Aggregate data from AbuseIPDB, VPNID, and VirusTotal to investigate IPs!

• Search results history!
• Full IPv4 Support, with v6 coverage coming soon!
• Extendable data-- bring your own sources to supplement ours!
• Concise, distraction-free results without any marketing!
• Linux and Windows both supported!
• Choose between serving a Web UI, Headless API, or both!
  • Use -h for details on flags

• AbuseIPDB
• VirusTotal (Optional)
• iCloud Private Relays
• Cyberghost
• Express VPN
• Mullvad VPN
• Nord VPN
• PIA
• Proton VPN
• Surfshark VPN
• Tor Exit Nodes
• Tunnelbear VPN

Want to see another source here? Open a PR with a file or an issue with a link!

# supply api keys
docker run -p 8080:8080 -e ABIPDBKEY=your_api_key_here -e VTKEY=your_api_key_here ghcr.io/tlop503/ipcheq2:latest <optional --mode webui|api|headless>

1. Create a docker-compose.yml file containing:

version: '3.8'
services:
  ipcheq2:
    image: ghcr.io/tlop503/ipcheq2:latest
    command: ["--mode", "webui|api|headless"] # optional
    ports:
      - "8080:8080"
    environment:
      - ABIPDBKEY=your_api_key_here
      - VTKEY=your_api_key_here # Optional
    restart: unless-stopped

2. Run the application:

docker-compose up -d

1. Download exe or elf from the latest release. Download and extract the ip data as well and arrange to match tree: Alternatively clone the repo and build from source to skip arranging files (see "Local Development" below)

├── ipcheq2 or ipcheq2.exe
└── data
        ├── source1.txt
        ├── ...
        ├── update_icloud_relays.py
        └── upstream-icloud-list.hash
└── vpnid_config.txt

2. Create a .env file with AbuseIPDB and VirusTotal API Keys (see .env.example) in the same directory, or set an enviornment variable.
3. Update the icloud prefixes if desired with the bundled Python script.
   1. Note- this must be ran from wihtin the data/ directory!
4. Optionally add IP lists to data/ and update the config file to match
5. Run the executable! ipcheq2 will serve on localhost:8080.

• Go 1.23+
• AbuseIPDB API key
• VirusTotal API key (optional)

1. Clone the repository:

git clone https://github.com/tlop503/ipcheq2.git
cd ipcheq2

2. Create a .env file:

cp .env.example .env
# Edit .env and add your ABIPDBKEY, VTKEY
# Alternatively, enviornment variables can be used.

3. Run the application:

go run main.go
# or
go build . # inside project
./ipcheq2

4. Open your browser to http://localhost:8080

A script is provided to update the iCloud Private Relay prefixes within the repo. Before running it, make sure that you're inside the data/ directory.

This project is automatically built and published to GitHub Container Registry via GitHub Actions.

docker build -t ipcheq2 ./dockerfiles
docker run -p 8080:8080 -e ABIPDBKEY=your_api_key_here VTKEY=your_api_key_here ipcheq2

Data Sources:
vpn_by_asn retrieved from https://github.com/X4BNet/lists_vpn. Copyright (c) 2024 X4B (Mathew Heard). Supplemented with https://github.com/NazgulCoder/IPLists?tab=readme-ov-file. Copyright (c) 2025 Nazgul.