Jump to content
Not connected, Your IP: 3.14.132.43
Veep Peep

Exit IP - is this from AirVPN?

Recommended Posts

I use AirVPN when working from home.  I rdp into a work computer.

Question:

How do I get all the exit_ips from AirVpn?

How do I know the exit ip of my session.  I did not remember the server I was using.  But always use a Canadian as, as that has the lowest latency and are physically closer to me.
I think it was titawin and tried:

nslookup ca.all.vpn.airdns.org dns1.airvpn.org (but these
and
nslookup titawin_exit.airvpn.org  (I think I was using the server, and the log was gone next morning when I started up.  This one did not match 184.75.221.171



My work IT security sent this notice to me:

Threat Intel:
VT:
https://www.virustotal.com/gui/ip-address/184.75.221.171
2 detections

Anomali:
Severity: LOW
Confidence: 100
Hi:100 Lo:7 Avg:62
Status: Active
Type: IP (TOR Node IP)
Indicator 184.75.221.171
Tags: Actions on ObjectivesAPTCommand & Control (C2)DeliveryExploitationInstallationmalwareransomwareReconnaissanceWeaponizationzero-dayFastnode_name=tobor8888Runningtcp-0tcp-46410tor_version=0.4.5.10Valid#italy#netwire#rat#remcosratAction: BlockAction: QradarExhangeGeneric Malwarehttps://twitter.com/JAMESWT_MHT/status/1450064258184720388https://twitter.com/pr0xylife/status/1447556826451611649https://twitter.com/pr0xylife/status/1450365853430603783https://twitter.com/pr0xylife/status/1450378118905147395IranianJAMESWT_MHTMalwareO365pr0xylifeBlocklist-Brute-Force-IPs
URL: https://ui.threatstream.com/detail/v2/ip?value=184.75.221.171


Just trying to confirm an AirVPN ip is not triggering this for work.  184.75.221.171
(that ip is a server in Toronto Ont)

Thoughts?

Thanks,

Veep

Share this post


Link to post
7 hours ago, Veep Peep said:

How do I get all the exit_ips from AirVpn?


Not entirely sure it's possible.
 
7 hours ago, Veep Peep said:

This one did not match 184.75.221.171


This one is Alya. Its primary TLS-Auth IP is .170 and comes up if you query ca.all.vpn.airdns.org.
 
7 hours ago, Veep Peep said:

Type: IP (TOR Node IP)


Well, it's not forbidden to run exit nodes behind AirVPN servers, only recommended against to avoid exactly these kinds of incidents. But egoists gotta be egoists. :)
 
7 hours ago, Veep Peep said:

Just trying to confirm an AirVPN ip is not triggering this for work.  184.75.221.171


I can neither confirm nor deny it, but it's a strong indication that it is triggering it.

Also, please don't try to use VPNs at your workplace if they are expressly forbidden or you can otherwise be held accountable for using one.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Not sure what you want to read here. Whether it works? Whether it's advisable? What thoughts are you interested in? :)


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Hello Again,

At work, I am constantly getting messages from our security group about Tor warnings from their systems.   And they send an IP address that matches the exit IP of my AV session

So I let them know I use a vpn (AV)  at home, and sent the the list of AV servers that is public to see. (Servers - AirVPN) and yes, infact that exit ip they define as 'tor' is me.  Not some attack.

It is just when IT Sec says 'tor' ....does not sound like a good thing.

Makes me just wonder that if I don't use a vpn and just my ISP, they would feel safer?

Just looking to your thoughts here.  If you have any about this.

Thanks,



 

Share this post


Link to post
16 hours ago, Veep Peep said:

Makes me just wonder that if I don't use a vpn and just my ISP, they would feel safer?


Makes you wonder? You should probably arrange for yourself to work for a week or two in their department to raise awareness for their troubles. :) Your usage of xVPN is not helping in that regard. They are sensitive for a reason.
 
16 hours ago, Veep Peep said:

It is just when IT Sec says 'tor' ....does not sound like a good thing.


Yeah, typical. People still run Tor exits behind their VPN connections, servers get flagged, and then they're Tor exits, simple. Useless then, useless now..

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

There quite some private blacklists that gather information about major VPN providers and blacklist the exit IP addresses.
It's quite simple to do and easy to automate, with just one subscription (available for any VPN provider).
They append them to the same list of Tor exit relays, for them it's just "multiple anonymous people use this internet address, thus it is a red flag / high risk IP address".

The error for them could be the same as "Tor", but it's not mandatory that someone was running a Tor exit relay under that AirVPN exit server. I get often same captchas / error messages as if I'd be using Tor all the time.

If you use your Internet Provider, regardless it's the same thing, they will have a false sense of security yes, because that IP address from your ISP is most probably not shared between thousands of people and thus not marked as high risk / red flag by dumb automated firewall scripts. Of course technically speaking it's exactly the same thing and it's not more safe, if you have the credentials you connect, if you brute force you have the same probability to match them regardless if it's VPN on or not, but they might ban requests coming from the VPN faster because they use the said blacklist...

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...