After you run a threat lookup request, Kaspersky Threat Intelligence Portal displays a report for the investigated object on the Threat Lookup () → Threat Lookup results page.
General information about the investigated object is displayed at the top of the page. The panel with the requested object and its status appears in one of the following colors, depending on the zone of the investigated object:
Also, for IP addresses, the flag of the country to which the requested IP address belongs is displayed. When you hover your mouse over a flag, a tooltip with the country name appears. For IP addresses that do not belong to any country, the flag with a question mark () and tooltip No information are displayed.
You can use the following buttons:
Opens the research graph for the object.
Copies your request to clipboard.
Exports all investigation results into a CSV, OpenIOC, or STIX format.
Kaspersky Threat Intelligence Portal displays detailed information in separate tables below the report panel. Tables contain up to 10 entries. In most tables, entries are clickable—you can click them to further investigate the object displayed. The number and contents of the tables differ for each request type.
When you click the hint icon (), a tooltip appears with a brief description of data displayed in the selected table.
The scissors icon () indicates that some private data in a displayed web address was filtered out.
In the History table, your local task creation time is displayed. In reports, date and time are displayed in Coordinated Universal Time (UTC) format.
You can use the following buttons located near the table:
Exports data from the table. The button is displayed if the table contains data.
Opens a window with up to 100 entries for the selected table. The button is displayed if there are more than 10 entries in the table.