Speed Test App
IP Reputation & Threat Intelligence
Reputation of IP Addresses
IP reputation refers to the assessment of the trustworthiness and past behavior of an IP address on the internet. It is a concept used in cybersecurity to evaluate whether an IP address has been involved in malicious activities, such as spamming, distributing malware, participating in cyber attacks, or other forms of cyber threats.
IP reputation is crucial in filtering and blocking potentially harmful traffic. Security systems often maintain databases or lists of IP addresses with known reputations, labeling them as good, bad, or neutral based on their historical behavior. By analyzing IP reputation, organizations and online platforms can enhance their security measures, preventing potential threats and safeguarding against malicious activities.
– Sponsored Links –
IP Reputation Scores
The IP Reputation Score provides a quick assessment of how trustworthy an IP address is, based on threat intelligence data gathered from multiple sources. This score is a helpful indicator for identifying potentially risky or malicious IPs. It considers a variety of known threat categories, including whether an IP is associated with spam, malware, botnets, or proxies.
IP Reputation Score Reference
| Score Range | Risk Level | Meaning |
|---|---|---|
| 60–100 | Low Risk | The IP address is considered trustworthy with no recent signs of abuse or suspicious behavior. Suitable for most network interactions. |
| 40–59 | Moderate Risk | The IP has a mixed reputation. It may be linked to temporary issues or mild suspicious activity. Proceed with awareness. |
| 0–39 | High Risk | The IP address has a poor reputation and may be associated with spam, malware, or other threats. Use caution or block if necessary. |
Read our blog article “IP Threat Intelligence Explained” to understand the potential security risk of any specific threat intelligence
– Sponsored Links –
IP Reputation Score Reference Table
| Score Range | Risk Level | Description |
|---|---|---|
| 81–100 | Low Risk | Trusted IP with no recent reports of malicious activity. |
| 61–80 | Moderate Risk | May be associated with light suspicious activity or flagged temporarily. |
| 41–60 | Elevated Risk | Possibly linked to questionable behavior; further review recommended. |
| 21–40 | High Risk | Often associated with spam, open proxies, or similar threats. |
| 0–20 | Critical Risk | Known for hosting malware, phishing attempts, or part of a botnet. |
Â
Threat Intelligence
The Speed Test app checks an IP against a global database of malicious IP addresses based on a comprehensive list of threat intelligence criteria including the following:
| Tor | If the IP address is associated with a node on the Tor network |
| VPN | If an IP addresses is VPN. There are approx. 2.6M IP addresses updated daily. This is available to Business and Enterprise users only. |
| iCloud Relay | If an IP address belongs to Apple’s iCloud relay service |
| Proxy | If the IP address is a known proxy, includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies |
| Datacenter | If any IP addresses that belong to a datacenter including all cloud providers. Can be useful for detecting automated/bot traffic. |
| Anonymous | If either one of Tor or Proxy is true |
| Known Attacker | If an IP address is a known source of malicious activity, i.e. attacks, malware, botnet activity etc. |
| Known Abuser | If the IP address is a known source of abuse i.e. spam, harvesters, registration bots and other nuisance bots etc. |
| Threat | If either one of known Abuser or Known Attacker is true |
| Bogon | If an IP address is a bogon. |
| Blocklists | If an IP address has been reported to one or more blocklists. |
Â
– Sponsored Links –
Table of Contents
– Sponsored Links –
– Sponsored Links –
– Sponsored Links –
