From 774325b02660f2826c05a038378bef70eb3282c1 Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Mon, 19 Jun 2023 12:52:11 +0500
Subject: [PATCH 01/23] added new Module of IPGeolocation.io

---
 README.md                                     |   5 +-
 documentation/README.md                       |  21 ++++
 documentation/logos/ipgeolocation.png         | Bin 0 -> 15988 bytes
 documentation/mkdocs/expansion.md             |  21 ++++
 .../website/expansion/ipgeolocation.json      |  13 +++
 misp_modules/modules/expansion/__init__.py    |   2 +-
 .../modules/expansion/ipgeolocation.py        | 106 ++++++++++++++++++
 7 files changed, 165 insertions(+), 3 deletions(-)
 create mode 100644 documentation/logos/ipgeolocation.png
 create mode 100644 documentation/website/expansion/ipgeolocation.json
 create mode 100644 misp_modules/modules/expansion/ipgeolocation.py

diff --git a/README.md b/README.md
index d589bc2..b1aaca0 100644
--- a/README.md
+++ b/README.md
@@ -36,6 +36,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
 * [Cytomic Orion](misp_modules/modules/expansion/cytomic_orion.py) - An expansion module to enrich attributes in MISP and share indicators of compromise with Cytomic Orion.
 * [DBL Spamhaus](misp_modules/modules/expansion/dbl_spamhaus.py) - a hover module to check Spamhaus DBL for a domain name.
 * [DNS](misp_modules/modules/expansion/dns.py) - a simple module to resolve MISP attributes like hostname and domain to expand IP addresses attributes.
+* [DNS WhoisFreaks](https://whoisfreaks.com/products/dns-records-api.html) - a simple Whoisfreaks Module that is useful for DNS Information. Our DNS checker API is a great way to gain a more in-depth understanding of an organization's online presence.
 * [docx-enrich](misp_modules/modules/expansion/docx_enrich.py) - an enrichment module to get text out of Word document into MISP (using free-text parser).
 * [DomainTools](misp_modules/modules/expansion/domaintools.py) - a hover and expansion module to get information from [DomainTools](http://www.domaintools.com/) whois.
 * [EQL](misp_modules/modules/expansion/eql.py) - an expansion module to generate event query language (EQL) from an attribute. [Event Query Language](https://eql.readthedocs.io/en/latest/)
@@ -50,6 +51,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
 * [html_to_markdown](misp_modules/modules/expansion/html_to_markdown.py) - Simple HTML to markdown converter
 * [HYAS Insight](misp_modules/modules/expansion/hyasinsight.py) - a hover and expansion module to get information from [HYAS Insight](https://www.hyas.com/hyas-insight).
 * [intel471](misp_modules/modules/expansion/intel471.py) - an expansion module to get info from [Intel471](https://intel471.com).
+* [Ipgeolocation](https://ipgeolocation.io/) - an expansion and hover module for IP Intelligence Stack with [IP to Geolocation](https://ipgeolocation.io/ip-location-api.html), [Timezone](https://ipgeolocation.io/astronomy-api.html) and [Astronomy API](https://ipgeolocation.io/timezone-api.html).
 * [IPASN](misp_modules/modules/expansion/ipasn.py) - a hover and expansion to get the BGP ASN of an IP address.
 * [ipinfo.io](misp_modules/modules/expansion/ipinfo.py) - an expansion module to get additional information on an IP address using the ipinfo.io API
 * [iprep](misp_modules/modules/expansion/iprep.py) - an expansion module to get IP reputation from packetmail.net.
@@ -96,8 +98,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
 * [VulnDB](misp_modules/modules/expansion/vulndb.py) - a module to query [VulnDB](https://www.riskbasedsecurity.com/).
 * [Vulners](misp_modules/modules/expansion/vulners.py) - an expansion module to expand information about CVEs using Vulners API.
 * [whois](misp_modules/modules/expansion/whois.py) - a module to query a local instance of [uwhois](https://github.com/rafiot/uwhoisd).
-* [whoisfreaks](misp_modules/modules/expansion/whoisfreaks.py) - An expansion module for [whoisfreaks](https://whoisfreaks.com/) that will provide an enriched analysis of the provided domain, including WHOIS and DNS information.
-Our [Whois service](https://whoisfreaks.com/products/whois-api.html), [DNS Lookup API](https://whoisfreaks.com/products/dns-records-api.html), and [SSL analysis](https://whoisfreaks.com/products/ssl-certificate-api.html), equips organizations with comprehensive threat intelligence and attack surface analysis capabilities for enhanced security. Explore our website's product section at https://whoisfreaks.com/ for a wide range of additional services catering to threat intelligence and attack surface analysis needs.
+* [whoisfreaks](misp_modules/modules/expansion/whoisfreaks.py) - An expansion module for [whoisfreaks](https://whoisfreaks.com/) that will provide an enriched analysis of the provided domain, including WHOIS and DNS information. Our [Whois service](https://whoisfreaks.com/products/whois-api.html), [DNS Lookup API](https://whoisfreaks.com/products/dns-records-api.html), and [SSL analysis](https://whoisfreaks.com/products/ssl-certificate-api.html), equips organizations with comprehensive threat intelligence and attack surface analysis capabilities for enhanced security. Explore our website's product section at https://whoisfreaks.com/ for a wide range of additional services catering to threat intelligence and attack surface analysis needs.
 * [wikidata](misp_modules/modules/expansion/wiki.py) - a [wikidata](https://www.wikidata.org) expansion module.
 * [xforce](misp_modules/modules/expansion/xforceexchange.py) - an IBM X-Force Exchange expansion module.
 * [xlsx-enrich](misp_modules/modules/expansion/xlsx_enrich.py) - an enrichment module to get text out of an Excel document into MISP (using free-text parser).
diff --git a/documentation/README.md b/documentation/README.md
index ec9366f..c056ccd 100644
--- a/documentation/README.md
+++ b/documentation/README.md
@@ -796,6 +796,27 @@ Module to query an IP ASN history service (https://github.com/D4-project/IPASN-H
 
 -----
 
+#### [ipgeolocation](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ipgeolocation.py)
+
+<img src=logos/ipgeolocation.png height=60>
+
+An expansion module to query IpGeolocation.io to gather more information on a given IP address. We provide data such as country name, country code, city, state, local currency, time zone, ISP, ASN, Company Details, device data from User Agent String, VPN, Proxy, Tor and threat intelligence data served globally with latency based routing.
+- **features**:
+>The module takes an IP address attribute as input and queries the IpGeolocation API.  
+>The geolocation information on the IP address is always returned.
+>
+>Depending on the subscription plan, the API returns different pieces of information for details check our [page](https://ipgeolocation.io/ip-location-api.html).
+- **input**:
+>IP address
+- **output**:
+>Additional information on the IP address, like its geolocation, the autonomous system it is included in.
+- **references**:
+>https://ipgeolocation.io/
+- **requirements**:
+>An apiKey of ipGeolocation
+
+-----
+
 #### [ipinfo](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ipinfo.py)
 
 <img src=logos/ipinfo.png height=60>
diff --git a/documentation/logos/ipgeolocation.png b/documentation/logos/ipgeolocation.png
new file mode 100644
index 0000000000000000000000000000000000000000..6c078d4126dad89c921ebb350ce909c3eee8cd1d
GIT binary patch
literal 15988
zcmbVzWmuHmyYGO6(ntvm;iw?p-QC?FATe}zhe${xDUEap(%s!5-Q6KAeV+0Czk8n#
z``XvJ4qs-TXV$vc-RoYzd+|k4UIHD32n7TJp-V}MDuY1qTp$pf^m8QO%~Q2}2Jk`X
zB&O-4Vr$~$YTy6`2^rfOLdm794NRfRPy=Ik`+g`d2=vUwTvgLaQ%;uK$kv+P05*o+
z&Dsu_4Fd5BxY-#PSwfx24WXvyHhhqi##RWqxiKF^gH4W6&Q1hsW-jUB09EmjS2gmm
zG~zOb2=J5hx^V*ptf5W@<ZjkhHjdnGe2~9%xq<Jn*9;KyzeAiX`5^x=r75RKE@JBd
zC1;~&r!!(=Wh3X{qGw`fVddhYC1+-2;$&dtWME>UV`ArKW#ndNCjZYL1X#_%*o0eI
zRQx|{0Z)7oGbblIZUzQdS66yh7J6F;QwAn3E-nT}W(H<vI$#8yqq~ihfg7ET<C}je
zh(aBW9L(*U%x!JRVH6DvZJnL?AONTTh+u6eC-+~3Z5;ojC_rTlZU%M?O!SNl*48k&
z{*HEZQilFF8~@{IM^$$_D1$Q8(bn0)2(X9An|~(*y8GW3f(-<?;Z|@k2aIB1C2DKr
zYz?(>k`m>E0Kd>1n;UZ*ad8=NGMX^cF&Y_j&~ZUoP3R0w3>oP-3^+MBjZF*~jSM;e
zrSm_{7h@J>=Hw6(ViIE)V`38H;^bsz5#!=uWMN}x5n~l*{dcaEjiZx+jS=+UwatOG
z|1+2Cf1S%M;s7;pvUO0kwYB=!3lz<4oopS=Z0*QJL||5DBY&@9Zewig>PQ7M(?3#+
zLLJOqpvK}3w$|i-^~`PlKk)GXCjUS4jsJi3#{e+J0CSfA%X$8N1$ZRv>wkp;@bF*3
z1hoMo$N>nIL#?v{5QsZYN>oVIZT>I~H4bm;+exd)xlh55=YK$1LRd<o#QNiZ1jo9X
za135<48N_HV)^!#Bes9hf2hIoI8BSgaZUbff5}@8b7prrFeTi^=33X=2qHPJOee36
zFmWt*lqKrE%Er+pvi!*WhNIrXB3-q{{d*tFqi(L@!lLF@-MeDnqlcqr)NVs15XjKD
zPAXWII_V-)sw~+lRVusbiP&I*QNM_#a4_c$g|kQRers^^Xro-R!2~$Aq4^x#J_H&|
zfrlW2XwMp?vYSU2WRpKmC@QRWiH+k3ddhMy-93g%Q7V&wLck>;kio3g1TNKOUO^jY
zKMpH>W~7{_t4lKL+~5Xd5gI7w8EA}*M>hFwuE84;6Kdo4C%Sqq)%kliv87qua9CU*
z#RaSQiJ!43$xRnQxXou~C8Ht~y5ell$Q?kL>~1|d=E^8&rFiU~P$ZBj252*yQkFZv
z$J$O&TEyOY5d$=5@|*%x;LiHqwJa{kZloRDo0o%mdRT$s2r?${Z~$2(o}uNeB^fI6
z>>ZZdr-R`A!UYvD1dp=(Yml2qpQlpmA<1!TNsDN5^H}0g!1YOP<WeGMnvAg-Q5XjG
z?W$g63zuPl09~XCZpfe{wNrCXUMI(SxPxGly~yrV=6>5f=F|lL^_wOL<I~2oKFTO*
zb4}>mBVKHQ`J;CryO69T5V`9ZUkdM5mf%vRYHdrBzZ3{;mV~AOw~4gmleL_~lmu~(
z(ZVv!1StongZ;cRJsHv0+V^_~vlW~yWG7{1;r;sH{QSJGa3K0m1n%<By_{oy<+4uQ
zM;GSDct5mFl7PBydfM&q1Wo2_CcY?Z=Zt7w9kCEDQFkZ0hE<*5jr(4wv>vT6IQ;g*
z#UP=6INrsMIkt&;Eg~A^?wJ+^hE7OQMUqf5o0Q=8X3#SGeCm_h5Tj7QCUpJa@~J3d
zj0!LYU@AsVqSgJyp~7br8pIiih6|1m9lhv|Qj&K}I0V_fA+o7&yQx%iIUi*A_|Itx
znO#aMJ50;4xi_%608at!l9>`&YvfBVh*R<3B=xZ<NEzf~vza%<39lvXV!v@|82LuC
z#9}J5G?pd*CH+WzH#MjaPH+>{mQvrFL!*qxt_x8Rpz6Ln5M}3m9T<ST#Fl{JI-E?m
zMDXFg#Au^n(99GUcG5#KHh1rvzw9cmF~x4@IoluQ)?dq0)$r3Ik|YceWlMw&eWQ^m
zb5FsQ=i$4QB9LhAa`FXyOK>=wrC>z%_WM35sjq0xR-_RVd;MBfzjD(y_g<=RIT}sQ
zOl|gv#&s)E{}DQ1kpeYUJz2T4PehiEPh_Ig%Sy@E@fz|41odY`TppLggxVae@maLa
zZFjQV=?h@MUlc8QX<pD%<g3(?F|KdVwBowwX1j!YrN+EMU7?VOSS4hCd&3A_I+xDf
zM6hv%vGgM|#VS2<vOC>Fc(aBq>~LAF5lP_mEme!{7pD=+ID;4Z+8ioVulp<Ok6^Ln
zZW<*;`Of||9-F{pOyBwF#|!3Pc`~OWWHBQu@-nK2U@Z6;*f=f;)1@x{JBj>HPgfcc
zItmiL&~Z<e$;mdIvV=D$^=q?}=Q*?H6I7aH0N2qHE=jCZ$6;2!Qk!?fx#nw(j2j9G
z>%9rmJ8^|yF86t@Cd4#JVFNh~kGjXVeP(RMY@RS<M&!eF>74V#@oB$yo_Mr|OPUST
z+XOLT48lVDtivW&KJs9*!7t-#nYR*7BzP;_eBz;SRLWpzb~Zny*l3zGEv%dyh&=Lx
z-NWQr3WnB;?|ntKAx>3By9K*W=L+}r;52r=t2G*3fgMg-48S0L%nDNBD#2u03}@LV
zFF#n}piAp{WrKYN@t7goGS=+oMEJ;nLm9`<uG=|X#r3R=4H?;`BgPaH^v7J&#jG*u
z@0%MufMJS9;<EaB8Jxp@kg-VXu)_C>(`F=tA&pFjTEqxVlAoxT?{7$Q&RI<m)+iL|
zu<ZVxymfxXNi~xEMmOU&b+WteUDxYaaRYO|k7(@(phA0XF#L|^iumf=VZia1I9jN6
zEuNCb(gt*XvI;Wp_QOdcA9SkD$33Ze+L3nEncH7+O<bC0#5N=am1^=JlapU;g5HiQ
zybF32mT~{wKbD<1J+9%zTW4L{#J)sI=O;6us5WS6wYPAZnDa{Wt7$}1>-enNhfPfd
zU2tk-Ak6BeXA&n7i$wFD*}uBlNqlP6#TOlS%0I4gdR+}_z5)!m3fY<Co!gd!aQJ38
z+kFr@*r>_q>)Xlr0^POX#YX~ESJ%UyVr{cx30b+xlhhyxa>lmJTNs<si|2g1>qCnM
z*ud_KiZ#Dr>m42TIS4U$&NioyqXp9aDlZ}GRFnk-SYFw*csSNP(|+On6&vc|EWOC|
z;!7EF<`h?W*pE9t<(xFzf$T9nKK@FTUEbGyA*LDl3pzO#AW!0HM1X~yFV*o8QKZ;6
z?XJ?DYSARDSU15dF<BCkngY&z|Bld1UGSxtXh9AziSaIzT3dOV@~|B_)x^*A4KjrH
z)10#?PP1NeuzHA>&0Zi$^+@j9EQH`ts87t=Lx4m!ITi20he3+VWjwJa0%>$ro0uMk
zEYw0>2fPlr30=0}spPG(bch9Z!}hZ&hO-OdF4i1p8&SyB8@hy}3fX^^-3Rm~5LB4@
zF&T-C@I1}RFF9<Ne9ipQ@#qa174WoDk##@Bj+tR$|K@SuKk-oeL@q*mY}=i#4x~xH
zt~s*_Ct^x%*Vew_mBDBuCd}WJqj>Ivco4@Cy34UH{~ijyo4US->rg8<2oE1GhnFOG
zSyPXNLc_ocQZiUj;Z-So2qsO6oyE`nQQKj0|6nxi`d#H1F<XLfjD=4tg|C#9DjXa8
zmYZ`gedz0DH^H`iyOd-&?tg@0HWaW51<Egcv&FByo9oY|&9CKS5_m*OJ=z}H4grmd
zFf=bNlD{cQb3hnIhebTDYYJ<7&zIx+%BqI)gH-35zI9?`d=BVwv&`nS@5xQAmZ=86
zt5eAR>Ds_`#AvA3`mbD4h?tSH>MGiKzhv`quz(4|^d-d7h6>%ZKD3AUVV#}JsWaF(
zCs!psr#4hdW8wnj#UKo9q3NbA5w(`yuS%Ock3OX<GMt?X;M`p3w`i^IE^AYpV2~Ev
zTQ8``Wc+yH646UW_ad8Pc_iqI*LjBYoy%pU%7oyyf^SP)J`Onj<3k&nan5wvy9>P(
zsmf=7PrYrYVV8G^a{o!jxoY!zC!OJp!<W+G@jl(x*Ce2CMm^zEt^$!hp#`^xDv$yp
zX|HR3+}|k3h$x5l{At=jiU~d@xH(G{eY_!CS#->HpJ*~C)!pnfh|ym*aelX{Vdere
zY+d<Fgd)_Zhtlq0cnlH`S~qq6(;Yq|C~MC)u|D3-wua1te5y-BU;K>fW9ya%q|qg)
zwwF$z1c5*yh5oxeT_}dB`RGV(i~4{F;c&{fQt)^XHz#N7F&v@&<TAYfFImG%OjznF
z*(G+~%-jejrM3ROOVp4)Y}%sul40u=;nIr-0bh!W^%Jr5CB>VgM%(w@BkvhbUTWPP
zn9ZoK<@k3)mrwPK%rbI0c+Jm#yFyxT-Jz~7!y9<0((coHhxA$HVy+MBR_NLhSRRhB
zf`AFfT}|icN8LHcF`lf^hsU!p$gk0o`=hNTi2j2Bq_t(~IqC}IWVjZ@G(+Xa=O9X^
zQ%&inTS2B=dceN-`jCnmwUoz4i->yR++ph^d1sWtl|g>zx-~WiKfi_S`wbkB64o~l
z3n<4(QIBry<W{|o%fu*dKZUVfi5nT}E#7ahv>tfJj}m9l$Pw21%X73Y)SjJp)P{xc
zzUk7@2zl&%T4GU`I4_0TN$ob>hT?{k@X)0le@G^S?JM#<qI~V%*L7;-y1AOco;?{K
zZc^wK3z!&@^?c7ys%LTx#J3tT$mTXnSJdGvB%<)^?~7V|^WE>J1rp)o2F(ch?*eye
z7#22<SF{(l*Es*7O7HXP5`i1{e3op9N^wasCU5lOu>Iy?3G#IH@JO(vW2d`SY15wB
zPhpYm>DA1|ZOoQKW}D|eS-Aa3waY!_y=N)|b@bm!k7)>SfjFYD3c+mpL3H{3>8ZqF
zSLy7!cbE*zw}BGhpH;JZzV>e^BMG>!n+C26+It?dzUP9U<rG6QT!o%mr<(RX_>!-g
zRft8GTf5MSEy3d=*E+-%w<N<@K<r{6n~L!X9dsV!iU$S={M0aISh^4JzYb~mGciz7
z-0Ufu?!%nkv^P{Kp-r>G;C;~6I>Y<4>&a&n;50oYxc**>)Tb?3pvBMRIgs^30t}Qe
zreC8z;U2P%uYOpf$O=bEAS>PH3Mk^BwxMq+Iny-?TVG^7$80?>9IQmfd_SF4O!g>K
zNDJk^SK@$=scm^Lf-$f4$DVc=D-*#}18(-6vh3#(1nRPruk2)hGW!aY;!hgHI-voF
z;W_P14ITD`x{2Z(2PHxMDjq(iS9P7iGL^-uAI;P6lJ}-k2<EA8CJ~=q)}8p!=z11|
zJlC1_T6QP;7&5xHKykz(Od~V2e)GZ{TTRphFIWX#mb~`}jIY2k0#9DnYRgY|lri}#
z%aiA+=Q);prnw^>g^$BIDP~_44;VinevBeiQdsR6nVWy}U59;=NPAm&z?+;nqjEcT
zXB-R%q~D)&2|W^A{-q;#MbE;{^z95rm%5yhf0t5kKZFx&Xm4qbXC-F-TBXcT(h8Qa
z&I-Fx`$2CSUs`rJyX^Q><UdBW>Bz^G37xK}<&R50!X%0NR7&oB_PH-VSu_>_NLRDM
zu8Ks2TL{(|RzC{(2xs*4Z%X-OR&K<dd-d#{#Wu}83|+U79L~$wymUWM%N^yms=D3Y
zkMdr58G|^Jz;6o_a>&I+0#^(PYBhyp6;G#YZUMQ-8}<3Q3n8fmeB8aB*PGbM6qC%r
z5ry-t<9A2T1!|V3T$+c+)?Jy8(nI+#Q+0kyK9R$@eD51hmf7-#9d$ywM&H&Stc>tw
z3lk50{OW#vK-r`IM|%>-YA)61HNA(-R^>?EgqGwKb0?((JH;YRZu7^jsYGY)I^Vl5
z?PJT-tw#^+k^yuKnkgjRv^0X7AK^hXqVunm$i}96V!8t5bNOcoN^e)miUia(z|$n{
zcqIEwnERq!UXsQ$kptIMDgh)<ZOtvAsTvhx+D%tQlg_R>TvJHN?|>xIh7_9(Zt_f&
zG&OBN9E<l2c9$Wv$Sn6|TWkM~X}>4znSfu7+BHo;lcA9D@=%k`lB-VJ+Rn$w<1!Q8
zv^I@om&YstaB~o`==?8_(c=r$)fHRmTH9Sq*Ha&{5%c)bg_^ur-zVpXn?fYI1EiHJ
z9LMcE9fC%ekchFJepVU4XnyDr>z&mV6LLI>kG$<AbMYra`M!5zfg?830Y?ke846r%
ze@-8ni|K-Lc1c{1f4=k@x&n$?m=;5-q<@s6#!_%EvUYI5Eeq%r674IT#lL&kUNd9b
zi6f6juY3<x*ZC8?`qgAXy}Z1>_xXRMjxnid`s#4e702SS{m#rs{^CpORh+22rzg~#
z7>~0z1FH#xd!A-xG$~onTk~ae=U*xPCdEb$?tTq7wa!5Lq&vM|gjNMDv)awJ8di<`
zK?xOb;~Gv+4L~lDeJah?g24pJrYkK@WhX1*<Yo*VyW@PpK@+%Ecit{wVhE&LU=z>y
z2gw4M-&ibjbp<Xa;00)6=Q2(#QXr3FS8=LODSlK}7b2m&D7m`Y-g2%+_gHaf{gt&R
zh;|bhR?{O(sOY^hJ>=wpP)1zZufOCn>dn=NJhq{MAZH=4VG=vRa|)L8EFDB$z4#PH
zkN1tM@zyAcr}WHy)-DFq=j{j5ywL(Len*qK^FR5KmRz5DrczhK=!n>;n{RjNCn#Xs
z7}whGHK#KDopS^w{0?F!;mrz~?>nXwg}JzaEP3(DW;;pWT@Uwj<Uq52Yt#UQ+V>8q
z#yS12{Bq_}viXp=mQ(Xd3Ea2h_oJrPiq3k{wSz7XI<|y@iwBxH8nnz8dRBLm+|{9Z
zNj5KUmD}hjoa%}eW8=5=44qwgSpxL_8hKAevR>h`O(@1*FY`zQ6IL++<c1jsAv?ff
zo$Sf7j+eH+5aN*TD{p)`+&+5Rub?3snXs|k_=&`~JrFNu1Jh9c-X~KEr0EYZiTo<z
z>>$Y3`y0-F0EuTGC6aiAd@cC#<C;kDC$bZUyGPvo%b6*yy}-RZDBNEY4%Io8t(4D1
z_Az0a67utk#cbec1q;iXUMDWu#&(IF*wH|O*QjA(>32bxSkdS1?z-hT7Vm=z=Bz1|
z5&M~2cU|pkoid}3>C@DDXl|3t?T{0X&fRFH^-th<SjwxsdcRPs#;?HtX11K#?%q>8
zjg>!*+3aVjFXoRcEIuY8{fi(uJ?S$3p78PsR7XFP7XWPVQz++8aHfc8&0IyHsotmU
zUWWJbvQnFqDZB(I-l%03z{XU#vrRBj92HBcbvo?%pFjmiIM^kp2vN_+R<6{R=gD_t
z2un1U(NcX$jrC&p%5C1k(q{Xk;jXTeGZ*W)Z?5ijPVsNdP=NE<x>WKsaovyi2CmQI
zep}3~5g&7JRZV^tdMB_DK<0bw9zQxNpi&{FEt_Np#lOM-@2OE4(LQkLbBZ^-ci@<{
zH$?(2DP=RAWHVpi@~xZKAo8dW7D0VF@fC7)2yhh2Ar38ql?VW?HM`m!VtZV89G}BG
zPwg;C?DPvSX@^bSx5U>>!ZUYbcG1D%bLQGPu?$pw5-F-GZ#OPD?l?HaOaS*_6R2fy
zK$>fH1(-EeLGA-!Uh=c9?D!Ln54sQKM6u`d#kr$I_dM0F=b8>~IdK#Uy;i`CL|Z>l
zsWYaKkX2F>o$g;u@V#v?ot6`h9HWH;a4q&a*8LZGsWCpUooGHYHw0XlR2B=kY&gb`
zK9VoLO=7Bii;I`0hG!g+QYlL~nzUcp{;)UgU)~sDmZ?iop2$V+zzFAuhv81e`pYCo
zKLlOj0=)0Oz*8(xbL5`U$3-*eHJZFsJ6jZV;02wmuytcz;^wrBjCV^Fn0N~(iqZ|C
z@qMOgSlJR1%%`bA@_5%O)ru8C@WrdD@a*AKLZ&eeGpKZ)*GPS@QhvpUcGXCo;5Ds6
z?o4{p54dflJ?Ft<@q?kFG_{e^2}FdQTa&L3ALAttME2&NY@f0!`ps}x<Q)+{5;%ZT
zcuB=JcLU@Iay)b2ED7^g=xyG*hRG(W-txQZ{dU|P8^1a4+!5-QpREp%=c<nTRN-k_
zcxcXS5r;eMjir|PdmBaZN-PP~MsyPC@rj&?(LSr0QJ}H<iuz=y7D-=ljNLRHDwYY(
zp@NUgq(p9`zl}zDpy1#65aWEEtN%RB;9_!vLco#6SEtqHci~)v(Do-wnw69Lh`xin
z;>PX8bDGKuCzr{MC{@?g9`yK`i*fVc3^t_qNh%5i-+b-28WS#0C4SZ3-9)GdeM|pN
z2s=Wr3npgq@Ex|B4r3P<<Lo(neA)#tjI-|6;u3cjXi=ZVd2PV63!L4H({uWQlGT!5
z11GoE&NIaVKys;Rc|YOMyV@%&PzkYPZTg)rK<ZUzdtnyS`nWLQN*9&DX6+PWJL29o
z0n)VA0OY0?h;sOe5?VRpl1<)lHB2W^;5CD||5#OsTe3h#&3ezLl-N>TVQvEc-~-*N
zES=>|YEycB8l!NvC@wO%yW&Yh7anq0^E2c-MxCxG3#_*3Y7bOWuzL&y%F<xp<L2Ts
z-QZs~x4Uf}(4}Yb-We2WFEh-DdDM;58R~BQS1|8AhtK867~-?S6OP8!C2Ue<espad
z=Dhf;3E?+<dQlFa&PNCc*@x2LmuebzP&&>Tu<O@)9s}j?($g#B@O8-)T1vGw=TJmE
z4Uv*7O5GpYkRzh&a?UvDViSfDokAuye*pC#Y4$%PH*?=3M}gHsE$tC?-{jvM<WfyT
zod$!61+=xGbsVm>s{9#T#c@{59^tTaT+521=@UyfYZTd|+31R;R+X%7WXTI&%Ni%G
z`I7_Q{~SXgC&JEi@ius7Py8`uzGB8F=>sdUgSkou4dU6AxTn-T4SDOslFPZ{aP>Q;
z0x&1J!%Fi5YENzkUj3hnffc7LA-cgw@8en5_G)$b$m@l=>%V9%R>RdXjgow3Wf1M5
zs5Kt?{=>X<jBX1lNgDc<##45cw!N**Q`CUzQ9sumnCFJ`_)mH>v*igE*JN)v!|*Tt
zl%}+!u=eq$r}HN{-*z#9-VE~YZ<Rm(tk0Nxzz(!;-RK6|i9{+^xvx>2Wp_)k=Bmoi
zICKkdP<>VApB0S|sD1a8yt(#oSQCkVmHfWx?g8>f+(X=_npJhGvyiat>dH0#%&9`*
zy+u0P3H=N3)_&lGxjE9jXfg@xc=jSv(wy7YjJ`qCcu4aarN+0lZ>Dw8aXLOU#kEDl
z_~z-bUTd4dtN3~Gs^*^>vzckq(y(Rao5$h|ViB@JubJiV437*k2P?l+?9BDpM(?g0
zp@Z0OL`yZvYdVH7#|~jSlKM#6d*%>_gGOw#d`3{ORW~9Z!&V#Ob*%$I_KupC$`AG0
zMulWN4t^z{yHXxaPp~W__{K@K$QDfOx%ekPUQ3su>dWHOUFe^iiyblkOM+b9xbY_M
zlZD(S7ncUpUK#qtH`=54id0;YCdgwr>byuHnCR9Kte@?+;A0wnR8UHtv2~4122mj=
zPdG8|5%H}D^PI`7Ag$Vfv3pCu3jQ&H2Gva(eH40bClojLUy8cew*u;k9?nieZD-Q`
z&F3x)3X7V%Wdh?@k=FxuGWnjmkSj3E`N^Mey)GW(%j4!TTU!wGIaP5*ErbYrI<Y=?
z?~mZy_^9f2flr>VfbV{dEDfKdO<$+DNvEOO;!28lb4Vcly^sR{2I?<YJbRwi1D-6o
zQ=l~MWk)cKzB-H>+6@7aDve#y(0Wb>%}rl#CF2##V*>R6ABF~1<M9QWW_s@|o1H>R
zQ5S21xypQ8L9e|n$c|fa6EA@KcVd#JxWA>GOnkJR-1RT}VYyOuuf3Ud_iIJ2iRkn;
zmqFudDKsR;%OOmPEVmwp0DRqay`3Pve0wkyaJPK|?JLKXUZC9d5a15<l$0I!r8Z%I
zRqnLH_ij86&-IFuL+W}<Lo4iy6^l8N9KbGcV#8w4_!77bJ|ejRfM}btRc31Tbg!m3
zrzk4j_M5|cNaaY8>=VWyfc1^?8+8qD<o*DENMT}oMX3;H^XAd&1vuW>Y6~>Bf=a;0
z1u8%PE)|=dZhU|r!{FQhkd@>=Mw<33{9Rt^Ylr<k2xXepgcQW6=NoI@#nb**3{u)J
zgmRwO$rlxUSBc@TBhYKChfC3`f@Nk-xQvpkRV><0HIrWnu8hS#!xB)*!Sw^1_jBmB
zYvjkR+@u^533q=9Ws|G!>rRwP#O8FySE!HKMr3RY!=nI6BG4Qh?n7KR6nc`hj2Ahn
z=v&5%+LYFKF$ZA|FtJTVOgUby#((zZ54`(pQm3T-jST9k3^CH43RpXapiY>UZkpY?
zp>JV1P^hvCfc~>tOr+b_so0XvUeclhRhwNPz7A!>F-h(Zv^H-F`LD;AUSso*s!$gr
zEdZ48lW7|Ed=|BACpY*|mO)LIfP4%~d%kxkc@2l2^UazBFi4q5VUByeZbMo)zZ4^z
zd+$SptMzR-ZWPb*ZJ{$|CD%W=Gf{(iesy;tEB{Vjl$y&n635uB=9$4>s!v{*5=(1G
z$6tQk!!$`Pl6=4PH7-XP=o+?HJ6u%I7-<C`{*1dSf`>5_3;yXXyo7arR?Jv}I%F9)
za!p@DYW6`qn8&tj07gUO+jet|4zxd5jNVw;zGx`@4FKsAEl8i~QXKs=B60lE0b`!O
zu*ZM#;?#)mMKnC1lbH-}`JkRU#SQk@W&hm2P`V03F1c|d`h3-H6kV<arMXEOU0TKi
zO<|bQs@cz5dRla>-&;|-eQ?Sf*A%*>gE-@?2W+)TsEZLX8{3~ybI%n72rV%q&yuBj
zjjUk+PXed$L`a?dvO{nmgDuS$(w~RCs1VfB*pcgHEFHAS4CfAZ3|P($&+?|z=yvy)
z&=K?bLjvouSch@HvE;wd&pB8heETK$l|F|#t@__KN6Z@v^ssYy9U!0Wq(DfHUhz;j
zd@3(B_Ud7kvUt&BDw`a!1rtVVlY>H+*weMmCx)zqSz!qM6)&y$tdsA)BeSur!vpoj
zIt;gGjw&@I_OuFSzi!kK^|4QpB<R#o%f1WHy_VneS>S<6cIcQ{v3_~jhLQZXZA#Hh
zSr}&RDYY3~Eb3y_`#ZpXT}t_W(=^BKcC(9NDJwA_36_D~1vP|7(<i$d8h{Sk>$8J}
z7t+V5==3f7M0;K{cgAK*W2zNxHN`O57k_d@a9l4nimE@Q^i_84H?>b9?X~P}C?|1J
zv1OfBNZ}N`fax-Q)^;L^mA+|BDkkG`HYA;BnPe~L6v(idPNQjww-&$u5y&AJDOq0O
zV0~!`f_X2r$x%Bq?c|t-?{joH@i1Ks?TfzPXq>a25KV@M?M6{K%vM_xrg}@ZT_b6&
z?BC{M^+hri87fw__gXqaQsUNamUCF-Jo<8E%#mQs@=h2|z}tU(rt6FuC1BV!Vk@d=
zHW=lvkV4xH>>*sfEx0H)=xEkV=G1bqR&und-h^qn4B>orW!2hFCuRtkGny|T68w(2
zOsS!)UOh;bd#ayye_%#{ZBN|hZ@V(RzB@+%8`;CrBU@$EdCC}%M}hCP!)|7yIG9P;
zc-m^O<qtCz(CQ3q;Lbm|2U?-_2e8hYg+B>}oC8+?QDfz)dkiI6?00PbKwX}RrPB|=
z=@hcK=A0@GK(9;0WQ4iH#EfD;`G^>1C$?au?<OYPr*P*5HZ0#wHyo80&pzS09KS#M
zhDXp49EZ);-LI14xot%?l=N-4MVY;RC1<d13FZvdpJULN-wYzo)+!j^smJg!$eeB^
zig8~_3q9q1l0+QK63Ja5;aA;9oLEl6ek0>cZ2m~XB5r(<Wb`So;9xdM6)dne%Z?go
z-@Elak`3P!p%&H_%*5|kwZ%Z#ei6HEhy=QWb=gK71t|LHc(6G^r$RuFpPkcULUAZs
zfGqq4XgvUEtXusg!`X}sW`q+Qvc(3D@Wx2!iX=gV4nm1zEXY_qus6XPj6ybbcsMYR
z&+I^;q9a0{6W=Jl`uO+u!NsO|>?@-Yc7~)2!XXfrKo>A0>WCuk6CrcIUTlvMlAke9
z=97CaQslO&_2D-ZY#b%Qk#hm<y*`Sl=RE4B5$F`d?P#!6R8VT_*S%Tc&#mn-0{1dV
z964H-v<Kl^7O?bNOkkUt6Mv?q(1j+S{i|D{=kJW?7!k8a4OzWl@^@xlpt&75*;QKF
zTjXd6!1v~}t7?a+0E!4;=pIaV{@KVEsT+v0plEv7&%tyQa_wmHKl^j`0ETp73}KEM
z!kfAg;ec{r%iXNw#YXm`6`m0}gMiHM=LY1X=R?sb5^_Y5grG$L_wc(v%}63=I|lT8
z47)+WZ_ZK($MSZ-CYA!wzbj1cjHZwmFHI>aKz69W&5JXcFey|f5eTpCgzV5?qMMu_
zC*BWX(I5~%<3#CH1Kk8!Bd+hL%Ys%ZU`&!N>3yU&2|+xfA`T#g`CK$<8EP|kjna;k
zEvH}Sm>`@*fW86zfmJ60$VLQqiK9)r?+OTZ&LPk$J3wI)<Bi;Y7n-^oE)J*;CRH_}
zP~W&x7AG3Zf1bNpV;h)6%r1V|@tJ^Npj-;$<jZt93f)jbPz4;oQgy#0McNlaczaE0
zdpS@vHlV2jIj4-=H%YIt7z|*$49GY@H!0JCTQ=GMA12ZBlB%AusCJvk{uR>d^n08M
zn$XjIdk!k&Gr&<n72WTYQ3?WE_L$8nO+bAVL#6P3`MFhs<SfC<L!`0tfX(JUr-MOB
z))Oj8YjRDYZLn((f>+-das!VuKbN93WBl!$l9Ms!Hg&L2=m!6@Fy^x1gi+Gkt1?4)
zzeAB#CeVdRhLn+I-952va;NoQX1u;LQ3Vp=x%DbNfNo&m)oz$JnlL@Y4s?bH=x2-!
zIk#qd#C<O3g({Dr4`4&k?M5jP^??!shTtRY5otYI>WxKaDmT=NeF}Ez0YJ??xq`Oq
zyc(qT2vu1GA3xTifRHwFQxl`A{Xq^W098fw2Au0IaDq(mhPYBQ=msWRK@g>bCIv~5
zXF?HT9|K@3!Ro^VucLv7I;kC{AFzM`y<@2Sp^1Z>i3Fqg=_d!})~t{k{3aRTO62d4
zD5gv~pBCh}BP<a51Yq-D#Y9ilX4515y_}ONFv7GqLpXd#qDlt1g&iK~^E*qSK4e)U
zk!n~82`YLmgOMZX3^$1nVA_JX?51xs7?c2WBLn<m#RGxk#Os?~NZ~gR<OxuSblAp?
zXEZf@fgE6e5HXnDye{BopS>`0AMl31ufl&L1j_6ZFaA<Rhnbk1T8CsX%I3WX#uU6_
zBT#aJ*tvk@gM60NY5JxR!*4zaAp5i5L*lGFq6h>6L~3JKNM@z%K45`@L6Jbjf@Z}x
zK60xx`4FptVCo17)1}hAW{Mr@z6WK(2-=q~<*2-DO1~mS?>q!4!U%?h5xi_!K1c$C
z?t$_VWbe?Hqx9m#4jT~3i=b8DDiJ6ICvD4#b=z_`W&S*g=x<E1+S^7K>TnG8{u7fq
z^}_2*XIam1{<`Xfp{MMQcYn?x69ec1(Z3fIje8*5(6@f0Irj=Sdll_YmdJ9AcfW4;
z3z8pPyA(+9Yxp^WwCX(5J6OtWW77+F^Qx8FV0!b<V_ve;`;Jqqwihs&>=GJ<No#v^
zz9nJ)B}RP`ZAbH3AY>1eshy;Y2r@s7mLf<})z~_54za{FdFE%41-RgZ@XSyl`*ST%
z?;1m9&~xFeG6DRsZlv>3!&v;=$EN<AY2mD&D3x%2bm6Vzd#jfL_g0mse7_ttugox-
z6jzZ#^Yz@2w#y%qp6$zND}j^PWATmjKtDGNe0V}e=h93mN#6Ni-mVfRRbHw5)+oKn
z@6PF=9&N=HLygunns%v&tm-^|M~hbo{w{yA(@Mqy{nndemf@T_<xuwgcZpI$N<~c%
zogJ`5-9r*tEpEWC&)?u)nh&7{u#cc6oSKn!@AkPjPa7-9hwKasBcFG%Fg`mn4Y?Ni
zQNYMCj-v1YB$eFS%<=dL{Vv+*w$87nALXe=OSSRO+<ttBqXmiPDZZCwd^)^%*pol6
zJ^zXJ7Bt${6biO2X?@+ng>NVh`q_ma+aSwrg)mZ`^lUxI^kWMlb%4TB&L=o>?C_uU
z2sDBnztM)6Xpx=+*mX#%&u&{d2&9<(8_ns%rl_vxM>-P(kY9KQ3*#sxU-5kbimnLa
zGmzkqb{57RNbj91R1<M1GztWYwg+U?+H@O)GGMxu6s_bYVSzvuXrpbZVc@c_8b}4k
zOA*dWi=JPARo=dJ`aAd!wHC*v4v(M1RLV#GcvKLG3zwVsnPb-&KeZN(t97~NBp&$#
zjZlrp6Ed)XMph?`iC&HId6L=}IB+0A^iYy?e=a|~C^!&^JP~bJJE)ny%YoxNnc5<^
z-u(U#&*)rcx{HCy8B%KQ<Hml^;y!KNDVf~H+Oi6gVit`?zv4dMV2z-mCC6DRhsMRt
z>cMHWX$cc=6l*m7IGGqDYPa$@b|D&`w057e_~vQLA<GZNPPQ`(4&R81dBq2-dT10Z
z_4WsN@($gqy)1vx>L)dvMp|AT*H>3F+GI%ZxHBk*HBY`;UDn-LYAv2PW7BJ-nUNAn
z_mW0OO<BB!lvzcje=NR^FPp-#+QJCyyM|`Xh-n~j*C}eMiU|$uOmYP0!i8rd+MX$k
zbUBosg2(3LXw(NQhJ@V*Fr3xeQi?thc%0MLYSO1T;}v;DZt0Ve7F+ROH0cE<_#IU$
zTDpXOT!0#ya_p(4n`!E7RcC(~H1Y0QR~fQZzc}}^iTl{-n@Hvp<1ORc!Vn2~mbX&D
zPQwYJo4sGd$?xX-(l3)fRapejUaqGOt8GKSNgavZRk>l%+1nc_>!59!7w7Tb2F(wq
z)720ehdZm$>#Gbo<Cs1!G@sAt^yOb(eUsn`{An&D3$-})2tvZ+daay#G*YDSWxOTp
zAduZ;iGWQ*skDYO9eJuMF-I)2!YX>D_MKfe2j!X~pG36i8~r7Hci!N-miZvk98cb?
zhN4@4><jB0%*HM;HB1ZwG5P63T*1^b$pYCy+OX6duN=ILPkn`i`c<^;rd`BPJGD*R
zW}D)cNxiRC?n^fISIbqDn(0?9HhQC4YD;6qv<soQsVa>>^wMyTtBXk8O24Gi&i9ui
zhwA6d=wNXTDw{dRc%eY@^SqQ|6%aTm6@&2T!&0v*+J2*bRTuerwdy2@(6qNrLQY2a
zdQk1e@0T`yxlOXlh_55QsJ!}-YG9kWLLskriz*@(=djiVRY+>`xfm*r&lk-TzQkK=
z9`oVSiCUuOn?yG_*$Ap_5nI-Byv_Y3PPwn7G)-9~=#x4or*QTqBg!Skq+6&jyN(r?
z-pegNY#;XcxL3tqGyh68bSL7?ATVitW9^E1zO7>M4Se@K;q&0wuCB_nwmY;Ec}Em?
zZxp0GOd8>Q&19*uO+okdz5rBsN~aB{u0l=*r!%vB!w@YNrq)F{OvYciTu^_Ud<CJ^
z)i6T>?h?1fbL(8Dj);Z0nObm}5<7Rok35TDqUPf(3gq+Fp>mIrw6rGD5d0VHx^wY~
zJOl^N%#2D=()c|su(|ls6biI7Fq)})#@`e09Gayd<K*eB<`g^QNNMVn?ljGtSBt>!
zpa*~G7U|x)1<fag(H<9P!^NDNu)Pu=XXn|Kv}PUfkm86mV2q?w$XL5iB<q-TL~}X&
z{JA*Nvl}!BG0x)mW8a3@YFoLQ1)=`(M3mLpnC8y4Rja;h&~(XZc5RmPr1c3DJDpye
z()xz<rRIBnx@|vsIeLvc`cbhB5#5~ljIy@LKsj?aOb}kUa!8)%%)mh3zR~TsOdM11
zI;<6yu+^}yS<9B!GPe#WQu41cd6pX8GXuk$sJ_$C%HsTRfo^-C&S)R~C{!VH{01-g
znjrz7xvHFBQpMM{1bZgL3`otF&pveaSfn2XpvU&GHM7~eoawUcPj0a@jG{lQ8vIE!
z$$mHTi-&EqKc6uWtgqUAsoivEA9y|2<2{#j#m(iPCOoD|h#E%A*5wtEKyH*N)>vGn
z{>I^Z$r|HsQ8M-nt$8Td(?J-V1|prf{=L1HG=x&arDD}}J^;Z0pGJrFvxh(RyzcK&
zu8j4m>k58loe<MDX4Jwj><LW_`#XBNylrgw61aWCS}(b>0`%VSOQsZa`s#exi9AIj
zRo!$OVHnUc_Qu=6Z2UMGN}cBF`MF1ltipx}5?4%T9uo^BxgC9yHUEiM*=6R(8+FT`
z%GEpL`I@_HQihF~^O~|P?{~vOb0a_B(uSl4;@d3#6wddKKBt$TC)9drI~9_e_Y<CS
zn<HfkF4aZb8Aq&*PJR|{XI$PO7->Ef`?``iN0<HDF<gLcYbt;8XJ0#kSV`}5cHSDK
z=)ub31Ok-6Y9)pBAM_3HWkJ6L@kp5cY=1<EB{nhBMU7t>4CMLS$rRTcyjzUBn6?->
zK|MoteB8p{&+A0>IFRf+R_e=6!w(*s_zFV3K%b<)Ymm@Tn>#)~RI$MGQtC2osFk#R
z<;hBsWk^7As;-zzgvN5!WaxJu=zdV%9P8o;zKW2^lGsx#c6s%>LvcZP&>3g@D4VXZ
zb_l#cHI#Bt@oE8jPTqQ%Z>Z-jO?S1q8ukgDMZ;h)bM3V?{q<%^_+F|I-ciRR>GVsl
z0lleT69MlxqN%;xf=JJ-9gaS76n@rMFq86o@afp}jgQdl<X`6hH0>I26s%4+*MFxo
zmPBMNP;B^{O~}LU`(*Gre{N7aftE*}XS1@<!e04(<9i48xl-edm}$}d<4~9L9yN-E
zPmHpwP&N+z*$B-<q$aWs)*&{gr9p#z3M!Z>1M6GW#Yyt^vvqCGKHp3vE$FIyN&oo7
zP@z-Gc<q@T1~HWj-@&lT@$q2)bS3WeYNwpy%@vB55vF?0b9>HWVXNc@M$x4b=K`Cr
z+F2Y?E)LsSFTXb<4|@i8?a<6TAM2r|cd*<Lg9zICM446t<gAfKNUF|sHmIYor_Ijq
z(b=uF(OS!9=0Cgi=n@+(Idy4WyPGHCAK_kPO%Qe3DJUP&%kU#wED+?*_oRYLL+if>
zq_>W5rEu5;6Ku_6uiIUu%6#=0<8l$8Wa~uXf!+zFn`V3^Ff+nfP3@Cf9Ukbp(OtM0
z%^U7Ou(|3Djo#6*;F0eT!+t(}RK?is5}*L*g$<$Pm{h6p|AG}<`F3-b2Azy&O~sEL
zDFhsn2nZ=-gx0jN_9@M+0A!68(;1<<F~an<F9a(X$Alstoru}4wO)|)XmT~$8~cMF
zLlI(3Y}-JBP;bi}QOa@1O|p;_i(rZCTu0a1Y^qdse|gZ#E62xj75-Fy{&&7(Jy=}*
z?90(SXs&f1@?L?J$IjUQ91>Gt?96tUQ*kHIhFB1Q?eGsL_ca@b&UBtSh-er9CSqUN
zt6vz(a9E7JPMb|Qxc(d{2QTox$y*Fq1-u|Qawc2EcoS7@gCFe1BQsFGIWDhWV=eV1
zlRuZK6xkPzzZ*#lY|&2e+TqrPm+5!~M|1OnC6{kVgp0n{;I1h}c>A?1cx1xgL^-et
zlbuVI!+`X=RJRF0Mkr9&`vayE13R4!ey`K=TT%JqH_+UO+><a1`OWu(RvBZCCN=8k
z=qfjIH6$4t6brh?1_SsM7^XLZGAo`n+GOjmtJsZ~W|xQSUw`hLk6T4)a<BSDApzvM
zLb}!8ZUwg?{R$LJ;RKvWRPDo-=0^Ru-;;5<<k+7@HzRMO=x`Ly++kJ41PuoqF{4Wg
z%QPIw7PYg7>uk@JaD|MWp0!d9H=LTu_fd%#?ljF&g+DmGpQ{<uTAM3+=Qs9ZL#1S!
zk3Pfj21?Dc8ivIcP(E)s+H3KGBacT>EO_pBNx%4YooOQe7u!_s5%gPa<P@o`xxSO8
zlxOpFvX2A{9v|Iyw36U@ztZrym+Kk~RCP?t#B1brw;-!yW#O=&L=gU_YCf>Aey&tI
zJMQ+{O9_8WTn|kWymQ!nTOiyEUICxYTL+}N+JAOn6SEgj*Zn@m+{Z=~dOF6g>0M;~
zeV)$nG37gVeA00(=e#N4Q@CeMM@rotpqb<AMQyp3D$a-|$~BeS`s01pW4?LK^_GHe
zLlQ)2)&V4c(T^aAQCy@esIer}vZ~wtk-v1ttesHJ`InfTU>3N1$4q0^;*WOEb9ZYD
z>eA+Wj$UVhu5tczv;4SuC>wPD{PE<S!}rbRr4*r!5{2^n?{(Zkvv~8Gye-dTa8~nd
zN|YB_C7RSd**Me@at}}D%%lrsg~TF<8)&X}{F;&GaL4L7-bFvLGw5HcamGQH`EV8<
z@Ux$d#HT^7wh^oog$6GuvVH~kec4yhE^?=m?ac2YmmGv-_BTcykl=AuABQR9aUuHl
zG&9YSZxjW#hhtx)s{QOI-kCgIboi}3XHSdI!}2Ua1N)T@X|GKsW8~6Wgny04*1_+Q
zxz&jLdA(5)jaPcA!^9!EmX_btFO_P<UkI={^$S*3(r)`^HhlT|BzUa@K4OV-ITPT0
zcgxM}9bec^qcQ7JxTC46$DI|mlS7wL(LZ=ck?19@|4Fq2u}6E9(wdfCA9sIwS78%@
z*H{T(Onz}Uf~9#LabMXiM=CTGX>_eYTOq7S)6}%Nt~okMekxUOc;RC>1}BHhK*)*v
z#`00G>49B)DDQ2Y&%Q<T+uB<vZAgBCw^9)#Shw#^y@CYJ=1lEtucVW^5z3~6M5RW0
z{RE@rqXxIlc5dXPW9i}M@Uqs{pXP;?XSTVM(?Mx6=X!!(N*?469u*Xu^0PACBcvMi
z>?83QVRh93bedaRz7g3s`p10Xy08#1ukSQ8m?CFTslTN1UiAEd(JDI*<ed5}wvw-x
zq*d-d#9HgCoe)WHI%meG;-Ux!sXub`94=>~pTi7=x^K>?k53i_{&>FdQ)5$9g=I>-
zNUqNJ#9|&oKkIS1G5BdGrD%(4TAEhq9Qx|f8psVpFH?c&XhsMFH@YUO-u<?h+;!^m
z)^~GG8(c<!5jg7M`3SP~BX(1Z43xhyh`I8i@JEOY7=cD4Vy4;&yEsVhey(@bkiIPk
zC!gG;a~_1;JnFpVIvI!MtCzM-><IE?!ufB4BPtIMwSQT~8F(&wjlBC&+Z|7VDf9i}
z6~*CaM<Yt)V_lM$Nn{nWgDPI`+FRB2a#HAno_whFq(z-DI@V20i*3bSKj@{3BUI9y
zJ8To@u@V=|;`AN~-W`gvjmi{-blUw$cZ5=w{a}z@Th_HOko*`=Il=xe&DJ;NJZMYf
zo!!$9Tn>*&bE6ROfozo4lFb>lyLl?L`U;qj>F0;_qbYN_-K6C$o%FGkkaXXcqc+YH
zuXCKfR(`BJ%o@9_&PYxTmork@K^%`4S{qA^#k4h-Z@r}J>2C+G&)#+gk6fKjTYqV6
zsw&rRi?=56AXzZ9pF1r|u!!ofVNX~%4#Rt$=&x^5?<JRT)%v1|x4GN1wcFt_B@Evs
zII_}vdt6?t(e-Y2I%|G%wc0m@AL{Jq#nDsk^aSFc6xXdD>v?%CcBsoX#^vo<^4Wao
zNUu|uHgc71@_mYajpvow?~$38h3iKNKgI`jW*^Mvd3%?lm6upOW}?16LG3qJ5Rp?6
zdBm!09TCQ{_Ln2b9R>>dzbm|0+V*JvSp8O01AVzVh3{!5oggMwMSrtrS<Rjcqr6VG
zhEkoVx$0*|R>YZVulfuD$Jt>v)I55CpJ!_{#Y?wiYm{#Q*J01&s8oRIMf>WMQnPA;
z6+_~WshNilrIpq8T@q6k!0yRDfP2X`x1fu$t}@`xa2H$6PN@sBrbS%fJayUp%sgU_
z7`)eQ-s1o|=G=S#!taX3&M+<YP~E2T^TL!1-Sjh%pEf8aR@WbgBE&;wSR8l(fOe_)
z91(h08nar4H02NwXc9$)$^WiHT)N$a$cY5FW<?Qp;0!<+<PIMN;eNeTszWf~!bb)u
zeOfD;|A=1B2?7vS|0a7YOrjwet^)2$Y12|g<r#*D&9MmEDlr58j~jSREb~nc5d^A6
zt1LbX#*m}4_g<j~=GJ9VQtI!HO?m+cCcq9QgV{+$&&p6)ciK+??6?J1In1`_puy&V
z5l`j)*^k3viS^GzNo7rH5<W1Eku#7}L5~*yAh)XC_>!<FD^tt%eE3$#XL`WU2ULFv
nHx72o^27GOVgWtr`@w-kt(iMM#6z<Hk{~HDdC^kgkDvYz*0k`)

literal 0
HcmV?d00001

diff --git a/documentation/mkdocs/expansion.md b/documentation/mkdocs/expansion.md
index 701c79d..fdeb560 100644
--- a/documentation/mkdocs/expansion.md
+++ b/documentation/mkdocs/expansion.md
@@ -793,6 +793,27 @@ Module to query an IP ASN history service (https://github.com/D4-project/IPASN-H
 
 -----
 
+#### [ipgeolocation](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ipgeolocation.py)
+
+<img src=../logos/ipgeolocation.png height=60>
+
+An expansion module to query IpGeolocation.io to gather more information on a given IP address. We provide data such as country name, country code, city, state, local currency, time zone, ISP, ASN, Company Details, device data from User Agent String, VPN, Proxy, Tor and threat intelligence data served globally with latency based routing.
+- **features**:
+>The module takes an IP address attribute as input and queries the IpGeolocation API.  
+>The geolocation information on the IP address is always returned.
+>
+>Depending on the subscription plan, the API returns different pieces of information for details check our [page](https://ipgeolocation.io/ip-location-api.html).
+- **input**:
+>IP address
+- **output**:
+>Additional information on the IP address, like its geolocation, the autonomous system it is included in.
+- **references**:
+>https://ipgeolocation.io/
+- **requirements**:
+>An apiKey of ipGeolocation
+
+-----
+
 #### [ipinfo](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ipinfo.py)
 
 <img src=../logos/ipinfo.png height=60>
diff --git a/documentation/website/expansion/ipgeolocation.json b/documentation/website/expansion/ipgeolocation.json
new file mode 100644
index 0000000..8c2c418
--- /dev/null
+++ b/documentation/website/expansion/ipgeolocation.json
@@ -0,0 +1,13 @@
+{
+    "description": "An expansion module to query IpGeolocation.io to gather more information on a given IP address. We provide data such as country name, country code, city, state, local currency, time zone, ISP, ASN, Company Details, device data from User Agent String, VPN, Proxy, Tor and threat intelligence data served globally with latency based routing.",
+    "logo": "ipgeolocation.png",
+    "requirements": [
+        "An apiKey of ipGeolocation"
+    ],
+    "input": "IP address",
+    "output": "Additional information on the IP address, like its geolocation, the autonomous system it is included in.",
+    "references": [
+        "https://ipgeolocation.io/"
+    ],
+    "features": "The module takes an IP address attribute as input and queries the IpGeolocation API.  \nThe geolocation information on the IP address is always returned.\n\nDepending on the subscription plan, the API returns different pieces of information for details check our [page](https://ipgeolocation.io/ip-location-api.html)."
+}
diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py
index bf6c6db..d801834 100644
--- a/misp_modules/modules/expansion/__init__.py
+++ b/misp_modules/modules/expansion/__init__.py
@@ -20,7 +20,7 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c
            'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh',
            'qintel_qsentry', 'mwdb', 'hashlookup', 'mmdb_lookup', 'ipqs_fraud_and_risk_scoring',
            'clamav', 'jinja_template_rendering','hyasinsight', 'variotdbs', 'crowdsec',
-           'extract_url_components', 'ipinfo', 'whoisfreaks']
+           'extract_url_components', 'ipinfo', 'whoisfreaks', 'ipgeolocation']
 
 
 minimum_required_fields = ('type', 'uuid', 'value')
diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
new file mode 100644
index 0000000..946ccb2
--- /dev/null
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -0,0 +1,106 @@
+import json
+
+import requests
+from pymisp import MISPAttribute, MISPEvent, MISPObject
+
+mispattributes = {
+    'input': ['ip-dst'],
+    'format': 'misp_standard'
+}
+moduleinfo = {
+    'version': '1', 'author': 'IpGeolocation',
+    'description': 'Querry Using IpGeolocation.io',
+    'module-type': ['expansion', 'hover']
+}
+moduleconfig = ['apiKey']
+misperrors = {'error': 'Error'}
+
+
+def handler(q=False):
+    # Input checks
+    if q is False:
+        return False
+    request = json.loads(q)
+    if not request.get('config'):
+        misperrors['error'] = 'IpGeolocation Configuration is missing'
+        return misperrors
+    if not request['config'].get('apiKey'):
+        misperrors['error'] = 'IpGeolocation apiKey is missing'
+        return misperrors
+    
+    if request.get('ip-src'):
+            ip = request['ip-dst']
+            apiKey = request['config']['apiKey']
+            return handle_ip(apiKey, ip, misperrors)
+    else:
+        misperrors['error'] = "Unsupported attributes types"
+        return misperrors
+    
+def handle_ip(apiKey, ip, misperrors):
+
+    try:
+        results = query_ipgeolocation(apiKey, ip)
+    except Exception:
+        misperrors['error'] = "Error while processing IP Data"
+        return [], False
+
+
+    # Check if the IP address is not reserved for special use
+    if results.get('message'):
+        if 'bogon' in results['message']:
+            return {'error': 'The IP address(bogon IP) is reserved for special use'}
+        else:
+            return {'error': 'Error Occurred during IP data Extraction'}
+
+    # Initiate the MISP data structures
+    misp_event = MISPEvent()
+    input_attribute = MISPAttribute()
+    misp_event.add_attribute(**input_attribute)
+
+    # Parse the geolocation information related to the IP address
+    ipObject = MISPObject('ip-api-address')
+    mapping = get_mapping()
+    for field, relation in mapping.items():
+        ipObject.add_attribute(relation, results[field])
+        
+    misp_event.add_object(ipObject)
+
+    # Return the results in MISP format
+    event = json.loads(misp_event.to_json())
+    return {
+        'results': {key: event[key] for key in ('Attribute', 'Object')}
+    }
+
+
+def query_ipgeolocation(apiKey, ip):
+    query = requests.get(
+        f"https://api.ipgeolocation.io/ipgeo?apiKey={apiKey}&ip={ip}"
+    )
+    if query.status_code != 200:
+        return {'error': f'Error while querying ipGeolocation.io - {query.status_code}: {query.reason}'}
+    return query.json()
+
+def get_mapping():
+    return {
+        'isp':'ISP',
+        'asn':'asn',
+        'city':'city',
+        'country_name':'country',
+        'country_code2':'country-code',
+        'latitude':'latitude',
+        'longitude':'longitude',
+        'organization':'organization',
+        'continent_name':'region',
+        'continent_code':'region-code',
+        'state_prov':'state',
+        'zipcode':'zipcode',
+        'ip':'ip-src'
+    }
+
+def introspection():
+    return mispattributes
+
+
+def version():
+    moduleinfo['config'] = moduleconfig
+    return moduleinfo

From 78a60d8e96edabacfbcd6baeb447134ed32f59a5 Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Mon, 19 Jun 2023 13:52:55 +0500
Subject: [PATCH 02/23] updated IPGeolocation Module

---
 misp_modules/modules/expansion/ipgeolocation.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index 946ccb2..bfa1e4c 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -28,7 +28,7 @@ def handler(q=False):
         misperrors['error'] = 'IpGeolocation apiKey is missing'
         return misperrors
     
-    if request.get('ip-src'):
+    if request.get('ip-dst'):
             ip = request['ip-dst']
             apiKey = request['config']['apiKey']
             return handle_ip(apiKey, ip, misperrors)

From 0d40d067ae00b7ac8dbdc72cb5a8b5089fd26453 Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Mon, 19 Jun 2023 15:11:41 +0500
Subject: [PATCH 03/23] added multiple Attributes

---
 .../modules/expansion/ipgeolocation.py        | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index bfa1e4c..107adce 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -4,7 +4,7 @@ import requests
 from pymisp import MISPAttribute, MISPEvent, MISPObject
 
 mispattributes = {
-    'input': ['ip-dst'],
+    'input': ['ip-dst', 'ip-src'],
     'format': 'misp_standard'
 }
 moduleinfo = {
@@ -28,20 +28,19 @@ def handler(q=False):
         misperrors['error'] = 'IpGeolocation apiKey is missing'
         return misperrors
     
-    if request.get('ip-dst'):
-            ip = request['ip-dst']
-            apiKey = request['config']['apiKey']
-            return handle_ip(apiKey, ip, misperrors)
-    else:
-        misperrors['error'] = "Unsupported attributes types"
-        return misperrors
+    if request['attribute']['type'] not in mispattributes['input']:
+        return {'error': 'Unsupported attribute type.'}
+            
+    ip = request['attribute']['value']
+    apiKey = request['config']['apiKey']
+    return handle_ip(apiKey, ip, misperrors)
     
 def handle_ip(apiKey, ip, misperrors):
 
     try:
         results = query_ipgeolocation(apiKey, ip)
     except Exception:
-        misperrors['error'] = "Error while processing IP Data"
+        misperrors['error'] = "Error while Querying IP Address"
         return [], False
 
 
@@ -50,7 +49,7 @@ def handle_ip(apiKey, ip, misperrors):
         if 'bogon' in results['message']:
             return {'error': 'The IP address(bogon IP) is reserved for special use'}
         else:
-            return {'error': 'Error Occurred during IP data Extraction'}
+            return {'error': 'Error Occurred during IP data Extraction from Message'}
 
     # Initiate the MISP data structures
     misp_event = MISPEvent()

From a15d06e94fa4dcb7287ee5d17516a901f27b84d4 Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Mon, 19 Jun 2023 16:04:13 +0500
Subject: [PATCH 04/23] updated

---
 misp_modules/modules/expansion/ipgeolocation.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index 107adce..131f7d4 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -31,8 +31,14 @@ def handler(q=False):
     if request['attribute']['type'] not in mispattributes['input']:
         return {'error': 'Unsupported attribute type.'}
             
-    ip = request['attribute']['value']
-    apiKey = request['config']['apiKey']
+    try:
+        ip = request['attribute']['value']
+    except Exception:
+        return {'error': 'Error Getting IP' + request}
+    try:
+        apiKey = request['config']['apiKey']
+    except Exception:
+        return {'error': 'Error Getting apiKey' + request}
     return handle_ip(apiKey, ip, misperrors)
     
 def handle_ip(apiKey, ip, misperrors):

From 7c42950e9b45015803201bad88cb66be4b311858 Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Mon, 19 Jun 2023 16:11:58 +0500
Subject: [PATCH 05/23] updated

---
 misp_modules/modules/expansion/ipgeolocation.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index 131f7d4..ed5aabc 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -47,7 +47,7 @@ def handle_ip(apiKey, ip, misperrors):
         results = query_ipgeolocation(apiKey, ip)
     except Exception:
         misperrors['error'] = "Error while Querying IP Address"
-        return [], False
+        return []
 
 
     # Check if the IP address is not reserved for special use
@@ -65,9 +65,11 @@ def handle_ip(apiKey, ip, misperrors):
     # Parse the geolocation information related to the IP address
     ipObject = MISPObject('ip-api-address')
     mapping = get_mapping()
-    for field, relation in mapping.items():
-        ipObject.add_attribute(relation, results[field])
-        
+    try:
+        for field, relation in mapping.items():
+            ipObject.add_attribute(relation, results[field])
+    except Exception:
+        return {'error': 'Error while Adding attributes'}
     misp_event.add_object(ipObject)
 
     # Return the results in MISP format

From 6ac1ea946ed020c57a757513c84f027b905e9143 Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Mon, 19 Jun 2023 17:26:19 +0500
Subject: [PATCH 06/23] updated

---
 .../modules/expansion/ipgeolocation.py        | 26 +++++++------------
 1 file changed, 9 insertions(+), 17 deletions(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index ed5aabc..db507bd 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -13,7 +13,6 @@ moduleinfo = {
     'module-type': ['expansion', 'hover']
 }
 moduleconfig = ['apiKey']
-misperrors = {'error': 'Error'}
 
 
 def handler(q=False):
@@ -22,32 +21,25 @@ def handler(q=False):
         return False
     request = json.loads(q)
     if not request.get('config'):
-        misperrors['error'] = 'IpGeolocation Configuration is missing'
-        return misperrors
+        return {'error' : 'IpGeolocation Configuration is missing'}
     if not request['config'].get('apiKey'):
-        misperrors['error'] = 'IpGeolocation apiKey is missing'
-        return misperrors
+        return {'error' : 'IpGeolocation apiKey is missing'}
     
     if request['attribute']['type'] not in mispattributes['input']:
         return {'error': 'Unsupported attribute type.'}
             
-    try:
-        ip = request['attribute']['value']
-    except Exception:
-        return {'error': 'Error Getting IP' + request}
-    try:
-        apiKey = request['config']['apiKey']
-    except Exception:
-        return {'error': 'Error Getting apiKey' + request}
-    return handle_ip(apiKey, ip, misperrors)
+    ip = request['attribute']['value']
+    apiKey = request['config']['apiKey']
+    response = handle_ip(apiKey, ip)
+    return {'error': 'Going to the handleIP method' + response}
     
-def handle_ip(apiKey, ip, misperrors):
+    
+def handle_ip(apiKey, ip):
 
     try:
         results = query_ipgeolocation(apiKey, ip)
     except Exception:
-        misperrors['error'] = "Error while Querying IP Address"
-        return []
+        return {'error' : 'Error during querying IPGeolocation API.'}
 
 
     # Check if the IP address is not reserved for special use

From 2c2628114ea62c4ce41085438cb46eaa81d463c0 Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Mon, 19 Jun 2023 18:29:59 +0500
Subject: [PATCH 07/23] updated

---
 misp_modules/modules/expansion/ipgeolocation.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index db507bd..8672c5a 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -31,7 +31,7 @@ def handler(q=False):
     ip = request['attribute']['value']
     apiKey = request['config']['apiKey']
     response = handle_ip(apiKey, ip)
-    return {'error': 'Going to the handleIP method' + response}
+    return {'error': 'Going to the handleIP method'}
     
     
 def handle_ip(apiKey, ip):

From 44fa20d6439f77f1bef8c58edf68f0bdd473a837 Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Mon, 19 Jun 2023 20:59:22 +0500
Subject: [PATCH 08/23] updated readme for Index Page

---
 README.md                     | 2 +-
 documentation/mkdocs/index.md | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b1aaca0..2475329 100644
--- a/README.md
+++ b/README.md
@@ -98,7 +98,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
 * [VulnDB](misp_modules/modules/expansion/vulndb.py) - a module to query [VulnDB](https://www.riskbasedsecurity.com/).
 * [Vulners](misp_modules/modules/expansion/vulners.py) - an expansion module to expand information about CVEs using Vulners API.
 * [whois](misp_modules/modules/expansion/whois.py) - a module to query a local instance of [uwhois](https://github.com/rafiot/uwhoisd).
-* [whoisfreaks](misp_modules/modules/expansion/whoisfreaks.py) - An expansion module for [whoisfreaks](https://whoisfreaks.com/) that will provide an enriched analysis of the provided domain, including WHOIS and DNS information. Our [Whois service](https://whoisfreaks.com/products/whois-api.html), [DNS Lookup API](https://whoisfreaks.com/products/dns-records-api.html), and [SSL analysis](https://whoisfreaks.com/products/ssl-certificate-api.html), equips organizations with comprehensive threat intelligence and attack surface analysis capabilities for enhanced security. Explore our website's product section at https://whoisfreaks.com/ for a wide range of additional services catering to threat intelligence and attack surface analysis needs.
+* [whoisfreaks](misp_modules/modules/expansion/whoisfreaks.py) - an expansion module for [whoisfreaks](https://whoisfreaks.com/) that will provide an enriched analysis of the provided domain, including WHOIS and DNS information. Our [Whois service](https://whoisfreaks.com/products/whois-api.html), [DNS Lookup API](https://whoisfreaks.com/products/dns-records-api.html), and [SSL analysis](https://whoisfreaks.com/products/ssl-certificate-api.html), equips organizations with comprehensive threat intelligence and attack surface analysis capabilities for enhanced security. Explore our website's product section at https://whoisfreaks.com/ for a wide range of additional services catering to threat intelligence and attack surface analysis needs.
 * [wikidata](misp_modules/modules/expansion/wiki.py) - a [wikidata](https://www.wikidata.org) expansion module.
 * [xforce](misp_modules/modules/expansion/xforceexchange.py) - an IBM X-Force Exchange expansion module.
 * [xlsx-enrich](misp_modules/modules/expansion/xlsx_enrich.py) - an enrichment module to get text out of an Excel document into MISP (using free-text parser).
diff --git a/documentation/mkdocs/index.md b/documentation/mkdocs/index.md
index e2c5a13..72e520c 100644
--- a/documentation/mkdocs/index.md
+++ b/documentation/mkdocs/index.md
@@ -42,6 +42,7 @@ For more information: [Extending MISP with Python modules](https://www.circl.lu/
 * [hashdd](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hashdd.py) - a hover module to check file hashes against [hashdd.com](http://www.hashdd.com) including NSLR dataset.
 * [hibp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py) - a hover module to lookup against Have I Been Pwned?
 * [intel471](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/intel471.py) - an expansion module to get info from [Intel471](https://intel471.com).
+* [Ipgeolocation](https://ipgeolocation.io/) - an expansion and hover module for IP Intelligence Stack with [IP to Geolocation](https://ipgeolocation.io/ip-location-api.html), [Timezone](https://ipgeolocation.io/astronomy-api.html) and [Astronomy API](https://ipgeolocation.io/timezone-api.html).
 * [IPASN](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ipasn.py) - a hover and expansion to get the BGP ASN of an IP address.
 * [iprep](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/iprep.py) - an expansion module to get IP reputation from packetmail.net.
 * [Joe Sandbox submit](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/joesandbox_submit.py) - Submit files and URLs to Joe Sandbox.
@@ -76,6 +77,7 @@ For more information: [Extending MISP with Python modules](https://www.circl.lu/
 * [VulnDB](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py) - a module to query [VulnDB](https://www.riskbasedsecurity.com/).
 * [Vulners](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulners.py) - an expansion module to expand information about CVEs using Vulners API.
 * [whois](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py) - a module to query a local instance of [uwhois](https://github.com/rafiot/uwhoisd).
+* [whoisfreaks](misp_modules/modules/expansion/whoisfreaks.py) - an expansion module for [whoisfreaks](https://whoisfreaks.com/) that will provide an enriched analysis of the provided domain, including WHOIS and DNS information. Our [Whois service](https://whoisfreaks.com/products/whois-api.html), [DNS Lookup API](https://whoisfreaks.com/products/dns-records-api.html), and [SSL analysis](https://whoisfreaks.com/products/ssl-certificate-api.html), equips organizations with comprehensive threat intelligence and attack surface analysis capabilities for enhanced security. Explore our website's product section at https://whoisfreaks.com/ for a wide range of additional services catering to threat intelligence and attack surface analysis needs.
 * [wikidata](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/wiki.py) - a [wikidata](https://www.wikidata.org) expansion module.
 * [xforce](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/xforceexchange.py) - an IBM X-Force Exchange expansion module.
 * [xlsx-enrich](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/xlsx-enrich.py) - an enrichment module to get text out of an Excel document into MISP (using free-text parser).

From fd929c592c9165c168141338bd92df87b9124717 Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Mon, 19 Jun 2023 21:00:11 +0500
Subject: [PATCH 09/23] updated

---
 misp_modules/modules/expansion/ipgeolocation.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index 8672c5a..3c0522e 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -30,6 +30,7 @@ def handler(q=False):
             
     ip = request['attribute']['value']
     apiKey = request['config']['apiKey']
+    return {'error': 'Going to the handleIP method'}
     response = handle_ip(apiKey, ip)
     return {'error': 'Going to the handleIP method'}
     

From b28d1871f7df9c7393aaa4e66a5f61ee8b63acea Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Mon, 19 Jun 2023 21:00:52 +0500
Subject: [PATCH 10/23] updated

---
 misp_modules/modules/expansion/ipgeolocation.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index 3c0522e..5d3a1c4 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -31,8 +31,8 @@ def handler(q=False):
     ip = request['attribute']['value']
     apiKey = request['config']['apiKey']
     return {'error': 'Going to the handleIP method'}
-    response = handle_ip(apiKey, ip)
-    return {'error': 'Going to the handleIP method'}
+    # response = handle_ip(apiKey, ip)
+    # return {'error': 'Going to the handleIP method'}
     
     
 def handle_ip(apiKey, ip):

From fe047eafc717a0099dc96a9cbf4dcc709dd4dc08 Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Mon, 19 Jun 2023 21:47:24 +0500
Subject: [PATCH 11/23] testing

---
 .../modules/expansion/ipgeolocation.py        | 53 ++++++++++---------
 1 file changed, 29 insertions(+), 24 deletions(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index 5d3a1c4..5556620 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -30,9 +30,9 @@ def handler(q=False):
             
     ip = request['attribute']['value']
     apiKey = request['config']['apiKey']
+    # Correct
+    response = handle_ip(apiKey, ip)
     return {'error': 'Going to the handleIP method'}
-    # response = handle_ip(apiKey, ip)
-    # return {'error': 'Going to the handleIP method'}
     
     
 def handle_ip(apiKey, ip):
@@ -44,32 +44,37 @@ def handle_ip(apiKey, ip):
 
 
     # Check if the IP address is not reserved for special use
-    if results.get('message'):
-        if 'bogon' in results['message']:
-            return {'error': 'The IP address(bogon IP) is reserved for special use'}
-        else:
-            return {'error': 'Error Occurred during IP data Extraction from Message'}
-
-    # Initiate the MISP data structures
-    misp_event = MISPEvent()
-    input_attribute = MISPAttribute()
-    misp_event.add_attribute(**input_attribute)
-
-    # Parse the geolocation information related to the IP address
-    ipObject = MISPObject('ip-api-address')
-    mapping = get_mapping()
     try:
-        for field, relation in mapping.items():
-            ipObject.add_attribute(relation, results[field])
+        if results.get('message'):
+            if 'bogon' in results['message']:
+                return {'error': 'The IP address(bogon IP) is reserved for special use'}
+            else:
+                return {'error': 'Error Occurred during IP data Extraction from Message'}
     except Exception:
-        return {'error': 'Error while Adding attributes'}
-    misp_event.add_object(ipObject)
+        return {'error': 'line 54'}
+    try:
+        misp_event = MISPEvent()
+    except Exception:
+        return {'error': 'line 58'}
+    # input_attribute = MISPAttribute()
+    # misp_event.add_attribute(**input_attribute)
 
+
+    ipObject = MISPObject('ip-api-address')
+    return {'error': 'line 64'}
+    # mapping = get_mapping().json()
+    # try:
+        # for field, relation in mapping.items():
+            # ipObject.add_attribute(relation, results[field])
+    # except Exception:
+        # return {'error': 'Error while Adding attributes'}
+    # misp_event.add_object(ipObject)
+# 
     # Return the results in MISP format
-    event = json.loads(misp_event.to_json())
-    return {
-        'results': {key: event[key] for key in ('Attribute', 'Object')}
-    }
+    # event = json.loads(misp_event.to_json())
+    # return {
+        # 'results': {key: event[key] for key in ('Attribute', 'Object')}
+    # }
 
 
 def query_ipgeolocation(apiKey, ip):

From 84ecb424d14a7916f0ff773b544e0800725564df Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Mon, 19 Jun 2023 22:21:35 +0500
Subject: [PATCH 12/23] updated

---
 .../modules/expansion/ipgeolocation.py        | 53 ++++++++-----------
 1 file changed, 22 insertions(+), 31 deletions(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index 5556620..a18cc9d 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -28,14 +28,14 @@ def handler(q=False):
     if request['attribute']['type'] not in mispattributes['input']:
         return {'error': 'Unsupported attribute type.'}
             
+    attribute = request['attribute']
     ip = request['attribute']['value']
     apiKey = request['config']['apiKey']
     # Correct
-    response = handle_ip(apiKey, ip)
-    return {'error': 'Going to the handleIP method'}
+    return handle_ip(apiKey, ip, attribute)
     
     
-def handle_ip(apiKey, ip):
+def handle_ip(apiKey, ip, attribute):
 
     try:
         results = query_ipgeolocation(apiKey, ip)
@@ -44,37 +44,28 @@ def handle_ip(apiKey, ip):
 
 
     # Check if the IP address is not reserved for special use
-    try:
-        if results.get('message'):
-            if 'bogon' in results['message']:
-                return {'error': 'The IP address(bogon IP) is reserved for special use'}
-            else:
-                return {'error': 'Error Occurred during IP data Extraction from Message'}
-    except Exception:
-        return {'error': 'line 54'}
-    try:
-        misp_event = MISPEvent()
-    except Exception:
-        return {'error': 'line 58'}
-    # input_attribute = MISPAttribute()
-    # misp_event.add_attribute(**input_attribute)
-
+    if results.get('message'):
+        if 'bogon' in results['message']:
+            return {'error': 'The IP address(bogon IP) is reserved for special use'}
+        else:
+            return {'error': 'Error Occurred during IP data Extraction from Message'}
+    misp_event = MISPEvent()
+    input_attribute = MISPAttribute()
+    input_attribute.from_dict(**attribute)
+    misp_event.add_attribute(**input_attribute)
 
     ipObject = MISPObject('ip-api-address')
-    return {'error': 'line 64'}
-    # mapping = get_mapping().json()
-    # try:
-        # for field, relation in mapping.items():
-            # ipObject.add_attribute(relation, results[field])
-    # except Exception:
-        # return {'error': 'Error while Adding attributes'}
-    # misp_event.add_object(ipObject)
-# 
+    # Correct
+    mapping = get_mapping().json()
+    for field, relation in mapping.items():
+        ipObject.add_attribute(relation, results[field])
+    misp_event.add_object(ipObject)
+
     # Return the results in MISP format
-    # event = json.loads(misp_event.to_json())
-    # return {
-        # 'results': {key: event[key] for key in ('Attribute', 'Object')}
-    # }
+    event = json.loads(misp_event.to_json())
+    return {
+        'results': {key: event[key] for key in ('Attribute', 'Object')}
+    }
 
 
 def query_ipgeolocation(apiKey, ip):

From 00f1af5c5935fdd406d3109d896a9ae083b09265 Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Tue, 20 Jun 2023 11:32:10 +0500
Subject: [PATCH 13/23] removed the bug

---
 misp_modules/modules/expansion/ipgeolocation.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index a18cc9d..34cf045 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -56,7 +56,7 @@ def handle_ip(apiKey, ip, attribute):
 
     ipObject = MISPObject('ip-api-address')
     # Correct
-    mapping = get_mapping().json()
+    mapping = get_mapping()
     for field, relation in mapping.items():
         ipObject.add_attribute(relation, results[field])
     misp_event.add_object(ipObject)
@@ -100,3 +100,14 @@ def introspection():
 def version():
     moduleinfo['config'] = moduleconfig
     return moduleinfo
+
+# def main():
+#     attribute = {
+#         'type' : 'ip-src',
+#         'value' : '20.20.12.154'
+#     }
+#     handle_ip('efe037a76a17432fad2dbdca8299d559','21.02.15.123', attribute)    
+    
+# if __name__ == '__main__':
+#     main()
+

From 36fb91882ab8863e1949b445e49bf940db8ad728 Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Tue, 20 Jun 2023 12:49:05 +0500
Subject: [PATCH 14/23] updated

---
 .../modules/expansion/ipgeolocation.py        | 62 ++++++++++++-------
 1 file changed, 39 insertions(+), 23 deletions(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index 34cf045..509bfb9 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -1,4 +1,5 @@
 import json
+import traceback
 
 import requests
 from pymisp import MISPAttribute, MISPEvent, MISPObject
@@ -32,8 +33,8 @@ def handler(q=False):
     ip = request['attribute']['value']
     apiKey = request['config']['apiKey']
     # Correct
-    return handle_ip(apiKey, ip, attribute)
-    
+    response = handle_ip(apiKey, ip, attribute)
+    return {'error' : f'Completed Response - {response}'}
     
 def handle_ip(apiKey, ip, attribute):
 
@@ -49,23 +50,37 @@ def handle_ip(apiKey, ip, attribute):
             return {'error': 'The IP address(bogon IP) is reserved for special use'}
         else:
             return {'error': 'Error Occurred during IP data Extraction from Message'}
-    misp_event = MISPEvent()
-    input_attribute = MISPAttribute()
-    input_attribute.from_dict(**attribute)
-    misp_event.add_attribute(**input_attribute)
+    try:
+        misp_event = MISPEvent()
+        input_attribute = MISPAttribute()
+        # input_attribute.from_dict(**attribute)
+        misp_event.add_attribute(**input_attribute)
+    except Exception:
+        return {'error': f'Error on line 58 - {traceback.print_exc()}'}
 
     ipObject = MISPObject('ip-api-address')
     # Correct
-    mapping = get_mapping()
-    for field, relation in mapping.items():
-        ipObject.add_attribute(relation, results[field])
-    misp_event.add_object(ipObject)
-
+    try:
+        mapping = get_mapping()
+    except Exception:
+        return {'error': f'Error on line 66 - {traceback.print_exc()}'}
+    try:
+        for field, relation in mapping.items():
+            ipObject.add_attribute(relation, results[field])
+    except Exception:
+        return {'error': f'Error on line 71 - {traceback.print_exc()}'}
+    try:
+        misp_event.add_object(ipObject)
+    except Exception:
+        return {'error': f'Error on line 75 - {traceback.print_exc()}'}
     # Return the results in MISP format
-    event = json.loads(misp_event.to_json())
-    return {
-        'results': {key: event[key] for key in ('Attribute', 'Object')}
-    }
+    try:
+        event = json.loads(misp_event.to_json())
+        return {
+            'results': {key: event[key] for key in ('Attribute', 'Object')}
+        }
+    except Exception:
+        return {'error': f'Error on line 83 - {traceback.print_exc()}'}
 
 
 def query_ipgeolocation(apiKey, ip):
@@ -101,13 +116,14 @@ def version():
     moduleinfo['config'] = moduleconfig
     return moduleinfo
 
-# def main():
-#     attribute = {
-#         'type' : 'ip-src',
-#         'value' : '20.20.12.154'
-#     }
-#     handle_ip('efe037a76a17432fad2dbdca8299d559','21.02.15.123', attribute)    
+def main():
+    attribute = {
+        'type' : 'ip-src',
+        'value' : '20.20.12.154'
+    }
+    handle_ip('efe037a76a17432fad2dbdca8299d559','21.02.15.123', attribute)    
     
-# if __name__ == '__main__':
-#     main()
+if __name__ == '__main__':
+    main()
+
 

From 2a1b8102ab967cb05f6fd7b80a763125c66f99ac Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Tue, 20 Jun 2023 12:52:24 +0500
Subject: [PATCH 15/23] updated

---
 misp_modules/modules/expansion/ipgeolocation.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index 509bfb9..f127d97 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -53,7 +53,7 @@ def handle_ip(apiKey, ip, attribute):
     try:
         misp_event = MISPEvent()
         input_attribute = MISPAttribute()
-        # input_attribute.from_dict(**attribute)
+        input_attribute.from_dict(**attribute)
         misp_event.add_attribute(**input_attribute)
     except Exception:
         return {'error': f'Error on line 58 - {traceback.print_exc()}'}

From aeb65b1328b55c4d18c43f3189c4193501cdc610 Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Tue, 20 Jun 2023 13:07:42 +0500
Subject: [PATCH 16/23] updated

---
 misp_modules/modules/expansion/ipgeolocation.py | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index f127d97..94ad6a5 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -116,14 +116,14 @@ def version():
     moduleinfo['config'] = moduleconfig
     return moduleinfo
 
-def main():
-    attribute = {
-        'type' : 'ip-src',
-        'value' : '20.20.12.154'
-    }
-    handle_ip('efe037a76a17432fad2dbdca8299d559','21.02.15.123', attribute)    
+# def main():
+#     attribute = {
+#         'type' : 'ip-src',
+#         'value' : '20.20.12.154'
+#     }
+#     handle_ip('efe037a76a17432fad2dbdca8299d559','21.02.15.123', attribute)    
     
-if __name__ == '__main__':
-    main()
+# if __name__ == '__main__':
+#     main()
 
 

From 4021b97254a088724a7d55e2adf2fdcfbc22b165 Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Tue, 20 Jun 2023 13:50:31 +0500
Subject: [PATCH 17/23] updated

---
 .../modules/expansion/ipgeolocation.py        | 65 ++++++-------------
 1 file changed, 19 insertions(+), 46 deletions(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index 94ad6a5..783f53f 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -32,64 +32,37 @@ def handler(q=False):
     attribute = request['attribute']
     ip = request['attribute']['value']
     apiKey = request['config']['apiKey']
-    # Correct
-    response = handle_ip(apiKey, ip, attribute)
-    return {'error' : f'Completed Response - {response}'}
-    
-def handle_ip(apiKey, ip, attribute):
-
-    try:
-        results = query_ipgeolocation(apiKey, ip)
-    except Exception:
-        return {'error' : 'Error during querying IPGeolocation API.'}
+    query = requests.get(f"https://api.ipgeolocation.io/ipgeo?apiKey={apiKey}&ip={ip}")
+    if query.status_code != 200:
+        return {'error': f'Error while querying ipGeolocation.io - {query.status_code}: {query.reason}'}
 
 
     # Check if the IP address is not reserved for special use
-    if results.get('message'):
-        if 'bogon' in results['message']:
+    if query.get('message'):
+        if 'bogon' in query['message']:
             return {'error': 'The IP address(bogon IP) is reserved for special use'}
         else:
             return {'error': 'Error Occurred during IP data Extraction from Message'}
-    try:
-        misp_event = MISPEvent()
-        input_attribute = MISPAttribute()
-        input_attribute.from_dict(**attribute)
-        misp_event.add_attribute(**input_attribute)
-    except Exception:
-        return {'error': f'Error on line 58 - {traceback.print_exc()}'}
+    misp_event = MISPEvent()
+    input_attribute = MISPAttribute()
+    input_attribute.from_dict(**attribute)
+    misp_event.add_attribute(**input_attribute)
 
     ipObject = MISPObject('ip-api-address')
     # Correct
-    try:
-        mapping = get_mapping()
-    except Exception:
-        return {'error': f'Error on line 66 - {traceback.print_exc()}'}
-    try:
-        for field, relation in mapping.items():
-            ipObject.add_attribute(relation, results[field])
-    except Exception:
-        return {'error': f'Error on line 71 - {traceback.print_exc()}'}
-    try:
-        misp_event.add_object(ipObject)
-    except Exception:
-        return {'error': f'Error on line 75 - {traceback.print_exc()}'}
+    mapping = get_mapping()
+    for field, relation in mapping.items():
+        ipObject.add_attribute(relation, query[field])
+    misp_event.add_object(ipObject)
     # Return the results in MISP format
-    try:
-        event = json.loads(misp_event.to_json())
-        return {
-            'results': {key: event[key] for key in ('Attribute', 'Object')}
-        }
-    except Exception:
-        return {'error': f'Error on line 83 - {traceback.print_exc()}'}
+    event = json.loads(misp_event.to_json())
+    return {
+        'results': {key: event[key] for key in ('Attribute', 'Object')}
+    }
+    # return {'error' : 'Completed Response'}
+
 
 
-def query_ipgeolocation(apiKey, ip):
-    query = requests.get(
-        f"https://api.ipgeolocation.io/ipgeo?apiKey={apiKey}&ip={ip}"
-    )
-    if query.status_code != 200:
-        return {'error': f'Error while querying ipGeolocation.io - {query.status_code}: {query.reason}'}
-    return query.json()
 
 def get_mapping():
     return {

From 15a6adce869818e97b094934c9f975739d389b2d Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Tue, 20 Jun 2023 14:02:49 +0500
Subject: [PATCH 18/23] updated

---
 misp_modules/modules/expansion/ipgeolocation.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index 783f53f..45719bb 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -53,6 +53,7 @@ def handler(q=False):
     mapping = get_mapping()
     for field, relation in mapping.items():
         ipObject.add_attribute(relation, query[field])
+    ipObject.add_reference(input_attribute.uuid, 'locates')
     misp_event.add_object(ipObject)
     # Return the results in MISP format
     event = json.loads(misp_event.to_json())
@@ -61,9 +62,6 @@ def handler(q=False):
     }
     # return {'error' : 'Completed Response'}
 
-
-
-
 def get_mapping():
     return {
         'isp':'ISP',

From c32d7722757beb5fc44fe32da1fd32553a55f29f Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Tue, 20 Jun 2023 14:26:53 +0500
Subject: [PATCH 19/23] updated

---
 .../modules/expansion/ipgeolocation.py        | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index 45719bb..0451eb3 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -15,6 +15,22 @@ moduleinfo = {
 }
 moduleconfig = ['apiKey']
 
+_IPGEO_MAPPING ={
+        'isp':'ISP',
+        'asn':'asn',
+        'city':'city',
+        'country_name':'country',
+        'country_code2':'country-code',
+        'latitude':'latitude',
+        'longitude':'longitude',
+        'organization':'organization',
+        'continent_name':'region',
+        'continent_code':'region-code',
+        'state_prov':'state',
+        'zipcode':'zipcode',
+        'ip':'ip-src'
+    }
+
 
 def handler(q=False):
     # Input checks
@@ -50,8 +66,7 @@ def handler(q=False):
 
     ipObject = MISPObject('ip-api-address')
     # Correct
-    mapping = get_mapping()
-    for field, relation in mapping.items():
+    for field, relation in _IPGEO_MAPPING.items():
         ipObject.add_attribute(relation, query[field])
     ipObject.add_reference(input_attribute.uuid, 'locates')
     misp_event.add_object(ipObject)

From d3d772a2251c19cb59d86572829c52b8977f1d75 Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Tue, 20 Jun 2023 14:31:10 +0500
Subject: [PATCH 20/23] updated

---
 .../modules/expansion/ipgeolocation.py        | 30 +++++++++----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index 0451eb3..e3c615c 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -16,20 +16,20 @@ moduleinfo = {
 moduleconfig = ['apiKey']
 
 _IPGEO_MAPPING ={
-        'isp':'ISP',
-        'asn':'asn',
-        'city':'city',
-        'country_name':'country',
-        'country_code2':'country-code',
-        'latitude':'latitude',
-        'longitude':'longitude',
-        'organization':'organization',
-        'continent_name':'region',
-        'continent_code':'region-code',
-        'state_prov':'state',
-        'zipcode':'zipcode',
-        'ip':'ip-src'
-    }
+    'isp':'ISP',
+    'asn':'asn',
+    'city':'city',
+    'country_name':'country',
+    'country_code2':'country-code',
+    'latitude':'latitude',
+    'longitude':'longitude',
+    'organization':'organization',
+    'continent_name':'region',
+    'continent_code':'region-code',
+    'state_prov':'state',
+    'zipcode':'zipcode',
+    'ip':'ip-src'
+}
 
 
 def handler(q=False):
@@ -37,7 +37,7 @@ def handler(q=False):
     if q is False:
         return False
     request = json.loads(q)
-    if not request.get('config'):
+    if request.get('config'):
         return {'error' : 'IpGeolocation Configuration is missing'}
     if not request['config'].get('apiKey'):
         return {'error' : 'IpGeolocation apiKey is missing'}

From 0c9550fae5494dd25d58bc2ed80bcc8b997cc21d Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Tue, 20 Jun 2023 14:42:35 +0500
Subject: [PATCH 21/23] updated

---
 misp_modules/modules/expansion/ipgeolocation.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index e3c615c..22adeb3 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -37,7 +37,7 @@ def handler(q=False):
     if q is False:
         return False
     request = json.loads(q)
-    if request.get('config'):
+    if not request.get('config'):
         return {'error' : 'IpGeolocation Configuration is missing'}
     if not request['config'].get('apiKey'):
         return {'error' : 'IpGeolocation apiKey is missing'}

From fe1dc07de81b56c08278b9a3fb2df39b9d2404cf Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Tue, 20 Jun 2023 14:45:51 +0500
Subject: [PATCH 22/23] updated

---
 misp_modules/modules/expansion/ipgeolocation.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index 22adeb3..a2244ae 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -51,8 +51,7 @@ def handler(q=False):
     query = requests.get(f"https://api.ipgeolocation.io/ipgeo?apiKey={apiKey}&ip={ip}")
     if query.status_code != 200:
         return {'error': f'Error while querying ipGeolocation.io - {query.status_code}: {query.reason}'}
-
-
+    query = query.json()
     # Check if the IP address is not reserved for special use
     if query.get('message'):
         if 'bogon' in query['message']:

From 98cb43668d119f7c75fc758fa6561a9b749561b0 Mon Sep 17 00:00:00 2001
From: Usama015 <usama@jfreaks.com>
Date: Tue, 20 Jun 2023 15:43:09 +0500
Subject: [PATCH 23/23] Completed Testing

---
 docs/index.md                                 |  2 ++
 .../modules/expansion/ipgeolocation.py        | 27 -------------------
 2 files changed, 2 insertions(+), 27 deletions(-)

diff --git a/docs/index.md b/docs/index.md
index e2c5a13..5bb9272 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -41,6 +41,7 @@ For more information: [Extending MISP with Python modules](https://www.circl.lu/
 * [Greynoise](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/greynoise.py) - a hover to get information from greynoise.
 * [hashdd](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hashdd.py) - a hover module to check file hashes against [hashdd.com](http://www.hashdd.com) including NSLR dataset.
 * [hibp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py) - a hover module to lookup against Have I Been Pwned?
+* [Ipgeolocation](https://ipgeolocation.io/) - an expansion and hover module for IP Intelligence Stack with [IP to Geolocation](https://ipgeolocation.io/ip-location-api.html), [Timezone](https://ipgeolocation.io/astronomy-api.html) and [Astronomy API](https://ipgeolocation.io/timezone-api.html).
 * [intel471](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/intel471.py) - an expansion module to get info from [Intel471](https://intel471.com).
 * [IPASN](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ipasn.py) - a hover and expansion to get the BGP ASN of an IP address.
 * [iprep](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/iprep.py) - an expansion module to get IP reputation from packetmail.net.
@@ -75,6 +76,7 @@ For more information: [Extending MISP with Python modules](https://www.circl.lu/
 * [VMray](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmray_submit.py) - a module to submit a sample to VMray.
 * [VulnDB](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py) - a module to query [VulnDB](https://www.riskbasedsecurity.com/).
 * [Vulners](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulners.py) - an expansion module to expand information about CVEs using Vulners API.
+* [whoisfreaks](misp_modules/modules/expansion/whoisfreaks.py) - an expansion module for [whoisfreaks](https://whoisfreaks.com/) that will provide an enriched analysis of the provided domain, including WHOIS and DNS information. Our [Whois service](https://whoisfreaks.com/products/whois-api.html), [DNS Lookup API](https://whoisfreaks.com/products/dns-records-api.html), and [SSL analysis](https://whoisfreaks.com/products/ssl-certificate-api.html), equips organizations with comprehensive threat intelligence and attack surface analysis capabilities for enhanced security. Explore our website's product section at https://whoisfreaks.com/ for a wide range of additional services catering to threat intelligence and attack surface analysis needs.
 * [whois](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py) - a module to query a local instance of [uwhois](https://github.com/rafiot/uwhoisd).
 * [wikidata](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/wiki.py) - a [wikidata](https://www.wikidata.org) expansion module.
 * [xforce](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/xforceexchange.py) - an IBM X-Force Exchange expansion module.
diff --git a/misp_modules/modules/expansion/ipgeolocation.py b/misp_modules/modules/expansion/ipgeolocation.py
index a2244ae..c4030ec 100644
--- a/misp_modules/modules/expansion/ipgeolocation.py
+++ b/misp_modules/modules/expansion/ipgeolocation.py
@@ -74,24 +74,6 @@ def handler(q=False):
     return {
         'results': {key: event[key] for key in ('Attribute', 'Object')}
     }
-    # return {'error' : 'Completed Response'}
-
-def get_mapping():
-    return {
-        'isp':'ISP',
-        'asn':'asn',
-        'city':'city',
-        'country_name':'country',
-        'country_code2':'country-code',
-        'latitude':'latitude',
-        'longitude':'longitude',
-        'organization':'organization',
-        'continent_name':'region',
-        'continent_code':'region-code',
-        'state_prov':'state',
-        'zipcode':'zipcode',
-        'ip':'ip-src'
-    }
 
 def introspection():
     return mispattributes
@@ -101,14 +83,5 @@ def version():
     moduleinfo['config'] = moduleconfig
     return moduleinfo
 
-# def main():
-#     attribute = {
-#         'type' : 'ip-src',
-#         'value' : '20.20.12.154'
-#     }
-#     handle_ip('efe037a76a17432fad2dbdca8299d559','21.02.15.123', attribute)    
-    
-# if __name__ == '__main__':
-#     main()