with api.coolgeo.org you will be able to find details about your or another IP address details.
user@linux:~$ curl api.coolgeo.org
{
"org" : "XXXX",
"longitude" : "XXXX",
"ip_number" : "XXXX",
"countinent_name" : "XXXX",
"ip_type" : "PUBLIC",
"country_code" : "XX",
"version" : "4",
"countinent_code" : "XX",
"latitude" : "XXXX",
"asn" : "ASXXXXX",
"country_name" : "XXX",
}
user@linux:~$ curl api.coolgeo.org?ip=1.1.1.1
{
"org" : "CLOUDXXXX",
"longitude" : "143.2104",
"ip_number" : "16843009",
"countinent_name" : "Oceania",
"ip_type" : "PUBLIC",
"country_code" : "AU",
"version" : "4",
"countinent_code" : "OC",
"latitude" : "-33.4940",
"asn" : "ASXXXXX",
"country_name" : "Australia",
"ip_query" : "1.1.1.1"
}
user@linux:~$ curl -s api.coolgeo.org | jq -r .ip_client OR user@linux:~$ jdata=`curl -s --connect-timeout 3 --max-time 3 https://api.coolgeo.org` >/dev/null user@linux:~$ country_code=`echo $jdata | jq .country_code | tr -d '"'`
#Create a random file user@linux:~$ mkrnd=`cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20; echo;` #Define a statfile together with the random string user@linux:~$ statfile="/tmp/$mkrnd-ssh-logon.json" user@linux:~$ jdata=`curl -s --connect-timeout 3 --max-time 3 https://api.coolgeo.org` >/dev/null #Copy json data to the statfile user@linux:~$ echo $jdata > $statfile user@linux:~$ country_code=`grep -oP '(?<="country_code" : ")[^"]*' $statfile` >/dev/null #Alternative method in case -P is not supported: #user@linux:~$ country_code=`grep -o '"country_code"\s*:\s"*"[^"]*' $statfile | grep -o '[^"]*$'` user@linux:~$ rm $statfile
#!/usr/bin/perl
use strict;
use HTTP::Request::Common qw(GET); #Used to request http data
use LWP::UserAgent; #To install try: apt-get install liblwp-protocol-https-per
use JSON qw( ); #To install: apt-get install libjson-perl
my $json = JSON->new;
my $ua= LWP::UserAgent->new(timeout => 5);
my $url="https://api.coolgeo.org";
my $req = GET $url;
my $res = $ua->request($req);
my $data = $json->decode($res->content);
my $org=$data->{org};
print "Org: $org\n";
$url = "https://api.coolgeo.org" #$url = "https://api.coolgeo.org?ip=1.2.3.4" $response = Invoke-RestMethod -Uri $url -ContentType "application/json" write-output $response.org
#!/usr/bin/python3 import requests url = 'http://api.coolgeo.org' resp = requests.get(url=url) data = resp.json() print (data['org'])
#Getting host data ip=`echo $SSH_CONNECTION | cut -d " " -f 1` Hostname=`hostname` NOW=$( date '+%F_%H:%M:%S' ) #Getting api data jdata=`curl -s --connect-timeout 3 --max-time 3 https://api.coolgeo.org?ip=$ip` >/dev/null country_code=`echo $jdata | jq .country_code | tr -d '"'` org=`echo $jdata | jq .org | tr -d '"'` #Send message via smtp echo " UTC Date/Time: $NOW IP Address: $ip Country: $country_code Org: $org Target Hostname: $Hostname User: $USER " | mail -s "SSH Login Alert From: $ip" user@domain.com
#Getting host data
ip=`echo $SSH_CONNECTION | cut -d " " -f 1`
Hostname=`hostname`
NOW=$( date '+%F_%H:%M:%S' )
#Getting api data
jdata=`curl -s --connect-timeout 3 --max-time 3 https://api.coolgeo.org?ip=$ip` >/dev/null
country_code=`echo $jdata | jq .country_code | tr -d '"'`
org=`echo $jdata | jq .org | tr -d '"'`
#Send message via telegram
export LANG=C
TELEGRAM_CHAT_ID="-xxxxxxx"
TELEGRAM_BOT_TOKEN="xxxxxxxx"
MESSAGE="$(echo "<strong>SSH Login Notification</strong>\nHost: $Hostname\nUser: $USER\nIP: $ip\nCountry: $country_code\nOrg: $org\nTime: $NOW")"
/usr/bin/curl --connect-timeout 5 --max-time 10 --silent --output /dev/null \
--data-urlencode "chat_id=${TELEGRAM_CHAT_ID}" \
--data-urlencode "text=${MESSAGE}" \
--data-urlencode "parse_mode=HTML" \
--data-urlencode "disable_web_page_preview=true" \
"https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage"