While writing The North Korean gamers on Steam Map, I was a bit confused why a Orange.com IP address range being located in “North Korea”. That does not make any sense at all.
So, let’s investigate:
57.73.214.0/23
First, let’s summarize the entire range:
Top Countries
- North Korea 512 (100.0%)
Top Cities
- Pyongyang, Pyongyang, KP 512 (100.0%)
Top Regions
- Pyongyang, KP 512 (100.0%)
All 512 IP ranges are located in North Korea. What do our competitors say?
All of them say it is North Korea as well. This means the data is coming from geofeed.
$ curl -s http://geoloc.equant.net/OBS_Addressing_Plan_Geoloc_db.csv | grep KP
57.73.214.0/23,KP,,Pyongyang,
Let’s take a look at the data source. The geofeed came from: equant.net
Let’s take a look at equant.net from Host.io: https://host.io/equant.net
The domains that are co-hosted on the same hosting IP address are all actual Orange.com domains.
What does ChatGPT say about equant.net
Equant transformed from SITA’s airline communications arm into a global enterprise network leader, was successfully acquired and integrated by France Télécom, and continues today as Orange’s enterprise networking backbone.
So, it looks like the data is coming from a legitimate subsidiary of a legitimate global telecom company, Orange. Are any of these IP addresses pingable or active?
nmap -sn 57.73.214.0/23 | ipinfo grepip -o -4
No.
Is this announced in BGP?
https://bgp.tools/prefix/57.73.214.0/23
We could not find “57.73.214.0/23” in the global routing table right now.
It does not seem like we can improve on anything here. The IP addresses are not pingable and apparently not announced in the global routing table, and the only data we have to rely on is coming directly from Orange as well.
I am not sure why they have decided to put these IP ranges in North Korea. But as this is only hint of location we have, we have to fallback to it.