Querying the database
You can ask the PhormCheck database whether a given IP address has any known relation to DPI spyware such as Phorm.
Human-readable queries
Use the form below to query the database, and show the results in an easy-to-understand format.
Machine-readable queries
You can also query the database and receive the result in a format that is convenient for machine-parsing, for instance to decide how to handle a web request from a particular IP address.
To do so, form a URL by concatenating http://phormcheck.co.uk/query/ with the IP address you want to query, e.g. http://phormcheck.co.uk/query/1.2.3.4
The response
An empty response indicates that the IP is not in the database.
Otherwise the response is in the form "isp_type:isp:spyware", indicating the type of spyware associated with that address, and the ISP owning it. Possible values for isp_type are:
- isp: This is an address owned by an ISP that is running an implementation of a DPI spyware system.
- vendor: This is an address owned by a vendor of a DPI spyware system.
- associated: This is an address that is believed to be associated with a DPI spyware system indirectly - for instance, hits from such an address might have been observed after requesting opt-out from a particular spyware system.
- subsidiary: This is an address owned by a subsidiary of an ISP that implements a DPI spyware system. Subsidiary ISPs are believed to not be running the spyware, but their association with their parent ISP means that you may still want to treat them specially.