WHOIS hunting for IP address

The following procedure tells you how to create a tracking rule for a regular WHOIS search for an IP address.

To create a tracking rule for a regular WHOIS search for an IP address:

  1. Open the WHOIS Lookup page (WHOIS Tracking (WHOIS icon.) → WHOIS Hunting), and then select the IP address tab.
  2. In the Rule name field, specify a name for the tracking rule.

    A rule name must be unique.

  3. Select the Notifications enabled check box and specify an email address if you want to receive email notifications when new information appears about the tracking rule.
  4. Specify the priority of a tracking rule:
    • Select Normal available to specify standard priority. Kaspersky Threat Intelligence Portal will run a WHOIS search hourly. Quota for tracking rules with standard priority is specified in your contract with Kaspersky.
    • Select High available to specify high priority. Kaspersky Threat Intelligence Portal will run a WHOIS search hourly. Quota for tracking rules with high priority is specified in your contract with Kaspersky.

      In future Kaspersky Threat Intelligence Portal versions, the search interval for rules with high priority may be decreased.

    The number of available/all tracking rules is displayed for all Kaspersky Threat Intelligence Portal users in your group.

  5. Fill in at least one of the required fields:
    • IP address—IP address or a range of IP addresses you want to investigate.
    • ASN—Autonomous system number.
    • Organization—Name, email address of the organization or the person, or net description. Searches are word-based and case-insensitive. You can search for a phrase by putting your search terms (the entire string) in quotes that the IP address belongs to.
  6. If necessary, specify the following fields in the Advanced options section:
    • Country—Country where IP address is located.

      Use a two-letter country code (ISO 3166-1 alpha-2 standard).

    • Resolution date (range)—Period of time when the IP address was last resolved.
    • Contract created date (range)—Creation date of the organization that the IP address belongs to.
    • Contract updated date (range)—Period of time when WHOIS information about the organization that the IP address belongs to was updated.
  7. Click the Create tracking rule button.

Kaspersky Threat Intelligence Portal will create a tracking rule for an IP address.

Page top