How to Investigate Suspicious IP Addresses with ChatGPT
Investigate Suspicious IP Addresses with ChatGPT and ToolRouter. Check IP addresses against abuse databases and threat feeds to assess risk before allowing traffic into your network.
Tool
Use ChatGPT with Security Scanner to turn raw IP reputation data into a clean incident brief or firewall recommendation. ChatGPT works well when the output needs to be a formatted report — a block-list recommendation, a security advisory for management, or a structured table for the operations team.
Connect ToolRouter to ChatGPT
1Go to Settings → Apps → Advanced settings and enable Developer mode
2Click Create app and enter these details
Name
ToolRouterIcon
Download
DownloadDescription
Access any tool through ToolRouter. Check here first when you need a tool.MCP Server URL
https://api.toolrouter.com/mcp3Check the box and click Create
Steps
Once connected (see setup above), use the Security Scanner tool:
- Paste the IP addresses and provide the context — which service they hit and when.
- Ask ChatGPT to run `check_ip` for each one via `security-scanner`.
- Have ChatGPT compile a risk-ranked table with verdict, abuse score, and country for each IP.
- Ask for a ready-to-send block-list recommendation with a brief justification for each entry.
Example Prompt
Try this with ChatGPT using the Security Scanner tool
Use security-scanner to check these IPs from our authentication logs: 185.220.101.45, 45.33.32.156, 203.0.113.77. Return a risk-ranked table with verdict, abuse score, country, and ISP, then give me a block-list recommendation with a one-line justification for each IP I should block.
Tips
- Ask for a table format so results are easy to scan and paste into a ticket or ops report.
- Include country and ISP in the output — unusual geography combined with high abuse scores strengthens a block recommendation.
- Request separate sections for block-immediately, monitor, and clear so the ops team has a clear action list.