This solution creates an Azure public IP address using Bicep and then verifies its reputation using multiple threat intelligence services.
The solution consists of:
- Bicep Template (
main.bicep) - Creates Azure infrastructure including public IP and storage account - PowerShell Reputation Checker (
Check-IPReputation.ps1) - Verifies IP reputation against multiple services - Deployment Script (
Deploy-And-Check.ps1) - Automates the entire process
- ✅ Creates a public IP address with customizable settings
- ✅ Configures DNS settings and domain name labels
- ✅ Includes DDoS protection settings
- ✅ Creates storage account for logging
- ✅ Applies consistent tagging for resource management
- ✅ Uses latest Azure API versions (2024-05-01)
- ✅ Checks multiple reputation services:
- AbuseIPDB (requires API key)
- VirusTotal (requires API key)
- Spamhaus DNS blocklist
- IP geolocation and ISP information
- ✅ Multiple output formats (Console, JSON, CSV)
- ✅ Azure Storage logging integration
- ✅ Colored console output for easy reading
- ✅ Comprehensive error handling
- Azure CLI - Install from here
- PowerShell 7+ - Install from here
- Azure Subscription - With contributor access
- API Keys (Optional for enhanced checking):
# Navigate to the repository
cd "c:\Users\cobeyerrett\repos\cobey-msft\Azure\ReputableIP"
# Login to Azure
az login
# Set your subscription (optional)
az account set --subscription "your-subscription-id"# Deploy infrastructure and check reputation
.\Deploy-And-Check.ps1 -ResourceGroupName "rg-reputable-ip-test"# Create resource group
az group create --name "rg-reputable-ip" --location "East US"
# Deploy Bicep template
az deployment group create \
--resource-group "rg-reputable-ip" \
--template-file "main.bicep" \
--parameters "@main.parameters.json"
# Get the public IP address
$ip = az network public-ip show --resource-group "rg-reputable-ip" --name "pip-reputable-dev" --query "ipAddress" -o tsv
# Check reputation
.\Check-IPReputation.ps1 -IpAddress $ip{
"location": "East US", // Azure region
"environment": "dev", // Environment suffix
"publicIpSku": "Standard", // Basic or Standard
"publicIpAllocationMethod": "Static" // Static or Dynamic
}# Set API keys for enhanced reputation checking
$env:ABUSEIPDB_API_KEY = "your-abuseipdb-key"
$env:VIRUSTOTAL_API_KEY = "your-virustotal-key".\Check-IPReputation.ps1 -IpAddress "8.8.8.8".\Check-IPReputation.ps1 -IpAddress "8.8.8.8" -OutputFormat JSON -SaveToFile.\Check-IPReputation.ps1 -IpAddress "8.8.8.8" -LogToStorage -StorageAccountName "mystorageaccount".\Deploy-And-Check.ps1 -ResourceGroupName "my-rg" -Location "West US 2" -Environment "prod"=== IP Reputation Check Report ===
IP Address: 20.123.45.67
Check Date: 2025-01-31 10:30:45 UTC
Check ID: a1b2c3d4-e5f6-7890-abcd-ef1234567890
==================================================
IP Information:
Country: United States
City: Seattle
ISP: Microsoft Corporation
ASN: AS8075
Reputation Checks:
AbuseIPDB: Clean
Details: No abuse reports found
VirusTotal: Clean
Details: No malicious activity detected
Spamhaus: Clean
Details: IP not found in Spamhaus blocklist
Overall Assessment:
REPUTATION: GOOD - IP is clean across all services
Services Checked: 3/3
{
"CheckId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"CheckDate": "2025-01-31 10:30:45 UTC",
"IpAddress": "20.123.45.67",
"IPInfo": {
"Service": "IPInfo",
"Country": "United States",
"City": "Seattle",
"ISP": "Microsoft Corporation"
},
"Summary": {
"OverallReputation": "GOOD",
"TotalServices": 3,
"ServicesChecked": 3,
"CleanServices": 3,
"ListedServices": 0
}
}┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Bicep Template│ │ Public IP │ │ Reputation │
│ Deployment │───▶│ Address │───▶│ Checker │
│ │ │ │ │ │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
│ │ ▼
▼ ▼ ┌─────────────────┐
┌─────────────────┐ ┌─────────────────┐ │ Multiple │
│ Storage Account │ │ DNS Settings │ │ Reputation │
│ (Logging) │ │ & Tags │ │ Services │
└─────────────────┘ └─────────────────┘ └─────────────────┘
- API Keys: Store API keys in environment variables or Azure Key Vault
- Network Security: Consider IP restrictions if deploying in production
- Storage Security: Enable storage account security features in production
- Access Control: Use Azure RBAC for resource access management
You can set up monitoring for:
- IP reputation changes over time
- Failed reputation checks
- Storage account access logs
- Resource deployment status
-
Azure CLI not logged in
az login
-
Insufficient permissions
- Ensure you have Contributor role on the subscription/resource group
-
API rate limits
- Some reputation services have rate limits
- Consider implementing retry logic for production use
-
PowerShell execution policy
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
# Enable verbose output
.\Check-IPReputation.ps1 -IpAddress "8.8.8.8" -VerboseTo remove all resources:
az group delete --name "rg-reputable-ip" --yes --no-wait- Fork the repository
- Create a feature branch
- Make your changes
- Test thoroughly
- Submit a pull request
This project is provided as-is for educational and testing purposes.
For issues or questions:
- Check the troubleshooting section
- Review Azure documentation
- Open an issue in the repository
Note: This solution is designed for testing and educational purposes. For production use, consider additional security measures, error handling, and monitoring capabilities.