[ARGUS] Destination Country for 141.226.224.48

Dave dedelman at iname.com
Tue Mar 15 14:19:53 EDT 2022 

Looking at the Internet routing for that prefix, there are two upstreams both in the US 

ASNumber:       6461
ASName:         ZAYO-6461
ASHandle:       AS6461
RegDate:        1996-04-22
Updated:        2016-06-21    
Ref:            https://rdap.arin.net/registry/autnum/6461


OrgName:        Zayo Bandwidth
OrgId:          ZAYOB
Address:        400 Centennial Pkwy
Address:        Suite 200
City:           Louisville
StateProv:      CO
PostalCode:     80027
Country:        US
RegDate:        2007-10-12
Updated:        2017-01-28
Ref:            https://rdap.arin.net/registry/entity/ZAYOB <https://rdap.arin.net/registry/entity/ZAYOB>


ASNumber:       174
ASName:         COGENT-174
ASHandle:       AS174
RegDate:        1996-05-16
Updated:        2012-03-02    
Ref:            https://rdap.arin.net/registry/autnum/174


OrgName:        Cogent Communications
OrgId:          COGC
Address:        2450 N Street NW
City:           Washington
StateProv:      DC
PostalCode:     20037
Country:        US
RegDate:        2000-05-30
Updated:        2021-06-27
Ref:            https://rdap.arin.net/registry/entity/COGC


—Dave




> On Mar 15, 2022, at 1:49 PM, John Gerth <gerth at graphics.stanford.edu> wrote:
> 
> The physical location of an IP can be hard to resolve (which is why there are pricey for-pay options out there).  Looking at the registration information (see below) for 141.226.224.48 shows that it was granted by RIPE to an Israeli firm Taboola with an address in Tel Aviv, but it also says that the IP is in the US.
> 
> In a case like this, I'd go with the registered Israeli organization because if I wanted to complain about the behavior of the IP, I would be contacting the abuse address of the ISP that owns it.
> 
> --
> John Gerth      gerth at cs.stanford.edu <mailto:gerth at cs.stanford.edu>  Gates B36   (650) 725-3273
> 
> wi -s 141.226.224.48
> GeekTools Whois Proxy v5.0.6 Ready..
> Final results obtained from whois.ripe.net <http://whois.ripe.net/>.
> Results:
> % This is the RIPE Database query service.
> % The objects are in RPSL format.
> %
> % The RIPE Database is subject to Terms and Conditions.
> % See http://www.ripe.net/db/support/db-terms-conditions.pdf <http://www.ripe.net/db/support/db-terms-conditions.pdf>
> 
> % Note: this output has been filtered.
> %       To receive output for a database update, use the "-B" flag.
> 
> % Information related to '141.226.224.0 - 141.226.224.255'
> 
> % Abuse contact for '141.226.224.0 - 141.226.224.255' is 'abuse at taboola.com <mailto:abuse at taboola.com>'
> 
> inetnum:        141.226.224.0 - 141.226.224.255
> netname:        Taboola
> country:        US
> admin-c:        RS19602-RIPE
> tech-c:         RS19602-RIPE
> status:         LEGACY
> mnt-by:         TABOOLA-MNT-RIPE
> created:        2016-08-11T07:55:18Z
> last-modified:  2016-08-11T07:55:18Z
> source:         RIPE
> 
> person:         Rom Shahak
> address:        Tozeret Haaretz 7, Tel Aviv, Israel
> phone:          +972-3-696-6966
> nic-hdl:        RS19602-RIPE
> mnt-by:         TABOOLA-MNT-RIPE
> created:        2015-06-24T10:07:00Z
> last-modified:  2015-06-24T10:07:00Z
> source:         RIPE # Filtered
> 
> % Information related to '141.226.224.0/24AS200478'
> 
> route:          141.226.224.0/24
> descr:          network
> origin:         AS200478
> mnt-by:         TABOOLA-MNT-RIPE
> created:        2016-06-02T18:56:01Z
> last-modified:  2016-06-02T18:56:01Z
> source:         RIPE
> 
> % This query was served by the RIPE Database Query Service version 1.102.2 (BLAARKOP)
> 
> 
> 
> Results brought to you by the GeekTools WHOIS Proxy
> 
> 
> On 3/15/22 10:17, Monah Baki wrote:
>> Hi Carter,
>> It says IL, but so many other online tools say US, not sure which to trust. Need to submit a report and don't want to give false info.
>> Thanks
>> Monah
>> On Tue, Mar 15, 2022 at 1:08 PM Carter Bullard <carter at qosient.com <mailto:carter at qosient.com> <mailto:carter at qosient.com <mailto:carter at qosient.com>>> wrote:
>>    Hey Mona,
>>    Its a pretty simple lookup, so fgrep for 141.226.224 in the delegated-ipv4-latest file to see what the data sez …
>>    Carter
>>     > On Mar 15, 2022, at 12:38 PM, Monah Baki <monahbaki at gmail.com <mailto:monahbaki at gmail.com> <mailto:monahbaki at gmail.com <mailto:monahbaki at gmail.com>>> wrote:
>>     >
>>     > Hi everyone,
>>     >
>>     > I updated my ragetcountry.sh just now and sw the following:
>>     >
>>     >          StartTime  Proto            SrcAddr  Sport            DstAddr  Dport  Trans                srcUdata                                dstUdata                 sCo dCo
>>     > 16:21:44.592508    tcp      192.168.2.168.57492      141.226.224.48.https       1 s[30]=...........b0..2.....R.oe'3...                                             ZZ  IL
>>     >
>>     >
>>     > Destination says Israel but
>>     > geoiplookup 141.226.224.48
>>     > GeoIP Country Edition: US, United States
>>     >
>>     >
>>     > Searching other online resources says the IP address is US.
>>     >
>>     >
>>     > Thanks
>>     > Monah
>>     > _______________________________________________
>>     > argus mailing list
>>     > argus at qosient.com <mailto:argus at qosient.com> <mailto:argus at qosient.com <mailto:argus at qosient.com>>
>>     > https://pairlist1.pair.net/mailman/listinfo/argus <https://pairlist1.pair.net/mailman/listinfo/argus> <https://pairlist1.pair.net/mailman/listinfo/argus <https://pairlist1.pair.net/mailman/listinfo/argus>>
> _______________________________________________
> argus mailing list
> argus at qosient.com <mailto:argus at qosient.com>
> https://pairlist1.pair.net/mailman/listinfo/argus <https://pairlist1.pair.net/mailman/listinfo/argus>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20220315/1dc17f83/attachment-0001.htm>

More information about the argus mailing list