The Talos Intelligence Reputation Center Search provides a collection of real-time data, part of Cisco’s vast threat intelligence telemetry. Use the Reputation Center to make informed decisions about network traffic.
From the Reputation Center Search, you can:
- Look up websites, URLs and IP addresses and the information we have about them
- Submit a ticket for an IP or domain you own, if you think the conviction or categorizations are incorrect
Is the Data Live?
The data presented on talosintelligence.com is refreshed every 3 hours. This schedule ensures faster query times and manages effective server load.
How do I perform a Web or Email Reputation Lookup?
Use the Reputation Center Search box to look up email and web reputation information using the following criteria:
| IPv4 address | for example, 198.133.219.25. |
| IPv6 address | for example, 2001:420:1101:1::a. |
| CIDR range | either IPv4 or IPv6, for example, 198.133.219.25/24 or 2001:420:1101:1::a/48. |
| Domain or Hostname | for example, cisco.com or www1-v6.cisco.com. |
| URI | for example, http://www.cisco.com/en/US/products/index.html. |
How do I perform a File Reputation Lookup?
Talos File Reputation Lookup allows you to do casual lookups against the Talos File Reputation system. This system is limited to one lookup at a time, and only accepts hashes matching SHA256 hashes. This lookup does not reflect the full capabilities of the Secure Endpoint system.
What is the difference between Email Reputation and Web Reputation?
Talos Reputation Center email reputation is based on data for the IP address associated with a given email server. Talos Reputation Center web reputation is based on data for an entire domain and all associated IP addresses.
Why can domain reputation be different than IP reputation?
When searching for a URL, talosintelligence.com does not calculate its reputation using a host’s resolving IP address, unlike our Cisco Secure Web Appliance (formerly WSA). This is by design, as Dynamic DNS can cause a domain’s resolving IP to change based on multiple factors. Having talosintelligence.com incorporate a domain’s resolving IP into its reputation can result in users receiving different reputations for the same domain.
When a reputation on talosintelligence.com is not matching what the customer sees on their end, we would suggest they use nslookup to find the resolving IP address of a domain and then search talosintelligence.com using the resolving IP. If the resolving IP is listed as “Untrusted,” the domain is most likely being blocked because of this.
What is a Sender Domain Reputation Ticket versus a Sender IP Reputation Ticket?
The Sender IP Reputation tickets should only be used to dispute individual IP addresses that have been wrongly flagged as malicious or have been shown to be sending malicious content and are not being blocked. Sender Domain Reputation tickets are for specific email domains or email addresses and are processed differently than IP addresses.
