IPinfo
An IP address data platform providing geolocation, ASN, carrier, VPN detection, and abuse contact data via API. Used by SOC teams to enrich IP-based IOCs with context during investigations.
What is IPinfo?
IPinfo is an IP address intelligence platform that provides structured, API-accessible data about any IP address, including geolocation at city level, ASN and organization details, carrier information, VPN and proxy detection, and abuse contact data. For security teams, the most valuable aspect of IPinfo is the speed and reliability of its API, which makes it practical to enrich IP addresses automatically at investigation time rather than relying on manual lookups. The platform distinguishes between residential, datacenter, VPN, and Tor exit node IP ranges, which is critical context when assessing whether an authentication event or a network connection represents expected behavior or a potential threat. IPinfo's abuse contact data also allows teams to report malicious activity to the responsible network operator.
How does IPinfo work with Qevlar?
Qevlar uses IPinfo to enrich IP addresses encountered during automated investigations. When analyzing a suspicious login, an unusual outbound connection, or a command-and-control communication attempt, Qevlar queries IPinfo to determine whether the IP belongs to a legitimate business network, a known VPN provider, or a datacenter range commonly associated with malicious infrastructure.
Other integrations
Want to help your analysts focus on the most critical alerts?
