Use PowerShell to find IP Geolocation

In log files from web servers you often find strange requests. For example requests for wp-login.php on server that don’t have PHP or WordPress installed. Or that someone is requesting the same page over and over. Most of the times this is not a real problem. But it gets a problem or at least annoying when you get hundreds or thousands of these requests from the same IP address.

If I see things like that happening the first step is to find out where the request is coming from. For that I would go the certain websites. Based on the outcome I would then block that IP address or even the whole subnet in the firewall. Problem is that some of these website only allow a limit amount of lookups.

To make it more easier for myself I created a PowerShell function that uses a Rest API to do the lookup.

The function is easy to use. It has one parameter -IPAddress that can contain one more IP Addresses. It also accepts pipeline input.

Example Get-MvaIpLocation

Fig1: Example Get-MvaIpLocation