Is blacklisting for Air IP addresses getting worse?

[inthemeantime 0]

Hi all,

(I realise there is a Blocked Websites Warning forum, this is more of a general question).

I use a European AirVPN config that usually exits in the Netherlands. In the last month or so, I've had problems with fairly established web properties: Soundcloud, Bandcamp, CircleCI, Supabase. YouTube now routinely needs me to sign in to watch a video (I do not have an account, so I end up foregoing content I want to watch). These sites seem to be sharing a blocklist; they nearly always reject from AirVPN in the Netherlands, but if I switch to a UK VPN, it is nearly always fine (unfortunately another service fails for me if I do that, due to an overly sensitive sign-in system).

What blocklist could they be sharing? Can AirVPN do something about it?

Edited ... by inthemeantime

[Tech Jedi Alex 1496]

On 9/27/2025 at 12:14 AM, inthemeantime said:

These sites seem to be sharing a blocklist

Correlation != causation, as always.
 

On 9/27/2025 at 12:14 AM, inthemeantime said:

Can AirVPN do something about it? 

Of course not. Can AirVPN do something about the users abusing the services? People don't behave, especially behind a VPN, so everyone suffers for it. Simple as that.

[inthemeantime 0]

Your grumpy response is amusing, but perhaps not quite the spirit of helpfulness I am seeking. But I shall persist, Alex; you and I probably share a vision of an internet that is nudged into being VPN-friendly. We don't also need to be warring with each other on top of that.

When I asked whether AirVPN could do something about it, what I actually meant was that AirVPN should do something about it. Specifically, if there are shared blocklists†, as I suspect, they could work with abuse teams to remove the blacklisting. I used to do some spam-fighting many years ago, with honeypots and the like, and that's exactly the kind of arms race that we had there. Reporters would report spam using the SMTP headers, it would influence various interconnected blocklists in subtle ways, and good service providers would be thus encouraged to terminate abusive accounts.

I just contacted the admins of a large site, and I've mentioned their infra is emitting a high number of 429 responses, starting in the last few months, even though I've used them for many years. I've given them an example IP; I'm hopeful they'll come back to me with a concrete reason for their site's behaviour. Interestingly it makes no odds whether I am signed in, so I wonder if there could be some kind of WAF in the way.

† Or they could be sharing the same large edge provider e.g. Cloudflare.

[Tech Jedi Alex 1496]

8 minutes ago, inthemeantime said:

But I shall persist, Alex; you and I probably share a vision of an internet that is nudged into being VPN-friendly

We can of course think in black and white, like there are absolutely zero black sheep among VPN users. Ain't that a nice lullaby to fall asleep to?  If anything, the services offered on the internet react to the crap coming from VPN users, because, yes, those people use it as a tool for, well, at least pseudonymity. Now, the question is, why would they do that instead of going via their normal internet connection? Privacy? Yeah, maybe. Geoblock circumvention so they can watch home TV when they're abroad? Sure.

But the overwhelming majority obviously wants to do something they themselves don't want to be held liable for. I was a good example for this. Most times its torrenting of copyrighted material, that is, not paying for something other people create, but that won't trigger those automated defense systems. Some also abuse the servers for hacking-related things. Especially the latter people, even if they are a minority, are network-wise excessively loud. This shows in the automated defense systems being triggered for everyone, and that is why you post here with a bit of a rant, because it bothers your experience, obviously. Don't point your finger at the defense systems – point them at all those people who think once they paid for a product they share with others they can do what they want and so sully its reputation. It's so egoistical it's almost human.  And it happened before.
 

30 minutes ago, inthemeantime said:

When I asked whether AirVPN could do something about it, what I actually meant was that AirVPN should do something about it. Specifically, if there are shared blocklists†, as I suspect, they could work with abuse teams to remove the blacklisting. I used to do some spam-fighting many years ago, with honeypots and the like, and that's exactly the kind of arms race that we had there. Reporters would report spam using the SMTP headers, it would influence various interconnected blocklists in subtle ways, and good service providers would be thus encouraged to terminate abusive accounts.

Okay, so someone contacts the admin team, works with them to remove some server from their blacklist. Job done, right? Problem is, three days later it's on a blacklist again. Do you know why? Because those people from before smell this, and use the unblocked server for their scripting relentlessly. The less walls to overcome there is, the easier the job, the more fun it is. They come back, even recommend the service as one that actively tries to tear down those walls, and they all think it's for the sake of their attacks. The service gets even more abused.
 

38 minutes ago, inthemeantime said:

I just contacted the admins of a large site, and I've mentioned their infra is emitting a high number of 429 responses, starting in the last few months, even though I've used them for many years. I've given them an example IP; I'm hopeful they'll come back to me with a concrete reason for their site's behaviour. Interestingly it makes no odds whether I am signed in, so I wonder if there could be some kind of WAF in the way.

Do not contact admins to ask for unblocks, it backfires in the most wondrous ways down the line. And yes, it's very likely a WAF.

It's not that the internet is getting more dangerous for users, as the sentiment tends to be around these forums – the users get more dangerous for the hosters, and the hosters react. You really think those walls would be erected without reason? Necessity begets creation. They're not doing this to be a nuisance for VPN users.
 

39 minutes ago, inthemeantime said:

† Or they could be sharing the same large edge provider e.g. Cloudflare.

Service providers like Cloudflare sit in a comfortable position where they can analyze the traffic behavior from many parts of the internet and spot similarities. So I tend to agree with this statement.

[inthemeantime 0]

Partly because I poke fun at human behaviours rather frequently, I find myself tempted to make some harmless observations on our national stereotypes, Alex. In posting here you perhaps satisfy your Germanic requirement for deep detail, and meanwhile when I post, I get to express my English expectation of good manners. One of us may have to leave this conversation a touch disappointed, but his standards are quite exacting. 😝
 

On 9/26/2025 at 11:14 PM, inthemeantime said:

What blocklist could they be sharing?

For readers who are interested in this topic, I will answer the question myself, at least partially. I just found this site, and while I'll not know which scoring device is used for the sites I am having trouble with, it gives an idea of how it might work (and the kinds of report that give rise to it).

https://www.abuseipdb.com/check/213.152.187.235
 

On 9/26/2025 at 11:14 PM, inthemeantime said:

Can AirVPN do something about it?

It turns out that yes, IP block owners can engage with abuse reports. From the above page:
 

Quote

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership.

Do any readers know whether it is would be normal for VPN providers to liaise with the biggest blocklists? (I would imagine it would be a lot of manual work, so I could understand why Air would not want to take it on).

[Staff 10317]

9 hours ago, inthemeantime said:

t turns out that yes, IP block owners can engage with abuse reports. From the above page:
 

Quote

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership.

Do any readers know whether it is would be normal for VPN providers to liaise with the biggest blocklists? (I would imagine it would be a lot of manual work, so I could understand why Air would not want to take it on).

 

Hello!

We confirm that we actively keep "our" IP addresses out of major blacklists, including the sector leader Spamhaus. Most address providers mandate that this is done as they want to keep their addresses "clean". Unfortunately there are thousands of black lists so it is not possible to know and intervene on all of them. About the IP address you mention, you can see here that it's "clean" on almost 100% of the minor black lists and on 100% of the major ones.
https://check.spamhaus.org/results/?query=213.152.187.235
https://whatismyipaddress.com/blacklist-check
https://dnschecker.org/ip-blacklist-checker.php?query=213.152.187.235
https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a213.152.187.235&run=toolpage

Also, please be aware that some minor lists that you see above include an IP address simply because it is shared, regardless of anything else.

Kind regards
 

[Tech Jedi Alex 1496]

13 hours ago, inthemeantime said:

Partly because I poke fun at human behaviours rather frequently, I find myself tempted to make some harmless observations on our national stereotypes, Alex. In posting here you perhaps satisfy your Germanic requirement for deep detail, and meanwhile when I post, I get to express my English expectation of good manners. One of us may have to leave this conversation a touch disappointed, but his standards are quite exacting. 😝

As far as I am concerned, the internet doesn't know nationalities.
Also, my location might be Germany, but I'm not exactly German. But thank you for pigeonholing, anyway.
 

3 hours ago, Staff said:

We confirm that we actively keep "our" IP addresses out of major blacklists, including the sector leader Spamhaus

Learned another thing today, thank you