New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
LowEndBox & LowEndTalk.
Comments
I'm calling you from microsoft security department we have detected a virus in your computer please send me 1000$ and wait for otp
ip routed to germany btw not netherlands and iran too
For future reference, if just checking the peering isn't enough:
https://blog.globalping.io/we-have-ipinfo-at-home-or-how-to-geolocate-ips-in-your-cli-using-latency/
https://github.com/jimaek/geolocation-tool
Thanks. It's running a globalping probe and I'm in contact with @jimaek already.
IMPERSONATOR!
Checking with mtr, there's enough latency where it would make sense for it to be in iran, there's a 100ms jump after it leaves germany and then another 100ms jump after that. Not sure where mao-ic is, as it's not on the list of twelve99 POPs and appears to be a customer ID, but the latency implies it's at least as far as turkey from frankfurt, and the next 100ms to the end IP would be about in line with what I'd expect to iran.
jump and jump
seem be smart way, learn something in this, thanks. I goto https://tool.lu/ip/ check, show Iran or russia. other possible, out ip diff in ip, maybe out ip more real , in this vps run
curl ip.sb
check out ip. if same addr my guess wrong
Ping from Hetzner (DE):
NL is usually about 20 times less.
Tracepath shows ~100 and ~200 ms hops.
my investigation has determined that the server is located in a basement in natas and that the data for the war against god is also managed from there.
Thank you for letting us know that globalping.io uses fake probe locations.
(Internet access in Iran is currently blocked, so you can’t ping any local IP addresses from outside Iran or from your probe, but your probe can ping anything outside Iran.)
193.142.30.26 = globalping.io Iran probe.
A number of them are incorrect, but they only get the location data from the geofeeds anyway. I have two probes that are both marked as South Africa, but they're actually in Romania. I've submitted a correction report, but until then, I've brought them offline. Globalping relies on the fact that the majority of probes are accurate.
I think @zGato and @sh97 may have some clues on this one, we already looked at it a couple days ago.
From what I remember the conclusion was that this is quite fishy and probably not real location.
We do our best to verify all probe locations but it's a non trivial issue.
Current logic is here https://github.com/jsdelivr/globalping/blob/master/docs/geoip.md but we're trying to improve it.
But the vast majority should be correct, enough to not create any problems in day to day testing.
Such locations like Iran are really an exception.
And I'm pretty sure it would be blocked once our new VPN detection logic goes live https://github.com/jsdelivr/globalping/issues/766
You could have mentioned this thread:
https://lowendtalk.com/discussion/205092/is-this-server-really-located-in-iran
That's why I'm asking to get any proofs so globalping and others can update their logics/algorithm to detect such possible wrong probes. You are free to report any wrong ip data to the ip geo databases at ipinfo, ....
The guys at globalping are really working hard to detect and remove such probes. I'm only letting this probe up so, far, so users can try to find a way to find any proof what the real location is.
I'm pretty sure it's not the real location, only trying to find a way to determine such probes and ip data.
Perhaps you should explain who you are, your relationship to AS59580 and globalping, and the real purpose of these requests.
More related links:
https://www.webhostingtalk.com/showthread.php?t=1517424
https://www.webhostingtalk.com/showthread.php?t=1778688
It is a real Iran location, Batterflyai Media aka ip-transit.ir is an old bulletproof host and they tunnel through different locations since forever, to obfuscate where exactly in Iran its located.
No local peering though, so it may not be very useful as a probe for testing Iran connectivity.
Last hop in trace before hitting the IP looks to be Madrid - Arelion
mao-ic-388296.ip.twelve99-cust.net
mao = Madrid
ic = interconnect
twelve99-cust.net = customer-facing interface
This is the handoff from Arelion to a downstream customer or peer in Madrid.
From there, it can be tunneled anywhere (based on the added latency), but I doubt it is in Netherlands.
Hi, I'm Peter. I'm helping globalping to get sponsors or companies/isp/ix,... to run probes or give away small servers so globalping can run probes on their own. Right now I'm running about 200 probes (150 under my id/adoption token). The mentioned AS is sponsoring many probes, that's all - no contracts only a banner at globalpings website.
For Arelion, madrid is MAD. https://lg.twelve99.net/
I can't quite think of where MAO might actually be, but it appears to be pretty consistent with some other customer handoff hostnames. The only thing I could find that references it otherwise is AS39526 but I don't think it's that.
You are right! May be a facility and not a node if Arelion
Hi gbzret4d,
I registered a LET account specifically to discuss this with you. I'm also from a country with internet censorship, so we have some common ground with Iran.
We use services called IPLC to bridge the connection between the two countries. It's usually point-to-point, but in certain cases, it gets routed directly over the public internet.
This connection is similar to DIA, but instead of delivering to a local on-site data center, it's delivered cross-border. It usually uses WDM on international fiber cables to achieve dedicated bandwidth. Since it's implemented directly on the POPs of subsea (or terrestrial) cables, regulators like the GFW won't be able to censor your traffic at all.
I've helped some Iranians set up anti-censorship proxies before, and a few mentioned similar setups. This means IPLC exists in Iran as well.
So when you see special routing like this, it doesn't mean the server isn't in Iran. On the contrary, when Iran shuts down the internet, these IPLC connections are usually exempt since foreign companies rely on them for business.
I have some examples of IPLC connections from China being routed to the internet.
36.255.194.121
//Some IP databases incorrectly flag these as Hong Kong, but they're actually Beijing->Frankfurt IPLC connection.
23.26.223.1
//Guangzhou->Singapore IPLC connection.
140.235.8.42
//Shanghai->LosAngles IPLC connection.
Did you notice routing similar to the Iranian one in the post? Yes, that’s why it can't be debunked. If you want to see if it’s a real IPLC connection, just check if the latency stays near the theoretical limit between the two locations all day. Since IPLC uses WDM between POPs, the latency should remain almost constant as long as there's no cable fault.
odd thing, it has a horrible ping all around europe, the further you go out, the higher it gets, but the second last hop is always low latency. its certainly somewhere here, but with a horrible latency. (although im surprised that one of my probes doesnt route to it)
That explains -ic- probably which maybe international circuit (as in iplc). Also the ASN of the IP has an official address pointing to Iran: https://apps.db.ripe.net/db-web-ui/query?searchtext=ORG-BMl6-RIPE
Still wondering of Mao is used to denote a city or facility in the Gulf maybe?(Close international site).
I really don't know what MAO means. I’m just saying that this kind of routing exists in specific scenarios, and it might be a way for people in certain countries to bypass censorship.