IP intelligence and looking up IP addresses has been a regular task for me for many years. Whether it’s debugging during attacks or monitoring crawler activity on websites, I have utilized various methods. I began using ipapi.co to look up IP addresses because it does not require an API key, making it convenient an it still allows for some bulk processing. This approach was ideal for the volume of lookups I performed in 2021. While this technique is still effective, exploring other options like locally hosted databases may be more appealing if you require a higher quota and performance.
To get started, it’s best to consult the API introduction.
https://ipapi.co/api/#introduction
#2021-11 web-performance.ch
$ip = '8.8.8.8'
$ret = Invoke-Webrequest ("https://ipapi.co/{0}/json/" -f $ip)
try {
$reverse_lookup = [System.Net.Dns]::GetHostByAddress($ip).Hostname
}
catch {
$reverse_lookup = "no PTR"
}
$data = $ret.Content | ConvertFrom-Json
Write-Output("{0} {1} ({2},{3}) [{4}]" -f $data.ip, $data.org, $data.country_code, $data.country_name, $reverse_lookup)
One thing I enhanced is the lookup of multiple IP addresses from a list or string. This is beneficial as it also formats the IP addresses in an easy-to-post manner. It enables you to have a timestamp of the lookup because data might change over time and ensures consistent formatting for easier comprehension if you post it in a wiki, such as Confluence, or in an issue tracker like Jira.
#2021-12 web-performance.ch
Write-Output("{0} {1} ({2},{3}) [{4}]" -f "IPAddress", "Organisation", "CountryCode", "CountryName", "DNS PTR")
<#
$ips = @"
8.8.8.8
8.8.4.4
"@ -split "`n"
#>
$ips = Get-Content D:\check-ip.txt
$ips | ForEach-Object {
$ip = $_
try {
$ret = Invoke-Webrequest ("https://ipapi.co/{0}/json/" -f $ip)
} catch {
$ret = $false
}
try {
$reverse_lookup = [System.Net.Dns]::GetHostByAddress($ip).Hostname
}
catch {
$reverse_lookup = "no PTR"
}
if($ret -eq $false) {
Write-Output("{0} no IP address lookup data [{1}]" -f $ip, $reverse_lookup)
} else {
$data = $ret.Content | ConvertFrom-Json
Write-Output("{0} {1} ({2},{3}) [{4}]" -f $data.ip, $data.org, $data.country_code, $data.country_name, $reverse_lookup)
}
}
Write-Output ""
Write-Output ("IP Lookup Data https://ipapi.co DT:{0}" -f (get-date).ToString("yyyy-MM-dd HH:mm:ss"))
If you decide to use this script, make sure you are allowed to send IP addresses to a third party for lookup.
This post is based on the free service of ipapi.co. As I am not affiliated with this service, it might change the API or offerings at any time, which could render this script non-functional. I have no means to ensure that it will still be working by the time you are reading this post.