Skip to content

Exercise 1.2: Querying IP Data

Next, query data for your own IP, and later query "".

curl '' | jq .

We use the JSON output and pipe it to "jq" to obtain a pretty printed output.

Next, we would like to retrieve more detailed records for this IP address. We save the result to a file so we do not need to query the website each time for subsequent queries

curl '' > ex12.json

Review the lengthy list of records:

jq . < ex12.json | less

Let's try to find the target ports hit by this IP address:

jq '.[].targetport' < ex12.json | sort | uniq -c | sort -n

The result should be close to:

   6 2222
4721 3128
6716 22

We can use the ISC web site to review these ports. Port 3478 for example:

curl '' | jq .

The result will be:

  "number": 3128,
  "data": {
    "date": "2020-06-23",
    "records": 13466,
    "targets": 2710,
    "sources": 459,
    "tcp": 93,
    "udp": 0,
    "datein": "2020-06-23",
    "portin": 3128
  "services": {
    "udp": {
      "service": 0,
      "name": 0
    "tcp": {
      "service": "squid-http",
      "name": "Proxy Server"

Review the data using the web site:


Using the list of API functions at, retrieve a list of all IP addresses scanning the internet for research purposes over the last 7 days.

Once you obtained the list, count the number of IPs, and count how many different research groups are listed.

Hint #1

The API function you are looking for is


Hint #2

Start by saving the output to a file

curl "" > research.json

Hint #3

Use "jq" to extract the IPs, and count them.

jq '.[].ipv4' < research.json | sort -u | wc -l

Hint #4

You may use essentially the same command as in Hint #3 to count the different researchers. Just replace "ipv4" with "type".


The list contains 3,417 IP addresses from 11 different groups. The commands to obtain the solution are:

jq '.[].ipv4' < research.json | sort -u | wc -l
jq '.[].type' < research.json | sort -u | wc -l