Analysis of the list of IP addresses

The engine parses lists of IPv4 addresses, providing a superset of data for each address in the list. Following is checked:

  • availability of addresses in reputation lists;
  • compliance with GeoIP databases.

If the list contains a prefix from /24 to /32, then it is decomposed into separate addresses.

The uploaded list must meet the following requirements:

  • the file is in text format;
  • values accepted: IP address, IP address with mask, IP address with port value separated by a colon;
  • valid separators: comma, space, semicolon, line break.

File lines commented out with a # are not taken into account in the analysis.

To analyze the list of IP addresses, you can activate the following checkboxes:

  • «GEO for each IP» — add information from GEO databases for each IP address of the list to the report;
  • «Countries by number of IPs» — add information about the distribution of IP addresses by countries in the list to the report;
  • «Autonomous systems by number of IPs» — add information about the distribution of IP addresses by autonomous systems in the list to the report;
  • «External IP lists» — add information about the correspondence of IP addresses to external reputation lists to the report;
  • «Custom IP lists» — add information about the correspondence of IP addresses to additional reputation lists to the report;
  • «SS IP Lists» — add information about the correspondence of IP addresses to reputation lists generated on the statistics server to the report;
  • «IPs found in all selected lists» — add a list of IP addresses included in the selected reputation lists to the report;
  • «GEO by found IPs» — add information on IP addresses included in the selected reputation lists from GEO databases to the report;
  • «Countries by number of found IPs» — add information on the distribution of IP addresses by country that are included in the selected reputation lists to the report;
  • «Autonomous systems by number of found IPs» — add information about the distribution of IP addresses by autonomous systems included in the selected reputation lists to the report.

Report

The report consists of following sections:

  • Total;

    • IP parsed — the number of IP addresses in the list;
    • IP with prefix parsed — number of prefixes in the list;
    • Total IP parsed — the total number of processed IP addresses;
    • Invalid IP parsed — number of values not recognized as IP addresses;
    • Matched IPs — the number of addresses that match the lists and their percentage of the total number of addresses.

  • Geo per IP analysis;

    For the IP addresses of the downloaded list, the corresponding country, city, number, and autonomous system name are displayed.

  • Geo country per IP count;

    For the IP addresses of the downloaded list, the distribution by country is displayed.

  • Geo AS per IP count;

    For the IP addresses of the downloaded list, the distribution by autonomous systems is displayed.

  • IP lists Analysis;

    The section contains a list of all IP addresses for which an entry into the reputation lists of this category was found, then an entry for each list with an indication of the name of the list and the number of entries;

  • Custom IP lists Analysis;

    The section contains a list of all IP addresses for which additional reputation lists were found, then an entry for each list, then an entry for each list, indicating the name of the list and the number of entries;

  • SS feed IP lists Analysis;

    The section contains a list of IP addresses that were found to be included in the reputation lists generated on the statistics server for various time intervals, then an entry for each list;

  • Matched IPs in all IP lists;

    The section contains lists of IP addresses that were found to be included in at least one of the selected reputation lists.

  • Geo per IP analysis for matched IPs;

    For IP addresses included in at least one of the selected reputation lists, the corresponding country, city, number, and autonomous system name are displayed.

  • Geo country per IP count for matched IPs;

    For IP addresses included in at least one of the selected reputation lists, the distribution by country is displayed.

  • Geo AS per IP count for matched IPs;

    For IP addresses included in at least one of the selected reputation lists, the distribution by autonomous systems is displayed.