Far from an expert,but https://www.dan.me.uk/bgplookup lists it as owned by AS202769, which is apparently "Cooperative Investments LLC"
Scamalytics[1] states that much of their address space is VPNs, so the trail may go cold here.
I wouldn't go so far as useless, but they frequently exhibit significant inaccuracy, no matter which vendor/service you use. It's not unusual for me to query 7 APIs and be told the user is in 7 different cities spanning 5 states. At least there's usually a quorum at the country level. Given the market ($$$) for IPv4, this feels like it's only getting worse as more blocks of IPs are being sold, leased, transferred, even between continents/RIRs and the geo providers are always a few steps behind.
For the IP posted above, I have 3 providers claiming it's in Sao Paulo, 3 who says it's in Joburg (this is as accurate as anyone's going to get right now) and one says it's in Chicago! If I'm trying to do something with these results programmatically, I don't have a majority or a plurality to pick as a "winner" and I have to try weighting specific providers, which is a whole new mess.
Anyway, there's a good idea brewing in RFC8805 but it'd require pretty much every AS to play along.
I've routinely seen edge cases where geo IP databases are just wrong, even from providers like Google and others.
My home would routinely show up as from a country a thousand miles away. Friends down the street would show up several states over. Customers I know which were a state over would appear from a different country. The databases are usually right, but they're still often wrong. Often enough to cause frustrations.
Why ignore VPNs? Im sure someone else can chime in but to my knowledge that's what makes them useless. You can't be sure someone isn't running VPN, then you can never be certain GeoIP is correct, thus it's useless.
Because everyone knows that VPN IPs’ geoloc is useless, so I assumed that those were being ignored. Also because it’s possible to see if an IP is (possibly) a VPN one by looking up the owner.
As with most things IP-related, this is only somewhat true. There are a lot of VPN providers that specialize in not getting their exit IPs marked as VPNs, so just because an IP isn't listed as a VPN by your intel provider of choice doesn't mean it's not a VPN. GDPR also means finding netblocks with super generic IP-whois is really easy.
Geo-ip is a perfect analysis trap, because it seems like it's probably a good idea so people put it into the roadmap. Then they spend forever tracking down all the ways it doesn't work (I bet you have customers in whatever geo you're thinking of blocking, there's a surprising amount of netblocks that are attributed incorrectly, etc), and then the sunk cost fallacy leads them to maintaining their creaky system. Imagine what you could have done with that effort in the meantime.
Now, let's put our badguy hat on. It takes effectively zero time to tell if your target is geo-blocking (compare your port results between several geos, or cheat with censys and shodan). Being blocked? Launch your attack from IP space in another geo. Pro-tip on that: nobody blacklists cloud provider IP space because of VDI solutions. You can migrate between stolen cloud accounts faster than the provider can suspend them, especially for reconnaissance and initial payload delivery.
Edit: see also, renting time on botnets, renting physical colo, compromising residential ISP equipment, and friends.
Help/insight from ASN? BGP? networking experts would be appreciated..! Thanks a lot