If you own or have come across a domain, URL, or IP that you believe has the incorrect reputation, please submit a reputation adjustment ticket. You must be logged into your account in order to submit a ticket. If you do not have a CCO ID through Cisco, you may create a free guest account. Up to 50 entries can be submitted at a time.
After you submit a ticket you can view its status on your My Tickets page.Submit a Web Reputation Ticket
Customers that own or have come across an IP address with an incorrect sender reputation through Cisco Secure, or would like to lower a sender IP's reputation scoring in response to receiving malicious files, can submit a sender IP reputation ticket. You must be logged into your account in order to submit a ticket. If you do not have a CCO ID through Cisco, you may create a free guest account.
After you submit a ticket you can view its status on your My Tickets page.Submit a Sender IP Reputation Ticket
Customers that own or have come across an email domain with an incorrect sender reputation through Cisco Secure, or would like to lower a sender domain's reputation scoring in response to receiving malicious files, can submit a sender domain reputation ticket. You must be logged into your account in order to submit a ticket. If you do not have a CCO ID through Cisco, you may create a free guest account.
After you submit a ticket you can view its status on your My Tickets page.Submit a Sender Domain Reputation Ticket
If you own or have come across a domain, URL, or IP that you believe has been improperly categorized or is missing a category, please submit a categorization ticket. If you do not have a CCO ID through Cisco, you may create a free guest account. Up to 100 entries can be submitted at a time.
After you submit a ticket you can view its status on your My Tickets page.Submit a Content Categorization Ticket
If you have come across a file that you believe has been improperly classified, please submit a file reputation ticket using a SHA256 hash of the file in question. If you do not have a CCO ID through Cisco, you may create a free guest account. Up to 50 SHA256 hashes can be submitted at a time.
After you submit a ticket you can view its status on your My Tickets page.Submit a File Reputation Ticket
The Email Status Portal is a tool for monitoring the status of email submissions from Cisco customers. Cisco encourages customers who use Cisco Secure Email to submit spam/phish that bypassed current detection content, and ham, desirable email that was incorrectly filtered out, to improve overall efficacy. Cisco accepts these submissions through the Cisco email security plugin for Microsoft Outlook, or as emails forwarded as an attachment directly to email addresses based on their type (spam, ham, phish, virus, etc.). The Email Status Portal provides a way for customers to track the status of these submissions.Email Status Portal
At Cisco Talos, we need customers to be able to provide feedback at all times, whether it be about false positives or negatives, or missed categories. Because we deal with an abundance of data across our platforms — such as IPS alerts, Cisco Secure Endpoint alerts and more — feedback helps us test the efficacy of those alerts and systems promptly.
The new dispute system links the dispute ticketing system and our analysts closely together. This allows greater interactivity between our analysts and customers, and gives customers the ability to log into their account on Talosintelligence.com and see the resolution of every dispute they have ever filed through the new system.
If a user does not have a CCO ID through Cisco, they will be asked to create a free guest account.
In order to submit a ticket, you must be logged into your Cisco account.
Use the Reputation Center Search box to look up email and web reputation information.
You can search again using the following criteria:
|IPv4 address||for example, 22.214.171.124.|
|IPv6 address||for example, 2001:420:1101:1::a.|
|CIDR range||either IPv4 or IPv6, for example, 126.96.36.199/24 or 2001:420:1101:1::a/48.|
|Domain or Hostname||for example, cisco.com or www1-v6.cisco.com. Internationalized names are also supported - for example, 达彼思.香港 or xn--03txn239i.xn--j6w193g.|
|URI||for example, http://www.cisco.com/en/US/products/index.html.|
|Network Owner||for example, Cisco Systems.|
|Country||for example: United States.|
Talos Reputation Center email reputation is based on data for the IP address associated with a given email server. Talos Reputation Center web reputation is based on data for an entire domain and all associated IP addresses.
Cisco Talos has updated our Web Reputation intelligence to use a more granular set of Threat Levels in order to better describe a website's or IP address's reputation. These levels describe a spectrum that characterizes the risk of visiting a website or IP address and is based on extensive telemetry and investigation. With this intelligence, users and analysts can more clearly distinguish established trusted sites and exceptionally untrusted sites from the lesser of both.
|Legacy Verdict||New Threat Level||Description|
|Displaying behavior that indicates exceptional safety|
|Displaying behavior that indicates a level of safety|
|Displaying neither positive or negative behavior. However, has been evaluated.|
|Displaying behavior that may indicate risk, or could be undesirable|
|Displaying behavior that is exceptionally bad, malicious, or undesirable|
|Not previously evaluated, or lacking features to assert a threat level verdict|
By tracking a broad set of attributes for email, the Talos Reputation Center supports very accurate conclusions about a given host. Sophisticated security modeling leverages the breadth of this data to generate a granular reputation score ranging from -10 (for the worst) to +10 (for the very best). On this page the granular reputation score is grouped into Good, Neutral and Poor for simplicity reasons.
|Good||Little or no threat activity has been observed from this IP address or domain. Email traffic is not likely to be filtered or blocked*.|
|Neutral||This IP address or domain is within acceptable parameters. However, email traffic may still be filtered or blocked*.|
|Poor||A problematic level of threat activity has been observed from this IP address or domain. Email traffic is likely to be filtered or blocked*.|
*While many networks use the Talos Reputation Center as a means for assessing their email traffic, it does not block email or Internet traffic. If your email is being blocked or you feel it is not being delivered, you should check with your ISP.
Similar to the Richter scale used to measure earthquakes, the Talos Reputation Center volume magnitude is a measure of message volume calculated using a log scale with a base of 10. The maximum theoretical value of the scale is set to 10, which equates to 100% of the world's email message volume. Using our log scale, a one point decrease in magnitude equates to a 10x decrease in actual volume.
For example, with a world wide daily volume of 200 billion messages/day a domain with a volume magnitude of 5 would have an estimated volume of 2,000,000/day while a sender with a volume magnitude of 6 would have an estimated daily volume of 20,000,000/day.
The following table illustrates the percentage of Internet email associated with each volume magnitude:
If you saw the message "Access Forbidden: Too many requests" you have surpassed the maximum number of queries allotted per user in a 24-hour time span. This web service is a free of charge, but for availability reasons each user is only granted a certain amount of queries per 24 hours.
We reserve the right to change the value for the maximum amount of queries at anytime to offer each user a highly available and fast service. In case of continued excessive use of this service we further reserve the right to block the offending IP permanently.
The data presented on TalosIntelligence.com is refreshed every 3 hours. This schedule ensures faster query times and manages effective server load.
Talos File Reputation Lookup allows you to do casual lookups against the Talos File Reputation system. This system limits you to one lookup at a time, and is limited to only hash matching with SHA256 hashes. This lookup does not reflect the full capabilities of the Secure Endpoint system
Using automated intelligence that analyzes a myriad of file samples, the Talos Weighted File Reputation Score ranges from 0 to 100, with 100 being the most malicious. There are some known file types which score low, but are malicious in nature. For example, Adobe Flash files. Do not rely on this number alone as a indicator of maliciousness.
Talos supports two types of categories, both of which appear in the Reputation Center.
When searching for a URL, TalosIntelligence.com does not calculate its reputation using a host’s resolving IP address, unlike our Cisco Secure Web Appliance (formerly WSA). This is by design, as Dynamic DNS can cause a domain’s resolving IP to change based on multiple factors. Having TalosIntelligence.com incorporate a domain’s resolving IP into its reputation can result in users receiving different reputations for the same domain.
When a reputation on TalosIntelligence.com is not matching what the customer sees on their end, we would suggest they use nslookup to find the resolving IP address of a domain and then search TalosIntelligence.com using the resolving IP. If the resolving IP is listed as "Untrusted," the domain is most likely being blocked because of this.
To open a case related to CEC information, or to edit your own account details, please visit id.cisco.com
This tool allows users to search and filter applications supported by Cisco Secure Firewall and Cisco Secure Web Appliance. These products provide context-aware-capabilities for exceptional visibility and control so your enterprise can take advantage of new applications and devices without compromising security.
A neutral email reputation can indicate one of two things:
Generally a neutral reputation is a very good thing, as the Reputation Center does not view the IP as a potential spam risk. The IP is considered within acceptable Talos Reputation Center parameters. Talos Reputation Center guidelines do not recommend blocking of emails from senders with neutral reputations.
Here are some common reasons why an IP might have a poor reputation:
If you know what your problem was and have fixed it, your score should improve automatically within 3-5 days. If your score does not improve within 3-5 days after you think you fixed the problem, please create a ticket and we'll investigate.
Talos Reputation Center displays the owner of the largest IP block to which an IP belongs. It may be that who seems to be the owner may actually be an org. which is renting IP space from the owner of the entire IP block. This is a very common practice. A whois query on the IP can corroborate the data provided by the Reputation Center.
If our data is incorrect, please note that the Talos Reputation Center contains information on over 32 million IP addresses that send email. It typically takes about 3 months for network owner and other contact/hostname information to be updated. Since there is no way to know the exact time the information for a given IP was updated, it is hard to predict how soon it will re-update. In any case, it should not be longer than 3 months.
Be assured that the information we list in the Network Owner is for information only and does not impact the IP's reputation. If an IP has a poor reputation, there's a different reason. See the "Reasons for Poor Email Reputation" FAQ for more information.
If a change is still needed, please file a ticket with our Contact Reputation Support form. Note: tickets about IPs with poor reputations take priority.
If you recently changed your IP, then the Reputation Center data will update automatically as we receive samples of email with the new hostname. It doesn't affect your reputation. If you've had the IP for more than 3 months, please create a ticket with our Contact Reputation Support form and we will investigate.
In general, once all issues have been addressed (fixed), reputation recovery can take anywhere from a few hours to just over one week, depending on the specifics of the situation and how much email volume the IP sends. Complaint ratios determine the amount of risk for receiving mail from an IP, so logically, reputation improves as the ratio of legitimate mails increases with respect to the number of complaints. Speeding up the process is not really possible. The Talos Reputation Center is an automated system over which we have very little manual influence.
In the meantime, if there are recipients whom you cannot contact, we would recommend contacting the ISP involved to request temporarily adding to Allow List or you can always arrange to contact the recipient via alternative means.
No - the Talos Reputation Center is an automated system. All IPs are subject to the same reputation calculation standards. Manually adjusting a score would be contradictory to fair and equal assessment of all IPs.
Presently we do not offer any such package. You may contact Cisco Sales and inquire about router and email appliance services which would offer you the protection of our IP (email) and URI (web) reputation systems.
For a website to have a "trusted" reputation, we need to have substantial positive evidence over time. Consequently, the majority of websites have "neutral" reputations. The Talos Reputation Center guidelines do NOT recommend blocking of sites with neutral reputations.
There are many reasons why a URI or Webhosting IP can have an untrusted web reputation. If your website's reputation is untrusted and you are certain that your site is uncompromised, please file a support ticket with our Contact Reputation Support form and we will investigate.
Meanwhile, here are some simple "best practices" that will reduce the likelihood of problems:
The Sender IP Reputation tickets should only be used to dispute individual IP addresses that have been wrongly flagged as malicious or have been shown to be sending malicious content and are not being blocked. Sender Domain Reputation tickets are for specific email domains or email addresses and are processed differently than IP addresses.
Customers should receive an initial response within 24 hours, resolution time of a submitted ticket will vary.
The Talos Reputation Center is a traffic monitoring network. The Talos Reputation Center examines different parameters about email traffic and web traffic, including global sending volume, complaint levels, "spamtrap" accounts, whether a sender's DNS resolves properly and accepts return mail, country of origin, block list information, probability that URLs are appearing as part of a spam or virus attack, open proxy status, use of hijacked IP space, valid and invalid recipients, and other parameters. The Talos Reputation Center uses these parameters to provide comprehensive data to differentiate legitimate senders from spammers and other attackers.
Cisco grants you a limited, non-exclusive, non-transferable license to use the Talos Reputation Center strictly in accordance with these Terms.
You must enable cookies in your web browser to use the Talos Reputation Center. A cookie is a file saved on your computer to identify your web browser. To enable cookies, please go to the options settings in your web browser.
The Talos Reputation Center and any information obtained from the Talos Reputation Center ("Materials") are for Your personal and non-commercial use in monitoring the reputation of Your network. You agree not to:
If You use the Talos Reputation Center in violation of these Acceptable Use limitations, Cisco may suspend or terminate your access to the Talos Reputation Center.
You agree not to:
Violations, including intellectual property infringement and security issues, will result in your use being limited, or blocked, and will be investigated by Cisco and prosecuted to the fullest extent of the law, whether civil or criminal. Cisco may involve and cooperate with law enforcement authorities in prosecuting users who violate these Terms.
You agree to indemnify and hold Cisco, its affiliates, officers, and employees, harmless from any claim or demand, including reasonable attorneys' fees, made by any third party due to or arising out of Your use of Talos Reputation Center, Your violation of these Terms, or Your infringement of any third party's intellectual property rights.
CISCO PROVIDES THE TALOS REPUTATION CENTER ON AN "AS IS," "WITH ALL FAULTS" AND "AS AVAILABLE" BASIS. CISCO MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THE TALOS REPUTATION CENTER, INCLUDING, WITHOUT LIMITATION, ITS ACCURACY, COMPLETENESS OR RELIABILITY, THAT THE TALOS REPUTATION CENTER WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT DEFECTS WILL BE CORRECTED. CISCO EXPRESSLY DISCLAIMS ALL WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, AND ANY WARRANTIES OF NON-INTERFERENCE OR ACCURACY OF INFORMATIONAL CONTENT. CISCO DOES NOT REPRESENT OR GUARANTEE THAT THE TALOS REPUTATION CENTER WILL BE FREE FROM LOSS, CORRUPTION, ATTACK, VIRUSES, INTERFERENCE, HACKING OR OTHER SECURITY INTRUSION, AND CISCO DISCLAIMS ANY LIABILITY RELATING THERETO.
IN NO EVENT WILL CISCO OR ITS AFFILIATES BE LIABLE FOR ANY COSTS OF PROCUREMENT OF SUBSTITUTE PRODUCTS OR SERVICES, LOST PROFITS, LOSS OF INFORMATION OR DATA, OR ANY OTHER SPECIAL, INDIRECT, CONSEQUENTIAL, OR INCIDENTAL DAMAGES ARISING IN ANY WAY OUT OF YOUR USE OF, OR INABILITY TO USE THE TALOS REPUTATION CENTER, EVEN IF CISCO HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES OR THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THESE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO YOU.
Cisco may update or otherwise modify these Terms and to apply new or additional Terms to the Talos Reputation Center. Such new or additional terms ("Additional Terms") will be effective immediately and incorporated into these Terms. Your continued use of the Talos Reputation Center will constitute your agreement to any such Additional Terms and the amendment of these Terms to incorporate such Additional Terms. You are responsible for regularly reviewing the Terms and any Additional Terms posted on the Talos Reputation Center.
Cisco may terminate these Terms, or terminate or suspend your access to the Talos Reputation Center at any time, with or without cause, with or without notice. Without limiting the foregoing, if you violate these Terms, we may end Your permission to use Talos Reputation Center. Upon such termination or suspension, your right to use the Talos Reputation Center will immediately cease. The termination of your permission to use the Talos Reputation Center shall not terminate any of these Terms which, by their nature, are intended to survive termination, including, but not limited to, those relating to indemnity, warranty disclaimer, limitation of liability, intellectual property rights and governing law and jurisdiction. You agree that Cisco shall not be liable to You for any suspension or termination of your access to the Talos Reputation Center.
The Talos Reputation Center and any Materials are protected by copyright, trademark and other intellectual property rights. Cisco or its affiliates own the title, copyright, trademark and other intellectual property rights in the Talos Reputation Center. Except as specifically permitted by these Terms, no portion of the Talos Reputation Center may be distributed or reproduced by any means or in any form, without Cisco's prior written consent.
These Terms are governed by the laws of the State of California, without reference to conflict of laws principles, and any disputes arising hereunder are subject to the jurisdiction of the California state courts in Santa Clara County, or in the event of federal jurisdiction, the federal courts for the Northern District of California. You consent to the exclusive jurisdiction and venue of these courts. Cisco also reserves the right to initiate legal action before any court of competent jurisdiction to protect its intellectual property and other rights under these Terms. You acknowledge and agree that a breach or threatened breach of these terms would cause irreparable injury, that money damages would be an inadequate remedy, and that Cisco shall be entitled to temporary and permanent injunctive relief, without the posting of any bond or other security, to restrain You or anyone acting on your behalf, from such breach or threatened breach.
These Terms are the entire agreement between You and Cisco concerning Your use of the Talos Reputation Center, and supersede any and all prior or contemporaneous written or oral understandings with respect to this subject. Cisco may assign these Terms, in whole or in part, at any time with or without notice to You, but You may not assign these Terms or any rights hereunder. Any attempt by You to transfer, assign or delegate these Terms without Cisco's prior written consent shall be null and void. There shall be no third party beneficiaries to these Terms. If any of these Terms is held invalid or unenforceable, such invalidity or non-enforceability will not invalidate or render unenforceable any other of these Terms. Section headings in these Terms are solely for convenience of reference and have no legal or contractual significance. Cisco's failure to enforce any provision in these Terms will not constitute a waiver of such provision, or any other provision of such Terms. Cisco will not be responsible for failures to fulfill any obligations due to causes beyond its control. The provisions of these Terms governing disclaimers of warranties, liability limitation, indemnity obligations, intellectual property rights and governing law and jurisdiction shall survive expiration or termination of these Terms. Any rights not expressly granted herein are reserved.
Last updated March 1, 2012