- Three-network route test: Modified from [NTrace-core](https://github.com/nxtrace/NTrace-core) to [nt3](https://github.com/oneclickvirt/nt3)
- Speed test: Based on data from [speedtest.net](https://github.com/spiritLHLS/speedtest.net-CN-ID) and [speedtest.cn](https://github.com/spiritLHLS/speedtest.cn-CN-ID), developed to [oneclickvirt/speedtest](https://github.com/oneclickvirt/speedtest)
- Three-network Ping test: Modified from [ecsspeed](https://github.com/spiritLHLS/ecsspeed) to [pingtest](https://github.com/oneclickvirt/pingtest)
- Support root or admin environment testing, support non-root or non-admin environment testing, support offline environment for testing, not support no DNS environment for testing
- Support root or admin environment testing, support non-root or non-admin environment testing, support offline environment for testing, **not yet** support no DNS online environment for testing
**For first-time users of this project, it is recommended to check the instructions: [Jump to](https://github.com/oneclickvirt/ecs/blob/master/README_NEW_USER.md)**
@@ -241,6 +241,8 @@ Usage: goecs [options]
1. Download the compressed file with the .exe file: [Releases](https://github.com/oneclickvirt/ecs/releases)
2. After unzipping, right-click and run as administrator.
PS: If it's a VM environment, it's OK not to run it in administrator mode, because VMs have no native testing tools and will automatically enable alternative methods for testing.
---
### **Docker**
@@ -370,7 +372,7 @@ Note that `goecs` allows you to specify CPU test method via parameters. The defa
## Thanks
Thank [he.net](https://he.net) [bgp.tools](https://bgp.tools) [ipinfo.io](https://ipinfo.io) [maxmind.com](https://www.maxmind.com/en/home) [cloudflare.com](https://www.cloudflare.com/) [ip.sb](https://ip.sb) [scamalytics.com](https://scamalytics.com) [abuseipdb.com](https://www.abuseipdb.com/) [ip2location.com](https://ip2location.com/) [ip-api.com](https://ip-api.com) [ipregistry.co](https://ipregistry.co/) [ipdata.co](https://ipdata.co/) [ipgeolocation.io](https://ipgeolocation.io) [ipwhois.io](https://ipwhois.io) [ipapi.com](https://ipapi.com/) [ipapi.is](https://ipapi.is/) [ipqualityscore.com](https://www.ipqualityscore.com/) [bigdatacloud.com](https://www.bigdatacloud.com/) [dkly.net](https://data.dkly.net) [virustotal.com](https://www.virustotal.com/) and others for providing APIs for testing, and thanks to various websites on the Internet for providing query resources.
Thank [he.net](https://he.net) [bgp.tools](https://bgp.tools) [ipinfo.io](https://ipinfo.io) [maxmind.com](https://www.maxmind.com/en/home) [cloudflare.com](https://www.cloudflare.com/) [ip.sb](https://ip.sb) [scamalytics.com](https://scamalytics.com) [abuseipdb.com](https://www.abuseipdb.com/) [ip2location.com](https://ip2location.com/) [ip-api.com](https://ip-api.com) [ipregistry.co](https://ipregistry.co/) [ipdata.co](https://ipdata.co/) [ipgeolocation.io](https://ipgeolocation.io) [ipwhois.io](https://ipwhois.io) [ipapi.com](https://ipapi.com/) [ipapi.is](https://ipapi.is/) [ipqualityscore.com](https://www.ipqualityscore.com/) [bigdatacloud.com](https://www.bigdatacloud.com/) [dkly.net](https://data.dkly.net) [virustotal.com](https://www.virustotal.com/) [ipfighter.com](https://ipfighter.com/) [getipintel.net](http://check.getipintel.net/) [fraudlogix.com](https://fraudlogix.com) and others for providing APIs for testing, and thanks to various websites on the Internet for providing query resources.
**Virtualization Architecture**: Shows what virtualization architecture the host comes from. Generally recommended: `Dedicated> KVM > Xen` virtualization. Other virtualization types have performance losses, causing performance sharing/loss during use. However, this isn't definitive - only dedicated servers have completely independent resource usage. Other virtualization basically involves resource sharing, depending on whether the host holder is conscientious about this virtual machine. Actual performance superiority still depends on subsequent specialized performance tests.
**Virtualization Architecture**: Shows what virtualization architecture the host comes from. Generally recommended: `Dedicated> KVM >= Xen` virtualization. Other virtualization types have performance losses, causing performance sharing/loss during use. However, this isn't definitive - only dedicated servers have completely independent resource usage. Other virtualization basically involves resource sharing, depending on whether the host holder is conscientious about this virtual machine. Actual performance superiority still depends on subsequent specialized performance tests.
**NAT Type**: Shows NAT type. Specifically recommended: `Full Cone > Restricted Cone > Port Restricted Cone > Symmetric`. Undetectable or non-standard protocol types show as `Inconclusive`. Generally, only special purposes like specific proxies, real-time communication, or FRP port forwarding need special attention to this indicator; other general situations don't need to focus on this metric.
**IPV4/IPV6 Location**: Shows the geographic location of the corresponding protocol's IP in the database.
**IPV4 Active IPs**: Based on bgp.tools information, queries active neighbor count/total neighbor count in the current CIDR block. Since this is non-real-time, there may be delays.
**IPV4 Active IPs:** According to bgp.tools data, the refresh interval for the number of active neighbors/total neighbors within the current CIDR block is approximately 15–20 minutes, which is fairly reliable. (This total and ratio do not represent the number of pingable IPs, but rather the number of IPs observed sending requests to the global monitoring network, which more accurately reflects the number of currently active neighbors.)
**IPV6 Subnet Mask**: Queries the local IPV6 subnet size based on host information.
**IPV6 Subnet Mask:** The local IPv6 subnet size is determined based on the host machine’s configuration. If you intend to allocate independent IPv6 addresses locally, you should possess at least a /80 subnet to ensure sufficient address space. The value is calculated as a power of 2 — the smaller the number, the closer it is to 2, and the larger the available IPv6 subnet range.
### CPU Testing
@@ -402,16 +498,14 @@ Supports command-line parameter selection between `GeekBench` and `Sysbench` for
| Use Case | Suitable for quick testing, only tests computational performance | Suitable for comprehensive testing |
Default uses `Sysbench` for testing, with rough benchmarks as follows:
`Sysbench` benchmarks can be seen in the [CPU Performance Ladder For Sysbench](https://sysbench.spiritlhl.net/) tier chart. The specific score does not depend on the version of Sysbench used for the test. Default uses `Sysbench` for testing, with rough benchmarks as follows:
CPU test single-core `Sysbench` scores above 5000 can be considered first-tier, 4000-5000 points second-tier, roughly one tier per 1000 points.
A single-core CPU score of over 5000 in **Sysbench** can be considered first-tier and classified as high performance, with roughly one tier for every 1000 points.
AMD 7950x single-core full performance scores around 6500, AMD 5950x single-core full performance scores around 5700, Intel regular CPUs (E5 series) around 1000-800, single-core CPUs below 500 can be considered poor performance.
Sometimes multi-core and single-core scores are identical, proving the merchant is limiting program concurrent CPU usage, typical example being Tencent Cloud.
`Sysbench` benchmarks can be seen in the [CPU Performance Ladder For Sysbench](https://sysbench.spiritlhl.net/) tier chart. Specific scores depend on the sysbench version tested.
`GeekBench` benchmarks can be seen in the [official website](https://browser.geekbench.com/processor-benchmarks/) tier chart. Specific scores differ for each `GeekBench` version, pay attention to which `GeekBench` version was used during testing.
One more thing: `GeekBench` tests many things that are actually unused in server operations, tests are for reference only. Of course, `Sysbench` is very incomplete, but it can roughly compare CPU performance based on the most basic computational performance.
@@ -448,12 +542,12 @@ Based on the above table, this project's rough judgment method:
* **≈ 50 GB/s (≈ 51200 MB/s)** → Basically DDR5
| Parameter Method | Test Accuracy | Test Speed | Architecture Compatibility | Dependency Requirements |
| **stream** | High — Stable results, more realistic | Fast | Cross-platform (Linux/Windows/Unix) | Built-in dependencies, no additional installation required |
| **sysbench** | High — Can test CPU, memory, IO, threads, etc., reliable results | Medium | Cross-platform (Linux, partial Windows support) | Requires additional environment installation |
| **winsat** | Medium-High — Windows built-in tool, results environment-dependent | Medium | Windows only | Built-in on physical machines, unavailable on virtual machines |
| **mbw** | Medium — Results may be affected by cache/scheduling | Very Fast | Cross-platform (almost all Unix-like systems) | Built-in dependencies, no additional installation required |
| **dd** | Low — Results affected by cache | Fast | Cross-platform (almost all Unix-like systems) | Requires additional environment installation |
| stream | High — Stable results, more realistic | Fast | Cross-platform (Linux/Windows/Unix) | Built-in dependencies, no additional installation required |
| sysbench | High — Reliable results | Medium | Cross-platform (Linux, partial Windows support) | Requires additional environment installation |
| winsat | Medium-High — Windows built-in tool | Medium | Windows only | Built-in on physical machines, unavailable on virtual machines |
| mbw | Medium — Results may be affected by cache/scheduling | Very Fast | Cross-platform (almost all Unix-like systems) | Built-in dependencies, no additional installation required |
| dd | Low — Results affected by cache | Fast | Cross-platform (almost all Unix-like systems) | Built-in dependencies, no additional installation required |
Default only checks cross-border streaming media unlocking.
Generally speaking, under normal circumstances, multiple streaming services for one IP should have consistent unlock regions without scattered locations. If multiple platforms show inconsistent unlock regions, the IP likely comes from platforms like IPXO rentals or has been recently announced and used, not yet recognized and corrected by streaming media common databases. Due to inconsistent IP database recognition speeds across platforms, sometimes some platforms unlock regions normally, some drift to certain router locations, and some drift to where the IP was before you used it.
Generally speaking, under normal circumstances, multiple streaming services for one IP should have consistent unlock regions without scattered locations. If multiple platforms show inconsistent unlock regions, the IP likely comes from platforms like IPXO rentals or has been recently announced and used, not yet recognized and corrected by streaming media common databases.
Due to inconsistent IP database recognition speeds across platforms, sometimes some platforms unlock regions normally, some drift to certain router locations, and some drift to where the IP was before you used it.
| DNS Type | Unlock Method Judgment Necessary | DNS Impact on Unlocking | Description |
@@ -514,22 +610,118 @@ Generally speaking, under normal circumstances, multiple streaming services for
So during testing, if the host currently uses official mainstream DNS, no judgment of whether it's native unlocking will be performed.
Platforms that are particularly sensitive to IP quality for unlocking include major AI platforms, local streaming services, Reddit, and Spotify. Other multinational platforms are generally less affected by IP quality when it comes to unlocking.
Detects IP-related information from 14 databases. Generally speaking, looking at usage type, company type, and security information's other discriminators is sufficient. Security scores are really just for fun. When multiple platforms show corresponding detection items all having corresponding values, it proves the current IP is indeed as such - don't trust information from just one database source.
Detect IP-related information from 18 databases. Multiple platforms comparing corresponding detection items all show corresponding values, proving that the current IP is indeed as such. Do not only trust information from a single database source:
* **Usage Type & Company Type**: Shows IP attribution and usage scenarios, such as whether it belongs to home users, enterprise office, hosting services, or cloud/data centers.
* **Cloud Provider / Data Center / Mobile Device**: Determines if IP comes from cloud services, data centers, or mobile networks, helping identify shared or high-risk IPs.
* **Proxy / VPN / Tor / Tor Exit**: Detects if IP is used to hide real identity or location, possibly involving anonymous access or abuse behavior.
* **Web Crawler / Bot**: Identifies automated access or collection programs, with reference value for security risk assessment.
* **Anonymous / Abuser / Threat / Relay / Bogon**: Shows IP historical behavior characteristics and whether it belongs to reserved/unallocated IPs, assisting in judging IP credibility.
* **Security Score, Reputation, Trust Score, Threat Score, Fraud Score, Abuse Score**: Various databases' quantified security evaluations of IPs, for reference only.
* **Community Voting & Blacklist Records**: Shows user feedback and public blacklist information, can quickly identify potential risks.
* **Google Search Feasibility**: Tests IP's feasibility for accessing Google search services, indirectly reflecting network restrictions or blocking situations.
Multi-platform comparison is more reliable. Different databases have different algorithms and update frequencies; single sources may misjudge. Similar results from multiple databases indicate higher reliability.
The following are the meanings corresponding to each field
| Field Category | Field Name | Field Description | Possible Values | Scoring Rules |
| Security Score | Reputation | Reputation score of IP address in the security community | Numerical value from 0-100 | Higher is better |
| | Trust Score | Trustworthiness score of IP address | Numerical value from 0-100 | Higher is better |
| | VPN Score | Likelihood score of IP being identified as VPN | Numerical value from 0-100 | Lower is better |
| | Proxy Score | Likelihood score of IP being identified as proxy | Numerical value from 0-100 | Lower is better |
| | Community Votes-Harmless | Score of community members voting the IP as harmless | Non-negative integer | Higher is better |
| | Community Votes-Malicious | Score of community members voting the IP as malicious | Non-negative integer | Lower is better |
| | Threat Score | Overall threat level score of IP address | Numerical value from 0-100 | Lower is better |
| | Fraud Score | Likelihood score of IP address being involved in fraudulent activities | Numerical value from 0-100 | Lower is better |
| | Abuse Score | Score of IP address being reported for abusive behavior | Numerical value from 0-100 | Lower is better |
| | ASN Abuse Score | Abuse score of the ASN (Autonomous System) to which this IP belongs | Decimal from 0-1, may include risk level notation (Low/Medium/High) | Lower is better |
| | Company Abuse Score | Abuse score of the company to which this IP belongs | Decimal from 0-1, may include risk level notation (Low/Medium/High) | Lower is better |
| | Threat Level | Threat level classification of IP address | Text descriptions such as low/medium/high/critical | low is best |
| Blacklist Records | Harmless Count | Number of times marked as harmless in various blacklist databases | Non-negative integer | Value itself has no good or bad |
| | Malicious Count | Number of times marked as malicious in various blacklist databases | Non-negative integer | Lower is better |
| | Suspicious Count | Number of times marked as suspicious in various blacklist databases | Non-negative integer | Lower is better |
| | Undetected Count | Number of times with no records in various blacklist databases | Non-negative integer | Value itself has no good or bad |
| | DNS Blacklist-Total Checks | Total number of DNS blacklist databases checked | Positive integer | Value itself has no good or bad |
| | DNS Blacklist-Clean | Number showing as clean (not listed) in DNS blacklists | Non-negative integer | Higher is better |
| | DNS Blacklist-Listed | Number already listed in DNS blacklists | Non-negative integer | Lower is better |
| | DNS Blacklist-Other | Number returning other statuses in DNS blacklist checks | Non-negative integer | Value itself has no good or bad |
Generally speaking, checking the usage type, company type, and security information below is sufficient. The security score above is only reliable when confirmed by multiple databases, so it's not a problem to skip it. (IDC: generally buy vps identified as this much, is normal in the data center room broadcasting the type of use)
| Cloud Provider | Is Cloud Provider | Whether this IP belongs to a cloud service provider | Yes/No | No good or bad, identification only |
| Data Center | Is Data Center | Whether this IP is located in a data center | Yes/No | No is best if concerned about unblocking |
| Mobile | Is Mobile | Whether this IP is from a mobile device network | Yes/No | Yes is best if concerned about unblocking |
| Proxy | Is Proxy | Whether this IP is a proxy server | Yes/No | No is better |
| VPN | Is VPN | Whether this IP is a VPN service node | Yes/No | No is better |
| Tor Exit | Is TorExit (Tor Exit Node) | Whether this IP is a Tor network exit node | Yes/No | No is better |
| Crawler | Is Crawler | Whether this IP is identified as a web crawler | Yes/No | No is better |
| Anonymous | Is Anonymous | Whether this IP provides anonymity services (such as VPN/Proxy/Tor) | Yes/No | No is better |
| Attacker | Is Attacker | Whether this IP is identified as an attack source (such as DDOS) | Yes/No | No is better |
| Abuser | Is Abuser | Whether this IP has records of active abuse behavior | Yes/No | No is better |
| Threat | Is Threat | Whether this IP is marked as a threat source | Yes/No | No is better |
| Relay | Is Relay | Whether this IP is a relay node | Yes/No | No is better |
| Bogon | Is Bogon (Bogon IP) | Whether this IP is a forged/unallocated IP address | Yes/No | No is better |
| Bot | Is Bot | Whether this IP is identified as bot traffic | Yes/No | No is better |
| Search Engine | Google Search Feasibility | Whether this IP can use Google search service normally | YES/NO | YES is normal |
Multi-platform comparison is more reliable. Different databases have different algorithms and update frequencies. A single source may have misjudgments. If multiple databases show similar results, it indicates the result is more reliable.
Abuser or Abuse scores directly affect the normal use of machines.
If Abuse records exist and the score is high, it indicates that the IP may have been involved in the following behaviors in the past:
- Used for DDoS attacks
- Launched large-scale flood attacks
- Conducted port scanning or network-wide scanning
Such historical records will be reported and entered into the Abuse database. If the IP you take over has just been abused by others, delayed Abuse warning emails may still be sent to the service provider. The service provider may misjudge you as the person engaging in malicious behavior, and then terminate the machine, and in most cases, no refund will be given. For cross-border streaming services, Abuse scores may also affect the platform's reputation rating for that IP.
For users who need residential broadband for streaming unlock requirements (such as e-commerce needs), attention should be paid to whether "Usage Type" and "Company Type" are both identified as ISP. If it is only single ISP or identified as non-ISP, after subsequent database updates, the IP type is likely to be corrected to Hosting, thereby affecting unlock effectiveness.
Most IP identification databases are updated monthly. After updates, IP attributes may be modified, resulting in situations where ISP → Hosting occurs. For some sensitive platforms, such as streaming services in certain specific countries (like Netflix, Spotify), or streaming services that treat different countries differently (like TikTok), the possibility of non-residential unlock is low but not impossible. If you need stable unlock and pursue its special function unlock, you only need to pursue residential broadband streaming unlock. If you're just browsing and watching, there's often no need to pursue residential broadband.
It is necessary to elaborate on IP type classification
Residential Broadband IP
- The attribution location is consistent with the broadcast location, and the broadcast entity is the local telecom operator's AS
- Must be broadcast through international bandwidth lines to be recognized as residential broadband attributes
Native IP
- The attribution location is consistent with the holder, but the broadcast entity is not a local telecom operator
- Common in data centers using their own AS numbers for broadcasting. Even if residential broadband IPs are acquired, the attributes will change to native after a period of time
Broadcast IP
- IP broadcast from location A's AS to location B for use
- Broadcast propagation takes time, usually 1 week to 1 month
- Major operators' attribution location database updates may take 1 to several months
- If local machine rooms conduct broadcasting, residential broadband IPs may be corrected to native or broadcast attributes
Speaking of this, it must be stated that any true residential broadband, when accessing target sites, will definitely not route back to your country and then to the target site. Real overseas home broadband must exit nearby and land nearby.
### Email Port Detection
@@ -602,7 +794,7 @@ In daily use, I prefer to use servers with 1Gbps bandwidth, at least the speed o
Note: macOS systems will skip dependency installation
Warning: This command performs system update(optional), which may:
1. Take considerable time
2. Cause temporary network interruptions
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
