IPinfo’s Free IP Geolocation API Is a Must-Have for Cybersecurity Teams

One of the most important bits of intelligence? Where an IP address is coming from. That's where IPinfo enters the scene.

Whether you're monitoring suspicious traffic, log analysis, or OSINT (Open Source Intelligence), IP geolocation information can be incredibly useful context. And with IPinfo's new free plan, you can now access unlimited country-level IP geolocation and ASN data, absolutely free.

Let's go in-depth on what IPinfo provides, how it works, and why you can't afford to miss out on it in your cybersecurity arsenal.

Prefer watching instead of reading? Here’s a quick video guide

https://youtu.be/y8aBPcaqc5c?embedable=true

What is IPinfo?

IPinfo.io is a well-known IP data provider that provides extensive information on IP addresses. Through their API, you can discover such things as:

• The geolocation of the IP (country, region, city)
• The ISP (Internet Service Provider)
• The ASN (Autonomous System Number)
• The organization behind the IP
• If the IP is a VPN, proxy, or hosting provider

They have both free and paid plans, though the new free plan now features unlimited country-level geolocation and ASN data, which is extremely generous and beneficial to both cybersecurity professionals and developers.

Getting Started with IPinfo’s API

Using IPinfo is straightforward. Here’s how to get started:

Visit the Website

Go to ipinfo.io and sign up for a free account to get your API key.

Test the Basic API Call

After getting your key, you can utilize a straightforward curl command:

curl "https://ipinfo.io/8.8.8.8?token=OPENEXPLOIT_API_KEY" # Replace KEY

This gives you a JSON like:

{ "ip": "8.8.8.8", "hostname": "dns.google", "city": "Mountain View", "region": "California", "country": "US", "loc": "37.4056,-122.0775", "org": "AS15169 Google LLC", "postal": "94043", "timezone": "America/Los_Angeles" }

For the free plan, you can get unlimited queries at the country level, such as:

curl "https://ipinfo.io/8.8.8.8/country?token=OPENEXPLOIT_API_KEY" IPinfo Tools & Integrations

IPinfo is more than an API. They also provide extra tools and data downloads to enable you to work faster and smarter.

Command-Line Tool

Install the CLI version of IPinfo:

Then execute:

Ideal for swift terminal-based investigations.

Browser Extension: IPinfo has a Chrome extension for checking IP data without ever having to open a terminal.

Bulk IP Lookup: Upload a CSV or text file with IPs, and IPinfo will respond with geolocation and ASN information for all of them. Perfect for log analysis and threat intelligence reports.

Python SDK

If you're a Python developer:

pip install ipinfo

Use it like:

Practical Use Cases

Monitoring Unauthorized Access: You see an unexpected surge in logins from a location where your company is not active. With IPinfo, you can easily geolocate the IPs and mark suspicious areas for examination.

Threat Hunting in Logs: When scanning through Nginx or Apache logs, enrich IPs with country information through the API. This makes it easier to identify abnormal access patterns geographically.

Incident Response Triage: If an alert is triggered on an unknown IP, use IPinfo to instantly learn where it came from and which organization owns it. This context can guide your next steps.

Red Team Reconnaissance: Red teamers often analyze targets’ infrastructure. Knowing which IP blocks belong to which ISPs (via ASN lookups) helps craft stealthier attacks or simulate real-world scenarios.

Defending Against Credential Stuffing: Pair login attempts with IP geolocation. Flag or block if credentials are attempted from IPs outside of expected regions.

Performance and Rate Limits

Even on the free plan, IPinfo's service is fast and reliable. As per their documentation:

• Undefined queries for country-level geolocation and ASN information
• For detailed location information (city, region), there can be soft limits
• Simple upgrade path if your project takes off

If you're creating a dashboard, combining this API with Grafana, ELK Stack, or Splunk can elevate your threat detection abilities to the next level.

Final Thoughts

Context is king and IPinfo delivers precisely that. With only an IP address, you can know the who, where, and what of the traffic reaching your systems.

So why not give it a shot? Go on over to IPinfo.io and begin to discover the world via IPs one request at a time.