Every device connected to the internet has a unique Internet Protocol (IP) address, which helps firewalls and cybersecurity solutions identify devices that should be trusted or blocked. The reputation of an IP address is determined by how its neighborhood — which data center, hosting provider, residential or wireless network it’s part of — looks like, whether it’s connected to other suspicious or malicious domains and what other online activities are associated with it, such as phishing, malware distribution or scanning.

Threat IP Lookup: Understanding and Using Threat Intelligence Data

The threat IP lookup feature provides a summary of the latest public information available on the selected IP address. This includes the current IP reputation score, which reflects the likelihood that the IP has been used for malicious purposes or is currently engaged in suspicious behavior. The lookup also identifies other factors that could affect an IP’s reputation score, such as proxy and VPN use, spam reports and history of compromised accounts.

Lookup details also include the prevalence of devices in your organization that communicated with the IP address during a selectable time period. This enables you to identify all the possible sources of a potential security incident and further examine the issue for evidence of a compromise.

In addition to the public information available in the Lookup details, the Indicators of Compromise section displays results from VirusTotal, which checks this IP against the ET Intelligence Rep List for ProofPoint customers. Other intelligence providers, such as BrightCloud and IBM X-Force Exchange, can be added to the Indicators of Compromise view with a click on the icon.