Testing whether devices are NordVPN proxies

Discussion in 'other anti-virus software' started by mirimir, Dec 3, 2019.

  1. mirimir

    mirimir Registered Member

    Oct 1, 2011
    It seems that NordVPN is routing traffic to Disney+ through many residential IPv4 in the US.[0,1]

    I've seen no definitive information about the nature of these residential proxies. They might be NordVPN customers in the US. Or they might have installed some app with a bundled proxy server. Or it could even be outright malware.

    So anyway, it'd be cool if people could determine whether their devices are being used as NordVPN exits. Based on preliminary work, it appears that there may be only a few thousand proxy IPv4 in use. So I can imagine something like an anti-malware app, based on a list of hashed IPv4 addresses.

    So I have two questions. Is there an anti-malware provider who might include such a scan? That is, checking if the public IPv4 is in the proxy list. Or instead, is there an easy to use framework for building such an app?

    0) https://www.wilderssecurity.com/thr...it-might-be-through-your-own-computer.423660/
    1) https://news.ycombinator.com/item?id=21664692


    I've run about 300 tests so far, on a few of NordVPN's US servers. And I've hacked a simple Linux test script, using hashed "X-Akamai-Pragma-Client-IP" values.[2]

    Just save the code block at the top as "test.sh" or whatever. Then do "chmod u+x", and execute in the terminal. It'll prompt "IPv4 to search for?". Type an IPv4, and hit "Enter".

    This is howling in the void, I know. But so it goes.

    2) https://pastebin.com/YYc9Kuax
    Last edited: Dec 4, 2019
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.