UpGuard collects data from a variety of open and closed sources to detect IP addresses exhibiting suspicious behaviors and raise risks related to IP reputation. UpGuard categorizes these behaviors into the following risks:
Suspected of unsolicited scanning
Suspected of attempting to access other systems
Suspected of spam
Suspected of distributing malware
Suspected phishing site
There are two versions of each risk: a scored, high-severity risk when a domain or IP address has been observed performing these activities within the last 30 days, and an unscored informational risk when it has been observed performing those activities between 30 and 90 days. In that case, the IP appears to no longer be actively infected, but it is still useful information for assessing the security of that asset or vendor.
To remediate a risk related to IP reputation, the owner should:
Confirm that the IP address belongs to them.
If the IP address does belong to them, examine the system to determine whether it is performing the offending behavior or has unwanted software.
If they believe their IP address has been flagged in error, contact the owner of the blocklist to request removal. Each risk will contain the name of the data source if available.
IP reputation risks will automatically decrease to unscored risks after 30 days with no further detection of malicious behavior. You can also create a risk waiver to document your remediation activities if desired.