Jump to content
Not connected, Your IP: 3.234.210.25
yorwos

NL servers suspicious, landing on russian gmail after few days

Recommended Posts

I have been using a lot the NL servers.
Last weeks I noticed that when I tried to open my gmail account I landed on the russian version of gmail.
I disconnected/reconnected back to NL. Stay connected a few days, back to russian gmail then.
This doesn't look normal ... But is it ?

Share this post


Link to post

I remember something like this with Google but that was years ago. Might be another geolocation error.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Unofficial Eddie for Android F-Droid repository: repo.opensourcery.eu

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Same experience. I hope it's my paranoia, but i think these servers are compromised.
New installation Linux, new installation windows 10 real endpoint is clearly Russia not the Netherlands as expected.
Traffic seems to be routed.

Share this post


Link to post
3 hours ago, Updater said:

Same experience. I hope it's my paranoia, but i think these servers are compromised.
New installation Linux, new installation windows 10 real endpoint is clearly Russia not the Netherlands as expected.
Traffic seems to be routed.


For your comfort and peace of mind, check with traceroute (tracert in Windows) or mtr, and/or access various end points which tell you the IP address your packets come from. Typical speed tests sites and "what is my address" web services are perfect. Compare the IP address you get with the supposed exit-IP address of the VPN server you're connected to and verify they match. Finally, query the IANA database (with whois) for a final cross-check. Repeat multiple times for each server to minimize the likelihood that you end up to services which are accomplices of the attackers and therefore mask your IP address making you believe that you have a perfectly fine IP address while in reality your packet has come out from inside the evil Russian network.

As a welcome and smart side-effect, while the attackers could do nothing with the data in transit inside their nodes because of end-to-end encryption, a re-routing of such a kind which would add an additional exit node would turn infringement notices against us exactly to zero, and alas this is not what we observe, not at all 🙄. We have never met such kind and gentle attackers, unfortunately.

Kind regards 😋

 

Share this post


Link to post
On 9/14/2022 at 6:13 PM, Updater said:

Same experience. I hope it's my paranoia, but i think these servers are compromised.
New installation Linux, new installation windows 10 real endpoint is clearly Russia not the Netherlands as expected.
Traffic seems to be routed.

Same here usually connected via NL server Miram showing russian for a week or so when searching on google.com/nl did not notice the language change on Gmail though!
 
Quote
C:\>tracert google.com

Tracing route to google.com [142.250.186.110]
over a maximum of 30 hops:

  1    10 ms    10 ms    10 ms  10.24.86.1
  2    17 ms    16 ms    12 ms  hosted-by-macrobash.com [134.19.179.249]
  3    10 ms    11 ms    10 ms  37.123.210.78
  4    18 ms    23 ms    17 ms  37.123.210.21
  5    53 ms    53 ms    53 ms  109.239.136.80
  6    52 ms    53 ms    52 ms  108.170.250.130
  7    54 ms    53 ms    53 ms  142.251.79.148
  8    54 ms    53 ms    53 ms  142.251.51.185
  9    57 ms    57 ms    55 ms  209.85.248.95
 10    55 ms    73 ms    54 ms  209.85.252.76
 11    55 ms    56 ms    55 ms  108.170.252.1
 12    55 ms    55 ms    55 ms  142.250.214.193
 13    54 ms    55 ms    55 ms  fra24s06-in-f14.1e100.net [142.250.186.110]

Trace complete.

C:\>tracert google.nl

Tracing route to google.nl [172.217.16.131]
over a maximum of 30 hops:

  1     9 ms    10 ms    10 ms  10.24.86.1
  2    15 ms    15 ms    17 ms  hosted-by-macrobash.com [134.19.179.249]
  3    20 ms    11 ms    11 ms  37.123.210.78
  4    25 ms    26 ms    12 ms  37.123.210.21
  5    46 ms    46 ms    46 ms  178.18.227.12.ix.dataix.eu [178.18.227.12]
  6    51 ms    48 ms    46 ms  74.125.244.181
  7    48 ms    49 ms    48 ms  142.251.61.221
  8    48 ms    49 ms    48 ms  142.251.238.73
  9    51 ms    52 ms    51 ms  209.85.245.88
 10    50 ms    51 ms    50 ms  108.170.236.248
 11    50 ms    50 ms    50 ms  108.170.251.129
 12    51 ms    51 ms    51 ms  66.249.94.245
 13    51 ms    51 ms    50 ms  zrh04s06-in-f131.1e100.net [172.217.16.131]

Trace complete.

You're not afraid of the dark web, are you ?

Share this post


Link to post

This is normal for Google. Since geoIP is such a mess, they don't completely trust what geoIP databases report. Instead they use the data they get from browsers visiting from each IP and try to guess if some IP is now being used elsewhere.
Since Russia is currently heavily censoring internet access, AirVPN likely has a lot of Russian users who happen to be using NL servers. Google detects a lot of users with Russian locale are using NL node IPs -> they start offering Russian site by default.

Not sure if there are workarounds for this, other than logging in. But this is not a sign of compromise, so no need to be paranoid. If Russia really was listening, they wouldn't route traffic through Russia. ;)

Share this post


Link to post

It's very very annoying !

  • Connected Caph Netherlands Netherlands
  • Россия Москва  - На основе ваших предыдущих действий  - Обновить

I'm Dutch.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...