Comment by welder
2 years ago
Can you explain more how to use ASN to detect fraud and how it's different from the country detected for the IP? I thought ASN was derived from the IP, basically the route to that IP? Here's the ipinfo response for an IP used by a recent fraud signup attempt. The asn field matches country.
{
"city": "Mumbai",
"connection": {
"asn": 24560,
"isp": "Bharti Airtel Ltd."
},
"continent_code": "AS",
"continent_name": "Asia",
"country_code": "IN",
"country_name": "India",
"currency": {
"code": "INR",
"name": "Indian Rupee",
"plural": "Indian rupees",
"symbol": "Rs",
"symbol_native": "\u099f\u0995\u09be"
},
"ip": "2401:4900:1f38:7402:5569:2e45:3bb:9c0d",
"latitude": 19.076000213623047,
"location": {
"calling_code": "91",
"capital": "New Delhi",
"country_flag": "https://assets.ipstack.com/flags/in.svg",
"country_flag_emoji": "\ud83c\uddee\ud83c\uddf3",
"country_flag_emoji_unicode": "U+1F1EE U+1F1F3",
"geoname_id": 1275339,
"is_eu": false,
"languages": [
{
"code": "hi",
"name": "Hindi",
"native": "\u0939\u093f\u0928\u094d\u0926\u0940"
},
{
"code": "en",
"name": "English",
"native": "English"
}
]
},
"longitude": 72.87770080566406,
"region_code": "MH",
"region_name": "Maharashtra",
"time_zone": {
"code": "IST",
"current_time": "2023-09-15T10:52:42+05:30",
"gmt_offset": 19800,
"id": "Asia/Kolkata",
"is_daylight_saving": false
},
"type": "ipv6",
"zip": "400203"
}
Here's the response from ipinfo.io which includes privacy fields. It's technically a proxy but might be hard to detect because it's probably a crowdsourced/botnet proxy not a public one. We don't pay for
{
"ip": "2401:4900:1f38:7402:5569:2e45:3bb:9c0d",
"city": "Najafgarh",
"region": "Delhi",
"country": "IN",
"loc": "28.6114,77.2982",
"org": "AS24560 Bharti Airtel Ltd., Telemedia Services",
"postal": "110097",
"timezone": "Asia/Kolkata",
"asn": {
"asn": "AS24560",
"name": "Bharti Airtel Ltd., Telemedia Services",
"domain": "airtel.com",
"route": "2401:4900:1f38::/48",
"type": "isp"
},
"company": {
"name": "ABTS (Karnataka),",
"domain": "airtel.com",
"type": "isp"
},
"privacy": {
"vpn": false,
"proxy": false,
"tor": false,
"relay": false,
"hosting": false,
"service": ""
},
"abuse": {
"address": "Bharti Airtel Ltd., ISP Division - Transport Network Group, 234 , Okhla Industrial Estate,, Phase III, New Delhi-110020, INDIA",
"country": "IN",
"email": "ip.misuse@airtel.com",
"name": "ABUSE BHARTIIN",
"network": "2401:4900:1f30::/44",
"phone": "+000000000"
}
}
EDIT: Oops, I confused ipinfo with ipstack. I'm actually using ipstack. Their security field also doesn't detect this IP as a proxy, which is why we only pay for Professional (no security field).
{
"ip": "2401:4900:1f38:7402:5569:2e45:3bb:9c0d",
"type": "ipv6",
"continent_code": "AS",
"continent_name": "Asia",
"country_code": "IN",
"country_name": "India",
"region_code": "MH",
"region_name": "Maharashtra",
"city": "Mumbai",
"zip": "400203",
"latitude": 19.076000213623047,
"longitude": 72.87770080566406,
"location": {
"geoname_id": 1275339,
"capital": "New Delhi",
"languages": [
{
"code": "hi",
"name": "Hindi",
"native": "\u0939\u093f\u0928\u094d\u0926\u0940"
},
{
"code": "en",
"name": "English",
"native": "English"
}
],
"country_flag": "https://assets.ipstack.com/flags/in.svg",
"country_flag_emoji": "\ud83c\uddee\ud83c\uddf3",
"country_flag_emoji_unicode": "U+1F1EE U+1F1F3",
"calling_code": "91",
"is_eu": false
},
"time_zone": {
"id": "Asia/Kolkata",
"current_time": "2023-09-15T12:27:08+05:30",
"gmt_offset": 19800,
"code": "IST",
"is_daylight_saving": false
},
"currency": {
"code": "INR",
"name": "Indian Rupee",
"plural": "Indian rupees",
"symbol": "Rs",
"symbol_native": "\u099f\u0995\u09be"
},
"connection": {
"asn": 24560,
"isp": "Bharti Airtel Ltd."
},
"security": {
"is_proxy": false,
"proxy_type": null,
"is_crawler": false,
"crawler_name": null,
"crawler_type": null,
"is_tor": false,
"threat_level": "low",
"threat_types": null
}
}
Looking at the IP metadata of the IP address [0], nothing stands out. The ASN belongs to large teleco. What you can do is just block the IP address and keep a note of IP address.
[0] https://ipinfo.io/2401:4900:1f38:7402:5569:2e45:3bb:9c0d