Skip to main content
The Check IP tab allows you to verify the reputation of a specific IP address detected by WAAP. You can view the associated reputation tags and the time when the activity was detected. This helps you determine whether an IP address has been flagged for suspicious or malicious behavior and decide whether additional action is required. For example, you may want to block or allow the IP address in the firewall, investigate its reputation, or create more advanced filtering rules. If the IP address has been detected by WAAP, it will appear in the results table.
Check IP results table

Results table

The table displays the following information:
ColumnDescription
DateThe date and time when the activity from the IP address was detected.
DomainThe domain where the activity occurred.
IP addressThe detected IP address.
Local IP tagsReputation tags assigned by WAAP based on behavior observed for your protected domain.
Global IP tagsReputation tags assigned globally based on threat intelligence and activity observed across the platform.

Reputation tags

Reputation tags indicate the type of behavior associated with the IP address. These tags help identify potentially malicious or automated activity. Examples of tags include:
  • suspectedautomation — the IP shows signs of automated traffic.
  • rapidbehaviour — the IP generates an unusually high number of requests.
  • ipinjectedfastclient — the IP may be associated with injection or abnormal client behavior.
  • lowriskip — the IP has a low risk level according to global reputation data.

Next steps

After identifying suspicious or malicious IP activity, you can take additional actions:
  • Block or allow the IP address using the Allowed IPs or Blocked IP tabs. See Allowed IPs and Blocked IPs.
  • Review global reputation information about IPs. See IP reputation.
  • Create advanced filtering rules based on multiple conditions such as IP, country, user agent, or request properties. See Custom Rules.