I'm seeing a problem that I know others have seen.
From 1st June last year we've seen traffic increasing from referrer 220.127.116.11
It coincides with a transfer of an intranet belonging to a company we brought into an existing intranet (which shows up correctly within our referral traffic).
I therefore don't think it is someone spoofing the address, and because of the volume of the traffic, I don't believe it's a bot.
I don't really have any more information to go on so if you had to report to your superiors about what this traffic was, based on the limited info, would you, like me think this was something to do with the intranet integration?
It seems too much of a co-incidence otherwise.