Skip to main content
ekrishnan
Staff
ekrishnan
Staff
February 7, 2025

Technical Tip: How to check malicious IP in FortiGuard

  • February 7, 2025
  • 0 replies
  • 17563 views
Description This article describes how to check if an IP is malicious on the FortiGuard site.
Scope FortiGate, FortiGuard.
Solution

In this article, an example IP of 167.94.138.41 is used.

 

Navigate to the following URL. Note the inclusion of 'engine=7'.

 

The indication of engine 7 means that the Options Field is set to IP/Domain/URL, as shown in the screenshot below.

 

https://www.fortiguard.com/search?q=167.94.138.41&engine=7

 

Example screenshot:

 

image.png

 

In this example, the IP is tagged as Malicious under Web Filtering, Antispam, IOC, and IP Geolocation.

 

IP lookups can be done from the FortiGate as well. Navigate to Policy & Object -> Internet Service Database -> IP Address Lookup.

 

mali.png

 

Put the IP, and it will show its reputation.


Screenshot 2025-02-18 102717.png

 

Note:

Reuse the keyword field and check for IPs that are suspected to be Malicious.

 

Below is the command that can be used to search ISDB for specific IP addresses:

 

Note: The command below does not provide reputation information for the given IP address.

 

diagnose internet-service match <vdname> <ip> <netmask>


diagnose internet-service match root 167.94.138.41 255.255.255.255
Internet Service: 11337935(Malicious-Malicious.Server), matched entry num: 4, matched num: 4
Internet Service: 10027174(Censys-Scanner), matched entry num: 2, matched num: 2

 

 If the IP address is not found or is not categorized correctly, send a submission through the Malicious URL Appeal form to the FortiGuard Team for evaluation.

 

Related article:

Technical Tip: CVE lookup and other important features in FortiGuard Labs
    Terms & ConditionsAccessibility statement