Threat lookup results page
After you run a threat lookup request, Kaspersky Threat Intelligence Portal displays a report for the investigated object on the Threat Lookup (
) → Threat Lookup results page.
General information about the investigated object is displayed at the top of the page. The panel with the requested object and its status appears in one of the following colors, depending on the zone of the investigated object:
- Red—Investigated object can be classified as malicious.
- Gray—No data is available for the investigated object.
- Green—Investigated object cannot be classified as malicious.
- Yellow—Investigated object has Adware and other status (Adware, Pornware, and other programs).
- Orange—Investigated object has Not trusted status (categorized as Infected or Compromised).
Also, for IP addresses, the flag of the country to which the requested IP address belongs is displayed. When you hover your mouse over a flag, a tooltip with the country name appears. For IP addresses that do not belong to any country, the flag with a question mark (
) and tooltip No information are displayed.
You can use the following buttons:
- Open in research graph
Opens the research graph for the object.
- Copy request
Copies your request to clipboard.
- Export all results
Exports all investigation results into a CSV, OpenIOC, or STIX format.
Kaspersky Threat Intelligence Portal displays detailed information in separate tables below the report panel. Tables contain up to 10 entries. In most tables, entries are clickable—you can click them to further investigate the object displayed. The number and contents of the tables differ for each request type.
When you click the hint icon (
), a tooltip appears with a brief description of data displayed in the selected table.
The scissors icon (
) indicates that some private data in a displayed web address was filtered out.
In the History table, your local task creation time is displayed. In reports, date and time are displayed in Coordinated Universal Time (UTC) format.
You can use the following buttons located near the table:
- Download data
Exports data from the table. The button is displayed if the table contains data.
- Load more
Opens a window with up to 100 entries for the selected table. The button is displayed if there are more than 10 entries in the table.