address:
Zone—Color of the zone that the domain belongs to.
Ip—IP address.
CountryCode—Two-letter country code (ISO 3166-1 alpha-2 standard) of a country to which the IP address belongs. For reserved and not defined IP addresses, the NULL value is exported.
Status—Status of the IP address (Known if the country is detected, Reserved for reserved special-purpose IP addresses (see RFC 6890), and NoInfo for IP addresses that do not belong to any country and are not reserved).
HitsCount—Number of IP address detections by Kaspersky expert systems.
FirstSeen—Date and time when the domain for the requested web address first resolved to the IP address, according to your computer local time zone.
LastSeen—Date and time when the domain for the requested web address last resolved to the IP address, according to your computer local time zone.
DailyPeak—Maximum number of domain resolutions to the IP address per day.
PeakDate—Date of maximum number of domain resolutions to the IP address.
ThreatScore—Probability that the requested web address will be dangerous (0 to 100).
|
FeedMasks
|
URL masks
|
Information about the requested web address.
Zone—Zone of web addresses covered by the corresponding mask (Red or Yellow).
NormalizedMask—Mask of the requested web address's domain.
FeedNames—Threat Data Feeds that contain the mask of the requested web address's domain.
|
UrlSpamInfo
|
Spam attacks
|
Information about spam attacks associated with the requested web address.
spam_messages—Number of spam messages containing the requested web address.
|
UrlPhishingInfo
|
Phishing attacks
|
Information about phishing attacks associated with the requested web address.
phishing_status—Indicates whether the requested web address can be considered as phishing one.
phishing_attacks—Number of phishing attacks.
last_attack_date—Date of the latest phishing attack.
regions—Top 10 regions affected by the phishing attack.
phish_kit—Name of a phishing kit (a set of materials and tools) used during the phishing attack.
stolen_data_type—Type of data stolen during phishing attack, for example, user names, passwords.
attacked_industry—Target industry of a phishing attack.
attacked_organization—Target organization of a phishing attack.
|
DataFeeds
|
Data Feeds
|
List of Threat Data Feeds that contain information about the requested web address. If the requested web address is not mentioned in Threat Data Feeds, this section is not returned.
|