Troy Lopez

ipcheq2

The Anonymous Traffic Classifier your SOC is missing

Investigate IPs with data from AbuseIPDB, VirusTotal, your own local VPNId, and the iCloud private relay list, all in one space. Self-host your own API for first-party VPN identification (optionally) without north-south traffic!

ipcheq2 builds a CIDR trie in memory at startup for constant-time lookups across the database. When queried, local classification data is enhanced with remote metadata from AbuseIPDB and VirusTotal, letting you see the whole story from one click.

Setup and Sourcecode

Check out the github here. Or, get started with the official docker image:

    # supply an AbuseIPDB key and optionally a VirusTotal Key
    docker run -p 8080:8080 
    \ -e ABIPDBKEY=your_api_key_here 
    \ -e VTKEY=your_api_key_here 
    \ ghcr.io/tlop503/ipcheq2:latest <optional --mode webui|api|headless>
        

4/8/2026