Home/Glossary/IP Reputation

IP Reputation

A trustworthiness score assigned to IP addresses based on observed behavior, used to identify malicious traffic.

Threat IntelligenceAlso called: "ip threat intelligence", "ip blacklist"

IP reputation services track which IPs are associated with attacks, spam, and abuse.

Reputation indicators

  • Spam sending history.
  • Malware distribution.
  • Botnet participation.
  • Brute force attacks.
  • Scanning and probing.
  • Age of IP assignment.
  • ASN (network) reputation.

Reputation sources

  • Blacklists (DNSBL, RBL).
  • Threat intelligence feeds.
  • Honeypot networks.
  • Spam trap data.
  • Crowdsourced reports.

Use cases

  • Email filtering (block spam senders).
  • Web application firewalls (block attackers).
  • Access control (geofencing, threat blocking).
  • Fraud detection (payment, account creation).

Limitations

  • Shared IPs (cloud/VPN) can have mixed reputation.
  • False positives from legitimate scanning.
  • IP address rotation by attackers.
  • Legitimate users behind proxies/VPNs.

Related Tools

Explore More Threat Intelligence

View all terms

Malware

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems and data.

Read more →

Phishing

A social engineering attack that uses fraudulent communications to trick recipients into revealing sensitive information or installing malware.

Read more →

Threat Intelligence

Evidence-based knowledge about existing or emerging threats used to inform security decisions and response.

Read more →

URL/Domain Defanging

A technique to render URLs and IPs non-clickable by replacing characters, preventing accidental access to malicious sites.

Read more →
Back to glossary