[Community Question] Challenges in Identifying Foreign-Owned IPs Registered in the US

General
1

NoahVailOfficial asked:

I’d like to pick your brain over an unrelated issue. I’m looking for better methods to identify foreign owned IPs that are registered in the US.

Here’s a sample. 31.192.232.91 is part of 31.192.232.0/24 and geolocates to California.

That cidr was registered in Russia until ~Oct 2024. The whois for that cidr lists country=US but has a Russian address of ownership.

It’s announced by AS44493 which is fully listed in Russia.

I have some ideas. But when I consider an ASN can announce cidr from 20 different nations, evaluating the ASN becomes complex. Especially when Country=US doesn’t match the country in the address field.

First step is accessing ASN data…

2

You need access to our paid ASN database. The ASN database has a field called country, which, unlike our standard location data, is based on the ASN registration country as declared in the WHOIS records.

Then you have to join this data with our IPinfo Lite Database (which is free, by the way) that contains the actual location of the ranges operated by the ASN.

I am using our ASN database and IPinfo Lite data in Snowflake.

:link: https://ipinfo.io/developers/integrations#snowflake

SELECT DISTINCT l.asn, l.as_domain, l.as_name
FROM
(SELECT *
FROM ip_asn
WHERE country='RU') a
JOIN lite l
on a.asn=l.asn
WHERE l.country_code!='RU'

There are approximately 256 active ASNs registered in RU but operating IP ranges in the US.

image
image1791×380 77.2 KB

If you are researching on your company’s behalf, I recommend buying the ASN database.