APT C&C Tracking API

This section explains how to request a list of dangerous IP addresses by using the Kaspersky Threat Intelligence Portal API.

Before working with the Kaspersky Threat Intelligence Portal API, you must accept the Terms and Conditions online in your browser at https://tip.kaspersky.com.

To work with C&C Tracking by using the Kaspersky Threat Intelligence Portal API:

  1. Make sure that the application you use for working with Kaspersky Threat Intelligence Portal API uses the certificate you received from Kaspersky.
  2. In the Authorization field of the HEADER section, specify the user name and password that you received from Kaspersky.
  3. Specify the Basic authentication scheme.
  4. Specify the GET HTTP method.
  5. Run your query by using the api/apt_cnc/{country} method described below.


Request method: GET

Endpoint: https://tip.kaspersky.com/api/apt_cnc/{country}

Query parameters:

Expected parameters




The two-letter code of a country you want to receive a feed for.

Required parameter.

Available values:

all—The response will contain information for all countries.

The two-letter country code (lowercase).

Request example:

Get a list of dangerous IP addresses:

curl -u <user name> --cert <full path to the certificate on your computer> -X GET 'https://tip.kaspersky.com/api/apt_cnc/ru'


200 OK

401 Unauthorized

403 Forbidden

451 Unavailable For Legal Reasons

Page top