ESET Online Help

Search
Select the topic

URL feed

The URL feed contains domains that are considered malicious. Compared to the Domain feed, the URL feed can show different results due to different filter options. For example, there are objects blocked at the URL level only and not at the domain level. The feed recognizes and shares the same specifications as the Domain feed. However, there is a URL address instead of a domain name due to identifying the exact location of malicious content.

JSON

Below is a snippet of an URL feed in JSON format.

STIX 2.0

Below is a snippet of an URL feed in JSON format.

 

The following types of STIX domain objects are available for the URL feed:

Indicator—An Indicator of Comprise (IoC) to use for further blocking or investigation.

Observed data—Extra information about the given domain.

Malware—An optional object shared with every domain IoC if a malicious file downloaded from the given domain is detected and blocked.

Sighting—Additional data about the domain hosting the URL. This object is always associated with Observed data, which provides more information about the domain.

Relationship

stix_relationships_url_feed