IP Reputation Scores are only available on the Business plan and above.
IP reputation scoring provides a solution for a key weakness of blocklists based threat detection. Whereas blocklists are great for identifying repeat malicious actors they are static and cannot possibly contain every single bad IP.
To this end, ipdata combines machine learning expertise with millions of datapoints to calculate an IP reputation score for all IP addresses. Each score can have a value between 0 - 100.
|The probability that an IP address is the exit-node of a commercial VPN service as a percentage
|The probability that an IP address is a proxy as a percentage
|The probability that an IP address is likely to be a threat as a percentage
|A score that expresses the trustworthiness, standing, or reputation of an IP address as a value between 0 - 100 with 60-100 constituting low risk, 40-60 moderate risk, and < 40 being high risk.
ipdata 220.127.116.11 -f threat
is_threat is false but the
threat_score is high, it means that while the IP address is not currently known to be a threat, the scoring system has determined that it has a high likelihood of being a threat based on its reputation and behavior. The
is_threat flag represents whether an IP address is listed in any of 100+ reputable blocklists that we track (these blocklists are listed in the
blocklists field), whereas the threat_score provides a probability of the level of risk that an IP may pose.
It's possible that the IP has not yet been flagged as a threat, but the machine learning algorithms and reputation scoring system have identified it as having a high risk profile. In this case, further investigation may be necessary to determine if the IP is indeed a threat and to take appropriate action.
This applies to the other complementary fields as well i.e.
vpn_score as well as
The IP reputation scoring system is trained to detect the exit nodes of commercial VPN services and not self-hosted VPN instances. This means that if you are using a self-hosted VPN, the scoring system may not detect it as a VPN, resulting in a low VPN score.
Note that if the VPN is hosted in the public cloud it's IP address will likely have a low overall trust score.
Updated about 1 year ago