On Wed, Aug 23, 2017 at 9:36 PM, KL Liew hexasoft@gmail.com wrote:
It is possible that this address is used by North Korea, they don't have a massive IP allocation and I would expect that perhaps there are some tunnels, but I can't figure out where MaxMind have got this idea from.
We aware of a small number of IP ranges tunneling to North Korea through some specific ISP. However, this IP address is registered by a VPN provider which also registered ranges in many other countries. We have no evidence that this VPN provider has a server located in those countries reported for their VPN service.
Allow me to jump in here and mention that I have done some work on auditing the locations of VPN servers via active probes (very briefly: pingtimes to hosts in known locations give upper bounds on the distances to those hosts), and I suspect I know which VPN provider you are referring to and their claims are indeed ... let's say questionable. I'm not yet at liberty to share any more details of my results, but you may find the software at https://github.com/zackw/active-geolocator/ of interest.
Applying the same techniques to Tor is something I would be interested in helping with, though not a personal priority.
zw