# Getting Details of an IP Address

Goal: Find out as much as possible from a (remote) IP address using any of the public databases.


## IpData.co
This service has a Python and Javascript library ([description here](https://docs.ipdata.co/overview/libraries/python)), but for the sake of generality we query the service via `requests`.

In [1]:
import requests
import config

In [2]:
# config.IPDATA_CO_KEY

In [3]:
test_ip = '86.49.93.146'

In [22]:
# the non-parametrised call reads like:
r = requests.get('https://api.ipdata.co/86.49.93.146?api-key='+config.IPDATA_CO_KEY)

In [31]:
# the parametrised version reads like:
r = requests.get('https://api.ipdata.co/'+test_ip+'/ISP',
                 params={'api-key':config.IPDATA_CO_KEY});
r.status_code

200

In [32]:
r.json()

{'asn': 'AS6830',
 'calling_code': '420',
 'city': 'Nelahozeves',
 'continent_code': 'EU',
 'continent_name': 'Europe',
 'count': '8',
 'country_code': 'CZ',
 'country_name': 'Czechia',
 'currency': {'code': 'CZK',
  'name': 'Czech Republic Koruna',
  'native': 'Kč',
  'plural': 'Czech Republic korunas',
  'symbol': 'Kč'},
 'emoji_flag': '🇨🇿',
 'emoji_unicode': 'U+1F1E8 U+1F1FF',
 'flag': 'https://ipdata.co/flags/cz.png',
 'ip': '86.49.93.146',
 'is_eu': True,
 'languages': [{'name': 'Czech', 'native': 'Česky'},
  {'name': 'Slovak', 'native': 'Slovenčina'}],
 'latitude': 50.2667,
 'longitude': 14.3,
 'organisation': 'Liberty Global B.V.',
 'postal': '277 51',
 'region': 'Central Bohemia',
 'region_code': '20',
 'threat': {'is_anonymous': False,
  'is_bogon': False,
  'is_known_abuser': False,
  'is_known_attacker': False,
  'is_proxy': False,
  'is_threat': False,
  'is_tor': False},
 'time_zone': {'abbr': 'CEST',
  'current_time': '2019-05-28T17:03:53.464634+02:00',
  'is_dst': True,


## IpInfo.io

In [6]:
requests.get('https://ipinfo.io/'+test_ip+'?token=91929c0f99cd9c')

<Response [200]>

How to find out about a company:
> The free and basic plans include an `org` field in the API response that combined the AS number and name. 

However, this is only the provider, not the "consumer" of the IP address.

In [38]:
_.json()

{'city': 'Zizkov',
 'country': 'CZ',
 'hostname': '86.49.93.146.static.b2b.upcbusiness.cz',
 'ip': '86.49.93.146',
 'loc': '50.0833,14.4500',
 'org': 'AS6830 Liberty Global B.V.',
 'postal': '264 01',
 'region': 'Stredocesky kraj'}

conclusion: not very rich either

## WhoIs

list of APIs from the welcome-email:
- WHOIS API: https://whoisapi.whoisxmlapi.com
- Email Verification API: https://emailverification.whoisxmlapi.com
- IP Geolocation API: https://geoipify.whoisxmlapi.com
- Reverse IP API: https://reverse-ip-api.whoisxmlapi.com
- Reverse MX API: https://reverse-mx-api.whoisxmlapi.com
- Reverse NS API: https://reverse-ns-api.whoisxmlapi.com
- Other APIs: https://whoisxmlapi.com

### WHOIS API

In [11]:
r= requests.get('https://www.whoisxmlapi.com/whoisserver/WhoisService',
               params={'outputFormat':'JSON',
                      'apiKey': config.WHOIS_KEY,
                      'domainName': test_ip}
               )

In [12]:
r.json()

{'WhoisRecord': {'audit': {'createdDate': '2019-05-28 15:19:08.000 UTC',
   'updatedDate': '2019-05-28 15:19:08.000 UTC'},
  'contactEmail': 'abuse@upcmail.cz',
  'domainName': '86.49.93.146',
  'estimatedDomainAge': 1273,
  'parseCode': 8,
  'registrarIANAID': '1507',
  'registrarName': 'RIPE',
  'registryData': {'audit': {'createdDate': '2019-05-28 15:19:08.000 UTC',
    'updatedDate': '2019-05-28 15:19:08.000 UTC'},
   'createdDate': '2015-12-02T10:43:29Z',
   'createdDateNormalized': '2015-12-02 00:00:00 UTC',
   'customField1Name': 'netRange',
   'customField1Value': '86.49.93.144 - 86.49.93.151',
   'customField2Name': 'netName',
   'customField2Value': 'CZ-EMU',
   'customField3Name': 'ASN',
   'customField3Value': 'AS6830',
   'domainName': '86.49.93.146',
   'header': '% This is the RIPE Database query service.\n% The objects are in RPSL format.\n%\n% The RIPE Database is subject to Terms and Conditions.\n% See http://www.ripe.net/db/support/db-terms-conditions.pdf\n% This is 

### geolocation API

In [4]:
r= requests.get('https://geoipify.whoisxmlapi.com/api/v1',
               params={'outputFormat':'JSON',
                      'apiKey': config.WHOIS_KEY,
                      'ipAddress': test_ip}
               )

In [5]:
r.json()

{'as': {'asn': 6830,
  'domain': 'http://www.libertyglobal.com/',
  'name': 'Liberty Global',
  'route': '86.49.0.0/17',
  'type': 'Cable/DSL/ISP'},
 'domains': ['86.49.93.146.static.b2b.upcbusiness.cz'],
 'ip': '86.49.93.146',
 'isp': 'UPC Ceska Republica',
 'location': {'city': 'Prague',
  'country': 'CZ',
  'geonameId': 3067696,
  'lat': 50.0766,
  'lng': 14.5148,
  'postalCode': '130 00',
  'region': 'Hlavni mesto Praha',
  'timezone': '+02:00'}}