New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
what does globalping say?
There is no probe running on 193.142.30.25
Most ip location services show the ip adress as iran but that means nothing
https://ipinfo.io/193.142.30.25
Looks legit Iranian, ipinfo is super accurate usually.
Get some MTRs using GlobalPing to confirm.
I think the server is located in Europe based on the ping results.
? most european locations over 200ms to the ip
The server might be using an Iranian IP, but it’s actually located in Europe.
Can you explain in more detail how you came to this conclusion?
Interesting trip to Iran.
i didn't ping the ip directly but i assume that
193.142.30.1is a gatewayandddd here it is, the packet landed in frankfurt(assumation) before ~90 ms latency jump
it could be iran or it couldn't be iran
it all possibel
FWIW I see ping times of about 90 ms to 105 ms to my iranian targets from NL.
mtr ends up in sweden, magically appears in iran
I pinged it from my BuyVM VPS.
/s
https://check-host.net/check-report/257201f6k71b
I would assume that it is faked, actually hosted in Germany with artificial latency added (lowest RTT at check-host is from probe at Germany)
Same for another IP within /24: https://check-host.net/check-report/25720558k928
Traceroute from KZ.
1 91.147.92.1 (91.147.92.1) 0.725 ms 0.688 ms 0.663 ms
2 * * *
3 195.93.153.17 (195.93.153.17) 0.602 ms 0.581 ms 0.569 ms
4 37.208.42.201 (37.208.42.201) 2.374 ms 2.354 ms 2.334 ms
5 gw-as41798.retn.net (87.245.230.95) 21.127 ms 21.101 ms 21.073 ms
6 87-245-230-94.retn.net (87.245.230.94) 30.560 ms 30.039 ms 30.053 ms
7 87-245-232-142.retn.net (87.245.232.142) 61.512 ms 61.485 ms 52.882 ms
8 gw-as1299.retn.net (87.245.255.43) 52.711 ms 52.692 ms 52.642 ms
9 sto-bb1-link.ip.twelve99.net (62.115.143.24) 71.885 ms 71.855 ms 71.730 ms
10 ffm-bb1-link.ip.twelve99.net (62.115.143.29) 100.619 ms * 100.351 ms
11 ffm-b14-link.ip.twelve99.net (62.115.132.209) 103.033 ms * 102.652 ms
12 mao-ic-388296.ip.twelve99-cust.net (62.115.193.15) 198.387 ms 197.610 ms 198.586 ms
13 mao-ic-388296.ip.twelve99-cust.net (62.115.193.15) 197.514 ms * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
imo pretty strange
my first thoughts were that the server was in russia, but i don't remember how i came up with that idea
https://lg.twelve99.net/?type=traceroute&router=mow-b5&address=193.142.30.25
Yes, exactly because of the ASN
Related:
https://x.com/kyleehmke/status/1755247899019977113
https://x.com/search?q="193.142.30"
https://atlas.ripe.net/measurements/100275554/results
Definitely Germany
The MTR is definitely odd.
Everything seems to go through Frankfurt and then magically ends up 100ms away.
They are either located in Frankfurt and adding latency, or they are tunneling the traffic to a different location, which could possibly be Iran. It’s not impossible, considering the latency.
But I’m pretty sure you can’t get an Arelion uplink directly in Iran.
I don't get why someone decides to fake IP location. What's the benefit?
Same here with Iraq, the server is in Germany but radxa.com claims it's Iraq: https://ipinfo.io/193.56.135.1
I asked them via mail but mysteriously they haven't responded.
https://www.group-ib.com/blog/shadowsyndicate-raas/
It probably isn't located in Iran, looking on BGP.tools it doesn't even touch AS49666, a government-owned ISP that basically connects the whole of Iran to the global internet.
Havent thought about it. That makes a lot of sense
It could be located in Iran, but uses a tunnel to access the internet via Frankfurt, so pretty useless if you want low latency to Iran.
ping.pe has two Iran probes, but both seem to be unable to reach 193.142.30.1 so the range might just be blocked in Iran as well.
I want it as a probe for globalping
Seems like they're using https://hostiran.net/cloud/vps/iran, but not sure.