This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MikeB
Advisor
‎2019-05-20 01:17 PM
Jump to solution

How to check ThreatCloud URL Reputation?

Is there a webpage to check Check Point ThreatCloud URL, IP or domain reputation online?
2 Solutions

Accepted Solutions
Václav_Brožík
Collaborator
‎2020-01-14 01:30 AM
In response to MikeB
Jump to solution

If I really need to check a URL I use this workaround:

1. Create a .doc file containing the URL as a link.
2. Upload it for emulation at https://threatpoint.checkpoint.com/ThreatPortal/emulation
3. Check the report

A dedicated service for URL reputation check would be certainly much better.

View solution in original post

(1)
MikeB
Advisor
‎2020-01-27 03:54 PM
In response to Václav_Brožík
Jump to solution

Nice Tip!,
but it would definitely be great if Check Point enable a service to quickly validate the reputation assigned to an URL/domain/IP by ThreatCloud, especially for TS

View solution in original post

(1)
12 Replies
Cyber_Serge
Collaborator
‎2019-05-20 02:30 PM
Jump to solution

Are you referring to below two links?

 

https://threatpoint.checkpoint.com/ThreatPortal/emulation

https://www.checkpoint.com/urlcat/main.htm

0 Kudos
MikeB
Advisor
‎2019-05-23 01:33 PM
In response to Cyber_Serge
Jump to solution

Hi Frank_Yao1, thank you for your response.

The two link you mentioned not currently show the URL Reputation that Check Point ThreathCloud defines or handles for a given URL/domain/IP in real time.

with https://threatpoint.checkpoint.com/ThreatPortal/emulation you need to upload a file and with https://www.checkpoint.com/urlcat/main.htm  you only get the categorization of a given domain/URL.

 

0 Kudos
Václav_Brožík
Collaborator
‎2020-01-14 01:30 AM
In response to MikeB
Jump to solution

If I really need to check a URL I use this workaround:

1. Create a .doc file containing the URL as a link.
2. Upload it for emulation at https://threatpoint.checkpoint.com/ThreatPortal/emulation
3. Check the report

A dedicated service for URL reputation check would be certainly much better.
(1)
MikeB
Advisor
‎2020-01-27 03:54 PM
In response to Václav_Brožík
Jump to solution

Nice Tip!,
but it would definitely be great if Check Point enable a service to quickly validate the reputation assigned to an URL/domain/IP by ThreatCloud, especially for TS

(1)
Cyber_Serge
Collaborator
‎2020-01-28 06:30 AM
In response to MikeB
Jump to solution

If you visit the Check point Research site, under Tools, there are a few other tools you can utilize.

https://research.checkpoint.com/

 

So you are looking for domain or IP reputation lookup?

 

MikeB
Advisor
‎2020-01-28 07:33 AM
In response to Cyber_Serge
Jump to solution

Hi Frank_Yao1, thanks for your reply.
Im looking for IP/domain/URL "REPUTATION" assigned by ThreatCloud. This info is very important for the behavior of the Threat Prevention policy
Harsha_Sane
Employee
Employee
‎2022-12-14 12:59 AM
In response to MikeB
Jump to solution

Hi Team,

 

Still i can find the website for IP reputation checking.

Please share the Web link if any available.

Thanks,

Harsha S.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-12-14 01:25 AM
In response to Harsha_Sane
Jump to solution

There are internal tools for employees that can't be discussed here, another option would be a Horizon (Infinity) SOC trial.

CCSM R77/R80/ELITE
Kiro
Explorer
3 weeks ago
In response to Václav_Brožík
Jump to solution

Hi all, I realize this is an older post, but this caught my eye. Can anyone else confirm it works this way? I wasn't sure if you upload a document to the emulation if it sees if the document itself is malicious, or if there are any malicious links included in the document if it will scan the links themselves too. As an example, I created a Word doc including a link to a "simulated" malicious download link from eicar.org the emulation did not find anything malicious (unless Check Point happens to know it's not "really" malicious, but I don't know).

0 Kudos
Chris_Atkinson
Employee Employee
Employee
3 weeks ago
In response to Kiro
Jump to solution

How are you uploading the document exactly?

From memory with the TP API for example you specify if the request type is TE vs AV, typically the latter would be most appropriate for Eicar detection.

Documents containing Links (URLs) - reputation will be checked using Check Point ThreatCloud per sk95235 / sk112312.

CCSM R77/R80/ELITE
0 Kudos
Kiro
Explorer
3 weeks ago
In response to Chris_Atkinson
Jump to solution

Hi,

I was using this URL: https://threatpoint.checkpoint.com/ThreatPortal/emulation

The only option is to upload a file, no granularity beyond that. Is there a better URL or tool to use for something like Eicar?

0 Kudos
Kiro
Explorer
Wednesday
In response to Chris_Atkinson
Jump to solution

Anything else on my last reply?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events