Now that I’ve gathered a good-sized database of malicious IP addresses, I thought I would dust off my keyboard and build a service for checking IP addresses for “badness”.
Using the service is pretty easy. Just have your application send a URL like the following to fortypoundhead.com:
https://www.fortypoundhead.com/tools_mipc.asp?ip=xxx.xxx.xxx.xxx
Where xxx.xxx.xxx.xxx is the IP address that you want to check.
For example, to request a check for 134.119.216.167 from PowerShell, you could do something like:
$Result=Invoke-RestMethod -Uri "https://www.fortypoundhead.com/tools_mipc.asp?ip=134.119.216.167"
If you get a 0 back, the IP address is ok, no incidents were found. Anything other than zero warrants further investigation.
The key is the querystring. If the variable is missing or the value is malformed/missing, you’ll simply get an error back from the page, describing what went wrong.
If you got the URL and querystring correct, you’ll get a number back. That number denotes the number of times the IP address was found in the banned IP database.
But you’re thinking, it should be a 0/1 or True/False, right? Well, I can change it to that, if that is what is needed. I thought it would be more informative if I displayed the actual number of times the IP address has attempted to access the site after it was banned.
For future enhancements, I’d like to include a “mode” switch. You can either get the basic information above, or an enhanced output mode which includes a text-only version of the data presented by the Malicious IP Checker tool.
I hope someone out there finds this service useful, and if you have any suggestions, complaints, or questions regarding the service (or the Malicious IP Checker tool), please don’t hesitate to use the Contact form or the comments below to let me know.