Jump to content
Not connected, Your IP: 3.17.165.235
yatt007

Strange IP address change?

Recommended Posts

Hello guys,

I would love to hear the insights from someone more technically versed than me.
Lately, I have observed a behavior that occurs strange to me:

I am connected to an AirVPN IP, which I use regularly, let's call it A.
All websites like "what is my ip" do show A as my current IP, however some websites I am
using warn me about a connection from a different IP, like 95.110.200.16 (which I have found in the
forum and it appears to belong to AirVPN).

It would be awesome, if someone could enlighten me.

Share this post


Link to post

Depends on the website warning you. Could be one of the rerouting servers for the double-hop feature.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

One of the best nicknames ever!!

Thank you very much for your reply. I think it is highly likely to be double-hopping as you stated, as I tracked 2 out of 3 IPs to AirVPN.
But why would this feature be activated at seemingly random times (~3 x over the last month) and not everytime I try to connect to the same service?

I really appreciate your insights, OpenSourcerer.

Share this post


Link to post
16 minutes ago, yatt007 said:

One of the best nicknames ever!!


It's actually OpenSorcerer without the u, but that nick is taken. :(
 
17 minutes ago, yatt007 said:

But why would this feature be activated at seemingly random times (~3 x over the last month) and not everytime I try to connect to the same service?


That's why I wrote "depends on the website". Only certain services are supported. If you use AirDNS (= the DNS servers provided by AirVPN) and you browse to one of those sites, you get redirected via a rerouting server. It's just a technique to circumvent geoblocking, it does not happen randomly.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Still one of the best nicknames ever :)))

Let me provide some more detail:
I connected to the same website probably 30+ times over the last month.
2 times out of 30 this website saw the double-hopping IP, while "what-is-my-ip" like websites
showed the conventional AirVPN non-double-hopping IP, the other 28 times the IP was the one seen in Eddie-UI
(aka "expected IP").

The 3rd warning came from another website, but showing the same signs a.a.

Both sites are not listed under "supported services" under the link above, nor would I need this.
So while an intended double-hop does not occur random, in this case it appears unintended and seemingly random.

 

Share this post


Link to post

Of course:
1.  binance.com
2. pionex.com

These are exchanges, so they maybe they detect the double-hop due to security measures, while standard "what-is-my-ip" like sites
do not. However, the seemingly random detection/activation is strange imho.

Have a nice time and thank you very much for your help!

Share this post


Link to post
Posted ... (edited)

Thank you for your reply.
I have missed this post on binance. And it looks like we come closer to an explanation, but this seems slightly different, not?

As Pionex is very close with Binance, maybe they share infrastructure and this is why traffic gets re-routed? After all, my connection to Pionex
got re-routed through the IP
95.110.200.16 .

Why is it not consistently re-routed, but only 2..3 times out of 30 over the timespan of one month? If I understand correctly, being consistently
re-routed is what happened in the post referenced by you.

 

Edited ... by yatt007
clarification

Share this post


Link to post
39 minutes ago, yatt007 said:
As Pionex is very close with Binance, maybe they share infrastructure and this is why traffic gets re-routed? After all, my connection to Pionex
got re-routed through the IP
95.110.200.16 .

95.110.200.16 is an Italian IP belonging to Aruba, not AirVPN. No idea where you got the notion it's AirVPN's. Are you in Italy? Are you using any networking equipment from Aruba? Could also be Pionex' own infratructure.

$ ip-api 95.110.200.16
{
  "status"       : "success",
  "continent"    : "Europe",
  "continentCode": "EU",
  "country"      : "Italy",
  "countryCode"  : "IT",
  "region"       : "52",
  "regionName"   : "Tuscany",
  "city"         : "Arezzo",
  "district"     : "",
  "zip"          : "52100",
  "lat"          : 43.4631,
  "lon"          : 11.8783,
  "timezone"     : "Europe/Rome",
  "offset"       : 7200,
  "currency"     : "EUR",
  "isp"          : "Aruba S.p.A. Network",
  "org"          : "Aruba S.p.A.",
  "as"           : "AS31034 Aruba S.p.A.",
  "asname"       : "ARUBA-ASN",
  "mobile"       : false,
  "proxy"        : true,
  "hosting"      : true,
  "query"        : "95.110.200.16"

.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
Posted ... (edited)

I am not located in Italy. I do not use Aruba technology.

I ran a DuckDuckGo search on the AirVPN site parameters (after obtaining whois inconclusive results):

site:airvpn.org 95.110.200.16

convenience link:
https://duckduckgo.com/?q=site%3Aairvpn.org+95.110.200.16&ia=web

It yields logs of connection attempts to AirVPN infrasctructure, like this one:

, where the very same IP is being shown, so I concluded it belongs to AirVPN in some way.
 

Edited ... by yatt007
wording

Share this post


Link to post
@yatt007

Hello!

Yes, 95.110... is our geo-routing server in Italy. As you previously noted, geo-routing for some destination can be "on" or "off", it can't be "intermittent". Maybe the destination service uses a series of host names and IP addresses and some of them are re-routed and some are not, or maybe your system doesn't query all the times VPN DNS (the only way to be re-routed is querying VPN DNS).

To begin with a preliminary verification, can you please check the second option, and make sure that your system only and exclusively queries VPN DNS?

Kind regards




 

Share this post


Link to post
@yatt007

Hello!

It looks fine... and what are your Operating System name and exact version? Have you checked whether your system queries only VPN DNS? We forgot to tell you that one of the ways you can do that is browsing https://ipleak.net while your system is connected to the VPN.

Kind regards
 

Share this post


Link to post
Posted ... (edited)

Hi staff.

According to Ipleak.net, I am solely connected to AirVPN, no ISP
address is showing.

Eddie changes my Linux (Debian GNU/Linux 10 (buster))
/etc/resolv.conf file ever since I started to use AirVPN years ago:

# Generated by Eddie v2.20.0 | https:
nameserver 10.25.122.1
nameserver fde6:7a:7d20:157a::1
By the way, I have "Network Lock" enabled at all times.

Right now, I have disabled STUN/WebRTC, which was not the case during my observation
of the seemingly random re-routing. Edited ... by yatt007
detail provided

Share this post


Link to post

Hello there.

It happened again, here is all the information I have gathered for you as quickly as possible
in order to support you in your investigation.

1. Received warning for login from pionex about strange IP login from
   116.203.40.18 (despite being connected to AirVPN/Alsephina)

2. Checked: https://airvpn.org/routes/?q=https%3A%2F%2Fpionex.com
    Result : https://i.imgur.com/giY0NX1.png

3. Checked: https://ipleak.net
    Result : https://i.imgur.com/8vZp11L.png

4. Checked: File /etc/resolv.conf
    Result :

    # Generated by Eddie v2.20.0 | https:
    nameserver 10.25.122.1
    nameserver fde6:7a:7d20:157a::1


5. Checked: traceroute on the target website (here: pionex.com)
    Result :
traceroute to pionex.com (35.163.205.100), 30 hops max, 60 byte packets
 1  10.25.122.1 (10.25.122.1)  21.184 ms  21.173 ms  21.202 ms
 2  vlan27.as11.fra4.de.m247.com (141.98.102.177)  21.468 ms  21.582 ms  21.610 ms
 3  vlan2917.agg1.fra4.de.m247.com (212.103.51.190)  21.192 ms  21.212 ms  21.263 ms
 4  vlan299.bb2.fra1.de.m247.com (185.206.226.92)  21.345 ms 37.120.220.119 (37.120.220.119)  21.252 ms  21.280 ms
 5  ffm-b12-link.ip.twelve99.net (213.248.84.210)  21.388 ms vlan2906.bb1.ams1.nl.m247.com (37.120.128.248)  21.385 ms ffm-b12-link.ip.twelve99.net (213.248.84.210)  21.410 ms
 6  ffm-b12-link.ip.twelve99.net (213.248.84.210)  25.435 ms ffm-bb1-link.ip.twelve99.net (62.115.142.46)  161.117 ms  161.081 ms
 7  prs-bb2-link.ip.twelve99.net (62.115.114.98)  175.456 ms  175.538 ms ffm-bb1-link.ip.twelve99.net (62.115.142.46)  171.725 ms
 8  rest-bb1-link.ip.twelve99.net (62.115.122.159)  175.621 ms  175.464 ms *
 9  las-b22-link.ip.twelve99.net (62.115.114.86)  166.418 ms * rest-bb1-link.ip.twelve99.net (62.115.122.159)  175.542 ms
10  vadata-svc071504-lag003440.ip.twelve99-cust.net (213.248.103.235)  175.334 ms a100-ic325184-las-b24.ip.twelve99-cust.net (62.115.155.113)  175.313 ms las-b22-link.ip.twelve99.net (62.115.121.220)  175.655 ms
11  vadata-svc071504-lag003440.ip.twelve99-cust.net (213.248.103.235)  175.611 ms * *
12  * * *
13  52.93.129.225 (52.93.129.225)  191.975 ms 52.93.128.223 (52.93.128.223)  185.265 ms *
14  * * *
15  * * *
16  * * *
17  * * *
18  54.239.41.101 (54.239.41.101)  177.094 ms  186.589 ms *
19  * * *

6. Checked: Re-producing the issue in a timely manner
     Steps:
        6.1   Disconnecting from AirVPN-server Alsephina (no log-out from AirVPN)
        6.2  Re-connecting to Alsephina
        6.3  Logging into pionex
    Result: Not possible to re-produce the issue, normal Alsephina IP reported by pionex

7. Checked: Calling traceroute multiple times in succession
    Result:
# first line of traceroute results from different calls:
1. traceroute to pionex.com (54.201.211.3), 30 hops max, 60 byte packets
2. traceroute to pionex.com (35.163.205.100), 30 hops max, 60 byte packets

Note: Different IPs, maybe due to load-balancing?


Point 6 illustrates this seemingly random re-routing behavior.


Kindest regards,
yatt

 

Share this post


Link to post

Hi Staff.

I do not fully understand.

1. Why does a call to https://airvpn.org/routes/?q=pionex.com
show me a direct connection then (even when observing this behavior)?

2. I thought this double-hop feature is only being used for selected sites.

Thank you very much for sharing your expertise.
Kindest regards,
yatt.

Share this post


Link to post
7 hours ago, yatt007 said:

1. Why does a call to https://airvpn.org/routes/?q=pionex.com
show me a direct connection then (even when observing this behavior)?


You must query the routes checker with the exact URL you want to reach. pionex.com will make your browser redirect to www.pionex.com, which in turn will redirect to the regional subsite depending on your preferred content language.
 
7 hours ago, yatt007 said:

2. I thought this double-hop feature is only being used for selected sites.


It is.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...