NL servers suspicious, landing on russian gmail after few days

[yorwos 1]

I have been using a lot the NL servers.
Last weeks I noticed that when I tried to open my gmail account I landed on the russian version of gmail.
I disconnected/reconnected back to NL. Stay connected a few days, back to russian gmail then.
This doesn't look normal ... But is it ?

[OpenSourcerer 1435]

I remember something like this with Google but that was years ago. Might be another geolocation error.

[Updater 1]

Same experience. I hope it's my paranoia, but i think these servers are compromised.
New installation Linux, new installation windows 10 real endpoint is clearly Russia not the Netherlands as expected.
Traffic seems to be routed.

[Staff 9972]

3 hours ago, Updater said:

Same experience. I hope it's my paranoia, but i think these servers are compromised.
New installation Linux, new installation windows 10 real endpoint is clearly Russia not the Netherlands as expected.
Traffic seems to be routed.

For your comfort and peace of mind, check with traceroute (tracert in Windows) or mtr, and/or access various end points which tell you the IP address your packets come from. Typical speed tests sites and "what is my address" web services are perfect. Compare the IP address you get with the supposed exit-IP address of the VPN server you're connected to and verify they match. Finally, query the IANA database (with whois) for a final cross-check. Repeat multiple times for each server to minimize the likelihood that you end up to services which are accomplices of the attackers and therefore mask your IP address making you believe that you have a perfectly fine IP address while in reality your packet has come out from inside the evil Russian network.

As a welcome and smart side-effect, while the attackers could do nothing with the data in transit inside their nodes because of end-to-end encryption, a re-routing of such a kind which would add an additional exit node would turn infringement notices against us exactly to zero, and alas this is not what we observe, not at all 🙄. We have never met such kind and gentle attackers, unfortunately.

Kind regards 😋

[Riddick 13]

On 9/14/2022 at 6:13 PM, Updater said:

Same experience. I hope it's my paranoia, but i think these servers are compromised.
New installation Linux, new installation windows 10 real endpoint is clearly Russia not the Netherlands as expected.
Traffic seems to be routed.

Same here usually connected via NL server Miram showing russian for a week or so when searching on google.com/nl did not notice the language change on Gmail though!
 

Quote

C:\>tracert google.com

Tracing route to google.com [142.250.186.110]
over a maximum of 30 hops:

  1    10 ms    10 ms    10 ms  10.24.86.1
  2    17 ms    16 ms    12 ms  hosted-by-macrobash.com [134.19.179.249]
  3    10 ms    11 ms    10 ms  37.123.210.78
  4    18 ms    23 ms    17 ms  37.123.210.21
  5    53 ms    53 ms    53 ms  109.239.136.80
  6    52 ms    53 ms    52 ms  108.170.250.130
  7    54 ms    53 ms    53 ms  142.251.79.148
  8    54 ms    53 ms    53 ms  142.251.51.185
  9    57 ms    57 ms    55 ms  209.85.248.95
 10    55 ms    73 ms    54 ms  209.85.252.76
 11    55 ms    56 ms    55 ms  108.170.252.1
 12    55 ms    55 ms    55 ms  142.250.214.193
 13    54 ms    55 ms    55 ms  fra24s06-in-f14.1e100.net [142.250.186.110]

Trace complete.

C:\>tracert google.nl

Tracing route to google.nl [172.217.16.131]
over a maximum of 30 hops:

  1     9 ms    10 ms    10 ms  10.24.86.1
  2    15 ms    15 ms    17 ms  hosted-by-macrobash.com [134.19.179.249]
  3    20 ms    11 ms    11 ms  37.123.210.78
  4    25 ms    26 ms    12 ms  37.123.210.21
  5    46 ms    46 ms    46 ms  178.18.227.12.ix.dataix.eu [178.18.227.12]
  6    51 ms    48 ms    46 ms  74.125.244.181
  7    48 ms    49 ms    48 ms  142.251.61.221
  8    48 ms    49 ms    48 ms  142.251.238.73
  9    51 ms    52 ms    51 ms  209.85.245.88
 10    50 ms    51 ms    50 ms  108.170.236.248
 11    50 ms    50 ms    50 ms  108.170.251.129
 12    51 ms    51 ms    51 ms  66.249.94.245
 13    51 ms    51 ms    50 ms  zrh04s06-in-f131.1e100.net [172.217.16.131]

Trace complete.

[Dawind 4]

This is normal for Google. Since geoIP is such a mess, they don't completely trust what geoIP databases report. Instead they use the data they get from browsers visiting from each IP and try to guess if some IP is now being used elsewhere.
Since Russia is currently heavily censoring internet access, AirVPN likely has a lot of Russian users who happen to be using NL servers. Google detects a lot of users with Russian locale are using NL node IPs -> they start offering Russian site by default.

Not sure if there are workarounds for this, other than logging in. But this is not a sign of compromise, so no need to be paranoid. If Russia really was listening, they wouldn't route traffic through Russia. ;)

[Kenwell 9]

It's very very annoying !

• Connected Caph Netherlands Netherlands
• Россия Москва  - На основе ваших предыдущих действий  - Обновить

I'm Dutch.

[RYFA 1]

Same issue here for google and youtube on most of the netherlands servers all saying russia. Is this an issue for security and can Airvpn do anything to fix it? Because even if it's not an issue for security it's still extremely annoying and has been going on for a long time  and is happening to more and more of the servers.

Also what caused an issue like this to begin with?

Hope to see this fixed soon. Thanks for the help.

[Staff 9972]

Hello!

You have already explanations in this very thread and it should be now clear that the problem is Google side. Contact Google! The more contacts they have showing them their error, the more likely they will fix it, although it's unlikely that Google fixes errors in its algorithms after human feedback

On our side, we diligently have our addresses providers keep the IANA / ARIN etc. database records correct, as you can easily verify with whois. We don't have the power to fix Google errors.

Locking the thread before we arrive to a stupidity overflow.

Kind regards