This article talks about the different fields used in Geolocation and Anonymizer tables for CA Risk Authentication.
Release: 9.1.x
Component: Risk Authentication
GeoPoint's geographic data fields provide the specific details of the location of the IP address.
continent
— The continent in which the IP address is located. IP Intelligence recognizes eight continents:
country_code
— The International Standard Organization's two-letter code indicating the name of the country, as defined in ISO-3166.
country_cf
— Because IP addresses are located with different levels of precision, IP Intelligence provides a country confidence factor that reflects a relative measure of certainty that the user is in the location identified in the country
field. The possible values range from 0
(null) to 99
. The higher the value, the greater the likelihood that the user is in the assigned country.
region
— Specifies generic or regional geographical designation that covers a larger area than state (such as northwest in the US
) for some countries, and specific information (such as northern_ireland
) for a few other countries. Region information is limited and includes: US, UK, Brazil, Denmark, France, The Philippines, Belgium, Burkina Faso, Equatorial Guinea, Greece, Guinea, Indonesia, Ireland, Ital, Malawi , Marshall Islands, New Zealand, Slovenia, Spain, Sri Lanka and Uganda.
state
— IP Intelligence provides information for states and provinces (that is, the first-level administrative division) in all countries where they exist.
NOTE: In order to best serve our customers, many of whom operate in countries outside the US, IP Intelligence uses the localized spelling for state
values. For example, the state of Tuscany in Italy is identified as ‘toscana
’ in GeoPoint data. This approach ensures the highest degree of system compatibility, as well as the ability to use localized state names for customer applications serving those countries.
state_cf
— Because IP addresses are located with different levels of precision, IP Intelligence provides a state
confidence factor that reflects a relative measure of certainty that the user is in the location identified in the state field. The possible values range from 0
(null) to 99
. The higher the value, the greater the likelihood that the user is in the assigned state.
time_zone
— Time zone is provided as a +/- offset from Greenwich Mean Time (GMT), represented as a floating point number, so that you can calculate what time it is in the location provided. Values can be between -11
and 13
.
time_zone
is derived from the city
field if known, or from the country
field if city
is unknown. If city
is unassigned and the country spans multiple time zones, a value of ‘999
’ is returned.
dma
— Defined Market Areas (DMAs) are codes assigned to geographical regions where the population typically receives similar media. Traditionally radio and television were the target media, but the regions are also applicable to newspapers and Internet. The code are based on Nielsen's market codes and also have parity with Google's metropolitan area codes. The geographical areas defined by the code can coincide and overlap with one or more metropolitan regions. For example, San Francisco, San Jose, and Oakland all fall into the same DMA.
msa
— Metropolitan Statistical Areas (MSAs) are geographical boundaries of US counties or towns using the Core-Based Statistical Areas (CBSAs), as defined by the US Office of Management and Budget (OMB), from data gathered by the US Census Bureau. There is extensive demographic information available for these areas, and IP Intelligence provides them to help our customers understand the demographics of their user populations.
For more information on MSAs, see the US Census Bureau's MSA Overview and Definitions pages.
area_code
— A phone number prefix assigned to the corresponding city. Only one prefix is available per city. Prefixes are available in the US, Canada, and selectively in other countries.
NOTE: area_code
does not include the telephone country code.
city — IP Intelligence locates users to their individual cites and recognizes over 150,000 distinct international locations.
NOTE: In order to best serve our customers, many of whom operate in countries outside the US, IP Intelligence uses the localized spelling for city
values. For example, the city of Rome in Italy is identified as ‘roma
’ in GeoPoint data. This approach ensures the highest degree of system compatibility, as well as the ability to use localized state names for customer applications serving those countries.
city_cf
— Because IP addresses are located with different levels of precision, IP Intelligence provides a city confidence factor that reflects a relative measure of certainty that the user is in the location identified in the city
field. The possible values range from0
(null) to 99
. The higher the value, the greater the likelihood that the user is in the assigned city.
postal_code
— The postal code assigned to the corresponding city. Most of GeoPoint's postal code assignments are derived from the city
field. Where we have sufficient evidence, the postal code is explicit. IP Intelligence provides postal codes for most countries.
postal_code_cf
— (Future.) Because IP addresses are located with different levels of precision, GeoPoint will soon include a postal code confidence factor that reflects a relative measure of certainty that the user is in the location identified in the postal_code
field. The possible values range from 0
(null) to 99
. The higher the value, the greater the likelihood that the user is in the assigned postal code.
NOTE: postal_code_cf
will be available in the future. To learn more, contact Neustar at [email protected].
latitude — The latitude of the identified location, expressed as a floating point number with range of -90
to 90
, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code.
longitude
— The longitude of the identified location, expressed as a floating point number with range of -180
to 180
, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code.
GeoPoint's network characteristics data fields provide the details of the network connection from the IP address.
ip_routing_type
— The IP Routing Type (IPRT) specifies how the connection is routed through the Internet and can be used to determine how close the user is to the public IP address. For example, a user connecting through a fixed connection is likely very close to the connection. A user connecting through a regional proxy is probably in the same country as the connection, whereas a user connecting through a satellite connection could be anywhere.
The possible IPRTs are:
IP Routing Type | Description |
---|---|
fixed |
The user is connecting through a fixed-line connection, such as cable, DSL, T1, and fiber. For a fixed IPRT, the user is likely to be at or near the location assigned to the IP. |
aol |
The user is part of the AOL network. IP Intelligence can identify the user country in most cases. However, establishing the user location below country is not possible. The specific values reflect specific functions within the AOL network. For most commercial applications, all these values indicate only that the IP address is part of the AOL network. |
pop |
The user is dialing into a regional ISP (Internet Service Provider) and is likely to be near the IP location. Note, however, that the user might be dialing across geographical boundaries. |
superpop |
The user is dialing into a multi-state or multi-national ISP and is not likely to be near the IP location. Furthermore, the user might be dialing across geographical boundaries. |
satellite |
The user is connecting to the Internet through a consumer satellite or a backbone satellite provider, where no information about the terrestrial connection is available. In both cases, the user can be anywhere within the beam pattern of the satellite, which can span a continent or more. By definition, the satellite IPRT does not by itself indicate that the end user is connected via satellite, rather that the user’s traffic was routed through a satellite connection. To confirm that the end user is connecting through a consumer satellite service, refer to connection_type field. |
cache proxy |
&The user is using a proxy connection, either through an Internet accelerator or a content distribution service. It is possible the user is located in a different country from the IP location. |
international proxy |
The user is connecting through a proxy (not an anonymizer) that routes traffic from multiple countries. It is possible the user is located in a different country from the IP location. In many cases, these are corporate networks that route traffic from international offices through a central point, often the corporate headquarters. |
regional proxy |
The user is connecting through a proxy (not an anonymizer) that routes traffic from multiple states within a single country. It is possible the user is located in a different state from the IP location. In many cases, these are corporate networks that route traffic from regional offices through a central point, often the corporate headquarters. |
mobile gateway |
The user is using a gateway to connect mobile devices to the public Internet. Many mobile operators, especially in Europe, serve more than one country and backhaul traffic through centralized network hubs. For example, Research in Motion, provider of the Blackberry service, backhauls US and Canadian traffic through Canada. Therefore, it is possible the user is located in a different country from the IP location. |
connection_type
— Users can connect to the Internet in several different ways. IP Intelligence identifies connections by these types:
Connection Type | Description |
---|---|
ocx | Fiber optic connections (including OC-3, OC-48, OC-192, etc.), which are used primarily by large backbone carriers. |
tx | Leased line, that is, T1, T2, T3, or T4, circuits used by many small- and medium-sized companies. |
consumer satellite | High-speed or broadband links between a consumer and a geosynchronous or low-earth orbiting satellite. By default, IP addresses with a consumer satellite Connection Type are assigned a satellite IP Routing Type as well. See the satellite IP Routing Type for more information. |
framerelay | Frame relay circuits, which can range from low- to high-speed and are used as a backup or alternative to T-1. Most often, they are high-speed links, so IP Intelligence classifies them as such. |
dsl | Digital Subscriber Line broadband circuits, which include aDSL, iDSL, sDSL, etc. DSL ranges in speed from 256 Kbps (kilobits per second) to 20 Mbps (megabits per second). |
cable | &Cable Modem broadband circuits, offered by cable TV companies. Speeds range from 128 Kbps to 100 Mbps, and vary with the load placed on a given cable modem switch. |
isdn | Integrated Services Digital Network high-speed copper-wire technology, which provides 128 Kbps speed, with ISDN modems and switches offering 1 Mbps and greater speeds. Offered by some major telephony companies. |
dialup | Consumer dial-up modem technology, which operates at 56 Kbps. Providers include Earthlink, AOL, and Netzero. |
fixed wireless | Fixed wireless connections, where the location of the receiver is fixed. This category includes WDSL providers such as Sprint Broadband Direct, as well as emerging WiMax providers. |
mobile wireless | Cellular network providers such as AT&T, Sprint, and Verizon Wireless who employ CDMA, EDGE, EV-DO, GPRS, 3G, and 4G technologies. Speeds vary from 19.2 Kbps to 3 Mbps. |
unknown low | Indicates that IP Intelligence was unable to obtain the connection type. However, the estimated connection speed is low. |
unknown medium | Indicates that IP Intelligence was unable to obtain the connection type. However, the estimated connection speed is medium. |
unknown high | Indicates that IP Intelligence was unable to obtain the connection type. However, the estimated connection speed is high. |
line_speed
— Indicates the speed of the connection to the Internet, divided into: high
, medium
, or low
. This information is determined by the Connection Type:
Line Speed | Connection Type |
---|---|
high | ocx , tx , and framerelay . |
medium | consumer satellite , dsl , cable , fixed wireless , and isdn . |
low | dialup and mobile wireless |
tld
— Identifies the most general part of the domain name in a Web address. Common top-level domains include com, net, edu, (educational), mil (military), and so on, as well as country codes like jp (Japan) and fr (France).
sld
— The SLD is the part of the domain name that precedes the top-level domain. For example, in www.neustar.biz, “neustar” is the second-level domain.
asn
— The Autonomous System Number (ASN) is a globally unique number assigned to a group of networks administered by a single entity such as a Network Service Provider (NSP) or very large organization. ASNs are used to manage data routing via the Border Gateway Protocol (BGP). There are over 27,000 active ASNs.
Using the ASN provides more consistency than using the carrier
information, because ASNs remain static, while the specific names and ownerships of networks change.
IP Intelligence provides ASN information in 32-bit integer format.
carrier
— Provides the name of the organization that owns the ASN. The carrier is responsible for the traffic carried on the network or set of networks designated as an Autonomous System (AS) and identified by the ASN. This field provides a more natural representation than the information provided in the asn
field.
While there are more than 27,000 active ASNs, there are fewer carriers, because a single carrier often manages several ASNs.
organization
— The Registering Organization is the entity responsible for the actions and content associated with a given block of IP addresses. This is in contrast to the carrier, which is responsible for the routing of traffic for network blocks. Registering Organizations include many types of entities, including corporate, government, or educational entities, and ISPs managing the allocation and use of network blocks.
anonymizer_status
— Indicates whether the IP address is associated with a known anonymous proxy, and that proxy's status as measured by IP Intelligence. anonymizer_status
can be helpful to businesses that need highly granular information about the anonymous proxies that might connect to them.
IP Intelligence provides several status designations for anonymized Internet connections:
Anonymizer Status | Description |
---|---|
private | IP addresses with this designation allegedly contain anonymous proxies that are not publicly accessible. As such, they cannot be routinely tested with automated tools. These addresses usually belong to commercial ventures that sell anonymity services to the public (Hotspot Shield, CyberGhost, and others). Addresses with this designation are derived from ownership information or obtained from trusted, high-confidence sources. |
active | The anonymizer tested positive within the last six months. |
suspect | The anonymizer tested positive within the last two years, but not the last six months. |
inactive | The anonymizer gave no positive test results within the last two years. |
unknown | No positive test results are currently available. The initial anonymizer assignment is based upon other sources and has not yet been confirmed by IP Intelligence. If no positive test results are obtained, this address is removed from the list. |
If there is no status designation, then there is no specific evidence that the IP address has been associated with an anonymous proxy.