ANSWERED Peerblock Showing and blocking Botnet from AIRVPN Eddie Client

[xkingxkaosx 2]

Lately I been paying attention to my network more and ran across some domains/IP's being blocked constantly by Peerblock. I pinpointed the culprit being the Eddie VPN client.

This is what is being blocked associated with Eddie VPN client:

London Trust Media-Amanah Tech/Possible lrdeto
Open Hosting/possible bayTSP
Sonet - servicos internet, Lda
Client 4938 Private Layer INC
botnet on amanah tech inc

These do not impact the VPN in any way, client or connection. But its concerning because it looks for these domains for connection every second. I love AIRVPN and will continue to use the service. I was just wondering if it really is a botnet infection since many botnet scanners and tools with AV does not show any botnets on my home network.

[OpenSourcerer 1363]

Amanah Tech is a provider of colocation and dedicated servers. Some of AirVPN's CA servers I think are hosted by Amanah. And Private Layer is the data center of Virginis (CH). So the rest are likely AirVPN server providers, too.

As Eddie is pinging all the servers constantly to determine, well, your individual latency to them, you are right that the "culprit" is Eddie.
Now, keep in mind that AirVPN server IPs are shared IPs, shared with hundreds of other clients. They might be flagged because there could be people using the VPN who are oblivious to the fact their computer/network is part of a botnet (or they know full well that they are…).

In any case, it's got nothing to do with your own network, but I applaud the effort to try and find out more. Keep at it.

[xkingxkaosx 2]

Thank you for your reply!

I switched servers and automatically, nothing in peer block is showing. I tried looking up the IP's/domains but only got legitment looking websites. The London Media one scares me more than the botnet because it was once used by Private Internet Access and since they was aquired by Kape, i try to avoid them at all cost lol

This thread is solved!

[OpenSourcerer 1363]

7 minutes ago, xkingxkaosx said:

The London Media one scares me more than the botnet because it was once used by Private Internet Access and since they was aquired by Kape, i try to avoid them at all cost lol

For your information, anyone out there can rent servers from any provider who would have clients. Some providers like M247 are more likely to have VPN providers as clients, so PIA might even have servers there just as AirVPN have. That doesn't mean these servers are in any way connected or are run under the same company ethics or something. A long explanation for "they're independent from each other", so that's not a reason to avoid certain servers based on their data center.

[xkingxkaosx 2]

lmao thanks again! I was able to dig deep in the IP/domains and companies and confirm what you just mentioned. I work in a Major Data Center so this information does make sense - even with London Trust Media. Your knowledge and replies are appreciated!