Metascan® Online has a multi-scanning option for files, as well as IP addresses. This option allows you to scan an IP address against over 10 different reputation sources. The benefits of multi-scanning in both file scanning and IP scanning are very similar: it increases the likelihood of detecting malware sooner. For more information about multi-scanning, you can check out our previous posts.
When an IP address is scanned on Metascan Online, it is checked against a number of IP reputation sources, lists of IPs that are sources of malware, command and control servers, phishing websites and more. Similar to file scanning with multiple vendors, IP scanning with multiple sources offers faster detection of infected IP addresses.
Scanning an IP address with Metascan Online
Just as a file scan can result in a false positive, so can an IP scan result. A while back, we had a post of a list of all the anti-malware vendors included in Metascan Online and how you can submit a false positive file to them. This post will give you the resources you need to allowlist an IP address by submitting any false positives that you may encounter.
What to Include in a False Positive Submission:
- Your name and company information (e.g.Ronald Melencio, Product Manager at OPSWAT)
- The false positive IP (e.g.: OPSWAT's IP is 69.12.252.50)
- A link to the scan result (e.g.: https://www.metascan-online.com/en/ipscan/NjkuMTIuMjUyLjUw)
- A description of why this IP should be allowlisted (e.g. Our systems do not contain malware. They are continuously scanned. Our business does not serve or deliver malware.)
List of IP Reputation Sources to Contact
Alien Vault - Send email to support@alienvault.com
Brute Force Blocker - Send email to danger@rulez.sk
Chaos Reigns - Send email to darxus@chaosreigns.com
Clean MX - Please visit their contact page (Website in German)
Dragon Research Group - Send email to dragon@dragonresearchgroup.org
Feodo Tracker - Send email to ScontPacAtmeM@abuse.ch (remove the letters in uppercase S P A M from the email address)
Malc0de - No email listed. Please Tweet to @malc0de
Malware Domain List - Send information to http://www.malwaredomainlist.com/contact.php
OpenBL - Send information to https://www.openbl.org/contact.html
Phish Tank - First, register for an account. Then you can go to the Phish Detail page for the site in question, click the link labeled "Site is not a phish" and follow instructions. Please start at the Phish Archive.
The Spamhaus Project - First, look up the IP address on this page. Then follow the instructions on how to remove an IP address from the list.
Zeus Tracker - Send email to contactme@abuse.ch
You can also upload and scan files or check IP addresses using Metascan Online's API. The API allows you to integrate cloud-based multiscanning with your software solution. To obtain your free Metascan Online API key, create an account on OPSWAT Portal. You can also contact sales for interest in using high-volume file scans or hash lookups for your business.
