[ARGUS] Destination Country

Dave dedelman at iname.com
Tue Mar 15 13:41:17 EDT 2022 

The simple solution is whois which tells you that:

whois 141.226.224.48
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object

refer:        whois.ripe.net

inetnum:      141.0.0.0 - 141.255.255.255
organisation: Administered by RIPE NCC
status:       LEGACY

whois:        whois.ripe.net

changed:      1993-05
source:       IANA

# whois.ripe.net

inetnum:        141.226.224.0 - 141.226.224.255
netname:        Taboola
country:        US
admin-c:        RS19602-RIPE
tech-c:         RS19602-RIPE
status:         LEGACY
mnt-by:         TABOOLA-MNT-RIPE
created:        2016-08-11T07:55:18Z
last-modified:  2016-08-11T07:55:18Z
source:         RIPE

person:         Rom Shahak
address:        Tozeret Haaretz 7, Tel Aviv, Israel
phone:          +972-3-696-6966
nic-hdl:        RS19602-RIPE
mnt-by:         TABOOLA-MNT-RIPE
created:        2015-06-24T10:07:00Z
last-modified:  2015-06-24T10:07:00Z
source:         RIPE # Filtered

% Information related to '141.226.224.0/24AS200478'

route:          141.226.224.0/24
descr:          network
origin:         AS200478
mnt-by:         TABOOLA-MNT-RIPE
created:        2016-06-02T18:56:01Z
last-modified:  2016-06-02T18:56:01Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.102.2 (WAGYU)


It is IL 

—Dave

> On Mar 15, 2022, at 1:17 PM, Monah Baki <monahbaki at gmail.com> wrote:
> 
> Hi Carter,
> 
> It says IL, but so many other online tools say US, not sure which to trust. Need to submit a report and don't want to give false info.
> 
> 
> Thanks
> Monah
> 
> On Tue, Mar 15, 2022 at 1:08 PM Carter Bullard <carter at qosient.com <mailto:carter at qosient.com>> wrote:
> Hey Mona,
> Its a pretty simple lookup, so fgrep for 141.226.224 in the delegated-ipv4-latest file to see what the data sez …
> 
> Carter
> 
> > On Mar 15, 2022, at 12:38 PM, Monah Baki <monahbaki at gmail.com <mailto:monahbaki at gmail.com>> wrote:
> > 
> > Hi everyone,
> > 
> > I updated my ragetcountry.sh just now and sw the following:
> > 
> >          StartTime  Proto            SrcAddr  Sport            DstAddr  Dport  Trans                srcUdata                                dstUdata                 sCo dCo
> > 16:21:44.592508    tcp      192.168.2.168.57492      141.226.224.48.https       1 s[30]=...........b0..2.....R.oe'3...                                             ZZ  IL
> > 
> > 
> > Destination says Israel but
> > geoiplookup 141.226.224.48
> > GeoIP Country Edition: US, United States
> > 
> > 
> > Searching other online resources says the IP address is US.
> > 
> > 
> > Thanks
> > Monah
> > _______________________________________________
> > argus mailing list
> > argus at qosient.com <mailto:argus at qosient.com>
> > https://pairlist1.pair.net/mailman/listinfo/argus <https://pairlist1.pair.net/mailman/listinfo/argus>
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20220315/f2e47f17/attachment-0001.htm>

More information about the argus mailing list