Skip to main content
Home/Glossary/IP Reputation

IP Reputation

A trustworthiness score (0-100) assigned to IP addresses based on observed malicious behavior, spam activity, and threat intelligence data.

Threat IntelligenceAlso called: "ip threat intelligence", "ip blacklist"

IP reputation is a risk score that indicates how trustworthy an IP address is. IP reputation services collect data from spam traps, honeypots, threat intelligence feeds, and abuse reports to score IPs on a scale (typically 0-100, where lower is riskier).

Reputation indicators

  • Spam sending history.
  • Malware distribution.
  • Botnet participation.
  • Brute force attacks.
  • Scanning and probing.
  • Age of IP assignment.
  • ASN (network) reputation.

Reputation sources

  • Blacklists (DNSBL, RBL).
  • Threat intelligence feeds.
  • Honeypot networks.
  • Spam trap data.
  • Crowdsourced reports.

Use cases

  • Email filtering (block spam senders).
  • Web application firewalls (block attackers).
  • Access control (geofencing, threat blocking).
  • Fraud detection (payment, account creation).

Limitations

  • Shared IPs (cloud/VPN) can have mixed reputation.
  • False positives from legitimate scanning.
  • IP address rotation by attackers.
  • Legitimate users behind proxies/VPNs.

Related Tools

Related Articles

View all articles
📄

Web Security Compared: Cloudflare vs AWS Shield/WAF vs Azure DDoS/WAF vs Google Cloud Armor

A deep technical comparison of web security platforms — DDoS protection, WAF, bot management, and API security across Cloudflare, AWS, Azure, and Google Cloud. Architecture, pricing, and when each approach wins.

Read article →
Threat Modeling with STRIDE and DREAD: A Complete Guide to Proactive Security Architecture

Threat Modeling with STRIDE and DREAD: A Complete Guide to Proactive Security Architecture

Master threat modeling with STRIDE and DREAD frameworks to identify, classify, and prioritize security threats before they become vulnerabilities. This comprehensive guide covers data flow diagrams, mitigation mappings, MITRE ATT&CK integration, and building an enterprise threat modeling program.

Read article →
DNS Lookup & Email Security Check

DNS Lookup & Email Security Check

Check DNS records, SPF, DKIM, DMARC, and email security configuration for your domain

Read article →
Secure Password & Authentication Flow Workflow

Secure Password & Authentication Flow Workflow

Master the complete secure password and authentication workflow used by security teams worldwide. This comprehensive guide covers NIST 800-63B password guidelines, Argon2id hashing, multi-factor authentication, session management, brute force protection, and account recovery with practical implementation examples.

Read article →

Explore More Threat Intelligence

View all terms

Advanced Persistent Threat (APT)

A sophisticated, long-term cyberattack where an intruder gains unauthorized access and remains undetected for an extended period to steal data or cause damage.

Read more →

Credential Stuffing

An automated attack that uses stolen username/password pairs from data breaches to gain unauthorized access to user accounts on other services.

Read more →

Keylogger

Malicious software or hardware that secretly records keystrokes to capture passwords, credit card numbers, and other sensitive information typed by users.

Read more →

Malware

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems and data.

Read more →

Phishing

A social engineering attack that uses fraudulent communications to trick recipients into revealing sensitive information or installing malware.

Read more →

Supply Chain Attack

A cyberattack that targets less-secure elements in an organization's supply chain—vendors, software dependencies, or service providers—to compromise the ultimate target.

Read more →
Back to glossary