← Back to context

Comment by welder

2 years ago

Great comment. I'm a big fan and customer of IPinfo, using your API in our login notification emails to say "You just logged in from Berlin, Germany. If this wasn't you click here." To provide country data for customers in their audit logs. And for anti-spam and fraud detection.

3 comments

welder

Reply
reincoder  2 years ago

I appreciate it, sir! If you have any questions or feedback, please let us know.

The challenge of being a data provider is that you can use our data in a million ways, and we don't have coverage of all. So, when you come up with questions or ideas, we can help you better.

As you mentioned, audit logs. I highly recommend you look into the ASN field.

The ASN identifies an organization that owns a block of IP addresses. In my experience, I have found that the combination of ASN+Country is the most valuable information you can use in spam and fraud detection. You can fake the IP geolocation information with a VPN. However, it is not as easy to fake the ASN information of the IP address. So, when you use a combination of country + ASN, you can have a robust cybersecurity system.

  • welder  2 years ago

    Can you explain more how to use ASN to detect fraud and how it's different from the country detected for the IP? I thought ASN was derived from the IP, basically the route to that IP? Here's the ipinfo response for an IP used by a recent fraud signup attempt. The asn field matches country.

      {
    "city": "Mumbai",
    "connection": {
      "asn": 24560,
      "isp": "Bharti Airtel Ltd."
    },
    "continent_code": "AS",
    "continent_name": "Asia",
    "country_code": "IN",
    "country_name": "India",
    "currency": {
      "code": "INR",
      "name": "Indian Rupee",
      "plural": "Indian rupees",
      "symbol": "Rs",
      "symbol_native": "\u099f\u0995\u09be"
    },
    "ip": "2401:4900:1f38:7402:5569:2e45:3bb:9c0d",
    "latitude": 19.076000213623047,
    "location": {
      "calling_code": "91",
      "capital": "New Delhi",
      "country_flag": "https://assets.ipstack.com/flags/in.svg",
      "country_flag_emoji": "\ud83c\uddee\ud83c\uddf3",
      "country_flag_emoji_unicode": "U+1F1EE U+1F1F3",
      "geoname_id": 1275339,
      "is_eu": false,
      "languages": [
        {
          "code": "hi",
          "name": "Hindi",
          "native": "\u0939\u093f\u0928\u094d\u0926\u0940"
        },
        {
          "code": "en",
          "name": "English",
          "native": "English"
        }
      ]
    },
    "longitude": 72.87770080566406,
    "region_code": "MH",
    "region_name": "Maharashtra",
    "time_zone": {
      "code": "IST",
      "current_time": "2023-09-15T10:52:42+05:30",
      "gmt_offset": 19800,
      "id": "Asia/Kolkata",
      "is_daylight_saving": false
    },
    "type": "ipv6",
    "zip": "400203"
  }

    Here's the response from ipinfo.io which includes privacy fields. It's technically a proxy but might be hard to detect because it's probably a crowdsourced/botnet proxy not a public one. We don't pay for

      {
    "ip": "2401:4900:1f38:7402:5569:2e45:3bb:9c0d",
    "city": "Najafgarh",
    "region": "Delhi",
    "country": "IN",
    "loc": "28.6114,77.2982",
    "org": "AS24560 Bharti Airtel Ltd., Telemedia Services",
    "postal": "110097",
    "timezone": "Asia/Kolkata",
    "asn": {
      "asn": "AS24560",
      "name": "Bharti Airtel Ltd., Telemedia Services",
      "domain": "airtel.com",
      "route": "2401:4900:1f38::/48",
      "type": "isp"
    },
    "company": {
      "name": "ABTS (Karnataka),",
      "domain": "airtel.com",
      "type": "isp"
    },
    "privacy": {
      "vpn": false,
      "proxy": false,
      "tor": false,
      "relay": false,
      "hosting": false,
      "service": ""
    },
    "abuse": {
      "address": "Bharti Airtel Ltd., ISP Division - Transport Network Group, 234 , Okhla Industrial Estate,, Phase III, New Delhi-110020, INDIA",
      "country": "IN",
      "email": "ip.misuse@airtel.com",
      "name": "ABUSE BHARTIIN",
      "network": "2401:4900:1f30::/44",
      "phone": "+000000000"
    }
  }

    EDIT: Oops, I confused ipinfo with ipstack. I'm actually using ipstack. Their security field also doesn't detect this IP as a proxy, which is why we only pay for Professional (no security field).

      {
    "ip": "2401:4900:1f38:7402:5569:2e45:3bb:9c0d",
    "type": "ipv6",
    "continent_code": "AS",
    "continent_name": "Asia",
    "country_code": "IN",
    "country_name": "India",
    "region_code": "MH",
    "region_name": "Maharashtra",
    "city": "Mumbai",
    "zip": "400203",
    "latitude": 19.076000213623047,
    "longitude": 72.87770080566406,
    "location": {
      "geoname_id": 1275339,
      "capital": "New Delhi",
      "languages": [
        {
          "code": "hi",
          "name": "Hindi",
          "native": "\u0939\u093f\u0928\u094d\u0926\u0940"
        },
        {
          "code": "en",
          "name": "English",
          "native": "English"
        }
      ],
      "country_flag": "https://assets.ipstack.com/flags/in.svg",
      "country_flag_emoji": "\ud83c\uddee\ud83c\uddf3",
      "country_flag_emoji_unicode": "U+1F1EE U+1F1F3",
      "calling_code": "91",
      "is_eu": false
    },
    "time_zone": {
      "id": "Asia/Kolkata",
      "current_time": "2023-09-15T12:27:08+05:30",
      "gmt_offset": 19800,
      "code": "IST",
      "is_daylight_saving": false
    },
    "currency": {
      "code": "INR",
      "name": "Indian Rupee",
      "plural": "Indian rupees",
      "symbol": "Rs",
      "symbol_native": "\u099f\u0995\u09be"
    },
    "connection": {
      "asn": 24560,
      "isp": "Bharti Airtel Ltd."
    },
    "security": {
      "is_proxy": false,
      "proxy_type": null,
      "is_crawler": false,
      "crawler_name": null,
      "crawler_type": null,
      "is_tor": false,
      "threat_level": "low",
      "threat_types": null
    }
  }