ip info

[jrhea]

investigate cheap/free ways to get ip info

• good article: https://securitytrails.com/blog/asn-lookup
• could use whois, but it doesn't provide lat,lon. i would still need to look that up from address

$ whois -h whois.cymru.com " -v 62.210.170.177"
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
12876   | 62.210.170.177   | 62.210.0.0/16       | FR | ripencc  | 2000-10-26 | Online SAS, FR

$ whois -h whois.arin.net 159.65.217.119
NetRange:       159.65.0.0 - 159.65.255.255
CIDR:           159.65.0.0/16
NetName:        DIGITALOCEAN-159-65-0-0
NetHandle:      NET-159-65-0-0-1
Parent:         NET159 (NET-159-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS14061
Organization:   DigitalOcean, LLC (DO-13)
RegDate:        2017-10-24
Updated:        2020-04-03
Comment:        Routing and Peering Policy can be found at https://www.as14061.net
Comment:        
Comment:        Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse
Ref:            https://rdap.arin.net/registry/ip/159.65.0.0



OrgName:        DigitalOcean, LLC
OrgId:          DO-13
Address:        101 Ave of the Americas
Address:        10th Floor
City:           New York
StateProv:      NY
PostalCode:     10013
Country:        US
RegDate:        2012-05-14
Updated:        2019-02-04
Comment:        http://www.digitalocean.com
Comment:        Simple Cloud Hosting
Ref:            https://rdap.arin.net/registry/entity/DO-13


OrgNOCHandle: NOC32014-ARIN
OrgNOCName:   Network Operations Center
OrgNOCPhone:  +1-347-875-6044 
OrgNOCEmail:  [email protected]
OrgNOCRef:    https://rdap.arin.net/registry/entity/NOC32014-ARIN

OrgAbuseHandle: ABUSE5232-ARIN
OrgAbuseName:   Abuse, DigitalOcean 
OrgAbusePhone:  +1-347-875-6044 
OrgAbuseEmail:  [email protected]
OrgAbuseRef:    https://rdap.arin.net/registry/entity/ABUSE5232-ARIN

OrgTechHandle: NOC32014-ARIN
OrgTechName:   Network Operations Center
OrgTechPhone:  +1-347-875-6044 
OrgTechEmail:  [email protected]
OrgTechRef:    https://rdap.arin.net/registry/entity/NOC32014-ARIN

$ whois -h whois.ripe.net 62.210.170.177
inetnum:        62.210.128.0 - 62.210.255.255
org:            ORG-ONLI1-RIPE
netname:        IE-POOL-BUSINESS-HOSTING
descr:          IP Pool for Iliad-Entreprises Business Hosting Customers
country:        FR
admin-c:        IENT-RIPE
tech-c:         IENT-RIPE
status:         LIR-PARTITIONED PA
mnt-by:         MNT-TISCALIFR-B2B
created:        2012-11-02T11:40:24Z
last-modified:  2016-02-22T16:26:23Z
source:         RIPE
mnt-routes:     MNT-TISCALIFR-B2B
mnt-lower:      MNT-TISCALIFR-B2B

organisation:   ORG-ONLI1-RIPE
mnt-ref:        MNT-TISCALIFR-B2B
org-name:       ONLINE SAS
org-type:       OTHER
address:        8 rue de la ville l'eveque 75008 PARIS
abuse-c:        AR32851-RIPE
mnt-ref:        ONLINESAS-MNT
mnt-by:         ONLINESAS-MNT
created:        2015-07-10T15:20:41Z
last-modified:  2017-10-30T14:40:53Z
source:         RIPE # Filtered

role:           SCALEWAY
remarks:        known as Online S.A.S. / Iliad-Entreprises
address:        8 rue de la ville l'?v?que
address:        75008 Paris
address:        France
phone:          +33 1 73 50 20 00
fax-no:         +33 1 73 50 29 01
abuse-mailbox:  [email protected]
tech-c:         TTFR1-RIPE
nic-hdl:        IENT-RIPE
mnt-by:         ONLINE-NET-MNT
created:        2012-10-25T13:21:59Z
last-modified:  2020-04-10T09:11:50Z
source:         RIPE # Filtered

% Information related to '62.210.0.0/16AS12876'

route:          62.210.0.0/16
descr:          Online SAS
descr:          Paris, France
origin:         AS12876
mnt-by:         MNT-TISCALIFR
created:        2013-08-02T09:07:46Z
last-modified:  2013-08-02T09:07:46Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.97.1 (ANGUS)

Could write whois commands for each RIR and if the ASN is not controlled by the RIR used, then query the correct one. For example,

$ whois -h whois.ripe.net 159.65.217.119
inetnum:        159.61.0.0 - 159.68.255.255
netname:        NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
descr:          IPv4 address block not managed by the RIPE NCC
remarks:        ------------------------------------------------------
remarks:
remarks:        For registration information,
remarks:        you can consult the following sources:
remarks:
remarks:        IANA
remarks:        http://www.iana.org/assignments/ipv4-address-space
remarks:        http://www.iana.org/assignments/iana-ipv4-special-registry
remarks:        http://www.iana.org/assignments/ipv4-recovered-address-space
remarks:
remarks:        AFRINIC (Africa)
remarks:        http://www.afrinic.net/ whois.afrinic.net
remarks:
remarks:        APNIC (Asia Pacific)
remarks:        http://www.apnic.net/ whois.apnic.net
remarks:
remarks:        ARIN (Northern America)
remarks:        http://www.arin.net/ whois.arin.net
remarks:
remarks:        LACNIC (Latin America and the Carribean)
remarks:        http://www.lacnic.net/ whois.lacnic.net
remarks:
remarks:        ------------------------------------------------------
country:        EU # Country is really world wide
admin-c:        IANA1-RIPE
tech-c:         IANA1-RIPE
status:         ALLOCATED UNSPECIFIED
mnt-by:         RIPE-NCC-HM-MNT
created:        2019-01-07T10:44:35Z
last-modified:  2019-01-07T10:44:35Z
source:         RIPE

role:           Internet Assigned Numbers Authority
address:        see http://www.iana.org.
admin-c:        IANA1-RIPE
tech-c:         IANA1-RIPE
nic-hdl:        IANA1-RIPE
remarks:        For more information on IANA services
remarks:        go to IANA web site at http://www.iana.org.
mnt-by:         RIPE-NCC-MNT
created:        1970-01-01T00:00:00Z
last-modified:  2001-09-22T09:31:27Z
source:         RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.97.1 (WAGYU)

[jrhea]

Started caching ip_info when processing data in jupyter notebook

[Mshael9]

Code 90292