Jump to content
Not connected, Your IP: 3.144.40.239
GrandeGiovanni

Is M247 falsifying server locations?

Recommended Posts

I have a reason to believe that M247 is falsifying a few of its server locations which it sells to VPN companies such as AirVPN. 
Disclaimer: I am not accusing AirVPN of participating in this falsification, I believe that AirVPN staff has the integrity and honesty to only purchase servers in locations they know are correct as advertised. My hypothesis is that AirVPN was merely duped into buying thse falsified locations because M247 claimed that they were real locations and AirVPN did not have any reason to suspect anything to the contrary.

I noticed recently that the M247 "Phoenix" location seems to really be located in Los Angeles, M247 "Barcelona" location seems to really be in Madrid, and the M247 "Berlin" location seems to really be in Frankfurt.

Traceroute shows identical routes between each of these false locations and the real location they are in, not to mention that neither Phoenix, Barcelona, or Berlin appear on M247's list of locations on their website 

Disclaimer 2: All of the data below is shown as it was generated, with the only thing being edited is the redaction of my ISP's traceroute hops for protection of my privacy.

Exhibit A: "Phoenix" is really Los Angeles. 
Traceroute and ping to Indus , allegedly in M247 Phoenix
Traceroute to Indus server

traceroute to indus.airservers.org (193.37.254.26), 30 hops max, 38 byte packets
[Redacted my ISP's traceroute hops]
 8  *  *  *
 9  ae-5.r01.lsanca20.us.bb.gin.ntt.net (129.250.6.49)  73.593 ms  68.449 ms  69.689 ms
10  ce-0-1-0-0.r01.lsanca20.us.ce.gin.ntt.net (128.241.6.1)  66.818 ms  71.847 ms  72.087 ms
11  *  irb-0.agg1.lax1.us.m247.com (77.243.185.149)  89.481 ms  et-0-0-49-0.agg1.lax1.us.m247.com (77.243.185.145)  79.797 ms
12  vlan2921.as09.lax1.us.m247.com (193.9.115.167)  123.200 ms  71.520 ms  vlan2909.as09.lax1.us.m247.com (193.9.115.169)  74.228 ms
13  *  *  *
14  *  *  *
Traceroute from Indus to Google
traceroute to google.com (172.217.5.110), 30 hops max, 60 byte packets
 1  10.32.6.1 (10.32.6.1)  69.597 ms  69.603 ms  69.595 ms
 2  vlan177.as09.lax1.us.m247.com (193.37.254.1)  69.687 ms  69.711 ms  69.778 ms
 3  irb-0.agg1.lax1.us.m247.com (193.9.115.168)  633.031 ms  633.038 ms  633.034 ms
 4  37.120.220.170 (37.120.220.170)  69.490 ms  69.452 ms  69.546 ms
 5  72.14.204.180 (72.14.204.180)  69.661 ms te-4-3-0.bb1.lax1.us.m247.com (82.102.29.110)  69.769 ms  69.821 ms
 6  10.252.217.158 (10.252.217.158)  69.615 ms 72.14.204.180 (72.14.204.180)  67.888 ms 10.23.211.158 (10.23.211.158)  68.754 ms
 7  10.252.234.254 (10.252.234.254)  67.871 ms 142.250.228.74 (142.250.228.74)  68.216 ms 10.252.234.254 (10.252.234.254)  68.221 ms
 8  108.170.247.244 (108.170.247.244)  68.254 ms 108.170.237.114 (108.170.237.114)  68.228 ms 108.170.247.244 (108.170.247.244)  68.243 ms
 9  108.170.247.211 (108.170.247.211)  68.818 ms 108.170.247.148 (108.170.247.148)  68.598 ms  68.843 ms
10  108.170.230.123 (108.170.230.123)  68.806 ms 108.170.230.133 (108.170.230.133)  69.010 ms 172.253.75.217 (172.253.75.217)  76.905 ms
11  172.253.75.217 (172.253.75.217)  76.921 ms 172.253.70.153 (172.253.70.153)  80.406 ms 74.125.253.148 (74.125.253.148)  75.588 ms
12  142.250.234.59 (142.250.234.59)  81.965 ms 108.170.243.1 (108.170.243.1)  78.518 ms  80.377 ms
13  108.170.236.61 (108.170.236.61)  75.650 ms  75.356 ms 108.170.243.1 (108.170.243.1)  77.960 ms
14  sfo03s07-in-f14.1e100.net (172.217.5.110)  82.906 ms 108.170.236.63 (108.170.236.63)  77.106 ms sfo03s07-in-f110.1e100.net (172.217.5.110)  103.936 ms
Ping to Indus
PING 193.37.254.26 (193.37.254.26) 56(84) bytes of data.
64 bytes from 193.37.254.26: icmp_seq=1 ttl=57 time=69.5 ms
64 bytes from 193.37.254.26: icmp_seq=2 ttl=57 time=68.8 ms
64 bytes from 193.37.254.26: icmp_seq=3 ttl=57 time=69.1 ms
64 bytes from 193.37.254.26: icmp_seq=4 ttl=57 time=68.0 ms
64 bytes from 193.37.254.26: icmp_seq=5 ttl=57 time=69.3 ms
64 bytes from 193.37.254.26: icmp_seq=6 ttl=57 time=68.5 ms
64 bytes from 193.37.254.26: icmp_seq=7 ttl=57 time=70.0 ms
64 bytes from 193.37.254.26: icmp_seq=8 ttl=57 time=69.2 ms
64 bytes from 193.37.254.26: icmp_seq=9 ttl=57 time=69.7 ms
64 bytes from 193.37.254.26: icmp_seq=10 ttl=57 time=68.1 ms
Hmm, I wonder why all the M247 router hops are all labelled as "LAX1" for a "Phoenix" location???

Now we will compare this to Groombridge, a server in M247 Los Angeles

Traceroute to Groombridge
traceroute to groombridge.airservers.org (37.120.132.82), 30 hops max, 38 byte packets
[Redacted my ISP's traceroute hops]
 7  *  *  *
 8  ae-2.r25.lsanca07.us.bb.gin.ntt.net (129.250.3.189)  74.561 ms  97.764 ms  *
 9  ae-5.r01.lsanca20.us.bb.gin.ntt.net (129.250.6.49)  73.048 ms  70.967 ms  73.707 ms
10  ce-0-1-0-0.r01.lsanca20.us.ce.gin.ntt.net (128.241.6.1)  65.112 ms  73.968 ms  71.939 ms
11  irb-0.agg1.lax1.us.m247.com (77.243.185.149)  77.359 ms  *  *
12  vlan2926.as15.lax1.us.m247.com (89.44.212.37)  75.003 ms  73.769 ms  217.138.223.35 (217.138.223.35)  67.763 ms
13  *  *  *
14  *  *  *


Traceroute from Groombridge to YouTube
traceroute to youtube.com (216.58.195.78), 30 hops max, 60 byte packets
 1  10.15.134.1 (10.15.134.1)  71.514 ms  71.502 ms  71.493 ms
 2  vlan170.as15.lax1.us.m247.com (37.120.132.81)  71.810 ms  71.986 ms  72.005 ms
 3  * * *
 4  37.120.220.198 (37.120.220.198)  75.969 ms te-1-2-0.bb1.nyc1.us.m247.com (77.243.185.18)  76.140 ms 37.120.220.198 (37.120.220.198)  75.971 ms
 5  72.14.204.180 (72.14.204.180)  76.149 ms  76.154 ms te-4-3-0.bb1.lax1.us.m247.com (82.102.29.110)  75.138 ms
 6  10.252.173.62 (10.252.173.62)  78.254 ms 72.14.204.180 (72.14.204.180)  73.797 ms  73.781 ms
 7  209.85.254.86 (209.85.254.86)  73.773 ms 10.252.50.62 (10.252.50.62)  73.975 ms 108.170.247.193 (108.170.247.193)  74.551 ms
 8  108.170.237.114 (108.170.237.114)  73.937 ms 108.170.247.193 (108.170.247.193)  74.759 ms 108.170.247.243 (108.170.247.243)  74.214 ms
 9  * 108.170.247.244 (108.170.247.244)  74.196 ms 108.170.234.124 (108.170.234.124)  74.648 ms
10  209.85.254.229 (209.85.254.229)  86.701 ms * 108.170.234.27 (108.170.234.27)  72.588 ms
11  216.239.58.214 (216.239.58.214)  80.460 ms 142.250.234.56 (142.250.234.56)  81.648 ms 172.253.70.155 (172.253.70.155)  83.700 ms
12  108.170.242.241 (108.170.242.241)  80.580 ms 66.249.94.28 (66.249.94.28)  79.787 ms 108.170.242.241 (108.170.242.241)  81.349 ms
13  72.14.239.97 (72.14.239.97)  80.326 ms 108.170.242.241 (108.170.242.241)  81.308 ms 72.14.239.43 (72.14.239.43)  84.462 ms
14  72.14.239.43 (72.14.239.43)  82.598 ms sfo07s16-in-f78.1e100.net (216.58.195.78)  80.463 ms  81.950 ms


Ping to Groombridge
PING groombridge.airservers.org (37.120.132.82) 56(84) bytes of data.
64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=1 ttl=57 time=68.8 ms
64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=2 ttl=57 time=68.8 ms
64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=3 ttl=57 time=68.9 ms
64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=4 ttl=57 time=68.0 ms
64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=5 ttl=57 time=70.4 ms
64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=6 ttl=57 time=69.0 ms
64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=7 ttl=57 time=70.4 ms
64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=8 ttl=57 time=67.6 ms
64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=9 ttl=57 time=68.3 ms
64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=10 ttl=57 time=68.0 ms
Hmm, looks suspiciously similar to me... Routes are both the same, ping is near-equal

Exhibit B: "Barcelona" is really Madrid
Traceroute and ping to Eridanus, allegedly in Barcelona
Traceroute to Eridanus
traceroute to eridanus.airservers.org (185.183.106.2), 30 hops max, 38 byte packets
 [Redacted my ISP's traceroute hops]
 7  *  *  *
 8  be2332.ccr32.bio02.atlas.cogentco.com (154.54.85.246)  83.833 ms  82.655 ms  83.244 ms
 9  be2325.ccr32.mad05.atlas.cogentco.com (154.54.61.134)  86.389 ms  85.839 ms  86.422 ms
10  quantum-sistemas.demarc.cogentco.com (149.6.150.130)  110.559 ms  171.268 ms  118.386 ms
11  *  *  *
12  *  *  *

Traceroute from Eridanus to YouTube
traceroute to youtube.com (216.58.211.46), 30 hops max, 60 byte packets
 1  10.16.134.1 (10.16.134.1)  89.066 ms  89.077 ms  89.072 ms
 2  * * *
 3  xe-1-2-3-0.bb1.mad1.es.m247.com (212.103.51.62)  89.002 ms  88.997 ms  88.992 ms
 4  mad-b1-link.telia.net (213.248.95.33)  89.157 ms  89.176 ms  89.172 ms
 5  google-ic-314668-mad-b1.c.telia.net (62.115.61.14)  89.168 ms  89.324 ms  89.328 ms
 6  * * *
 7  142.250.239.26 (142.250.239.26)  92.637 ms 72.14.233.124 (72.14.233.124)  91.657 ms 142.250.62.202 (142.250.62.202)  91.548 ms
 8  108.170.234.221 (108.170.234.221)  92.059 ms 74.125.242.178 (74.125.242.178)  91.787 ms  144.397 ms
 9  108.170.253.225 (108.170.253.225)  91.930 ms muc03s14-in-f14.1e100.net (216.58.211.46)  91.631 ms 108.170.253.225 (108.170.253.225)  91.934 ms
Hmm, I wonder why M247's router hops in the "Barcelona" location are all labelled as "MAD1"

Ping to Eridanus
PING 185.183.106.2 (185.183.106.2) 56(84) bytes of data.
64 bytes from 185.183.106.2: icmp_seq=1 ttl=56 time=89.4 ms
64 bytes from 185.183.106.2: icmp_seq=2 ttl=56 time=85.9 ms
64 bytes from 185.183.106.2: icmp_seq=3 ttl=56 time=84.9 ms
64 bytes from 185.183.106.2: icmp_seq=4 ttl=56 time=85.5 ms
64 bytes from 185.183.106.2: icmp_seq=5 ttl=56 time=86.4 ms
64 bytes from 185.183.106.2: icmp_seq=6 ttl=56 time=85.0 ms
64 bytes from 185.183.106.2: icmp_seq=7 ttl=56 time=85.3 ms
64 bytes from 185.183.106.2: icmp_seq=8 ttl=56 time=87.1 ms
64 bytes from 185.183.106.2: icmp_seq=9 ttl=56 time=85.8 ms
64 bytes from 185.183.106.2: icmp_seq=10 ttl=56 time=85.3 ms

Comparing this to Mekbuda, a server in Madrid M247

Traceroute to Mekbuda
[Redacted my ISP's traceroute hops]
 7  *  *  *
 8  be2332.ccr32.bio02.atlas.cogentco.com (154.54.85.246)  83.761 ms  82.333 ms  82.102 ms
 9  be2325.ccr32.mad05.atlas.cogentco.com (154.54.61.134)  86.121 ms  85.032 ms  86.308 ms
10  quantum-sistemas.demarc.cogentco.com (149.6.150.130)  94.879 ms  87.337 ms  88.230 ms
11  *  *  *
12  *  *  *



Route from Mekbuda to Youtube
traceroute to youtube.com (216.58.215.142), 30 hops max, 60 byte packets
 1  10.21.198.1 (10.21.198.1)  87.692 ms  87.693 ms  87.686 ms
 2  vlan29.bb2.mad1.es.m247.com (185.93.182.161)  87.696 ms  87.690 ms  87.750 ms
 3  xe-1-1-0-0.bb1.mad1.es.m247.com (82.102.29.25)  87.762 ms  87.758 ms  87.753 ms
 4  mad-b1-link.telia.net (213.248.95.33)  87.956 ms  88.558 ms  87.931 ms
 5  google-ic-314668-mad-b1.c.telia.net (62.115.61.14)  87.836 ms  87.992 ms  87.988 ms
 6  * * *
 7  mad41s04-in-f14.1e100.net (216.58.215.142)  86.846 ms 74.125.242.177 (74.125.242.177)  98.934 ms  98.992 ms


Ping to Mekbuda
PING mekbuda.airservers.org (185.93.182.170) 56(84) bytes of data.
64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=1 ttl=56 time=87.0 ms
64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=2 ttl=56 time=88.4 ms
64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=3 ttl=56 time=86.2 ms
64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=4 ttl=56 time=88.4 ms
64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=5 ttl=56 time=86.7 ms
64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=6 ttl=56 time=85.7 ms
64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=7 ttl=56 time=85.7 ms
64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=8 ttl=56 time=87.1 ms
64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=9 ttl=56 time=88.3 ms
64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=10 ttl=56 time=88.2 ms
Once again, everything is near-identical, with only a slight difference in Youtube traceroute.


Exhibit C: "Berlin" is really in Frankfurt

First we will test ping and traceroute to Cujam, a Berlin M247 server

Traceroute to Cujam
 
[Redacted my ISP's traceroute hops]
 6  *  *  *
 7  ae-9.r20.londen12.uk.bb.gin.ntt.net (129.250.6.146)  73.904 ms  ae-11.r20.parsfr04.fr.bb.gin.ntt.net (129.250.4.195)  78.812 ms  75.580 ms
 8  ae-1.r21.londen12.uk.bb.gin.ntt.net (129.250.2.183)  79.099 ms  ae-2.r21.parsfr04.fr.bb.gin.ntt.net (129.250.3.46)  85.715 ms  ae-1.r21.londen12.uk.bb.gin.ntt.net (129.250.2.183)  78.384 ms
 9  ae-16.r20.frnkge13.de.bb.gin.ntt.net (129.250.3.13)  91.553 ms  ae-11.r21.frnkge13.de.bb.gin.ntt.net (129.250.5.26)  91.521 ms  ae-16.r20.frnkge13.de.bb.gin.ntt.net (129.250.3.13)  94.728 ms
10  ae-0.a00.frnkge13.de.bb.gin.ntt.net (129.250.2.25)  92.855 ms  89.619 ms  90.740 ms
11  ae-8-501.a00.frnkge13.de.ce.gin.ntt.net (213.198.52.62)  91.869 ms  92.824 ms  93.136 ms
12  37.120.220.131 (37.120.220.131)  90.856 ms  vlan2945.agg2.fra4.de.m247.com (193.27.15.241)  92.015 ms  37.120.220.116 (37.120.220.116)  89.007 ms
13  vlan2925.as03.fra4.de.m247.com (83.97.21.17)  88.304 ms  vlan2901.as03.fra4.de.m247.com (82.102.29.155)  93.828 ms  vlan2925.as03.fra4.de.m247.com (83.97.21.17)  89.713 ms
14  *  *  *
15  *  *  *

Traceroute from Cujam to YouTube
 1  10.11.102.1 (10.11.102.1)  89.968 ms  89.978 ms  89.972 ms
 2  37.120.217.241 (37.120.217.241)  90.041 ms  90.036 ms  90.134 ms
 3  vlan2925.agg2.fra4.de.m247.com (83.97.21.16)  89.915 ms  89.910 ms  89.905 ms
 4  37.120.220.130 (37.120.220.130)  90.078 ms 193.27.15.240 (193.27.15.240)  89.956 ms 37.120.220.130 (37.120.220.130)  90.199 ms
 5  vlan2906.bb1.ams1.nl.m247.com (37.120.128.248)  90.252 ms  90.009 ms 37.120.128.253 (37.120.128.253)  90.176 ms
 6  37.120.128.253 (37.120.128.253)  90.171 ms no-mans-land.m247.com (185.206.226.71)  89.888 ms 37.120.128.253 (37.120.128.253)  89.597 ms
 7  no-mans-land.m247.com (185.206.226.71)  89.851 ms 10.252.43.30 (10.252.43.30)  89.962 ms 10.252.45.126 (10.252.45.126)  89.649 ms
 8  108.170.252.1 (108.170.252.1)  90.496 ms 108.170.235.248 (108.170.235.248)  89.578 ms 10.252.73.190 (10.252.73.190)  89.598 ms
 9  108.170.252.83 (108.170.252.83)  90.067 ms 108.170.252.18 (108.170.252.18)  90.020 ms 108.170.252.65 (108.170.252.65)  90.430 ms
10  * * 209.85.252.77 (209.85.252.77)  90.872 ms
11  216.239.50.187 (216.239.50.187)  99.430 ms * 209.85.252.149 (209.85.252.149)  97.794 ms
12  108.170.230.210 (108.170.230.210)  98.329 ms 72.14.238.52 (72.14.238.52)  97.997 ms  97.910 ms
13  108.170.244.161 (108.170.244.161)  97.921 ms 108.170.235.98 (108.170.235.98)  98.316 ms 108.170.244.225 (108.170.244.225)  98.802 ms
14  108.170.232.125 (108.170.232.125)  97.839 ms  98.060 ms  98.173 ms
15  108.170.234.51 (108.170.234.51)  98.067 ms par10s27-in-f206.1e100.net (216.58.198.206)  97.811 ms  98.150 ms


Ping to Cujam
PING cujam.airservers.org (37.120.217.242) 56(84) bytes of data.
64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=1 ttl=53 time=90.3 ms
64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=2 ttl=53 time=91.8 ms
64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=3 ttl=53 time=91.7 ms
64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=4 ttl=53 time=92.5 ms
64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=5 ttl=53 time=91.3 ms
64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=6 ttl=53 time=92.1 ms
64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=7 ttl=53 time=90.5 ms
64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=8 ttl=53 time=91.3 ms
64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=9 ttl=53 time=90.0 ms
64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=10 ttl=53 time=92.1 ms
I wonder why there's no mention of "Berlin" in the traceroute hops, instead says FRA4 for Frankfurt....

Next we will compare this to Mirfak, a M247 Frankfurt server

Traceroute to Mirfak
[Redacted my ISP's traceroute hops]
 5  *  *  *
 6  if-ae-66-8.tcore1.l78-london.as6453.net (80.231.130.194)  93.049 ms  if-ae-66-9.tcore1.l78-london.as6453.net (80.231.130.21)  92.427 ms  if-ae-66-8.tcore1.l78-london.as6453.net (80.231.130.194)  92.662 ms
 7  *  if-ae-3-2.tcore1.pye-paris.as6453.net (80.231.154.142)  94.296 ms  *
 8  *  *  if-ae-11-2.tcore1.pvu-paris.as6453.net (80.231.153.49)  92.280 ms
 9  *  if-ae-49-2.tcore2.pvu-paris.as6453.net (80.231.153.21)  91.508 ms  *
10  if-ae-55-2.tcore1.fr0-frankfurt.as6453.net (80.231.245.7)  100.752 ms  91.321 ms  92.308 ms
11  if-ae-55-2.tcore1.fr0-frankfurt.as6453.net (80.231.245.7)  88.325 ms  195.219.50.23 (195.219.50.23)  96.137 ms  94.877 ms
12  vlan2946.agg1.fra4.de.m247.com (193.27.15.243)  94.155 ms  37.120.220.116 (37.120.220.116)  93.367 ms  37.120.220.118 (37.120.220.118)  91.790 ms
13  vlan2917.as11.fra4.de.m247.com (212.103.51.191)  101.641 ms  vlan2945.agg2.fra4.de.m247.com (193.27.15.241)  90.441 ms  vlan2917.as11.fra4.de.m247.com (212.103.51.191)  93.836 ms
14  *  vlan2917.as11.fra4.de.m247.com (212.103.51.191)  94.359 ms  vlan2919.as11.fra4.de.m247.com (212.103.51.151)  96.080 ms
15  *  *  *
16  *  *  *
The only difference in this traceroute is that the traffic goes through TATA instead of NTT which the Cujam server goes through, but the destination for both is the same: M247 in Frankfurt

Traceroute to YouTube from Mirfak
traceroute to youtube.com (172.217.17.46), 30 hops max, 60 byte packets
 1  10.27.230.1 (10.27.230.1)  96.778 ms  96.764 ms  96.774 ms
 2  vlan27.as11.fra4.de.m247.com (141.98.102.177)  97.067 ms  97.135 ms  97.329 ms
 3  vlan2917.agg1.fra4.de.m247.com (212.103.51.190)  96.705 ms  96.704 ms  96.699 ms
 4  37.120.128.148 (37.120.128.148)  97.120 ms 193.27.15.242 (193.27.15.242)  97.724 ms 37.120.128.148 (37.120.128.148)  97.107 ms
 5  37.120.128.253 (37.120.128.253)  96.833 ms  96.835 ms vlan2906.bb1.ams1.nl.m247.com (37.120.128.248)  96.894 ms
 6  no-mans-land.m247.com (185.206.226.71)  97.037 ms 37.120.128.253 (37.120.128.253)  95.349 ms  95.494 ms
 7  no-mans-land.m247.com (185.206.226.71)  95.615 ms 10.252.45.190 (10.252.45.190)  98.342 ms 10.252.45.158 (10.252.45.158)  96.818 ms
 8  216.239.47.244 (216.239.47.244)  96.897 ms 108.170.252.65 (108.170.252.65)  97.534 ms 142.250.46.244 (142.250.46.244)  96.712 ms
 9  108.170.252.18 (108.170.252.18)  97.041 ms 108.170.251.144 (108.170.251.144)  97.279 ms 108.170.252.18 (108.170.252.18)  96.977 ms
10  * * *
11  209.85.244.158 (209.85.244.158)  104.649 ms * *
12  216.239.42.171 (216.239.42.171)  104.672 ms 216.239.42.102 (216.239.42.102)  116.455 ms 216.239.43.37 (216.239.43.37)  104.324 ms
13  216.239.42.171 (216.239.42.171)  104.748 ms  104.733 ms 216.239.43.37 (216.239.43.37)  115.898 ms
14  108.170.236.135 (108.170.236.135)  104.245 ms  104.183 ms 108.170.236.137 (108.170.236.137)  104.074 ms
15  ams16s29-in-f46.1e100.net (172.217.17.46)  103.791 ms  103.813 ms  102.372 ms



Ping to Mirfak
PING mirfak.airservers.org (141.98.102.234) 56(84) bytes of data.
64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=1 ttl=53 time=89.3 ms
64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=2 ttl=53 time=89.8 ms
64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=3 ttl=53 time=89.1 ms
64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=4 ttl=53 time=90.6 ms
64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=5 ttl=53 time=89.6 ms
64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=6 ttl=53 time=89.2 ms
64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=7 ttl=53 time=90.0 ms
64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=8 ttl=53 time=90.0 ms
64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=9 ttl=53 time=87.6 ms
64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=10 ttl=53 time=88.9 ms
Again, everything is near-identical, suggesting that these Berlin, Phoenix, and Barcelona locations are just falsified geolocation information and nothing more.  With near-identical traceroutes, and ping values that don't differ by more than 1-2ms , it is extremely unrealistic that these servers are in the locations they claim to be.

If you think my data is wrong/inaccurate, then feel free to repeat my experiment yourself, you will find the same thing.

I would like to reiterate that I believe that AirVPN has no part in this falsification and that they have no ill will, I think they were duped/deceived by M247 to believe that the Phoenix, Berlin and Barcelona locations are actually real physical locations M247 has their servers located in. I think after these findings, AirVPN should have a long discussion with M247 staff about this falsification that took place.

Share this post


Link to post
On 12/22/2020 at 1:23 PM, bikes02 said:

Considering this post is nearly a week old I find it a little disconcerting that no one from AirVPN has even bothered to reply to this 

+1

Share this post


Link to post

Hello!

Through round trip times differences, discernment between geographically near locations of servers whose traffic is served by the same transit provider is very hard or not possible, because the deviation may remain inside the range of the experimental error. Anyway if you want to try, use mtr, gather a sufficiently vast set of experimental data and process it according to what statistics teaches.

Tests with YouTube mean literally nothing for obvious reasons.

M247 operates servers in co-owned datacenters and not. Server locations are correct to the best of our knowledge, according to M247 claims and consistent with technical verification.

M247 servers in Phoenix operated by us are located in Phoenix, in the following Cogent datacenter:
https://www.cogentco.com/en/cogent-phoenix

Bootes (Phoenix) IP addresses are in 193.37.254.0/24, a block property of M247 (AS9009) and employed in Cogent above mentioned datacenter.
https://ipinfo.io/AS9009/193.37.254.0/24

You can verify via mtr the last replying hops and check the different final route with M247 servers in Los Angeles (Teegarden,. Grrombridge). Normally traffic in Phoenix is served by Cogent while in Los Angeles mainly by NTT.

Disclaimer: IX location where the provider has a POP may not match datacenter location, for example our servers in Alblasserdam (NL) are in Alblasserdam but have direct lines to AMS-IX, which is in Amsterdam. We report anyway Alblasserdam as it is the town where the servers and its high volume router(s) physically are.

Kind regards
 

Share this post


Link to post
On 12/16/2020 at 5:46 PM, GrandeGiovanni said:

M247 "Barcelona" location seems to really be in Madrid, and the M247 "Berlin" location seems to really be in Frankfurt.

Traceroute shows identical routes between each of these false locations and the real location they are in, not to mention that neither Phoenix, Barcelona, or Berlin appear on M247's list of locations on their website 


Thats what i also stumbled apon. The RTT from Frankfurt <--> Berlin are _the same_, there is simply no way that the Berlin server is located in Berlin as the hop before is Frankfurt with the exact RTT. If i got, lets say 50ms towards Frankfurt, no way i got 50ms towards Berlin when its routed via Frankfurt before as last hop. I wont say Air is lying on their side, but pretty sure M247 is.

 

Share this post


Link to post
On 12/16/2020 at 8:46 AM, GrandeGiovanni said:

I noticed recently that the M247 "Phoenix" location seems to really be located in Los Angeles


@GrandeGiovanni I'm pretty sure you're right, and it's fairly trivial to verify.

I have a server physically located in Los Angeles, in Psychz Networks' data center. If I ping Indus from that server, I get pings as low as ~0.40ms:
$ ping indus.airservers.org
PING indus.airservers.org (193.37.254.26) 56(84) bytes of data.
64 bytes from 193.37.254.26 (193.37.254.26): icmp_seq=1 ttl=59 time=0.421 ms
64 bytes from 193.37.254.26 (193.37.254.26): icmp_seq=2 ttl=59 time=0.554 ms
64 bytes from 193.37.254.26 (193.37.254.26): icmp_seq=3 ttl=59 time=0.450 ms
64 bytes from 193.37.254.26 (193.37.254.26): icmp_seq=4 ttl=59 time=0.403 ms
^C
--- indus.airservers.org ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.403/0.457/0.554/0.058 ms
I don't want to post any links because I'm afraid the forum system will mark this reply as spam, but you can verify this result by searching Google for "Psychz looking glass" and going to their Los Angeles looking glass. It'll let you send pings from their LA network.

I can guarantee you that you will not get <0.5ms pings to a server that's physically in another location. I can't even get pings that low from one Los Angeles data center to othrer data centers in Los Angeles (ColoCrossing and QuadraNet)!
Even the best networks are limited by the speed of light. Ping times are round-trip time, so a ping of 0.4ms means it takes 0.2ms to reach the server. Even if you assume a perfect network where data can flow at the speed of light with zero delays (which in reality is not possible), 0.2ms multiplied by the speed of light is only around 60 kilometers. That's less than 1/10 of the distance from Los Angeles to Phoenix!

Fremont is around the same distance from Los Angeles as Phoenix. If I ping Aquila from the same server, the results are more what you'd expect for that distance:
$ ping aquila.airservers.org
PING aquila.airservers.org (199.249.223.129) 56(84) bytes of data.
64 bytes from 199.249.223.129 (199.249.223.129): icmp_seq=1 ttl=57 time=10.5 ms
64 bytes from 199.249.223.129 (199.249.223.129): icmp_seq=2 ttl=57 time=10.4 ms
64 bytes from 199.249.223.129 (199.249.223.129): icmp_seq=3 ttl=57 time=9.98 ms
64 bytes from 199.249.223.129 (199.249.223.129): icmp_seq=4 ttl=57 time=9.89 ms
64 bytes from 199.249.223.129 (199.249.223.129): icmp_seq=5 ttl=57 time=10.5 ms
^C
--- aquila.airservers.org ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 9.885/10.258/10.544/0.270 ms
 
On 12/27/2020 at 3:01 AM, Staff said:

M247 servers in Phoenix operated by us are located in Phoenix, in the following Cogent datacenter:


From what I've seen so far, I can pretty much guarantee you that the servers are not in that data center. I've tried traceroutes from several providers using Cogent transit. If your VPN servers were actually on Cogent's network in Phoenix, I'd expect them to reach a Cogent router in Phoenix before seeing M247 in the traceroute, as Cogent will keep the traffic in their backbone network for as long as possible. However, in every single case I've seen, the traffic is only routed to Los Angeles on Cogent's network, before moving onto M247's network.

Perhaps the most telling is doing a traceroute from somewhere east of Phoenix. Here's a traceroute I did from Chicago to Indus via Cogent's looking glass:
traceroute to indus.airservers.org (193.37.254.26), 30 hops max, 60 byte packets
 1  gi0-0-0-15.99.agr21.ord01.atlas.cogentco.com (66.250.250.89)  0.733 ms  0.731 ms
 2  be2522.ccr42.ord01.atlas.cogentco.com (154.54.81.61)  1.145 ms  1.150 ms
 3  be2831.ccr21.mci01.atlas.cogentco.com (154.54.42.165)  12.541 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)  16.431 ms
 4  be3036.ccr22.den01.atlas.cogentco.com (154.54.31.89)  23.957 ms be3035.ccr21.den01.atlas.cogentco.com (154.54.5.89)  23.820 ms
 5  be3046.ccr21.elp01.atlas.cogentco.com (154.54.0.45)  36.725 ms be3047.ccr21.elp01.atlas.cogentco.com (154.54.1.125)  36.957 ms
 6  be2930.ccr32.phx01.atlas.cogentco.com (154.54.42.77)  44.976 ms be2929.ccr31.phx01.atlas.cogentco.com (154.54.42.65)  44.659 ms
 7  be2932.ccr42.lax01.atlas.cogentco.com (154.54.45.162)  56.892 ms  56.898 ms
 8  be3359.ccr41.lax05.atlas.cogentco.com (154.54.3.70)  56.621 ms be3243.ccr41.lax05.atlas.cogentco.com (154.54.27.118)  56.532 ms
 9  38.104.85.170 (38.104.85.170)  56.920 ms  56.904 ms
10  * *
11  vlan2909.as09.lax1.us.m247.com (193.9.115.169)  56.739 ms vlan2921.as09.lax1.us.m247.com (193.9.115.167)  56.890 ms
12  * *
13  * *
14  * *

Notice how hop 7 is going from Phoenix to Los Angeles? If the server was physically in Phoenix, there would be no reason to do that.

All signs point to this server being physically located in Los Angeles. There's a possibility that they terminate the network in Los Angeles and then have private backhaul (like a GRE tunnel) from LA to Phoenix, but I wouldn't bet on it, especially with the 0.4ms pings from Los Angeles.
 

Share this post


Link to post
On 12/16/2020 at 8:46 AM, GrandeGiovanni said:

M247 "Barcelona" location seems to really be in Madrid


I think you're correct about this too. I just got a VPS with a hosting provider with servers in Madrid (in the Interxion data center, using M247 as their transit provider) and pings to AirVPN "eridanus" are ~0.4ms. Similar to my Phoenix vs Los Angeles comment above, it's impossible to travel from Madrid to Barcelona in 0.4ms even at the speed of light. The actual ping time between a server in Barcelona and a server in Madrid should be around 7-9ms, which is what I see when I ping a server that's actually in Barcelona. You can see a comparison here: https://dnstools.ws/es/ping/lg.bcn.psychz.net,eridanus.airservers.org/ (these are ping times from a server in Madrid)

Furthermore, ping times from Italy to AirVPN "Eridanus" are higher than ping times to Psychz's looking glass in Barcelona, which is also a sign that the server is in Madrid (since Madrid is further from Italy than Barcelona).

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...