When working with Microsoft Exchange, the application log files are filled with failed logins when Exchange servers are exposed to the internet. You have many websites available to you that can give you the IP information such as the following:

  • Hostname
  • Location
  • Organization

I wanted to achieve this with PowerShell as it is faster to work with instead going to a website. I put together a PowerShell Script that can do this for you, it uses the “ipinfo.io” site to check the information, here are some examples of the output, the first one being Google:

Quickly find out where an ip address is coming from

The next one is Cloudflare:

Quickly find out where an ip address is coming from

Lastly an IP that was showing up in my server logs as trying to login:

Quickly find out where an ip address is coming from

SCRIPT

The script needs to be updated on Line 14 with the IP that you want to check, the rest does not need to be changed:

  • $ipAddressToCheck – Enter the IP you want to check

Here is the script for you to use:

# Function to get IP information from ipinfo.io
function Get-IpInfo {
    param (
        [string]$IpAddress
    )

    $url = "http://ipinfo.io/$IpAddress/json"
    $response = Invoke-RestMethod -Uri $url -Method Get

    return $response
}

# Input the IP address you want to check
$ipAddressToCheck = "8.8.8.8"

# Get IP information
$ipInfo = Get-IpInfo -IpAddress $ipAddressToCheck

# Display the results
Write-Host "IP Address: $($ipInfo.ip)"
Write-Host "Hostname: $($ipInfo.hostname)"
Write-Host "Location: $($ipInfo.city), $($ipInfo.region), $($ipInfo.country)"
Write-Host "Organization: $($ipInfo.org)"

I tested the script in PowerShell ISE, PowerShell and the Exchange Management Shell (EMS) and they all worked.

Hope you find it helpful.

Discover more from Everything-PowerShell

Subscribe now to keep reading and get access to the full archive.

Continue reading