IP Geolocation Data
  • 10 Mar 2023
  • 2 Minutes to read
  • Dark
    Light

IP Geolocation Data

  • Dark
    Light

Article summary

On an Address Indicator’s Details screen, the GeoLocation Data card displays IP geolocation data for the Address itself. If information is not available from the Address’ service provider, or if the IP geolocation data service is disabled on your ThreatConnect instance, no data will be displayed on this card.

For Host Indicators, geolocation data for Addresses that have resolved to the Host are displayed on either the DNS Resolution card (new Details screen) or GeoLocation Data card (legacy Details screen). If no Addresses have resolved to a Host, or if the IP geolocation data service is disabled on your ThreatConnect instance, no data will be displayed on this card.

Note
It may take up to 60 minutes for IP geolocation data to populate on an Address or Host Indicator’s Details screen.

New Details Screen

Address Indicators

If viewing the Details screen for an Address Indicator, the GeoLocation Data card (Figure 1) is located on the Overview tab, below the Details card.

Figure 1_IP Geolocation Data_7.0.2

 

  • Location: This section displays the country, country code, state, city, and time zone associated with the Address.
  • Network: This section displays the name of the organization and autonomous system number (ASN) associated with the Address.
  • CAL™ Provider Information: If CAL™ has knowledge of the Address’ service provider, the following information will be displayed in this section:
    • IP Owner: The name of the service provider that claims to own the Address.
    • IP Owner Region: The geographical region assigned to the Address, according to its owner.
    • IP Owner Service: The service for which the Address is used, according to its owner.

Host Indicators

If viewing the Details screen for a Host Indicator, IP geolocation data are displayed on the DNS Resolution card. This card is located on the Overview tab, below the Whois card.

Legacy Details Screen

For Address and Host Indicators, the GeoLocation Data card is located on the Overview tab of the legacy Details screen, below the Security Labels card.

Address Indicators

If viewing the legacy Details screen for an Address Indicator, the GeoLocation Data card will look like Figure 2.

Figure 2_IP Geolocation Data_7.0.2

 

  • Location: This section displays the country, country code, state, city, and time zone associated with the Address.
  • Network: This section displays the name of the organization and ASN associated with the Address.

Host Indicators

If viewing the legacy Details screen for a Host Indicator, the GeoLocation Data card will look like Figure 3.

Figure 3_IP Geolocation Data_7.0.2

 

  • Address: This column displays the Addresses that have resolved to the Host. Click on an Address to display its Details screen in the current browser tab.
  • City: This column displays the city associated with each Address, if available.
  • Country: This column displays the country associated with each Address, if available.

ThreatConnect® is a registered trademark, and CAL™ is a trademark, of ThreatConnect, Inc.

20030-03 v.12.A


Was this article helpful?