Running lookup requests

The following procedure tells you how to run a request on Kaspersky Threat Intelligence Portal.

For Kaspersky Anti Targeted Attack and Kaspersky Endpoint Detection and Response users, free lookup requests on Kaspersky Threat Intelligence Portal are available under the extended trial license. You can apply for this feature in one of the following ways: contact your manager (Kaspersky employee) or Kaspersky partner, send an email to ktlsupport@kaspersky.com, or click the Request Access button on the login page. Also, you can request a quota increase for lookup requests by clicking the support icon () in the main menu.

To run a request:

1. In the Search field on any Kaspersky Threat Intelligence Portal page, enter an object you want to investigate and press Enter.

   Kaspersky Threat Intelligence Portal recognizes the type of the requested object and displays investigation results in separate fields on the Threat Lookup () → Threat Lookup results page.

   Note that you might enter the object to search in a defanged form. Such requests are transformed to revert them to their original form. The supported defang sample items are specified in the example below.
   If you enter a defanged domain, IP address, or web address, we recommend to check that after transformation the lookup was conducted for the required object.
   See example

   The supported defang sample items and their original forms that Kaspersky Threat Intelligence Portal displays after transformation are specified in the table below.

   Original and defang forms

   Original form	Defang form	Transformation example
   http://	hxxp://	hXXp://example.com → http://example.com
   https://	hxxps://	HXXPs://example.com → https://example.com
   .	[.]	104.132.161[.]0 → 104.132.161.0

   Note that refanging is case-insensitive.

   If you start a search on one of the Threat Lookup tabs (for example, Lookup, Dark web or Surface web), the selected page remains active when the search results are displayed.

   For a web address, it's length is limited to a maximum of 2000 characters. Other characters will be ignored during a web address investigation.

2. If necessary, click the Load more button and use the pagination to view more items in any data field on the report page.

You can export investigation results as an archive.

After the request is run, results on the report page may differ from the results shown in the Threat Lookup () → History table for the same object because Kaspersky expert systems update information about objects in real time. Investigation results depend on the threat landscape.

You can also run search requests by using the Kaspersky Threat Intelligence Portal API.

Page top