Use PowerShell to find IP Geolocation

In log files from web servers you often find strange requests. For example requests for wp-login.php on server that don’t have PHP or WordPress installed. Or that someone is requesting the same page over and over. Most of the times this is not a real problem. But it gets a problem or at least annoying when you get hundreds or thousands of these requests from the same IP address.

If I see things like that happening the first step is to find out where the request is coming from. For that I would go the certain websites. Based on the outcome I would then block that IP address or even the whole subnet in the firewall. Problem is that some of these website only allow a limit amount of lookups.

To make it more easier for myself I created a PowerShell function that uses a Rest API to do the lookup.

function Get-MvaIpLocation {
Retrieves Geo IP location data
This command retrieves the Geo IP Location data for one or more IP addresses
.PARAMETER IPAddress <String[]>
Specifies one or more IP Addresses for which you want to retrieve data for.
Get-MvaIpLocation -ipaddress '',''
'','' | Get-MvaIpLocation
Author: Mario van Antwerpen
Param (
[Parameter(ValueFromPipeline, Mandatory, Position = 0, HelpMessage = "Enter an IP Address")]
if ($_ -match '^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$') {
} else {
Throw "$_ is not a valid IPv4 Address!"
begin {
Write-Verbose -message "Starting $($MyInvocation.Mycommand)"
process {
foreach ($entry in $ipaddress) {
$restUrl = "$entry"
try {
Write-Verbose -Message "Connecting to rest endpoint"
$result = Invoke-RestMethod -Method get -Uri $restUrl
Write-output $result
catch {
Write-Verbose -Message "Catched and error"
end {
Write-Verbose -message "Ending $($MyInvocation.Mycommand)"

The function is easy to use. It has one parameter -IPAddress that can contain one more IP Addresses. It also accepts pipeline input.

One thought on “Use PowerShell to find IP Geolocation

Comments are closed.