When working with Microsoft Exchange, the application log files are filled with failed logins when Exchange servers are exposed to the internet. You have many websites available to you that can give you the IP information such as the following:
- Hostname
- Location
- Organization
I wanted to achieve this with PowerShell as it is faster to work with instead going to a website. I put together a PowerShell Script that can do this for you, it uses the “ipinfo.io” site to check the information, here are some examples of the output, the first one being Google:
The next one is Cloudflare:
Lastly an IP that was showing up in my server logs as trying to login:
SCRIPT
The script needs to be updated on Line 14 with the IP that you want to check, the rest does not need to be changed:
- $ipAddressToCheck – Enter the IP you want to check
Here is the script for you to use:
# Function to get IP information from ipinfo.io
function Get-IpInfo {
param (
[string]$IpAddress
)
$url = "http://ipinfo.io/$IpAddress/json"
$response = Invoke-RestMethod -Uri $url -Method Get
return $response
}
# Input the IP address you want to check
$ipAddressToCheck = "8.8.8.8"
# Get IP information
$ipInfo = Get-IpInfo -IpAddress $ipAddressToCheck
# Display the results
Write-Host "IP Address: $($ipInfo.ip)"
Write-Host "Hostname: $($ipInfo.hostname)"
Write-Host "Location: $($ipInfo.city), $($ipInfo.region), $($ipInfo.country)"
Write-Host "Organization: $($ipInfo.org)"I tested the script in PowerShell ISE, PowerShell and the Exchange Management Shell (EMS) and they all worked.
Hope you find it helpful.