This view allows you to get DNS-related statistics on any domain you input in the search field. The view is split into 3 subsections:
a. Global Threat Intelligence - displays a top 3 of most accessing processes, the DNS-E matches (the number of times, in the selected timeframe, the domain has been intercepted via DNS-E), the Global DNS-E matches (the number of times, in the selected timeframe, the domain has been intercepted by DNS-E in the Global Heimdal Security database), the domains/URLs related to the same IP Address, the DNS-E + DNS-N matches (the number of times, in the selected timeframe, the domain has been intercepted by DNS-E and DNS-N), the Global DNS-E + DNS-N matches (the number of times, in the selected timeframe, the domain has been intercepted by DNS-E and DNS-N in the Global Heimdal Security database);
b. Predictive DNS Score - displays a maliciousness score based on an Artificial Intelligence algorithm (ranging from 0 to 100) that is corroborated with the presence of the domain (in question) on the DNS Security Endpoint blocklist (blocklist match). The higher the score, the higher the probability that the domain in question is infected. The Predictive DNS Score will showcase a Risk Level (None, Low, Medium, High, Critical) based on the above-mentioned score;
c. DNS Statistics - displays a graphical representation of the daily number of hits for the chosen domain (the blue
the line shows that the queried domain was found clean at the time of the query, while the red line shows that the queried domain was found infected at the time of the query);
d. Requester distribution - displays a map and statistics of top public IP Addresses that called the domain in question (the origin of the DNS query to the domain in question).
IMPORTANT
Heimdal does not share a full repository of the DNS detections due to the tremendous data volume of the AI Predictive DNS, hence VirusTotal will not necessarily show the Heimdal detection. You will have to rely on the Investigate mode in the Heimdal Dashboard.