[ARGUS] Destination Country for 141.226.224.48

John Gerth gerth at graphics.stanford.edu
Tue Mar 15 13:49:30 EDT 2022 

The physical location of an IP can be hard to resolve (which is why there are pricey for-pay options out there).  Looking at the registration information (see below) for 141.226.224.48 shows that it was granted by RIPE to an Israeli firm Taboola with an address in Tel Aviv, but it also says that the IP is in the US.

In a case like this, I'd go with the registered Israeli organization because if I wanted to complain about the behavior of the IP, I would be contacting the abuse address of the ISP that owns it.

--
John Gerth      gerth at cs.stanford.edu  Gates B36   (650) 725-3273

wi -s 141.226.224.48
GeekTools Whois Proxy v5.0.6 Ready..
Final results obtained from whois.ripe.net.
Results:
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '141.226.224.0 - 141.226.224.255'

% Abuse contact for '141.226.224.0 - 141.226.224.255' is 'abuse at taboola.com'

inetnum:        141.226.224.0 - 141.226.224.255
netname:        Taboola
country:        US
admin-c:        RS19602-RIPE
tech-c:         RS19602-RIPE
status:         LEGACY
mnt-by:         TABOOLA-MNT-RIPE
created:        2016-08-11T07:55:18Z
last-modified:  2016-08-11T07:55:18Z
source:         RIPE

person:         Rom Shahak
address:        Tozeret Haaretz 7, Tel Aviv, Israel
phone:          +972-3-696-6966
nic-hdl:        RS19602-RIPE
mnt-by:         TABOOLA-MNT-RIPE
created:        2015-06-24T10:07:00Z
last-modified:  2015-06-24T10:07:00Z
source:         RIPE # Filtered

% Information related to '141.226.224.0/24AS200478'

route:          141.226.224.0/24
descr:          network
origin:         AS200478
mnt-by:         TABOOLA-MNT-RIPE
created:        2016-06-02T18:56:01Z
last-modified:  2016-06-02T18:56:01Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.102.2 (BLAARKOP)



Results brought to you by the GeekTools WHOIS Proxy


On 3/15/22 10:17, Monah Baki wrote:
> Hi Carter,
> 
> It says IL, but so many other online tools say US, not sure which to trust. Need to submit a report and don't want to give false info.
> 
> 
> Thanks
> Monah
> 
> On Tue, Mar 15, 2022 at 1:08 PM Carter Bullard <carter at qosient.com <mailto:carter at qosient.com>> wrote:
> 
>     Hey Mona,
>     Its a pretty simple lookup, so fgrep for 141.226.224 in the delegated-ipv4-latest file to see what the data sez …
> 
>     Carter
> 
>      > On Mar 15, 2022, at 12:38 PM, Monah Baki <monahbaki at gmail.com <mailto:monahbaki at gmail.com>> wrote:
>      >
>      > Hi everyone,
>      >
>      > I updated my ragetcountry.sh just now and sw the following:
>      >
>      >          StartTime  Proto            SrcAddr  Sport            DstAddr  Dport  Trans                srcUdata                                dstUdata                 sCo dCo
>      > 16:21:44.592508    tcp      192.168.2.168.57492      141.226.224.48.https       1 s[30]=...........b0..2.....R.oe'3...                                             ZZ  IL
>      >
>      >
>      > Destination says Israel but
>      > geoiplookup 141.226.224.48
>      > GeoIP Country Edition: US, United States
>      >
>      >
>      > Searching other online resources says the IP address is US.
>      >
>      >
>      > Thanks
>      > Monah
>      > _______________________________________________
>      > argus mailing list
>      > argus at qosient.com <mailto:argus at qosient.com>
>      > https://pairlist1.pair.net/mailman/listinfo/argus <https://pairlist1.pair.net/mailman/listinfo/argus>
>

More information about the argus mailing list