What is IP Reputation Hits in SecuReporter App?

Kinshuk_Tech

Hi,
I use Genuine windows 11 laptop OS. I have installed ATP200 firewall with latest firmware in my office. and I have noticed slow wifi connections. So, I configured my laptop WiFi IP with a static IP, instead of usual DHCP IP.

My problem:
Whenever I browse through various websites mainly for customer support.
There are times, when I encounter bad websites with plenty of advts.
Though lots of them get blocked with browser based blocking apps, but zyxel firewall shows  a security alert email to my mailbox as this:

Alert information:

Timestamp: 2023-01-01 10:30:00

Category: Network Security

Event Type: IP Reputation-Outgoing

Severity:  High

Alert Message: IP Reputation detect <my mapped ip address> is connecting to threat IP 50 times (exceed threshold 1 within 60 minutes)

And in SecuReporter, it displays Threat category as Botnets and pointing to some IP Address. Action - Access Block.

But, if I use Ubuntu Linux OS on my Laptop, all such issues are not there at all.

My Query: What is IP reputation? Does it translate to Malware/Virus infection in endpoint? How can I work backwards to identify the rogue appl. or rogue device within the network?

I have not been able to find any write-up on the various security indicator in Zyxel Firewall. Any technical KB would be of great help. A clarification will be helpful too.

Regards | Kinshuk 

Zyxel_Kevin

Hi @Kinshuk_Tech, 
Greeting Forum, 
IP reputation checks the reputation of an IP address from a database. An IP address with bad reputation associates with suspicious activities, such as spam, virus, and/or phishing. 
You can find more details in UserGuide at page 712 . 

If other device won't hit reputation. Please find that win11 laptop to find which process/applicaiton try to visit by PID. 
Thank you
Kevin