We launched our very first hackathon event in October, IPinfo IP Hunt. With IPinfo reaching its 10th birthday last year, launching our free IP databases and launching our freshly updated app (iOS and Android app), we wanted an opportunity to personally say “Thank you” to the developers who have been using our API. We have been supporting developers worldwide with our accurate IP insights for years, and we wanted this event to truly celebrate what binds our entire developer community in one unifying idea: “IP Address”.

How did the idea come to be?

We wanted to do something special; we didn't want to do an event where users had to submit programming projects, technical content, or something. We wanted this event to truly celebrate the idea that IPinfo represents, and in the process, we hoped the developer community (as well as the IPinfo team) could learn something new.

The initial idea of the hunt was about people running around public WiFi hotspots to collect IP addresses. It was supposed to be like "Pokémon GO for IP Addresses." We thought people could grab a few WiFi IP addresses from carrier IP addresses, and then the majority of the IP addresses would be from coffee shops, schools, public libraries, etc. We also set up the mechanism so that users could use multiple devices and add the device IDs of their friends and family to their hunted IP addresses.

But, from the title, you probably figured that didn't turn out that way... let's keep going.

At the beginning of the ideation stage, we thought about announcing winners based exclusively on a leaderboard. However, after our test runs, we found that our colleagues from some regions had more access to public WiFi than others. So, we decided not to move forward with a top user-based challenge.

We opted to do a lottery/raffle-based prize. Each IP you collect for the day is considered a raffle token for the lottery. Even though collecting more IPs gives you a better chance to win, everyone can win something as long as they hunt IP addresses. Moreover, a winner can only win one type of item at a time, and we have multiple prize drops. But the idea of this being a challenging IP Hunt held.

Launch day ….. then it really took off

We finally launched the event on October 23, and things went smoothly. Participants were collecting IP addresses, and everyone was excited.

On our first day, we had our IPinfo sticker pack as a prize. We received about 1,030 IP submissions. The highest submission for a user was 347 and came from WhiteFireOCN. Even though the idea that a single user could submit (or connect) to hundreds of IP submissions was interesting, we were not concerned about it. We thought they were a very proactive user who had worked in an organization or a university with multiple WiFi hotspots. At that time, we didn't investigate individual user submissions.

We announced our winners via our community and provided an IP summary of the results for the day using our online summary tool. The community posts and summary reports are still available in the community if you are interested in taking a look.

Users can also request their IP summaries of the collected IP addresses for the day through private messages. Our IP summary tool supports up to five hundred thousand (500,000) IPs and has an API endpoint for posting IPs. Therefore, it was quite easy for us to send IP summaries to individual users.

Then came the second day, and that is when we realized that the event would be something special. We started receiving many submissions, and we were fairly confused about what was going on.

The IP submissions are registered at the TCP connection level and extracted from our logs. There is no way for users to send IP addresses directly. They must first be connected to an IP address and then send a request to our servers from that IP. Only then will the IP be considered a submission.

Even though we knew that the top users at this moment had been able to successfully reverse engineer our app or find some level of loophole, the IPs they were submitting were legitimate in the sense that those IP addresses were used to request our web services.

Two types of patterns emerged:

• Large clusters of devices centrally located around a certain geolocation.
• Completely random and globally distributed devices.

But at this time, both of these types of users were leading the rankings and submitting more or less the same number of IP addresses even though there were thousands of IP addresses. We were sure the clustered devices were not residential proxy addresses, but the sheer volume of distributed IP submissions felt too big to be residential proxies. We had nothing but theories at that moment.

The next day, we realized that the clustered IP address submissions mainly had only one ASN, which is usually a carrier ASN. So, I will unravel the secrets later. We were confused and watched as the number soared and our IP count kept ticking up.

Then, on the 4th day, it finally happened – the total IP submission count exceeded 1.3 million IP addresses!

We still had no clue how only 244 users could submit 1.3 million IP addresses over 3-4 days.

We were not prepared for this level of traffic for such a small event, as evidenced by the CSS overflow of the 1,371,010 submissions. Our backend services struggled a bit to show the accepted IP addresses. Since this is an experimental event for us, we did not allocate significant computational resources behind it, and the event was more or less halted. However, our engineer was able to jump to the task and make the event operational again.

While the event was slowly being revamped, we noticed that the group leader had submitted over nine hundred thousand (900,000) unique IP submissions. Surprisingly, 92.2% of those IPs came from ISP connections with no common ASNs.

And after that, we had a full-on discussion in our community with the participants, and everyone shared their recipes. It was truly one of the greatest moments of IPinfo's community.

IPinfo Great IP Hunt: Day 3 Winners - IPinfo Updates - IPinfo Community

Both the clustered device and the global device folks came to discuss the event.

Internally, though, we were confused about what should be done. Even though they were able to game the system, our CEO, Ben Dowling, essentially said, "we will take them all!" This level of IP submission was truly incredible, and even though we are an IP address database company, we were learning a ton here.

Progressively, people started to bring their friends and family to the event to win our merch, and we were excited by the momentum.

Extending the event

The initial runtime of the event was two weeks; however, since top-level users cannot win the same prize twice, they asked their friends, family, and acquaintances to join the event. As the new users were equally excited about the event and actively participated, we deemed it fair to extend the event by a week to allow them to win.

How the event went

The total number of signups was 315 individual users. The total number of accepted IP addresses was 2.3 million IPs. These IP addresses spanned across thirty-four thousand (34,550) cities and two hundred (228) countries. We had about 70 winners, most of whom won multiple prizes through the lottery.

The day-to-day IP submission graph showed something really special happened on day 4 of the IP Hunt. All our top users aggressively hunted IP addresses while Rev.Pm and exove.ovh led the way.

The following chart showcases the number of daily participating users. User participation was consistent throughout the event because most users brought their friends to the party after joining. Most users just enjoyed the hunt and participated to keep their position on the leaderboard.

The vast majority of the IP submissions came from users who were able to game our app.

Winning Strategy 1: Usage of a proxy network

Every single user except for our #8 user (hunt.) and #10 user (CLN.io) used a residential proxy network strategy.

We talked with our top users who have adopted this strategy, but to maintain their secrecy, we prefer not to go into the details of the strategy. Essentially, these individuals downloaded an Android emulator, reverse-engineered our app to identify the API endpoint, and then started sending traffic to our site using a network of proxy devices. All of these individuals had two things in common: they had a cat profile picture in their community user profile, and they actually knew each other through online communities.

Fantastically, our Hibenji (#6) discussed his entire technical methodology of reverse engineering our app and using ProxyScrape, a residential service provider. We highly recommend giving the article on Proxyscrape’s website a read: How I used ProxyScrape proxies to win ipinfo.io merchandise.

When it comes to IP geolocation, there is no common pattern to it. This does showcase an important point about IP metadata. If you run threat intelligence operations, you must use multiple datasets to identify patterns.

However, although they know each other when talking with them, we discovered that none of them actually shared their code with another person. They essentially came to the same conclusion using different methods.

Most of these users are also well-known in other communities with an equivalent "capture the flag" game where participants submit IP addresses. We were not aware of the existence of such communities, and we learned a lot from our users.

Despite some users raising concerns, we believe that everyone gained valuable knowledge from their participation, and the primary goal was to have fun. However, we acknowledge the need to strengthen the challenge in IP submission. As Piet Hein once said, "Problems worthy of attack prove their worth by fighting back." Please let us know if you have any suggestions for checks and roadblocks we can implement. We would be happy to incorporate them.

Winning Strategy 2: Carrier automation

For this, I would recommend reading our ranked #10 user [CLN.io]’s guide: Automating IP cycling on mobile networks for profit (a pair of socks) - CLN.io

The strategy for this one is simple: constantly toggle flight mode on and off. Each time the user's carrier internet connection disconnects, they get assigned a new IP address from your carrier. Whenever they are assigned a new IP address, they will open up the app and wait a bit for the IP to register.

We were really surprised to see carrier IP churning like that, and we didn't realize that every time a user toggled their internet connection, a new IP address gets assigned. Another interesting fact is that we have seen multiple people independently discover this strategy.

Top users who had the IP countries limited to only 3

There were maybe 2-3 other methods that were used that took advantage of internet infrastructure or internet service organization access, but we have doubts but no evidence to show. ISPs may be able to relay internet traffic through a customer's router; however, we are unsure if this strategy was adopted. If you have such strategies to test out, join the event next time ;)

Winning Strategy 3: Being consistent throughout the event

This is probably not the most obvious strategy from the beginning: being consistent. The event was made for having fun, and if you have fun while submitting IP addresses at your own pace, you will eventually win a prize. Our prize rules were simple:

• Max five types of prizes for each contestant
• A contestant can only win one type of prize once
• Prizes are given away through a lottery

As the prizes are distributed through a lottery, everyone has a non-zero chance of winning something. Prizes are distributed based on IP submissions. So, the more IPs you submit, the higher your chances of winning; also, the more days you are active, the higher your chances of winning prizes! Shoutout to our most active users!

Our winners

Top countries based on IP geolocation.

https://community.ipinfo.io/t/the-great-ip-hunt-is-over/3906

We sent out a bunch of merch, and users were kind enough to share some pictures with us.

The response was overwhelmingly positive. Everyone who joined hung around in the community and really had a blast. Of the hundreds of participants, we were truly surprised by some participant metadata.

The classic term "customer persona" did not apply here, as we saw enterprise organization executives, consultants, OSS project maintainers, and even high school students join the hunt. People from the United States all the way to Japan, and from Russia to Australia, joined the hunt and shared the common joy of using IPinfo's services.

See you at the next IP Hunt

The success of the hackathon was enormous. It really meant something special for us and for the community. We would love to hear what ideas or feedback you have for us for the next event.

We are extremely excited to get started on the next event and want to incorporate ideas from our community. Our entire user developer ecosystem now revolves around the IPinfo community, so if you have any ideas to share about the next IPinfo IP Hunt or want to know when the next hunt will start, join the IPinfo community today.

In 2023, IPinfo celebrated its tenth year of helping application builders, businesses, and security professionals make their apps more intelligent. The traditional gift for a tenth anniversary is tin, which can be polished to a high sheen and can prevent underlying layers from corrosion. This is appropriate for IPinfo since our data helps turn all manner of data into a rich source of analytics and empowers companies to make smarter decisions to prevent fraud and abuse.

In this season of celebration, we pause to take stock of our accomplishments over the past twelve months, and we have so much to celebrate!

Data improvements

Active measurement capabilities

In 2023 we’ve significantly increased our measurement capabilities by doubling our probe network size and enabling IPv6 on all of our servers supporting it. Our network now consists of 593 servers in 98 countries and 149 autonomous systems, including 321 servers with IPv6 connectivity.

We have seen our largest expansion in Asia with 104 new servers, including 19 in China where we’re present for the first time. We can now provide detailed telemetry from within the country rather than rely upon calculated or implied statistics. China is a crucial market for many industries, and the country accounts for a substantial and growing segment of Internet users and endpoints.

We have also improved our IPv6 collection capabilities, a challenge in itself due to the extremely large size of the IPv6 space: how do you even know which addresses are in use? To solve this issue we’ve partnered with the IPv6 Hitlist project to share data and contribute to the largest public list of IPv6 addresses. We are now collecting delay and path information for more than 300M IPv6 addresses each week.

At the end of 2022 we were within 42 ms for 90% of the responsive IPv4 addresses. At the end of 2023, we have nearly halved this delay by being within 23 ms for 90% of the responsive addresses, and within 8 ms for 50% of the addresses. These latency improvements directly translate into more accurate geolocation by allowing us to discard invalid geolocation hints, and to directly geolocate IP addresses through multilateration.

In total, we collect delay and path measurements for 73k autonomous systems (96% of the autonomous systems visible in the Internet routing table), including 3.9M IPv4 routers and 44M IPv6 routers (this large difference is explained by the use of Network Address Translation (NAT) to address IPv4 exhaustion, which hides a lot of routers).

As the needs of the world's most innovative companies change, IPinfo will continue to adapt to meet these demands. As IPv6 adoption accelerates and new network use cases arise, IPinfo will continue to ensure that accurate data is available no matter what changes come to the Internet.

IP address tags

In addition to providing the most accurate IP data, we have continued to evolve how we present data with the use of tags.

In the example above, we have determined that the system at IP address 95.181.238.110 has operated as a web server and a VPN host, and the corresponding tags indicate this. IPinfo will continue to evolve how we present and process IP information for you, and we go beyond simply providing location data (which, in this case, is in New Jersey, not in the Bahamas as other providers claim). We have much more planned for tags in 2024.

Additional free data available

IPinfo is committed to providing the world’s most accurate IP intelligence data to both free and paying customers, and we continued to honor this commitment in February, with the release of our free IP to country and ASN database. We will always offer 100% accurate free data, both to support not-for-profit and academic users and to provide enterprise customers with an accurate assessment of our service before purchasing a subscription.

Expanded partnerships

This summer, we also released our IP to country/ASN data set on Google’s Analytics Hub for free. This allows GCP customers to easily integrate our data for use in BigQuery without usage restrictions, furthering our commitment to making our data as easy to use as possible.

A growing customer base

We’d love to tell you about how we are the easiest IP data provider to use or the best provider on the market, but we don’t have to. You keep telling us. Once again, you rated IPinfo as the best IP data provider and the easiest provider to use on G2. Thank you to all of our amazing users and customers for your support!

Here are just a few IPinfo success stories from 2023:

Oort

Oort partners with IPinfo to provide unified threat intelligence to prevent, detect, and respond to threats efficiently and in real-time. By integrating our data, Oort estimates a 5x increase in efficiency for their data science teams.

“With IPinfo, our chief data scientist could immediately access the information in a table and then start to implement it. From an evaluation perspective on our end, this is completely different and a bit of a game changer.” – Didi Dotan, CTO at Oort

Checkout.com

Checkout.com needs to ensure that every payment processed is legitimate, as fraudulent transactions are costly for all parties involved. After evaluating our data against the competition, Checkout.com chose to partner with IPinfo due to our high accuracy and competitive pricing. Now their transactions can be screened for potential fraud without slowing down the transaction flow.

SiriusXM

Media distribution is subject to many digital rights restrictions and laws, and these can vary greatly by locality. To ensure compliance with contractual and legal obligations, SiriusXM uses data from IPinfo to adhere to state licensing requirements in the U.S.

2023 by the numbers

We are a data company, so it is only fitting to take a look at the year that was from a data analytics perspective. Here are some interesting statistics for IPinfo in 2023:

IPinfo community launch

This past spring, we officially launched the IPinfo Community, and the response has been tremendous. If you haven’t checked it out yet, we encourage you to join us there for documentation, code examples, and guided assistance to get started using our free and paid data products. This forum also gives IP data enthusiasts from around the world a place to collaborate, share projects, ask questions, and participate in events.

Speaking of events…

The Great IP Hunt

Thanks to YOU, our amazing community, our inaugural Great IP Hunt was a rousing success! We had over 300 hunters participate in the contest, and your ingenuity and technical skills were impressive. More than 200 prizes were awarded, and our top twenty participants submitted a mind-boggling total of 3.8 million IP addresses! Keep an eye out on our community forum for news about upcoming events.

Barcelona outing

In September, our team came together in beautiful Barcelona. This was our second all-hands outing at IPinfo, and we even found a bit of time to work amongst the play. As a globally distributed, remote-first company, we relish occasions such as this to meet in person, and we took the opportunity to share ideas and craft strategy under the Spanish sun.

Looking ahead with gratitude to 2024

"The only place where success comes before work is in the dictionary.” – Vince Lombardi

In 2024 and beyond, IPinfo will continue to extend the features of our data and expand the reach and capabilities of our unique probe network, all to further our mission to serve the world’s IP data needs better. In this holiday season, it seems fitting to take the wraps off a few other things we have in store for you in the coming year.

Just as our data helps drive your innovation, your feedback drives ours. The data engineering team at IPinfo is continuously improving the quality and accuracy of our data, and we will continue to roll out exciting new capabilities in 2024.

We are constantly impressed and inspired by the accomplishments of those who leverage our data to do great things, and we owe our success to all of you. If you would like to reach out to us about any of our data products or services, give us a shout on Twitter, or you can use our contact form to send us a message.

All of us at IPinfo wish all of you a happy and healthy holiday season, and best wishes for the new year!

We at IPinfo are very excited to announce our first community “huntathon” event: The Great IP Hunt. This event celebrates the idea of learning about IP address geolocation in a fun and engaging way. You can run around and collect unique IP addresses, hunt their IP geolocation using our brand-new IPinfo apps (Android and iOS), and submit them to win daily prizes.

How to get started?

Our hackathon is open to all, and entry is simple. Here’s how to participate:

Step 1: Download the IPinfo app

This is how you will find and submit IPs. Our app is available in both iOS and Android versions.

Apple / iOS → https://ipinfo.io/ios

Android → https://ipinfo.io/android

You can use multiple devices running the IPinfo app to collect IP addresses. All the WiFi IPs you collect across your different linked apps will be aggregated in your Great IP Hunt user profile.

Step 2: Enable location permission

When you install the app, make sure to enable location permission, and it must have the precise location settings as well. This is required in order to participate in the contest and snag those prizes!

For the Android app, after you install and first open the app, you will be prompted with the location permission section. Please do the following:

• Please select the “precise” device location setting
• Then select “While using the app”

Please note that if you disable location permission while hunting an IP, that IP will not be counted for the purposes of this event.

Step 3: Copy your app device ID

After setting up the app, you need to copy your unique app Device ID from the app. The device ID is available on your app’s menu. The Device ID is used to link your hunting device(s) with your hunting account.

To get the app “Device ID,” do the following:

• Click on the hamburger menu in the top right corner of your IPinfo app
• Press the button that says “Copy Device ID”
• After successfully copying the app Device ID, a popup will notify you that the Device ID string is now on your phone clipboard.

Paste this information into the event registration page.

Step 4: Signup for the Great IP Hunt

Finally, the event registration. You must be an IPinfo user first to sign up for the Great IP Hunt. If you don’t have an account, what are you waiting for? Sign up for a free account now!

Once your IPinfo account is ready, visit **Halloween Hunt 2023 - IPinfo.io.** Then select “Join the Hunt”.

Then, you will be prompted to provide a Great IP Hunt username for the leaderboards.

Protip: If your leaderboard name is the same as your Twitter handle, it becomes easier for us to give you a shoutout.

Step 5: Paste your device ID

After you have set your userame, you will be prompted to add your Device ID. The Device ID connects your app's activity with your account. Through the Device ID linking mechanism, every IP address you hunt will be added to your profile.

Connect multiple devices to your profile to increase your chances of winning. By connecting multiple devices with multiple device IDs, you can log more IP addresses and increase your chance of winning prizes.

Step 6: Start the hunt

Once you have completed your signup, you can begin your Great IP Hunt!

First, connect to the Internet. Any public connection, such as WiFi, mobile, home, or otherwise is valid, as long as it provides you with a unique public IP address, it is fair game. Once you are assigned an IP address, open up the IPinfo app and hit refresh. And that’s it.

Once we show you the IP information of your WiFi IP address, the IP address is considered to be collected. Now, if you visit your event page after a minute for processing, you will see the status of your collected IP address.

Don’t forget to turn on location permission! Without that, we will not count collected IP addresses.

What can you win?

We are going to announce winners based on their accepted IP submissions. Essentially, every IP you hunt is a ticket to a raffle.

We have lots of great prizes to give away —

• IPinfo t-shirts
• Sticker packs
• IPinfo-branded socks (a community favorite)
• The IPv4 Internet map

Rules of the hunt

• You must enable location permission for your submission to be counted for the contest.
• The IP hunting mechanism involves checking the IP information of your current IP address through the IPinfo app.
• Only IP addresses assigned to your device and collected through our app will be counted.
• You can add multiple devices to your current event profile. The more devices you add, the more your chances of winning go up.
• Each valid IP hunted is a ticket to the daily giveaway, so the more WiFi networks you connect to, the more IPs you submit, the better your chances to win. A valid IP is a unique IP from your device, with proper location permissions enabled on the IPinfo app at the time of collection and submission.
• Anonymous or VPN IP addresses are not valid IPs for this event.
• Like selecting our winners, our prizes are random. You might win a sticker pack, or you might win one of our t-shirts, but in the event of a two-time (or more!) winner, you will not receive the same prize more than once.
• The Great IP Hunt will end on November 14th, so every day counts. We will be announcing a winner every day throughout the duration of the event, so we encourage users who join mid-event to keep trying!
• This is a global event. As long as we (as a US-based business) can physically send you your reward, you are eligible to win.

IPinfo has always been a developer-first company. The Great IP Hunt event celebrates the developer experience and helps us thank all the users, developers, students, and professionals who have made IPinfo the premier choice for Internet data.

Going beyond using our data, we aim to introduce the concept of IP geolocation, internet data, and IP data to a whole new audience. Through the Great IP Hunt, you have a tremendous opportunity to learn about IP geolocation and its impact. Of course, cool daily prizes aren’t so bad, either!

If you have any questions or feedback about the Great IP Hunt, drop a post in the IPinfo Community.

The geolocation process of IPinfo is largely based on our evidence-based process of probing IP addresses. The probe-based IP geolocation process results in highly accurate IP address location data that can also be verified by users. We run our IP geolocation processes daily, ensuring fresh and accurate data. Additionally, we have one of the most sophisticated probe infrastructures in the world, spanning 103 countries across 6 continents.

Now, let’s talk about the evidence of this accuracy claim. We aim for precision of the highest order with our IP geolocation data. Accuracy doesn’t mean that we have to agree with other providers’ data. In some instances, where we pinpoint an IP address’s location doesn’t match the country or even the continent where other providers may think it is. Even if no other provider agrees with our location data, we can transparently show evidence for our decision.

What happens when the IP location data is not accurate?

A few examples illustrate how important it is to get this right, as inaccurate IP geolocation data can have practical consequences.

A privacy-focused messaging app's server location mishap

There is a famous messaging service that places heavy emphasis on user and data privacy. In pursuit of this, they have mentioned that they host their data in a neutral country, free from geopolitical issues.

However, one day, amateur cybersecurity researchers brought forth allegations that the messaging platform was not storing the data in a privacy-friendly country as claimed, but instead storing it elsewhere.

This accusation caused a significant buzz on Twitter. The amateur cybersecurity researchers used (incorrect) data from a legacy IP geolocation provider. The messaging platform continuously provided location evidence and later referenced IPinfo’s data to prove that their servers were located in the place they had mentioned.

They contacted the legacy provider to fix their location data, but their support did not respond for several days. Eventually, the legacy provider corrected their data, which aligned with IPinfo’s results. The legacy provider never acknowledged their mistake, and the messaging platform's reputation suffered as a result of this saga.

Sports streaming service causes people nothing but frustration

Because of digital asset rights and acquisition policies, TV networks can only broadcast a sporting event within agreed-upon locations. This broadcast practice especially applies to sports streaming services. A very well-known sports streaming service has the rights to broadcast a major sporting event across the United States. However, due to their broadcast contract, they are required to restrict the streaming of specific sporting events to specific regions or states.

This has resulted in the practice called "blackout", which means that if you are not within a streaming target area, the streaming service will not show you the event. However, this provider uses an IP geolocation provider that doesn't provide accurate data.

As a result, customers in a valid viewing location who should be able to watch the event are subjected to blackout. If the subscriber is assigned a dynamic IP address, they may be able to watch an event on one day, but the next day they may be blacked out because the IP geolocation provider does not run daily IP geolocation processes, and they might assign a new IP to the user in a different location.

Therefore, subscribers cannot access content to which they are entitled. They are at the mercy of unreliable IP data. If the service’s support cannot resolve their issue, they may attempt to use a VPN service to circumvent the location restrictions, use an unauthorized pirate streaming service, or simply cancel their subscription.

Probe-based IP Geolocation

Even though we use various public data sources, our entire IP geolocation process relies upon our probe network data. The probe network is our ultimate source of truth for IP geolocation. Learn about our probe network and how we ensure data accuracy from this article.

We also utilize other sources for IP location hints, such as:

• WHOIS data
• Geofeed data
• Corrections submitted by customers and users

These are crucial to the big picture, but they only act as complementary data points. We verify all of this data based on our probe telemetry, and there are good reasons for that.

• WHOIS data can be wrong because organizations sometimes don’t regularly update WHOIS records. WHOIS data generally provides organizational context, is a snapshot-in-time record, and does not provide granular geolocation information of individual IP addresses
• Geofeed data can be wrong because geofeed data is usually too broad and sometimes not specific or precise enough for us
• Correction submissions can be wrong because we believe in “trust but verify”. We appreciate users and organizations submitting corrections very much and are proactive about keeping IP address location data as accurate as possible, however, we verify all correction submissions by probing the IP addresses from our probe network.

We use our probe network for IP geolocation data. The IP probing process involves pinging an IP address from multiple probe servers and identifying the approximate location of that internet-connected device through a process called multilateration. Currently, we have more than 600 probe servers around the world, making this probe network infrastructure one of the largest in the world. By continuously expanding our probe network infrastructure, we ensure highly accurate IP address location data and progressively provide more granular geolocation information.

IP geolocation inaccuracies from other providers

We do not use any IP geolocation provider’s data in our product. We perform IP geolocation independently using our own infrastructure and systems. That is why our data can be different from other provider’s data.

Some legacy providers do not typically invest in IP address location data accuracy to the same extent as we do. IP addresses are constantly being reassigned from one location to another. As a result, their data can become outdated and inaccurate. Additionally, dynamic IP address assignments, carrier IPs, and the global trade of IPv4 also contribute to the complexity.

In some instances, other providers can put too much emphasis on the geofeed and WHOIS databases. However, these data sets are often not accurate and could inject noise into the IP location data. This is usually the main reason why our more accurate data doesn't agree with other providers' data.

How to verify IP geolocation accuracy

Do not refer to another provider as a reference

Considering another IP database as the reference benchmark is a common mistake customers make when evaluating our data accuracy.

The reference data from the other provider will likely be inaccurate. When comparing inaccurate data from the other provider with our accurate data, you will likely be false-flagging the accurate IP location data we provide.

Moreover, we have even seen users referring to free IP databases available online to verify our premium IP geolocation data, which is a foundationally wrong verification process. These data reference errors are sometimes even amplified when users use an older IP geolocation database as a reference.

Use independent and verifiable sources of location data such as GPS data, known device location data, or ground truth data. Verifiable reference data is also available to benchmark our data with other providers' IP location data. Also, IP addresses change location all the time, so using an older database will likely cause inaccurate results. It is, therefore, important when testing accuracy to ensure that the latest data sets are being used.

Example

IP address: 13.35.172.198

Provider #1 claims the IP address is located in Toledo, Ohio, US. While IPinfo says, the IP address is located in Al Fujairah City, UAE. Should you use provider #1’s data as reference data to verify IPinfo’s IP location data? Absolutely not.

Using another provider’s data as the benchmark to evaluate IPinfo’s data is not a scientific process, as you can not verify the accuracy of the reference data in the first place. Now, if you use bad data as a benchmark to evaluate good target data, you can conclude that good target data is inaccurate. We recommend you use only verifiable IP locations backed by GPS or familiarity or ping-based insights to evaluate our location data.

WHOIS data is not a valid reference for IP location information

WHOIS data is voluntary data that organizations and ASN report. There is no verification process for the accuracy of WHOIS data. WHOIS records only contain information that the submitting organization wants to share, and there is no review process. Moreover, WHOIS databases are not regularly or automatically updated. In most cases, WHOIS data does not provide actionable and accurate IP address location information. In some instances, we have observed that VPN companies and IPv4 resellers intentionally add inaccurate information. This behavior is mainly motivated by two reasons:

• VPN providers can say they have IP addresses in more exotic places.
• IPv4 IP address sellers can claim the IP addresses they are trading are located in favorable locations in terms of IP reputation.

Our probe-based IP geolocation cuts through any obfuscation, intentional or not, and uncovers the true location of IP addresses in a scientific and verifiable way.

Example

IP address: 104.46.237.59

IP address owner: Microsoft Corporation

The WHOIS data mentions the country as the United States of America, and the city is Redmond, WA. This information pertains to the organization’s (Microsoft) HQ location. This location information has no connection to the location of the IP address. WHOIS data provides organization context only and does not provide much information on the geolocation of an IP address.

IP data pages provide context on problematic IP locations

We confirm our IP location information by using various methods. Over the years, we have identified various reasons why other providers may locate an IP address in a different place than where it truly belongs. Based on this experience, we add context to these location discrepancies in our website IP data pages.

On the website, we will mention which IPs can be considered problematic IP locations. Then, we further provide evidence of why our data is accurate by showcasing the ping information from our internal database.

Ping the IP address and assess the ping time

You can also get an idea of the IP address locations by using services that can ping an IP address from multiple servers across the world. Round-trip time (RTT) is the time it takes to get a response after you initiate a network request. Based on RTT data, you can have some context around the location of an IP address. (This method will work only for pingable IP addresses.)

Example

IP address: 154.31.189.103

On September 13, 2023 (Wednesday), we have the following location information:

• IPinfo.io → Hong Kong
• Provider #1 → United States of America
• Provider #2 → United States of America
• Provider #3 → Germany
• Provider #4 → Germany

IPinfo stands out as the other four providers are split between Germany and the United States of America. But let’s look at the ping data from ping.sx. The ping service pings an IP address from multiple different servers across the world.

From pinging the IP address from those servers, we can sort the results by average scores in ascending order (low to high) to find the lowest ping time. The lowest ping time is from the servers in Hong Kong. It is easy to artificially slow down connections, but fast connections are harder to produce over long distances, so this is a reliable indicator of physical proximity. IPinfo correctly recognizes this information and, based on the ping information, accurately identifies the location of the IP address. The other providers erroneously placed the IP address 8,989 km - 11,642 km away.

Ask for data evidence and check our extended geolocation database

Our data team is happy to share our evidence behind our stated locations of IP addresses. We use a variety of internal tools to verify IP address location. We also share an IP to geolocation location extended database that provides confidence radius information data to help make educated decisions.

Ask in our community

Whenever there are doubts about the location of an IP address, we always encourage users to reach out to us in our community forum where we answer questions, host discussions, and post a wealth of guides and articles. If you know any IP address location is not accurate, consider submitting a correction with us.

In this article, we have outlined the importance of accuracy and how to test for it, and proven the precision of IPinfo's IP geolocation data. Behind every IP address data point from IPinfo, there's a robust infrastructure, an expert data team, and a commitment to continuous improvement. We're here to provide the highest quality IP information for your needs. Whether you're benefiting from our standard database offerings or exploring our custom data solutions, you can trust IPinfo to deliver accurate and reliable data.

Try our suite of free IP tools, register for a free account to access our API and a fully-accurate set of geolocation data, and once you’re convinced that IPinfo offers the most powerful, reliable, and accurate data in the world, reach out to our data account team to learn how the most innovative companies succeed by partnering with IPinfo.

In today's digital landscape, extracting IP address meta-information, such as the geographic origins of online activities, identifying anonymous IP addresses, and retrieving network-level metadata from IP, has a wide range of applications. Whether it's to enhance user experience, bolster cybersecurity measures, or add sales and marketing intelligence data, IPinfo's IP data unlocks a new dimension of insight.

In this blog post, we will dive into the seamless integration of IPinfo's powerful API and data download services with the Java programming language. Discover how leveraging IPinfo's data in your Java project can empower you with accurate and reliable IP information.

Using our Java Client Library for using the API

If you like to use our API in the Java ecosystem, we highly recommend you check our official Java client library.

https://github.com/ipinfo/java

Even though you can get IP data from our API endpoint by making HTTP calls to the API, the IPinfo official Java library comes with a few bells and whistles, which makes using our API more effective. Such features include:

• Error handling
• Caching
• Geolocation helper functions: Country name lookup, EU country lookup, and Internationalization
• Thread safety
• Bulk / Batch lookup

1. Installing the IPinfo API Client library

You can install the IPinfo API library using Maven. Simply add the following code to your pom.xml file:

<dependency>
    <groupId>io.ipinfo</groupId>
    <artifactId>ipinfo-api</artifactId>
    <version>2.2</version>
    <scope>compile</scope>
</dependency>

2. Getting started with the library

You should, at this point, copy your IPinfo access token from your profile dashboard. Then, you can initiate your Java codebase. In your /src/main/java/com/mycompany/app create a file called [Main.java](<http://Main.java>) and write the following code:

package com.mycompany.app;

import io.ipinfo.api.IPinfo;
import io.ipinfo.api.errors.RateLimitedException;
import io.ipinfo.api.model.IPResponse;

public class Main {
    public static void main(String... args) {
        // Add your token here
        // <https://ipinfo.io/account/token>
        IPinfo ipInfo = new IPinfo.Builder()
                .setToken("YOUR_TOKEN")
                .build();
        try {
            // Lookup an IP address
            IPResponse response = ipInfo.lookupIP("8.8.8.8");

            // Print out the response object
            System.out.println(response);
        } catch (RateLimitedException ex) {
            // Handle rate limits here.
            System.out.println("API rate limit reached.");
        }
    }
}

Here, we are first importing the necessary classes from the io.ipinfo.api package that we installed. Then, in the Main class, we create an instance of the IPinfo class using the builder pattern. The ipinfo instance is initialized with the IPinfo access token. We use the lookupIP method of the ipinfo instance to perform an IP address lookup of the IP address 8.8.8.8. We wrap the IP lookup process in a try-catch statement to catch rate limit errors.

The output response object looks like this:

IPResponse{ip='8.8.8.8', hostname='dns.google', anycast=true, city='Mountain View', region='California', country='US', loc='37.4056,-122.0775', org='AS15169 Google LLC', postal='94043', timezone='America/Los_Angeles', asn=null, company=null, carrier=null, privacy=null, abuse=null, domains=null}

3. Extracting specific information from the IPResponse object

From the IPResponse object, we can extract specific information by calling the following methods:

If your IPinfo token tier has access to our paid tier, you can get additional information from the IPResponse instance. Such as:

IP to Privacy Detection

To get the anonymous IP-related information from the IPResponse object, use the getPrivacy

method. The getPrivacy method will return an output like the following:

Privacy{vpn=true, proxy=false, tor=false, relay=false, hosting=false, service=}

To get individual information from the Privacy object, call the following methods:

ASN data

The getAsn method of the IPResponse object will return the ASN information of the IP addresses. The getAsn method returns the following object:

ASN{asn='AS54113', name='Fastly, Inc.', domain='fastly.com', route='146.75.196.0/24', type='hosting'}

From the getAsn method, you can extract individual information with the following methods:

IP to Company Data

The getCompany returns the organization-related information of the IP address in the following way:

Company{name='FASTLY', domain='fastly.com', type='hosting'}

You can extract individual organization related information using the following methods:

IP to Mobile Carrier

If the IP you looked up is a mobile carrier IP, you can get carrier-related information as well with the getCarrier Method.

Carrier{name='SaudiNet', mcc='420', mnc='01'}

4. Exploring the other features of the IPinfo package

Aside from IP lookup, the IPinfo Java package comes with lots of useful features. Here are some of the highlights:

• Lookup ASN information with the LookupASN function
• Bulk or batch lookup IP addresses with the getBatchIps command
• Bulk lookup ASN information with the getBatchAsns function
• Map the geolocation of IP addresses from a list of IP addresses with getMap function. The function is powered by IPinfo's Map tool
• By setting up country JSON files, get geolocation insights such as country name, currency, flag, EU country detection and more.

The package is also thread-safe and has support for data caching.

Going beyond Java, IPinfo has other official libraries for working with the API solution. Check out some of our other blogs:

• How to get IP data and IP location in C# with IPinfo
• IP geolocation in Go with IPinfo

Now, moving on to using the Java programming language to work without IPinfo’s IP data downloads.

Using our data downloads in the MMDB format

We are going to look into how to use IPinfo’s MMDB data downloads in the Java programming language. The MMDB file format is a binary file format that facilitates efficient and fast IP lookups. If you would like to know which file format fits your needs, check out our blog: https://ipinfo.io/blog/ipinfo-database-formats/

1. Installing the MMDB reader library

As the MMDB file format is a binary file, you need to use a third-party package MMDB Reader library for Java, first to work with it. Please install the MMDB reader library and not the API client library from MaxMind.

Installation via Maven

To install the library via Maven, add the following code to the Java project’s pom.xml file.

<dependency>
    <groupId>com.maxmind.db</groupId>
    <artifactId>maxmind-db</artifactId>
    <version>3.0.0</version>
</dependency>

Installation via Gradle

You can install the MMDB reader library via Gradle as well. Add the following code snippet to your build.gradle file:

repositories {
    mavenCentral()
}
dependencies {
    compile 'com.maxmind.db:maxmind-db:3.0.0'
}

You can use whatever installation method you like. But in this post, we will use Maven.

After you have added the code snippet to your pom.xml file, run:

mvn clean install

In some instances, this command is maven clean install.

2. Downloading the database

You can download the MMDB database in a number of different ways. You can use curl or you can download the database from your account dashboard.

Feel free to check our community post on downloading our IP database: https://community.ipinfo.io/t/downloading-the-ipinfo-database-data-downloads/1745

We are going to use the free IP to the ASN database for this article. I am using the curl tool to download the db and put it in the Java project’s static directory.

curl -L <https://ipinfo.io/data/free/asn.mmdb?token=><YOUR_TOKEN> -o asn.mmdb

3. Standard Code / Usage

Please note that IPinfo’s data downloads are flat, tabular and have an un-nested data structure. This means that you don’t have to do any kind of deep object indexing to get your data. IP metadata is available on the first and only layer of the data structure.

We will add boilerplate codes for all our data downloads format below. But for now, we will focus on the free IP to ASN database. The free IP to ASN database provides the following data from IP lookups:

• ASN
• Name
• Domain

Using that information, we can create the [Lookup.java](<http://Lookup.java>) in the /src/main/java/com/mycompany/app directory:

package com.mycompany.app;

import com.maxmind.db.MaxMindDbConstructor;
import com.maxmind.db.MaxMindDbParameter;
import com.maxmind.db.Reader;

import java.io.File;
import java.io.IOException;
import java.net.InetAddress;

public class Lookup {
    public static void main(String[] args) throws IOException {
        File database = new File("static/asn.mmdb");
        try (Reader reader = new Reader(database)) {
            InetAddress address = InetAddress.getByName("8.8.8.8");

            // get() returns just the data for the associated record
            LookupResult result = reader.get(address, LookupResult.class);
            System.out.println(result.asn); // Output → AS15169
            System.out.println(result.name); // Output → Google LLC
            System.out.println(result.domain); // Output → google.com

        }
    }

    public static class LookupResult {
        private final String asn;
        private final String name;
        private final String domain;

        @MaxMindDbConstructor
        public LookupResult(
            @MaxMindDbParameter(name = "asn") String asn,
            @MaxMindDbParameter(name = "name") String name,
            @MaxMindDbParameter(name = "domain") String domain
        ){
            this.asn = asn;
            this.name = name;
            this.domain = domain;
        }
    }
}

Then you can run the following command to run the [Lookup.java](<http://Lookup.java>) file

mvn exec:java -q -Dexec.mainClass="com.mycompany.app.Lookup"

This will result in the following output:

AS15169
Google LLC
google.com

4. Code / Usage with Boolean data

Our IP to Privacy database provides data in a Boolean format for flagging the type of anonymous IP addresses. For example: If we flagged an IP to be a VPN we will return true or else we will return an empty string, "".

We can account for that by using the following code:

package com.mycompany.app;

import com.maxmind.db.MaxMindDbConstructor;
import com.maxmind.db.MaxMindDbParameter;
import com.maxmind.db.Reader;

import java.io.File;
import java.io.IOException;
import java.net.InetAddress;

public class Lookup {
    public static void main(String[] args) throws IOException {
        File database = new File("static/standard_privacy.mmdb");
        try (Reader reader = new Reader(database)) {
            InetAddress address = InetAddress.getByName("94.102.51.15");

            // get() returns just the data for the associated record
            LookupResult result = reader.get(address, LookupResult.class);
            // I am using string formatting, which is not necessary here
            System.out.println(String.format("VPN: %s", result.vpn));
            System.out.println(String.format("Proxy: %s", result.proxy));
            System.out.println(String.format("TOR: %s", result.tor));
            System.out.println(String.format("Relay: %s", result.relay));
            System.out.println(String.format("Hosting: %s", result.hosting));
            System.out.println(String.format("Service: %s", result.service));
        }
    }

    public static class LookupResult {
        private final boolean vpn;
        private final boolean proxy;
        private final boolean tor;
        private final boolean relay;
        private final boolean hosting;
        private final String service;

        @MaxMindDbConstructor
        public LookupResult(
            @MaxMindDbParameter(name = "vpn") String vpn,
            @MaxMindDbParameter(name = "proxy") String proxy,
            @MaxMindDbParameter(name = "tor") String tor,
            @MaxMindDbParameter(name = "relay") String relay,
            @MaxMindDbParameter(name = "hosting") String hosting,
            @MaxMindDbParameter(name = "service") String service

        ){
            this.vpn = vpn.equals("true");
            this.proxy = proxy.equals("true");
            this.tor = tor.equals("true");
            this.relay = relay.equals("true");
            this.hosting = hosting.equals("true");
            this.service = service;
        }
    }
}

This will result in the following output:

VPN: true
Proxy: false
TOR: true
Relay: false
Hosting: true
Service: FreeVPN

Incorporating IPinfo's robust data into your Java projects not only enriches your applications with precise geolocation data but also fortifies your cybersecurity measures. Seamlessly retrieving IP insights from the API and data downloads, empowers you to make informed decisions, from optimizing user experiences to reinforcing access controls. Uf

Join IPinfo's community, where you can freely ask questions, share insights, and continue harnessing the potential of IP intelligence. Check our paid plans to get access to more data types (from Privacy to Detection to Hosted Domains) as well as higher request amounts.

IP data empowers identity management policies and access management regulations. Organizations like Permit.io - a leading plug-and-play app-level authorization platform, enable users to implement IP address data in their platform to enforce frontend or backend control with no code.

Based on our conversations with customers and other leading IAM organizations, here’s what you need to know about IP address data and access control.

What is the difference between identity and access management?

While Identity and Access Management are often intertwined, identity management refers to the development of digital identities and is the foundation for access control. It establishes which users or accounts can access content, servers, networks, sensitive credentials, and much more.

Access management enforces what each identity can access within an organizational ecosystem, allowing businesses to control who views which resources. Enforcing organizational policies for access control requires a variety of tools and procedures.

What is access management?

There are several different permissions approaches to access control. Role-Based Access Control (RBAC) refers to authorization based on a user’s role within an organization. This methodology aims to enforce the least privilege for users, granting individuals access only to the resources their role requires them to have.

According to Permit.io, “Five to ten years ago, organizations tended to keep data in one single database. That’s why roles were initially the simplest and most effective way to implement access control. Now application developers are getting data from everywhere. They have much more data like IPinfo that they can rely on, it’s very easy to use, and they have the engines to define and implement complex policy rules. With policy as code or cloud services like Permit, it’s very easy to define even a very complex policy model.”

As RBAC gained momentum, organizations began to recognize the need for more access controls. Since data sources are numerous, businesses need to merge disparate data sources to gain more context for decisions and enforce access-based controls. Now organizations also need to enable dynamic decisions based on characteristics, anomalies, or enriched data about the user and the account.

Permit.io has noticed that many organizations begin shifting from RBAC to ABAC to implement sophisticated pricing models and offer premium services to users: “In the beginning, approximately 70-80 percent of the permissions you give may be based on roles. Then the other 20-30 percent where you want to give access to particular features is based on attributes. The more you go for attributes, the less you use roles. But you always use roles. This is usually a journey for users with Permit or other solutions like Open Policy Agent. They start by using these roles and then they discover they can grab more data to add more context to their decisions. That’s when they decide to do it with attributes because it’s much easier.”

Attribute-Based Access Control allows organizations to go beyond roles and implement complex policy rules to enforce network access.

How does IP address data impact attribute-based access control?

While there are many datasets that can be implemented in attribute-based policies, such as business logic, resource attributes, or action attributes, IP address data is another valuable dataset that improves context for access management. Here are several ways IP data is used to prevent data breaches caused by abused privileged credentials.

Investigating sessions

IP data can be used to investigate sessions. If an IP changes location frequently or if there are multiple IPs using an account at one time, an organization can limit access. Administrators may choose to allow this user to access general resources while also restricting access to sensitive files, servers, or accounts.

If organizations want to limit public IPs from accessing their servers, they can use ASN data to separate traffic based on the IP type: business, hosting, residential, educational institutions, or ISPs.

Detecting suspicious requests for sensitive resources

Another way Permit.io users and other access control management systems implement IP data for access control is to add context to requests for sensitive resources.

Determining where the user is located can be an important parameter to detect if access should be denied or allowed. Organizations can gather details like when the user logged in and how many IP addresses are accessing the account.

Location-based access controls

Other organizations use IP data to limit access to specific locations. A supermarket in Israel, for instance, may want to limit access to their services so that users in the United States cannot make purchases through the application.

While limiting access to products, a supermarket or other store can then grant access to billing information or other account information to allow travelers to view their accounts while out of the country. Other businesses like Amazon or ecommerce sites also use IP address data to limit user access to certain products within a region or country.

Enforcing content restrictions based on location

IP Geolocation data is important If an organization wants to publish content only in a certain location such as France but wants to prevent access for traffic from other countries like Brazil or China.

This is especially important for organizations that need to enforce regulations like GDPR. Organizations in Europe may need to limit access for compliance purposes, and IP to Geolocation data can help enforce those policies. Especially with ABAC controls like Permit.io, they could easily implement a policy like this.

Limit users to specific mobile providers

Mobile providers can use IP address data to incentivize relationships with other brands. If, for instance, a company like US Cellular wants to offer collaborations with another organization, IP to Mobile data can be used to validate if logins originate from a US Cellular user or not.

IP to Mobile data can also be used to limit downloading options until the user is using WiFi or has a more stable Internet connection other than mobile.

How to start using IPinfo’s data for access control

One way to use IPinfo’s data for access control is to ingest the data into Permit.io’s RBAC and ABAC policies. Permit has written an extensive guide about granting location-based access with Next.js.

Ready to start using IPinfo’s data for access control?

We’re joining Oort and Snowflake for a webinar on July 12, 2023! The webinar focuses on how security platforms can improve data usability and efficiency for their teams.

Oort turned to Snowflake Marketplace to discover, try, and purchase data to integrate into their existing workflow. They seamlessly access IPinfo’s data to visually present potential security threats to their customers. These datasets include IP to Geolocation, Privacy Detection, and ASN data.

Oort and IPinfo will discuss how Snowflake makes third-party data sources easy to ingest, creating more value within applications for end-users. With Snowflake and IPinfo, Oort improved data team efficiency by 5x.

Join us as we explore data performance improvements and workflow efficiency in Snowflake!

At IPinfo, a question we get asked quite often is how accurate our data is. It's a straightforward question, really. You make an API call using IPinfo's services or download our database, provide your input IP address, and somehow you're magically presented with the city and country geolocation information and even granular information such as zip code and geographic coordinates. But how does it all work?

We also believe in transparency and accuracy. We want our users to understand how we provide the data and its accuracy. By walking you through our methodology, we aim to give you a more solid understanding of our data and process. And by discussing the nature and extent of our IP geolocation methodology, we hope that you understand not only the opportunities with our data but also its limitations and scope.

One of our secrets to success stems from our globe-spanning probe network infrastructure. We have a vast network of hundreds of interconnected probe servers distributed across the world. We also incorporate many publicly available databases that act as complementary data sources.

Our proprietary probe network infrastructure gives us a significant edge in ensuring the accuracy and reliability of our data products. Our investment and effort in developing and expanding our probe network are exponentially growing by the day, which means not only providing the best in class accuracy, it will only get better and better!

IPinfo’s Probe Network Explained

IPinfo’s proprietary probe network is a network of servers used in IP address validation and scanning the internet that is unique to IPinfo. IPinfo’s probe network represents a globe-spanning network of individual servers that systematically probe individual IP addresses to identify a number of attributes.

Through the probing process, we generate a geographic representation of the internet and how packets of data travel through it. We also run ping operations, traceroute analysis, port scanning, and more. From these attributes, we generate a few databases where IP geolocation data is the most prominent.

As of May 2023, we have a network of over 350 probe servers across the globe. We started building our probe network infrastructure a few years ago by adding servers across North America and Europe. But progressively, we have ramped up our investment exponentially. We have probe servers in various remote and niche regions to better ensure our accuracy coverage.

Even with hundreds of servers, we are not slowing down at all. We are continuously investing in expanding and developing this infrastructure. Every time we launch a new probe server, our data accuracy gets better. Data accuracy to us is a continuous journey, and we are not planning to stop.

Our system works similarly to GPS location systems: given satellites of known location, and the distance between these satellites and a device, there exists only a limited area in which the device can be located on Earth. We perform delay measurements between multiple probe servers (satellites) and IP addresses to geolocate them.

Let's consider a single server located in Paris, France. We perform a delay measurement from this server to the IP address we want to locate and get a value of 10 milliseconds round-trip, so 5 ms one way. Since most of the internet is made of optical fibers and that light travels at 200 km/milliseconds in an optical fiber, we know that the device must be within 5*200 = 1000 km of Paris. It cannot be further, which would mean the signal goes faster than light!

We can refine this geolocation by performing more delay measurements from more locations. For example, if we get a delay measurement of 1 ms from Berlin, the device must be located at the intersection of a circle of radius 1000 km centered around Paris and another one of radius 100 km centered around Berlin.

The more vantage points, the more accurate the geolocation. For the cases where we cannot get a small intersection, we use hints from various sources. For example, ISPs might tell us that a device is located in a specific city, or a specific country. - Maxime Mouchet, Data Engineer at IPinfo

Our view of the Internet

In general, the more vantage points, the more accurate the geolocation. However, this is only part of the story. Measuring the delay towards IP addresses is ridden with technical difficulties.

For one, not all equipment replies to probe packets. Some are in corporate networks or consumer ISP networks, which filter part of the traffic. Some might reply to traceroute measurements but not to ping measurements.

Some equipment might lie on their identity and reply with an IP address belonging to another equipment or a private IP address. Some equipment, such as firewalls and NATs, might modify probe or reply packets, thus giving erroneous delay measurements.

Some IP addresses are not globally unique, as is the case for anycast IP addresses used by DNS servers (e.g., 1.1.1.1) which map to multiple physical locations.

The good news is that we do not need to measure every IP address. Subsequent IP addresses used by end hosts (computers, servers) tend to be located near each other (e.g. a.b.c.1 is likely to be geographically close to a.b.c.2). This allows IP addresses to be aggregated in ranges and make the network faster and easier to debug by reducing the size of the routing tables in the routers. As such, if we can accurately locate one IP address in a range, we might be able to infer the location of the other devices in the same range.

However, this is not true for router IPs that are more scattered geographically. For example, one router with an IP .1 in Paris, which links to a router .2 in Brussels.

We perform two kinds of measurements: ping measurements which return the round-trip time between a vantage point and an IP address, and traceroute measurements which return the routers on the path and the round-trip time between them and our vantage point.

We measure the delay towards 350M IPs, and the path towards 50M IPs, every week. This gives us more than 90B delay measurements per week. We discover 3M IPv4 routers and 4M IPv6 routers. 20M IPv4 links between routers and 9M for IPv6. 10M links between autonomous systems and 5M links between countries.

IP geolocation and beyond

Our vast historical data puts us in a unique position to detect internet topology pattern changes and use that to optimize the accuracy of geolocation algorithms. - Alex Rodrigues, Data Engineer at IPinfo

By pinging billions of IP addresses weekly, we are effectively mapping out the internet and gaining insight into how the Internet as a whole functions. In addition to our standard database offerings, we provide sophisticated custom data solutions. Contact our data experts to explore how we can help you develop innovative solutions.

A promise for continuous improvement

IPinfo is more than just a service. Behind the data, we represent a robust infrastructure. We have been growing rapidly, continuously investing in our probe network infrastructure, and developing sophisticated, cutting-edge data algorithms and research. In a short period, we have built a probe network infrastructure of 300 servers strong (as of March 2023), and we are not stopping there. We are constantly developing new and innovative solutions that can help you make informed decisions with our data without any doubt of inaccuracy.

Ready to experience the accuracy and reliability of IPinfo's data products? Contact our data experts to obtain your IP geolocation or explore custom data solutions for your network. Let us help you make informed decisions with confidence.

If you'd like to learn more about our constant pursuit to achieve the highest accuracy possible with IP data, you can check out some of our other articles:

• How we keep our database clean and accurate
• To what extent is IP geolocation accuracy guaranteed?
• How IPinfo became the most accurate IP data provider?

Meet the all-new IPinfo Community!

The community welcomes all data professionals to share and discover IP address data and Internet data alongside IPinfo’s 500,000+ users and team.

IPinfo’s users implement a wide variety of use cases with the help of accurate IP address data. The rapid growth of the IPinfo user base has increased the need for a community where IPinfo’s users and other IP data enthusiasts can share technical and analytical knowledge.

“The variety of use cases built with IPinfo’s data is remarkable. Having a community where we can share IP data inspiration and explore other complex use cases is invaluable for IP data implementation.” - Abdullah, Developer Relations Engineer at IPinfo.

With community forums, regularly updated content, and direct responses from IPinfo’s team, the platform supports developers, engineers, data analysts, researchers, and many other data professionals who use accurate IP data to fuel reliable use cases. Here’s what you can expect from the IPinfo Community.

Connect

A primary purpose of the IPinfo Community is to connect members and facilitate the exchange of Internet data knowledge and best practices.

Since 2013, thousands of customers have used IPinfo’s proprietary data, APIs, and databases to solve a variety of business problems. As users increased, IPinfo recognized the opportunity to facilitate the exchange of technical and analytical knowledge between IPinfo users and beyond.

Members can discuss or troubleshoot IP data use cases with other experienced users, and IPinfo’s data experts also connect with the community to answer technical questions or other inquiries about IP data on the community forums.

If you have a question or simply want to learn how other IT professionals use IP data, the IPinfo Community is the best place to connect.

Learn

The platform also provides access to an extensive knowledge base and interaction with IPinfo’s data engineers, which include multiple PhDs and backgrounds in organizations such as Alcatel Lucent, DynDNS, and Facebook.

For instance, if you’ve ever wondered how to make sure your VPN is working or how to check the claims of your VPN provider, the IPinfo Community has an answer. Also included in the platform is information about how to use our supported integrations better, how to conduct lookups using different languages or frameworks, as well as documentation and technical FAQs.

Here is a sampling of the community knowledge base:

• Using IPinfo’s IP to Country + ASN database on Snowflake
• Convert IPinfo’s CSV database to MMDB using mmdbctl
• Working with Pandas dataframe and IPinfo’s API
• How to get the latitude and longitude value from an IP address using PHP?
• Geonames.org | Complimentary country-level information

Additionally, the IPinfo team interacts with members in our community forums, answering questions and troubleshooting issues with use cases.

Share

IPinfo’s user base has grown to more than 500,000+ users with a variety of professional knowledge about IP data implementation. Within this platform, users can share how IP address data improves a variety of use cases and explore more complex innovations.

“From the very beginning of IPinfo being active in online communities has been a critical way for us grow awareness, help users, and collect feedback. With the launch of our own community we’ll be able to step up those efforts, and also create the opportunity for our many passionate and knowledgable users to share their expertise with one another directly” – Ben Dowling, Founder, and CEO at IPinfo

Additionally, the platform will promote community members’ knowledge and innovation with a variety of events, hackathons, or other initiatives with IPinfo’s partners.

And lastly, we’re grateful for our users and the valuable feedback you’ve shared with our team over the years. The community allows more users to submit recommendations and improve IPinfo’s products, tools, and features.

How to get started

This platform is publicly available for members around the world. Community accounts can be activated using an email address, Google account, or GitHub account.

Additionally, community members can also test Internet data implementations discussed in forums or FAQs. Simply create a free IPinfo account to access 50,000 free geolocation requests each month, free IP to Country and ASN data downloads, as well as other upgrade options for use cases with high volumes of requests.

Get started with the IPinfo Community!

We have exciting news for Snowflake users! Today IPinfo launched the free IP to Country and ASN data on Snowflake Marketplace. The new free datasets require near-zero maintenance due to an IP range aggregation on the joined database, which optimizes these listings for even faster queries.

IPinfo’s engineering team has optimized join times with Snowflake’s powerful UDTFs, reducing query times from 14 minutes to less than 30 seconds for all IPinfo proprietary datasets. Additionally, IPinfo will launch a new UDFs and UDTFs solution that immediately makes this new database functional with very little code writing required.

The fields included in the database are as follows:

• IP address range
• Country of the IP address
• Country code (ISO 3166-2)
• Continent name
• Continent shortcode
• ASN (Autonomous System Number)
• Name of the AS organization
• Domain or the official website of the AS organization

While the free datasets are only a subset of IPinfo’s data listings, they retain premium accuracy and unrestricted access to all records within the included fields. IPinfo’s free IP to Country and ASN data can be used for many use cases, including location data enrichment, risk analysis, and audience segmentation.

“We’re excited to make our free IP data available within Snowflake. IPinfo develops proprietary, accurate, and highly performant IP data. Snowflake’s platform has given us various tools to optimize queries and improve join time from minutes to seconds. Like our paid plans in Snowflake Marketplace, the free IP to Country and ASN data retain premium accuracy and are optimized for Snowflake’s platform. Customers can get started with the data in a matter of seconds.” - Ross Lewis, Head of Partnerships & Ecosystem

Organizations use these datasets to monitor networks and firewall management, develop threat intelligence, geotarget and localize use experiences, enforce compliance with regional and international data protection laws, analyze website traffic and performance, protect intellectual property, and optimize network routing and peering, among many other use cases.

To get started quickly with IPinfo's data in Snowflake, check out IPinfo’s in-depth documentation.

Start using the Free IP Data in Snowflake!

In today's digital landscape, cybersecurity has become a critical concern for businesses and organizations. Cyber threats are constantly evolving, and cybercriminals are always looking for new ways to exploit vulnerabilities in infrastructure and networks.

In this context, IP data plays a crucial role in the work of cybersecurity teams, including SOC as a Service and Security Information and Event Management (SIEM). Here are several ways IPinfo’s cybersecurity users implement IP address data.

Attack surface management

Many well-known cybersecurity teams and organizations use IPinfo’s data to conduct attack surface management, including Lacework, NetSPI, and Graylog. These and many other organizations conduct risk assessments and manage vulnerabilities by using IP address data to map their clients' or their organization’s assets.

IP address data is an integral part of identifying systems at risk or vulnerabilities within networks. For organizations looking for threat actors, IP to Company is an important part of investigating IP ownership by companies. This particular dataset reveals the company name, domain name, network, and company type, such as business, hosting providers, ISPs, or educational institutions.

Using IPinfo’s data to determine what IP ranges are associated with companies is critical for attack surface management and network monitoring. Many security teams use our IP Ranges data to investigate ranges operated by a single entity.

Security teams also need to gather inferences from Hosted Domains data. These Reverse IP downloads show a full list of domains that are hosted on a single IP address. This dataset can be used to investigate entry points such as landing pages and domains as part of the attack surface.

Security companies or teams also download the IP Whois database. With Point of Contact (POC), Organization Identifiers (ORG), and Networks (NET) information, security teams can identify trends such as changes in IP address ownership, who owns the IP address, the organization ID, and much more.

IP to Geolocation data is another useful tool for cybersecurity teams who need to identify organizations that have different locations or franchises and who host a variety of networks that may or may not be connected.

For some cybersecurity organizations, including cyber insurance, the impact of these datasets can reach tens of millions of dollars when vulnerable and targeted technology or network exposures are identified.

But without accurate IP address data, false alerts and faulty data inferences can result in more revenue losses. That’s why accurate IP address data plays a major role in mapping those attack surfaces.

Threat actor intelligence

But beyond monitoring a company's or customer's assets, some cybersecurity teams also use IP address data to map and investigate adversarial infrastructure and networks. Since threat actors continuously change their infrastructure over months, weeks, and sometimes days, network monitoring solutions often need IP address data that are updated daily.

That’s why many security organizations choose IPinfo’s data. These IP datasets are more than what users could aggregate from publicly-available IP address data. We’ve developed our own proprietary algorithms to monitor data accuracy, and our data engineers continually verify and improve our databases.

We also invest in robust traceroute systems to validate IP address information. In short, this data is accurate enough to keep pace with the accelerated investigations and intelligence needed by cybersecurity teams.

Cybersecurity teams specializing in threat actor intelligence focus on gathering as much information about adversary assets as possible. And they may still map out a company’s assets, but the focus of their investigations is quite different.

The implications of adversary threat intelligence are that when security teams notice communication between threat actors and the company’s network they’re monitoring, they can often infer that an attack is happening and often infer what type of attack is taking place.

IP Whois and ASN data are just two critical datasets for developing threat actor intelligence and keeping pace with rapidly changing adversarial infrastructure. To do this, cybersecurity teams need near-real-time IP address data that are updated every day.

Managed detection and response

Managed Detection and Response (MDR) and Security Information and Event Management (SIEM) enrich traffic logs with IP address data for better outcomes and customer confidence.

MDR relies on IP data to improve alerts based on anomalies detected in IPs accessing networks or systems. Enterprise customers like Panther, Datadog, Expel, and Greylog use IPinfo’s data to fuel better MDR.

“As a cloud-native SIEM that provides highly-scalable, real-time threat detection, Panther needs effective enrichment to make sure customers get the context they need fast. As a fellow Snowflake partner, IPInfo was an ideal choice for seamless alert enrichment - quickly adding the geolocation and ASN context our customers need to tune detections and accelerate triage.” Joren McReynolds, SVP of Engineering, Product & Design

Privacy Detection is an important data source for MDR because it returns masked IPs, including VPNs, proxies, tor usage, relay usage, or connections via a hosting provider. Any of these could potentially be used to tunnel traffic into networks by hiding the true location of the user.

IP to Geolocation also helps SIEMs enrich traffic logs with relevant geolocation information from around the world. This dataset includes hostnames, location coordinates to the nearest city center, region, postal or zip code, country, and city-level insights. SIEMs use geolocation data to detect higher-risk alerts.

Along with these other datasets, IP to Company and ASN data are important for enriching alerts and gathering further context. This dataset reveals the country, number of IPs, allocation date, hosting, registry, and hosting service of an IP address. Enterprise organizations use these insights to detect suspicious connections between data centers or IPs known for malicious activity.

In addition to datasets, organizations like Panther use IPinfo’s integrations to seamlessly implement IP address data into their workflow and log enrichment. This is why IPinfo offers supported integrations like Snowflake, Splunk, and Palo Alto.

Fraud prevention

Organizations also use IP address data to prevent fraud. IP address data is a useful part of automated fraud scoring models and helps a variety of companies, from cybersecurity to financial institutions, establish better fraud detection. Several of these include Feedzai, Forter, Nethone, Dupaco, and Adcash.

IP to Geolocation data is used to detect the origin of transactions. Dupaco, a financial institution, uses this dataset specifically for this purpose. If a transaction occurs in a location that’s inconsistent with the account holder’s location, this transaction will trigger an automatic alert for security teams.

Just as important as locating the origin of a transaction is determining if traffic is hiding its true location. According to Nethone, an organization that uses IPinfo’s Privacy Detection data to develop bleeding-edge fraud detection software, “Almost every single fraud method involves some form of VPN. It’s a crucial parameter to detect when someone is about to commit a crime”

IP to Company API and database downloads are also used in fraud scoring. This is because IP to Company returns the type of organization behind an IP address. For instance, if an IP address belonging to a hosting provider (as opposed to a residential user) tries to access a private bank account, this transaction can be flagged as suspicious and investigated further.

All this to say, many organizations leverage IPinfo’s accurate IP data to develop reliable fraud prevention use cases.

Security Operations Centers

Security operations centers (SOCs) require a team of experts to monitor security operations within an organization. For some organizations, this is too costly due to staffing, licenses, hardware, and many other expenses. SOC as a Service (SOCaaS) teams offer a reliable and affordable third-party alternative for organizations who aren’t ready to fully service an in-house SOC.

IP address data is important for SOC and SOCaaS because they need to reliably identify malicious traffic for their users. False positives and false negatives slow down their internal processes and reduce confidence among customers.

For instance, even if SOCaaS providers’ alerts are accurate one-hundred times, customers seem to remember the one time that inaccurate IP data triggers false alerts. Again, this is why these security organizations choose IP address data providers who update and improve their IP data every day.

Automation is an important facet for SOC and SOCaaS, and IP address data helps contextualize threats and identify them as high-risk or not.

SOC teams monitor login attempts and investigate suspicious events within other organizations. Data such as IP to Geolocation, Privacy Detection, IP to Company, ASN data, and IP Whois data help SOCaaS teams determine the highest risks and develop automated systems to monitor, protect, respond, and remediate attacks in a timely fashion for their customers.

Many of these organizations find that IP data as a service is highly valuable for their team. IPinfo allows these teams to spend more time focusing on alerts and customer needs rather than collecting and validating IP address data.

IP address data you can trust

In short, IPinfo allows cybersecurity teams to focus on their value propositions by choosing reliable IP data as a service provider. Instead of spending valuable time developing their own IP address data insights, IPinfo’s cybersecurity users have instant access to the high-quality IP data they would want to develop if they had time.

Plus, IPinfo is a one-stop IP address data source. We offer 10+ contextualized datasets that can be accessed the way you choose, via APIs or data downloads. IPinfo invests heavily in accurate data with in-house data engineers, proprietary algorithms, and robust traceroute systems so that our cybersecurity users have IP data they can trust.

Try all datasets for yourself! Sign up for your free weeklong trial.

We're excited to announce the launch of the Free IP Data Downloads!

IPinfo’s newest product features two free datasets: IP to Country and complimentary IP to ASN data. While these two datasets can be downloaded independently of each other, IPinfo’s platform also allows users to download both in one file.

IPinfo’s Free Data Downloads are better than similar datasets offered by other providers for three distinct reasons:

1. Accuracy
2. Daily Updates
3. Unlimited Access

Here’s what this means for our users.

Premium accuracy for every plan

Compared to similar datasets by other IP data providers, IPinfo’s free IP to Country and ASN accuracy ranks the highest in sustained accuracy.

Even though the Free IP Data Downloads are only a subset of IPinfo’s comprehensive database, they retain premium accuracy and unrestricted access to all records within the included fields.

At IPinfo, however, we believe that IP data should be accurate no matter what pricing tier a user chooses.

Ultimately, here’s why accuracy matters in an IP to Country database, even for free versions: If IP to Country accuracy is unstable, then that means city-level IP data is probably even more inaccurate. The result is unreliable use cases due to bad IP address data on this level.

But with IPinfo’s database, you won’t need to worry about data accuracy. We make it a top priority, even for our free plans.

Highest update frequency

As was just mentioned, other providers may downgrade their focus on free datasets, but we put the same priority on accuracy as we do with all our paid plans. We do this by updating our Free Data Downloads every 24 hours.

Other IP data providers only update their free plans once or twice a month, which results in unreliable use cases for users on the free plan.

IPinfo’s IP to Country and IP to ASN data is based on this basic premise: Accuracy matters, even for free plans.

"We invest heavily in accurate data at IPinfo. Our company added nearly 200 traceroute networks to our data validation process in 2022 alone. This investment is just one reason IPinfo is well-known for accuracy. The Free IP Data Downloads provide access to a portion of our 10+ datasets, but the insights are just as accurate as our paid plans.” -  Ben Dowling, Founder and CEO at IPinfo

That’s why every 24 hours our data team and algorithms update the IP to Country and IP to ASN dataset with our five-step data cleaning process. The result is that all our users have access to the freshest IP to Country and IP to ASN datasets on the market for free.

Full dataset access

Another reason that IPinfo's free data stands out is full dataset access. Other IP data providers reduce the amount of IP address records for free downloadable databases by half as compared to their commercial plans.

The reduction of information is due to the provider assigning IP addresses to a large IP address range (usually /24 subnet). Then they will assign the country location information to all the large IP addresses within that range in bulk to a single country.

But IPinfo doesn’t reduce the number of records available within our free database. While the Free IP Data Downloads are only a subset of IPinfo’s 10+ data types, they retain premium accuracy and unrestricted access to all records within the included fields.

IPinfo’s Free Data Downloads treat each individual IP address individually and provide the highest amount of accuracy when it comes to their location information.

Like all our databases, the Free Data Downloads include all IPv4 and IPv6 addresses, regardless of the pricing tier. Plus, unlike IPinfo’s free geolocation API plan, there are no usage restrictions. Users can download these insights and run as many queries as needed. And you can use this data as much as you like, for as long as you like.

All in all, IPinfo’s Free Data Downloads improve data accuracy with frequent updates and give access to more data than other providers do.

What fields are in the IP to Country database

The IP to Country data can be downloaded separately from IP to ASN data or merged within one single file. When downloaded by itself, here are the fields users receive:

And here’s a sample IP to Country download:

When downloaded with IP to Country + ASN data, here’s what you can expect to see.

What fields are included in the free IP to ASN database?

The IP to ASN database is often used for firewall traffic analysis, cybersecurity analysis, threat intelligence, and a makeshift Privacy Detection solution. As such, it strongly compliments our IP to Country database. This is why it’s also being offered for free.

While this ASN data provides the standard fields for a free database - ASN and AS organization name - it also includes an additional field for further contextualization - AS official website. This can be used to clarify the parent organizations that operate ASNs under different names.

Here are the fields you can expect to see in IPinfo's free IP to ASN database download.

And here is a sample IP to ASN download:

What’s the catch?

There is no catch. All the data is high-quality and completely free.

We only ask users to attribute IPinfo on their website, blog, app, or other use cases when using the Free IP Data Downloads. It’s very simple. Go to your dashboard and click “provide attribution.”

Once you’ve chosen if you want to place attribution on social media or your website, we will provide a snippet for you to add to your website or post on your social account. Here’s the sample snippet for websites:

And then you’ll add the URL of your website or social post to send to IPinfo.

Within 24 to 48 hours, we’ll then validate your attribution and notify you via your dashboard. So what are you waiting for? Go try out the new dataset and let us know what you think!

Get started with the Free IP Data Downloads. Sign up for free!

One of the most common operations to gain insights from IP addresses logged in a system or server log is to enrich them with IPinfo’s data. You can enrich your IP log with IPinfo’s API or database services that include IP to geolocation, IP to privacy detection, IP to company information, IP to mobile carrier information, and more.

However, even though at first glance this process might feel straightforward, there are a few tricks as you may have a huge log of IP data. Plus, our databases are quite big as well. In this article, we are going to look into some optimized and efficient ways to enrich your IP log data with our IP database and API service. So, let’s get started.

IPinfo’s essential open-source tools

Before we get started, we need to start some essential open-source tools created by IPinfo’s expert data team. The installation of these tools is pretty straightforward and our documentation provides you with a clear path to get up and running.

Both of these tools are free to use and are open source. Feel free to explore them to learn about their features and options.

Server log or IP address database

To get started it would be best if you have your own web server log containing IP addresses, however, you might not have access to that at this moment. So for testing purposes, let’s start with some IPinfo CLI tricks that can help you with that.

Generating random IP addresses

You can use the randip command on the IPinfo CLI to generate random IP addresses. The command supports a variety of options such as generating only IPv4 addresses, only IPv6 addresses, excluding reserved IP addresses, specifying IP address ranges, etc.

🔗 Documentation on the randip command

To keep it simple, you can start by generating random IPv4 addresses:

ipinfo randip -n 50 > ips.txt

We are going to save these random IPv4 addresses to the ips.txt file.

The randip command can generate random IPv6 addresses with the command option -6, however, there is a caveat. The vast majority of IPv6 addresses are not assigned to a device compared to its IPv4 counterpart. If you are generating random IPv6 addresses there is a high probability that you will not be able to find any information about them.

Extracting IP addresses from a text file

If you already have access to some server or traffic log database, you can easily extract the IP addresses from them as well. Using our IPinfo CLI, if you run the grepip command, you can extract the IP addresses fairly easily.

🔗 Documentation on the grepip command.

We started with a server log file that I found on the internet. Rather than attempting to parse and structure it, we can simply extract only the IP addresses and store them in the ips.txt file using the IPinfo CLI’s grepip command.

ipinfo grepip -o access_log.log > ips.txt

Like randip, grepip comes with a few options such as matching only IPv4 or IPv6 addresses, excluding reserved IPs, etc.

Now that we have an IP address dataset we can work with, let’s get started with enriching it with IPinfo data.

Method 1: Using the API service with our CLI

If you want to enrich bulk IP addresses at one time, you can use the IPinfo CLI. To use the bulk lookup feature you need to first authorize the IPinfo CLI with the command ipinfo login then you can provide your access token. The CLI uses your API access to run the bulk operation.

As we have prepared an ips.txt file that contains all the IP addresses, we can simply pass it to the IPinfo CLI and it will generate a file enriched with IP insights.

The CLI will bulk upload all the IP addresses to our batch operation API endpoint. From that, the CLI outputs the result in CSV or JSON format. The default output is JSON, and to output it as CSV you must add the -c option.

As CSV is the easiest way to ingest databases for further analysis, we are going to use the CSV option and output it to the ipinfo_ip.csv file.

cat ips.txt | ipinfo -c > ipinfo_ip.csv

The ipinfo_ip.csv file will contain the IP information we have to offer on the IP address dataset. The level of IP information we provide depends on your pricing tier.

Method 2: Using our databases and mmdbtctl

If you want to use our databases to enrich your IP address log, you should use the MMDB file format thus our mmdbctl utility.

Although you have access to the CSV and JSON database file formats, for simple and direct log enrichment in a batch process your best option is the MMDB database. Find out which file format suits your needs best from this article.

🔗 Documentation on the mmdbctl tool

The MMDB database format provides the fastest and most reliable way to enrich your IP data. The amount of information you will get by looking up the IP addresses depends on the database you are using. For this example, we are using the IP to Geolocation database, which provides IP location information such as city, region, zip code, geographic coordinates, etc.

With the mmdbctl tool, we are running the read command and declaring the output format to be CSV with -f csv, and saving the result to the ipinfo_ip.csv file.

mmdbctl read -f csv ips.txt location.mmdb > ipinfo_ip.csv

After running the above command, the ipinfo_ip.csv file will contain the IP addresses and their respective IP geolocation information. It’s important to note that the output database will not contain information on bogon IP addresses, since they are not included in the IP geolocation database.

Method 3: Using a programming language

The solutions we just learned are limited to the terminal. However, you might want to enrich your IP data within a programming language environment. In that instance, you have a few options as well.

API-based log enrichment

To use an API-based solution with a programming language, you have two options:

1. You can use our batch API endpoint.
2. Or, you can use one of our many official open-source libraries which support batch and bulk lookups.

The batch API endpoint provides you with several options. Such as a JSON array or a newline-separated list of URLs. The process is well documented on our documentation page.

Here is an example of doing log enrichment using the Python programming language and our official open-source Python library.

# our official Python library
import ipinfo

# contains 200 IP addresses
with open("./ips.txt") as file:
    ips = file.read().strip().split("\\n")

# get your access token from here: <https://ipinfo.io/account/token>
access_token = "YOUR_TOKEN"

# <https://github.com/ipinfo/python#batch-operations>
handler = ipinfo.getHandler(access_token)

# `data` contains your enriched IP data in a dictionary format
data = handler.getBatchDetails(ips)

The API-based solution provides a fast and efficient way to enrich log data. If you are using the official libraries, you also get additional insights such as for geolocation lookup you get continent name, European country check, currency, and many other attributes.

Database based enrichment

Even though our bulk/batch API-based solution provides a fast solution, however, you simply just can’t beat the speed of a database lookup solution, particularly if it is an MMDB file.

The API-based log enrichment process usually takes a second or two. However, when you look up the data from the IPinfo’s mmdb format database, that is a different story.

# mmdb reader library
import maxminddb

# contains 200 IP addresses
with open("./ips.txt") as file:
    ips = file.read().strip().split("\\n")
    
ipinfo_reader = maxminddb.open_database("./location.mmdb")

data = [ipinfo_reader.get(ip) for ip in ips]

Looking up the geolocation information of 200 IP addresses from our database takes around one-tenth of a second. While this operation takes about a second if you are using our API, you can join the IP geolocation database results with other IPinfo databases as well.

Method 4: Using the bulk upload page on your account dashboard

If one-time enrichment is your goal and you don’t have the time or the need to open your terminal or IDE, we’ve got you covered. You can do bulk/batch IP enrichment features right from our website. The bulk upload tool is available in your account dashboard.

All you have to do is upload or drag and drop your list of IP addresses in the tool. Then as soon as we are done processing, the enriched data will download automatically.

And that concludes this article. One thing to note is that the level of data enrichment is limited to your API tier or database download access, So feel free to check out our API data types and database types to find what fits your need the best.

If you need further assistance in enriching your data with IPinfo’s insights, reach out to our data experts today.

Fraud and cyber threats are on the rise. Because of this, the role of cybersecurity teams and SOCs are increasing as well. The reality is that these teams are facing an onslaught of challenges.

But incident response time, attack surface management, and actionable threat detection depend on a variety of indicators. Indicators that, if inaccurate, can lead to undetected data breaches, account takeovers, ransomware attacks, and many other unmitigated risks.

Because of this, cybersecurity organizations often ask similar questions when weighing their options for IP data. These are some of the most common.

1. Is this data accurate enough to build reliable threat intelligence?

The last thing cybersecurity teams need is more false alerts distracting them from real threats. According to a study conducted in 2021, each day over 50 percent of security teams have more than 500 alerts. Plus, anywhere from 20 to 40 percent of those alerts are false.

It’s now 2023, and cyber threats have only increased since that report was written. The good news is that every day, IPinfo updates, verifies, and improves our data. Read more about that process here.

We take data accuracy very seriously at IPinfo. In fact, it’s our top priority. We’re aware that, if we don’t improve our data every day, we could slow down important security investigations.

Nethone, a fraud detection platform, noted that “Getting the same quality data as IPinfo with an in-house team is actually quite difficult. That’s why we chose IPinfo.” This is the story we’ve heard many times from security teams.

Another cybersecurity customer had this to say about IPinfo’s data in comparison to other IP data providers: “Our service was originally using another #IPlookup company & you guys have blown them out of the water. Way more accurate, up-to-date & the available data is incredible. Thanks!”

All this to say, IPinfo’s data is accurate for reliable threat intelligence.

2. Will implementing this data improve our team efficiency or slow us down?

Another study found that more than 90 percent of security organizations are unable to investigate all alerts during the course of a day. Therefore, third-party data sources that slow down team efficiency are not feasible.

IPinfo, however, is built for quick implementation. Our proprietary database is built by developers for developers. We provide quick setup APIs, documentation, libraries, and supported integrations for customers who prefer self-serve solutions.

These solutions also have 99.99 uptime and low latency. Read more about getting started with IPinfo.

Graylog, a leading centralized log management company, noticed right away that IPinfo was “really easy to do business with…. They understood our problem, understood what we needed, and immediately understood our level and how technical we are. So we wasted no time. It was an incredibly easy process.”

For organizations that need to ingest more data, IPinfo provides customizable database downloads. But since aggregating various threat intelligence feeds and data in one single place is a tedious task, IPinfo and Snowflake have partnered together to make threat intelligence more easy and seamless by providing accurate and up-to-date IP address data on Snowflake Marketplace. Check out our integrations page for more ways to use IP address data at scale.

Plus, for Enterprise organizations, our data experts regularly help problem-solve and implement intricate use cases. In short, IPinfo’s infrastructure and team organization is designed to improve efficiency for our users.

3. How quickly does IPinfo process data corrections?

IP address data is a moving target, meaning that the insights always need to be monitored. Since data errors have a negative impact on cybersecurity customers and threat detection, we’ve provided a way for organizations to report incorrect IPs.

A common concern among cybersecurity users is how quickly will corrections be implemented. When users submit data feedback or corrections, IPinfo moves fast to correct these discrepancies in our database.

Customer support has always been a top priority at IPinfo. Normally, we process and verify corrections within 48 hours. We also offer additional support such as support SLA for Enterprise users. Read more here.  

Data discrepancies can be reported here, giving users the option to report individual IP errors or bulk corrections submitted via geofeed.

4. Can we get all our IP data in one place or will we need multiple providers?

More providers can mean more headaches for security teams and SOCs that are already investigating hundreds of alerts every day. They don’t need complicated data providers. Additional third-party providers can also rapidly increase costs.

That’s why cybersecurity organizations often ask about how many data types they can get from IPinfo. We provide access to 10+ data types, including these:

• Geolocation
• Privacy Detection
• ASN
• Company
• Whois
• Ranges
• Mobile Carrier
• Hosted Domains
• Abuse Contact

In addition, we offer comprehensive domain name data with Host.io to help security teams uncover new domains and the relationships between them.

Users regularly get all of their IP data directly from IPinfo.

5. What do IPinfo’s data fields mean?

Many cybersecurity teams want to make sure they understand our data fields before implementing their use case.

I am a HUGE advocate for @ipinfoio and if you’re doing threat intel, pentesting or bug bounty or any security domain it is insanely invaluable. - Ben Bidmead – Founder & President of 0x00sec

For instance, we’ve had cybersecurity users ask questions about our database and schema like these:

• What datasets do you recommend for a vulnerability management company to map the surface area of an attack?
• What does the IPinfo dataset look like in Snowflake?
• What is the meaning of “relay” in the Privacy Detection dataset and how does this affect our use case?
• What IP address datasets are crucial for determining fraud risk?
• Is CSV the format for IP Range data?
• How are city names encoded in the IP to Geolocation database?

Our data experts regularly answer questions like these to ensure reliable use cases for security teams. So if you haven’t yet, now is a great time to connect with one of our experts and ask your questions.

Connect with a data expert today!

In this article, we will look into how to get started with getting IP address information (including IP geolocation) using the IPinfo C# / .NET SDK in a C# project. Whether it be a web application development using the ASP.NET framework, developing a backend service using the C# language or even in-game development using Unity, IPinfo’s IP address data is essential in IP data enrichment, cybersecurity, and fraud prevention.

Installing the IPinfo Library

If you want to integrate IPinfo’s API service and data in your .NET application using the C#  language, you should use the IPinfo C# / .NET SDK. You can use the IPinfo API service using the HTTP client library. However, our official open-source SDK makes using our data more simplified and it comes with some additional helpful features.

You can find detailed instructions on using our SDK from it’s GitHub page. To install the SDK, you can choose any of these options:

Option 1: Install using Package Manager

Install-Package IPinfo

Option 2: Install using the dotnet CLI

dotnet add package IPinfo

Option 3: Install with NuGet

nuget install IPinfo

Once installed, you are ready to start using the package.

Getting Started with IPinfo library

After you have installed the IPinfo package, you can start by initializing a new dotnet console. This project is created using the following command.:

mkdir ipinfo_tutorial
cd ipinfo_tutorial
dotnet new console
dotnet add package IPinfo

This resulted in the Program.cs and ipinfo_tutorial.csproj files. We will modify the Program.cs file.

Now that you have your project startup, follow through this starter code:

//namespace
using IPinfo;
using IPinfo.Models;

namespace IPinfoApp {
  // Class declaration
  class IPlookup {

    // Main Method
    static async Task Main(string[] args) {

      ////////////////////////////////
      // initializing IPinfo client // 
      ////////////////////////////////

      // Get your IPinfo access token from: ipinfo.io/account/token
      string token = "YOUR_TOKEN";
      IPinfoClient client = new IPinfoClient.Builder()
        .AccessToken(token)
        .Build();

      // making the API call
      string ip = "170.206.134.144"; // IP address
      IPResponse ipResponse = await client.IPApi.GetDetailsAsync(ip);

      /////////////////////
      // IPinfo Insights //
      /////////////////////

      Console.WriteLine($"IP address: {ipResponse.IP}");
      Console.WriteLine($"City: {ipResponse.City}");
      Console.WriteLine($"Region / State: {ipResponse.Region}");
      Console.WriteLine($"Country : {ipResponse.Postal}");
      Console.WriteLine($"Country: {ipResponse.Country}");
      Console.WriteLine($"Country Name: {ipResponse.CountryName}");
      Console.WriteLine($"Geographic Coordinate: {ipResponse.Loc}");
      Console.WriteLine($"Contitnent: {ipResponse.Continent.Name}");
      Console.WriteLine($"Is EU?: {ipResponse.IsEu}");
    }
  }
}

Let’s break down this starter code.

Firstly, we are declaring the namespaces for the IPinfo packages we installed with:

// namespace
using IPinfo;
using IPinfo.Models;

Then we are initializing the IPinfo client. For this section, you should have your IPinfo access token. Signup to IPinfo for a free account and get your access token from the account dashboard. Then replace the YOUR_TOKEN placeholder with your actual access token.

// Get your IPinfo access token from: ipinfo.io/account/token
string token = "YOUR_TOKEN";
IPinfoClient client = new IPinfoClient.Builder()
    .AccessToken(token)
    .Build();

And finally, we are retrieving IP address data, which in this case is IP to Geolocation information. Here we are using the asynchronous API method via GetDetailsAsync. You can also use the synchronous method, GetDetails as well.

For this lookup, we are only accessing the IP geolocation API response (city, region, country, etc.) and some package-specific features (continent, IsEU, etc.)

  // making the API call
  string ip = "170.206.134.144"; // IP address
  IPResponse ipResponse = await client.IPApi.GetDetailsAsync(ip);

  /////////////////////
  // IPinfo Insights //
  /////////////////////
  Console.WriteLine($"IP address: {ipResponse.IP}");
  Console.WriteLine($"City: {ipResponse.City}");
  Console.WriteLine($"Region / State: {ipResponse.Region}");
  Console.WriteLine($"Country : {ipResponse.Postal}");
  Console.WriteLine($"Country: {ipResponse.Country}");
  Console.WriteLine($"Country Name: {ipResponse.CountryName}");
  Console.WriteLine($"Geographic Coordinate: {ipResponse.Loc}");
  Console.WriteLine($"Contitnent: {ipResponse.Continent.Name}");
  Console.WriteLine($"Is EU: {ipResponse.IsEu}");

If you would like to get other information, check out the method reference table below.

Now that we have walked through the standard IPinfo IP lookup code, we can run the program using the dotnet run command from the terminal. After the program finishes running, we get the following result:

IP address: 170.206.134.144
City: Bellevue
Region / State: Washington
Country : 98006
Country: US
Country Name: United States
Geographic Coordinate: 47.5614,-122.1552
Contitnent: North America
Is EU: false

Getting more out of the IPinfo library

Depending on the pricing tier you are in, you can have access to different kinds of IP address information.

You can check out our knowledge base articles to learn more:

• [Privacy Detection] Get privacy, proxy and VPN detection information from an IP address using the C# language.
• [ASN & Company Database] Lookup ASN and Company information from an IP address using the C# programming language.
• [IP to Mobile Carrier] Get mobile carrier information from a phone’s IP address using the C# language

Getting Started with IPinfo Databases

Aside from our API, we also provide IP data through our database products. We deliver our IPinfo database in 3 different formats: CSV, JSON and MMDB. You can check out this article to learn more: How to choose the best file format for your IPinfo database?

In utilizing our database product in a C# program, you will most likely be looking up IP address data using the MMDB database. In that case, you should use MaxMind’s DB reader package.

To get started, install the MaxMind.Db package:

dotnet add package MaxMind.db

We will be using our IPinfo IP to Location database for our MMDB database and will be looking up an IPv6 IP address: 2001:428:7003:8000::

Like before, let’s start with the basic starter code:

using MaxMind.Db; // mmdb reader library
using System.Net; // used to parse IP address input

namespace IPinfoMMDB {
  public class Program {
    private static void Main(string[] args) {
      // creating the reader object and providing the path to the mmdb file
      using(var reader = new Reader("location.mmdb")) {
        // input IP address
        var ip = IPAddress.Parse("2001:428:7003:8000::");

        // looking up the IP address and outputting the result to dictionary
        var ipData = reader.Find < Dictionary < string,
          string >> (ip);

        // if there is a match printing out the result
        if (ipData is not null) {
          foreach(var val in ipData) {
            Console.WriteLine($"{val.Key}: {val.Value}");
          }
        }
      }
    }
  }
}

From this, the output is:

city: Monroe
country: US
geoname_id: 4333669
lat: 32.5286
lng: -92.1061
postal_code: 71201
region: Louisiana
region_code: LA
timezone: America/Chicago

So, let’s break it down. First, you need to import the necessary packages: MaxMind.Db, which will be used to read the MMDB file, and System.Net, which will be used to parse the input IP address and will support both IPv4 and IPv6 IP addresses.

using MaxMind.Db;
using System.Net;

The core operation involves reading the MMDB file and creating the reader object. Then we look up the IP address using the reader object and output the result to the ipData dictionary. If we have successfully found the data, we can print out its content using a foreachloop. If the data is not available, we will get a null response.

 {
      using (var reader = new Reader("location.mmdb"))
      {
          var ip = IPAddress.Parse("2001:428:7003:8000::");
          var ipData = reader.Find<Dictionary<string, string>>(ip);
          if (ipData is not null){
              foreach (var val in ipData)
              {
                  Console.WriteLine($"{val.Key}: {val.Value}");
              }
          }
      }
  }

Because we are outputting the lookup content in a dictionary format, we can also access each field individually values by their Key.

var ipData = reader.Find<Dictionary<string, string>>(ip);
if (ipData is not null){
    Console.WriteLine($"City: {ipData["city"]}");
    Console.WriteLine($"Country: {ipData["country"]}");
    Console.WriteLine($"Latitude: {ipData["lat"]}");
    Console.WriteLine($"Longitude: {ipData["lng"]}");
    Console.WriteLine($"Postal Code: {ipData["postal_code"]}");
    Console.WriteLine($"Region: {ipData["region"]}");
    Console.WriteLine($"Region Code: {ipData["region_code"]}");
    Console.WriteLine($"Geoname ID: {ipData["geoname_id"]}");
    Console.WriteLine($"Timezone: {ipData["timezone"]}");
}

If you would like to know about IPinfo’s database and its schemas, check out our documentation page.

One thing to note is that you should not create the reader object every time you query a single IP address, since this is a computationally expensive process. You should be aware of proper caching methods as well. If you are looking to query individual IP addresses outside the C# / .NET environment, we highly recommend checking out our mmdbctl utility.

Now that you are familiar with using our API and databases in .NET framework, feel free to check some of our other how-to guides. If you want to level up and get more insights such as IP to privacy detection, IP company and other information free feel to check out our offerings.

For more IP data tips from other developers, follow us on Twitter or LinkedIn.