Query Database

See Also

You might also like to take a look at the Website Tools page for a PHP library to easily query the database from your website, and to act on the results.

Querying the database

You can ask the PhormCheck database whether a given IP address has any known relation to DPI spyware such as Phorm.

Human-readable queries

Use the form below to query the database, and show the results in an easy-to-understand format.

 

Machine-readable queries

You can also query the database and receive the result in a format that is convenient for machine-parsing, for instance to decide how to handle a web request from a particular IP address.

To do so, form a URL by concatenating http://phormcheck.co.uk/query/ with the IP address you want to query, e.g. http://phormcheck.co.uk/query/1.2.3.4

The response

An empty response indicates that the IP is not in the database.

Otherwise the response is in the form “isp_type:isp:spyware”, indicating the type of spyware associated with that address, and the ISP owning it. Possible values for isp_type are:

  • isp: This is an address owned by an ISP that is running an implementation of a DPI spyware system.
  • vendor: This is an address owned by a vendor of a DPI spyware system.
  • associated: This is an address that is believed to be associated with a DPI spyware system indirectly – for instance, hits from such an address might have been observed after requesting opt-out from a particular spyware system.
  • subsidiary: This is an address owned by a subsidiary of an ISP that implements a DPI spyware system. Subsidiary ISPs are believed to not be running the spyware, but their association with their parent ISP means that you may still want to treat them specially.

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!