https://ipgeolocation.io/blog
We've used this in SOC and during incident studies to gather data on possible attackers and where/who they are coming from. You can easily use firewall traffic logs and on any device that does not have geoip information pertain in it's logs and for loop them thru a API call to find information details.
Here's a simple demo from my own account.
The dashboard provides your apikey and basic details on usage. You can reset the apikey and copy out the new apikey. If API key is bad you will received a http.response indicating such.
Now here's an example running this thru a predefined ipv4-list and extracting details for tld and org
bash;
for p in ` cc_list ` ;
do curl -k -H "Accept: application/xml" "https://api.ipgeolocation.io/ipgeo?apiKey=<yourkeyhere>&ip=$p&fields=country_tld,organization" ;
done
{ output }
If you start getting 401 respons ; "You have exceeded your subscription's request limits ", they you will have to wait.
You can use the dashboard to monitor you total request for the day.
The API key can be changed at ease and take some time to become active;
They will send a freely reminder if you hit the max limits via the email that you registered with;
e.g
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment