Explanation of different fields in Geopoint and Anonymizer data

book

Article ID: 36083

calendar_today

Updated On:

Products

CA Rapid App Security CA Advanced Authentication CA API Gateway

Issue/Introduction

Summary:

This article talks about the different fields used in Geolocation and Anonymizer tables for CA Risk Authentication.

Explanation of Different Fields:

Geographic Data Fields

GeoPoint's geographic data fields provide the specific details of the location of the IP address.

Continent

continent — The continent in which the IP address is located. IP Intelligence recognizes eight continents:

  • Africa
  • Antarctica
  • Asia
  • Australia
  • Europe
  • North America
  • Oceania (Melanesia, Micronesia, Polynesia)
  • South America

Country Code

country_code — The International Standard Organization's two-letter code indicating the name of the country, as defined in ISO-3166.

Country Confidence Factor (CF)

country_cf — Because IP addresses are located with different levels of precision, IP Intelligence provides a country confidence factor that reflects a relative measure of certainty that the user is in the location identified in the country field. The possible values range from 0 (null) to 99. The higher the value, the greater the likelihood that the user is in the assigned country.

Region

region — Specifies generic or regional geographical designation that covers a larger area than state (such as northwest in the US) for some countries, and specific information (such as northern_ireland) for a few other countries. Region information is limited and includes: US, UK, Brazil, Denmark, France, The Philippines, Belgium, Burkina Faso, Equatorial Guinea, Greece, Guinea, Indonesia, Ireland, Ital, Malawi , Marshall Islands, New Zealand, Slovenia, Spain, Sri Lanka and Uganda.

State

state — IP Intelligence provides information for states and provinces (that is, the first-level administrative division) in all countries where they exist.

NOTE: In order to best serve our customers, many of whom operate in countries outside the US, IP Intelligence uses the localized spelling for state values. For example, the state of Tuscany in Italy is identified as ‘toscana’ in GeoPoint data. This approach ensures the highest degree of system compatibility, as well as the ability to use localized state names for customer applications serving those countries.

State Confidence Factor (CF)

state_cf — Because IP addresses are located with different levels of precision, IP Intelligence provides a state confidence factor that reflects a relative measure of certainty that the user is in the location identified in the state field. The possible values range from 0 (null) to 99. The higher the value, the greater the likelihood that the user is in the assigned state.

Time Zone

time_zone — Time zone is provided as a +/- offset from Greenwich Mean Time (GMT), represented as a floating point number, so that you can calculate what time it is in the location provided. Values can be between -11 and 13.

time_zone is derived from the city field if known, or from the country field if city is unknown. If city is unassigned and the country spans multiple time zones, a value of ‘999’ is returned.

DMA (US Defined Market/Metropolitan Areas)

dma — Defined Market Areas (DMAs) are codes assigned to geographical regions where the population typically receives similar media. Traditionally radio and television were the target media, but the regions are also applicable to newspapers and Internet. The code are based on Nielsen's market codes and also have parity with Google's metropolitan area codes. The geographical areas defined by the code can coincide and overlap with one or more metropolitan regions. For example, San Francisco, San Jose, and Oakland all fall into the same DMA.

MSA (Metropolitan Statistical Area)

msa — Metropolitan Statistical Areas (MSAs) are geographical boundaries of US counties or towns using the Core-Based Statistical Areas (CBSAs), as defined by the US Office of Management and Budget (OMB), from data gathered by the US Census Bureau. There is extensive demographic information available for these areas, and IP Intelligence provides them to help our customers understand the demographics of their user populations.

For more information on MSAs, see the US Census Bureau's MSA Overview and Definitions pages.

Area Code (Phone Number Prefix)

area_code — A phone number prefix assigned to the corresponding city. Only one prefix is available per city. Prefixes are available in the US, Canada, and selectively in other countries.

NOTE: area_code does not include the telephone country code.

City

city — IP Intelligence locates users to their individual cites and recognizes over 150,000 distinct international locations.

NOTE: In order to best serve our customers, many of whom operate in countries outside the US, IP Intelligence uses the localized spelling for city values. For example, the city of Rome in Italy is identified as ‘roma’ in GeoPoint data. This approach ensures the highest degree of system compatibility, as well as the ability to use localized state names for customer applications serving those countries.

City Confidence Factor (CF)

city_cf — Because IP addresses are located with different levels of precision, IP Intelligence provides a city confidence factor that reflects a relative measure of certainty that the user is in the location identified in the city field. The possible values range from0 (null) to 99. The higher the value, the greater the likelihood that the user is in the assigned city.

Postal Code

postal_code — The postal code assigned to the corresponding city. Most of GeoPoint's postal code assignments are derived from the city field. Where we have sufficient evidence, the postal code is explicit. IP Intelligence provides postal codes for most countries.

Postal Code Confidence Factor (CF)

postal_code_cf — (Future.) Because IP addresses are located with different levels of precision, GeoPoint will soon include a postal code confidence factor that reflects a relative measure of certainty that the user is in the location identified in the postal_code field. The possible values range from 0 (null) to 99. The higher the value, the greater the likelihood that the user is in the assigned postal code.

NOTE: postal_code_cf will be available in the future. To learn more, contact Neustar at [email protected].

Latitude

latitude — The latitude of the identified location, expressed as a floating point number with range of -90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code.

Longitude

longitude — The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code.

Network Characteristics Data Fields

GeoPoint's network characteristics data fields provide the details of the network connection from the IP address.

IP Routing Type (IPRT)

ip_routing_type — The IP Routing Type (IPRT) specifies how the connection is routed through the Internet and can be used to determine how close the user is to the public IP address. For example, a user connecting through a fixed connection is likely very close to the connection. A user connecting through a regional proxy is probably in the same country as the connection, whereas a user connecting through a satellite connection could be anywhere.

The possible IPRTs are:

IP Routing TypeDescription
fixedThe user is connecting through a fixed-line connection, such as cable, DSL, T1, and fiber. For a fixed IPRT, the user is likely to be at or near the location assigned to the IP.
aol
aolpop
aoldialup
aolproxy
The user is part of the AOL network. IP Intelligence can identify the user country in most cases. However, establishing the user location below country is not possible. The specific values reflect specific functions within the AOL network. For most commercial applications, all these values indicate only that the IP address is part of the AOL network.
popThe user is dialing into a regional ISP (Internet Service Provider) and is likely to be near the IP location. Note, however, that the user might be dialing across geographical boundaries.
superpopThe user is dialing into a multi-state or multi-national ISP and is not likely to be near the IP location. Furthermore, the user might be dialing across geographical boundaries.
satelliteThe user is connecting to the Internet through a consumer satellite or a backbone satellite provider, where no information about the terrestrial connection is available. In both cases, the user can be anywhere within the beam pattern of the satellite, which can span a continent or more. By definition, the satellite IPRT does not by itself indicate that the end user is connected via satellite, rather that the user’s traffic was routed through a satellite connection. To confirm that the end user is connecting through a consumer satellite service, refer to connection_type field.
cache proxy&The user is using a proxy connection, either through an Internet accelerator or a content distribution service. It is possible the user is located in a different country from the IP location.
international proxyThe user is connecting through a proxy (not an anonymizer) that routes traffic from multiple countries. It is possible the user is located in a different country from the IP location. In many cases, these are corporate networks that route traffic from international offices through a central point, often the corporate headquarters.
regional proxyThe user is connecting through a proxy (not an anonymizer) that routes traffic from multiple states within a single country. It is possible the user is located in a different state from the IP location. In many cases, these are corporate networks that route traffic from regional offices through a central point, often the corporate headquarters.
mobile gatewayThe user is using a gateway to connect mobile devices to the public Internet. Many mobile operators, especially in Europe, serve more than one country and backhaul traffic through centralized network hubs. For example, Research in Motion, provider of the Blackberry service, backhauls US and Canadian traffic through Canada. Therefore, it is possible the user is located in a different country from the IP location.

Connection Type

connection_type — Users can connect to the Internet in several different ways. IP Intelligence identifies connections by these types:

Connection TypeDescription
ocxFiber optic connections (including OC-3, OC-48, OC-192, etc.), which are used primarily by large backbone carriers.
txLeased line, that is, T1, T2, T3, or T4, circuits used by many small- and medium-sized companies.
consumer satelliteHigh-speed or broadband links between a consumer and a geosynchronous or low-earth orbiting satellite. By default, IP addresses with a consumer satellite Connection Type are assigned a satellite IP Routing Type as well. See the satellite IP Routing Type for more information.
framerelayFrame relay circuits, which can range from low- to high-speed and are used as a backup or alternative to T-1. Most often, they are high-speed links, so IP Intelligence classifies them as such.
dslDigital Subscriber Line broadband circuits, which include aDSL, iDSL, sDSL, etc. DSL ranges in speed from 256 Kbps (kilobits per second) to 20 Mbps (megabits per second).
cable&Cable Modem broadband circuits, offered by cable TV companies. Speeds range from 128 Kbps to 100 Mbps, and vary with the load placed on a given cable modem switch.
isdnIntegrated Services Digital Network high-speed copper-wire technology, which provides 128 Kbps speed, with ISDN modems and switches offering 1 Mbps and greater speeds. Offered by some major telephony companies.
dialupConsumer dial-up modem technology, which operates at 56 Kbps. Providers include Earthlink, AOL, and Netzero.
fixed wirelessFixed wireless connections, where the location of the receiver is fixed. This category includes WDSL providers such as Sprint Broadband Direct, as well as emerging WiMax providers.
mobile wirelessCellular network providers such as AT&T, Sprint, and Verizon Wireless who employ CDMA, EDGE, EV-DO, GPRS, 3G, and 4G technologies. Speeds vary from 19.2 Kbps to 3 Mbps.
unknown lowIndicates that IP Intelligence was unable to obtain the connection type. However, the estimated connection speed is low.
unknown mediumIndicates that IP Intelligence was unable to obtain the connection type. However, the estimated connection speed is medium.
unknown highIndicates that IP Intelligence was unable to obtain the connection type. However, the estimated connection speed is high.

Line Speed

line_speed — Indicates the speed of the connection to the Internet, divided into: high, medium, or low. This information is determined by the Connection Type:

Line SpeedConnection Type
highocx, tx, and framerelay.
mediumconsumer satellite, dsl, cable, fixed wireless, and isdn.
lowdialup and mobile wireless

Top-Level Domain (TLD)

tld — Identifies the most general part of the domain name in a Web address. Common top-level domains include com, net, edu, (educational), mil (military), and so on, as well as country codes like jp (Japan) and fr (France).

Second-Level Domain (SLD)

sld — The SLD is the part of the domain name that precedes the top-level domain. For example, in www.neustar.biz, “neustar” is the second-level domain.

Autonomous System Number (ASN)

asn — The Autonomous System Number (ASN) is a globally unique number assigned to a group of networks administered by a single entity such as a Network Service Provider (NSP) or very large organization. ASNs are used to manage data routing via the Border Gateway Protocol (BGP). There are over 27,000 active ASNs.

Using the ASN provides more consistency than using the carrier information, because ASNs remain static, while the specific names and ownerships of networks change.

IP Intelligence provides ASN information in 32-bit integer format.

Carrier

carrier — Provides the name of the organization that owns the ASN. The carrier is responsible for the traffic carried on the network or set of networks designated as an Autonomous System (AS) and identified by the ASN. This field provides a more natural representation than the information provided in the asn field.

While there are more than 27,000 active ASNs, there are fewer carriers, because a single carrier often manages several ASNs.

Registering Organization

organization — The Registering Organization is the entity responsible for the actions and content associated with a given block of IP addresses. This is in contrast to the carrier, which is responsible for the routing of traffic for network blocks. Registering Organizations include many types of entities, including corporate, government, or educational entities, and ISPs managing the allocation and use of network blocks.

Anonymizer Status

anonymizer_status — Indicates whether the IP address is associated with a known anonymous proxy, and that proxy's status as measured by IP Intelligence. anonymizer_status can be helpful to businesses that need highly granular information about the anonymous proxies that might connect to them.

IP Intelligence provides several status designations for anonymized Internet connections:

Anonymizer StatusDescription
privateIP addresses with this designation allegedly contain anonymous proxies that are not publicly accessible. As such, they cannot be routinely tested with automated tools. These addresses usually belong to commercial ventures that sell anonymity services to the public (Hotspot Shield, CyberGhost, and others). Addresses with this designation are derived from ownership information or obtained from trusted, high-confidence sources.
activeThe anonymizer tested positive within the last six months.
suspectThe anonymizer tested positive within the last two years, but not the last six months.
inactiveThe anonymizer gave no positive test results within the last two years.
unknownNo positive test results are currently available. The initial anonymizer assignment is based upon other sources and has not yet been confirmed by IP Intelligence. If no positive test results are obtained, this address is removed from the list.

If there is no status designation, then there is no specific evidence that the IP address has been associated with an anonymous proxy.

Environment

Release: ARCWFT05900-8.1-Arcot-WebFort-for Windows
Component: