IP Reputation Change Request

To request a change of IP Address Reputation, simply fill out and submit the form below.

  Suggested Reputation   Description
Trustworthy These IP addresses are safe. There is a very low probability that the Source IP of an incoming connection or internet host has characteristics that expose the user to security risks.
High Risk These are high-risk IP addresses. There is a high probability that the IP addresses are associated with one of more network-based threats such as Windows exploits, web attacks, botnet, DDOS and anonymous proxies. Such IP addresses may also be linked to malicious hosts such as malware domains and phishing sites.
  Associated Threats:
(Definitions of these items below)
 Windows Exploits  Web Attacks  BotNets
 Scanners  Denial of Service  Reputation(hosting risky sites)
 Phishing  Proxy  Spam Sources
Email Address: * 
(Your email will only be used to send notifications regarding this change request)
Your Webroot product / Other Notes: * 

Webroot IP Reputation Change FAQ

How Long Will This Take?

Our Web Analysts typically process all requests within 24 - 48 hours after they are received. If you check the Receive Notifications box on the request page, you will receive two emails from us - the first acknowledging that we received your request, and the second after it has been processed and updates published to our systems. There may be an additional delay in receiving your data updates depending on how frequently your specific product gets updates from BrightCloud. Additionally, Palo Alto Networks customers may have to do a "cache flush" for their change to take effect.

Associated Threats

Windows Exploits

The Windows Exploits category includes active IP addresses offering or distributing malware, shell code, rootkits, worms or viruses.

Web Attacks

The Web Attacks category includes cross site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute force attack.


The Botnets category includes Botnet C&C channels, and infected zombie machines controlled by Bot master.


The Scanners category includes all reconnaissance such as probes, host scan, domain scan, and password brute force attack.

Denial of Service

The Denial of Service category includes DOS, DDOS, anomalous sync flood, and anomalous traffic detection.


The Reputation category denies access from IP addresses currently known to be infected with malware. This category also includes IPs with average low Webroot Reputation Index score. Enabling this category will prevent access from sources identified to contact malware distribution points.


The Phishing category includes IP addresses hosting phishing sites and other kinds of fraud activities such as ad click fraud or gaming fraud.


The Proxy category includes IP addresses providing proxy services.

Spam Sources

The Spam Sources category includes tunneling spam messages through a proxy, anomalous SMTP activities, and forum spam activities.