Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Multi-Functional Web Tool for Comprehensive Threat Detection Through IP Address Analysis

Cebajel Tanan, Sameer G. Kulkarni, Tamal Das, Manjesh K. Hanawal

TL;DR

The paper addresses the fragmentation of IP-address analysis tools by introducing IPANALYZER, a free, open-source web platform for comprehensive threat intelligence through IP address analysis. It combines geolocation, Tor/VPN/Proxy/Bot detection, blocklist and threat checks, port scanning, and WHOIS with a weighted confidence score derived from multiple public data sources and a local MongoDB cache. It integrates AbuseIPDB for abuse scoring and emphasizes secure, scalable architecture with user management, CSRF/XSS protection, and 2FA. This work offers a practical, extensible solution with direct impact for threat researchers and security operations, enabling faster, more reliable IP-address characterization and decision-making.

Abstract

In recent years, the advances in digitalisation have also adversely contributed to the significant rise in cybercrimes. Hence, building the threat intelligence to shield against rising cybercrimes has become a fundamental requisite. Internet Protocol (IP) addresses play a crucial role in the threat intelligence and prevention of cyber crimes. However, we have noticed the lack of one-stop, free, and open-source tools that can analyse IP addresses. Hence, this work introduces a comprehensive web tool for advanced IP address characterisation. Our tool offers a wide range of features, including geolocation, blocklist check, VPN detection, proxy detection, bot detection, Tor detection, port scan, and accurate domain statistics that include the details about the name servers and registrar information. In addition, our tool calculates a confidence score based on a weighted sum of publicly accessible online results from different reliable sources to give users a dependable measure of accuracy. Further, to improve performance, our tool also incorporates a local database for caching the results, to enable fast content retrieval with minimal external Web API calls. Our tool supports domain names and IPv4 addresses, making it a multi-functional and powerful IP analyser tool for threat intelligence. Our tool is available at www.ipanalyzer.in

A Multi-Functional Web Tool for Comprehensive Threat Detection Through IP Address Analysis

TL;DR

The paper addresses the fragmentation of IP-address analysis tools by introducing IPANALYZER, a free, open-source web platform for comprehensive threat intelligence through IP address analysis. It combines geolocation, Tor/VPN/Proxy/Bot detection, blocklist and threat checks, port scanning, and WHOIS with a weighted confidence score derived from multiple public data sources and a local MongoDB cache. It integrates AbuseIPDB for abuse scoring and emphasizes secure, scalable architecture with user management, CSRF/XSS protection, and 2FA. This work offers a practical, extensible solution with direct impact for threat researchers and security operations, enabling faster, more reliable IP-address characterization and decision-making.

Abstract

In recent years, the advances in digitalisation have also adversely contributed to the significant rise in cybercrimes. Hence, building the threat intelligence to shield against rising cybercrimes has become a fundamental requisite. Internet Protocol (IP) addresses play a crucial role in the threat intelligence and prevention of cyber crimes. However, we have noticed the lack of one-stop, free, and open-source tools that can analyse IP addresses. Hence, this work introduces a comprehensive web tool for advanced IP address characterisation. Our tool offers a wide range of features, including geolocation, blocklist check, VPN detection, proxy detection, bot detection, Tor detection, port scan, and accurate domain statistics that include the details about the name servers and registrar information. In addition, our tool calculates a confidence score based on a weighted sum of publicly accessible online results from different reliable sources to give users a dependable measure of accuracy. Further, to improve performance, our tool also incorporates a local database for caching the results, to enable fast content retrieval with minimal external Web API calls. Our tool supports domain names and IPv4 addresses, making it a multi-functional and powerful IP analyser tool for threat intelligence. Our tool is available at www.ipanalyzer.in

Paper Structure

This paper contains 17 sections, 1 figure, 1 table.

Table of Contents

  1. Introduction
  2. Background
  3. Features
  4. IP geolocation
  5. Tor Detection
  6. VPN Detection
  7. Proxy Detection
  8. Bot Detection
  9. Blocklist Check
  10. Threat Detection
  11. Tools
  12. Port Scan
  13. WHOIS
  14. Liveness Check (Ping Test)
  15. Related Work
  16. ...and 2 more sections

Figures (1)

  • Figure 1: Output of API Calls from different web tools of 10 random public IP addresses for Proxy, VPN, and Bot Detection.