Wikipedia:WikiProject Open proxies/Requests/Archives/49
This is an archive of past discussions on Wikipedia:WikiProject Open proxies. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current main page. |
212.69.160.0/19
{{proxycheckstatus}}
Reason: Datacenter run by Zayo Infrastructure France SA wizzito | say hello! 01:01, 20 April 2023 (UTC)
- Not sure Not sure what to make of this one. The AS for this IP range is currently assigned to QuadraNet, who are a managed infrastructure/colo provider, and who appear to use Zayo for connectivity. However much of the range are further subdivided, for example the currently blocked 212.69.167.64/26 · contribs · block · log · stalk · Robtex · whois · Google is either upstreamnet or Hosteroid depending on who is asking. I'm hesitant to make any recommendations here, as while QuadraNet only provide colo and dedicated servers and some of the subdivisions are definitely other hosting providers that might be using services provided by QuadraNet, Zayo provide services to both business and consumer ISPs, for both fixed line and mobile connections. Given how subdivided this range is, I can't easily and quickly rule out parts of this range being assigned to non-business non-infrastructure customers. Flagging for a second opinion in case I've missed something obvious with determining how this range is subdivided.. Sideswipe9th (talk) 23:16, 18 July 2023 (UTC)
- The subrange 212.69.167.64/26 · contribs · block · log · stalk · Robtex · whois · Google is a webhost, contains proxies, and was abused by a UPE sockfarm focusing on Qatar. However, it is already blocked. I see no activity from other ranges, so I'll close this for the time being. MarioGom (talk) 09:10, 27 August 2023 (UTC)
149.7.65.129
{{proxycheckstatus}}
- 149.7.65.129 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Possible VPN. 73.67.145.30 (talk) 03:21, 8 May 2023 (UTC)
- Just a residential IP. Closing without action. MarioGom (talk) 09:16, 27 August 2023 (UTC)
103.249.62.0/24
{{proxycheckstatus}}
Reason: Cloud proxy server recently used for abuse. 2601:1C0:4401:F60:442:8414:7C65:842 (talk) 17:39, 1 September 2023 (UTC)
- IP is an open proxy - RichT|C|E-Mail 17:36, 2 September 2023 (UTC)
- Blocked. firefly ( t · c ) 17:48, 2 September 2023 (UTC)
125.212.241.0/24
{{proxycheckstatus}}
- It does not look like a VPN. MarioGom (talk) 22:50, 4 September 2023 (UTC)
204.128.182.0/24
{{proxycheckstatus}}
Reason: Disruption. Possible VPN server. 73.67.145.30 (talk) 19:22, 7 May 2023 (UTC)
- It does not look like a VPN. MarioGom (talk) 22:51, 4 September 2023 (UTC)
119.31.189.184
{{proxycheckstatus}}
- 119.31.189.184 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Datacenter IP. Please block this range as it is being abused by User:Anne Barrington's socks. 99.241.217.73 (talk) 15:27, 3 August 2023 (UTC)
- It looks like a residential IP. Closing. MarioGom (talk) 23:03, 4 September 2023 (UTC)
2A10:1FC0:E:0:0:0:0:0/48
{{proxycheckstatus}}
Reason: Open proxy/VPN service. 2601:601:51C:6A8:4D49:CA1F:3CB5:D334 (talk) 17:22, 3 September 2023 (UTC)
- 2a10:1fc0:e::/64 is already blocked. Closing without action. MarioGom (talk) 21:45, 15 September 2023 (UTC)
152.133.16.22
{{proxycheckstatus}}
- 152.133.16.22 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Seems to be an open proxy, VPN I think registered to Department of Veteran Affairs. Recent Abuse according to IpCheck on toolforge. Seawolf35 (talk) 15:30, 6 September 2023 (UTC)
- Nothing indicates this is a VPN. Just vandalism from a Government-registered IP. Closing without action. MarioGom (talk) 21:43, 15 September 2023 (UTC)
88.24.111.11
{{proxycheckstatus}}
- 88.24.111.11 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Open proxy. The IP has already been blocked in the French Wikipedia for exactly this reason. It has been the source of extensive vandalism. Fisandelli (talk) 20:35, 6 September 2023 (UTC)
- I'm familiar with this exact residential proxy network and its blocking both in enwiki and frwiki. Contributions on 14 July 2023 (anything against the UAE) were likely from the troll farm that frequently uses this proxy network, but it is unlikely to be a proxy right now. Closing without action. MarioGom (talk) 18:16, 13 September 2023 (UTC)
202.4.186.179
{{proxycheckstatus}}
- 202.4.186.179 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Blocked before as proxy, tagged as public proxy by whatismyipaddress.com, being used for vandalism by LTA who just 1 day ago used <an IP> (also tagged a public proxy) located very far away from the new IP. 2804:F14:808E:A601:F0B3:ED6F:D12C:B951 (talk) 10:22, 6 July 2023 (UTC)
- Likely IP is an open proxy Seems likely to be a compromised server based on the shodan info. It's currently blocked for a month by Primefac, but I think we could probably make this one longer. Sideswipe9th (talk) 04:01, 15 July 2023 (UTC)
- Closed Globally blocked until December by AmandaNP. --Malcolmxl5 (talk) 14:12, 30 October 2023 (UTC)
194.26.74.0/24
{{proxycheckstatus}}
Reason: Cloud proxy/VPN server. 2601:1C0:4401:F60:CC1B:7FBB:65E7:4373 (talk) 18:00, 8 August 2023 (UTC)
- IP is an open proxy — Mdaniels5757 (talk • contribs) 00:41, 15 August 2023 (UTC)
- Closed Blocked. --Malcolmxl5 (talk) 14:09, 30 October 2023 (UTC)
207.231.104.0/21
{{proxycheckstatus}}
Reason: Belongs to "HostRush" VPN services. Disruption from 207.231.105.153 (talk · contribs · WHOIS). See WHOIS for /21 range confirmation. 2601:1C0:4401:F60:B09F:5E03:B2DE:5C0F (talk) 17:55, 12 August 2023 (UTC)
- IP is an open proxy — Mdaniels5757 (talk • contribs) 00:39, 15 August 2023 (UTC)
- Closed Blocked. --Malcolmxl5 (talk) 14:02, 30 October 2023 (UTC)
87.236.146.236
{{proxycheckstatus}}
- 87.236.146.236 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 87.236.146.71 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Although not a proxy, this IP is from a web hosting provider. This IP is allocated to the Veselí nad Lužnicí town government. Looking at the IP's global contributions, it appears it this IP has been blocked on the German Wikipedia [1].
Update #1: Added another IP that might from the same web hosting provider. Apparently, this IP was blocked on the Spanish Wikipedia for being a proxy.
SpinnerLaserzthe2nd (talk) 20:07, 19 August 2023 (UTC)
- Both IPs are Seed4me VPN nodes. 87.236.146.0/24 · contribs · block · log · stalk · Robtex · whois · Google seems to be a webhost block. I would suggest a hard block on the /24. MarioGom (talk) 23:07, 4 September 2023 (UTC)
- Closed /24 blocked. --Malcolmxl5 (talk) 14:31, 9 November 2023 (UTC)
141.95.0.0/17
{{proxycheckstatus}}
OVH, several proxies and VPNs. MarioGom (talk) 08:59, 27 August 2023 (UTC)
- Closed Globally blocked. --Malcolmxl5 (talk) 13:36, 30 October 2023 (UTC)
37.218.244.0/24
{{proxycheckstatus}}
Reason: Webhost. 2601:601:51C:A47:E530:E9E5:B590:2100 (talk) 15:17, 8 September 2023 (UTC)
- Confirmed - 37.218.244.251 is Riseup VPN and 37.218.244.0/24 is Greenhost. The /24 should be good for a webhost block. MarioGom (talk) 18:13, 13 September 2023 (UTC)
- Closed Blocked and closing. --Malcolmxl5 (talk) 19:33, 22 October 2023 (UTC)
154.47.16.0/20
{{proxycheckstatus}}
Reason: Webhost/VPN. 2601:601:51C:2D16:612F:DB7E:1100:4008 (talk) 04:42, 9 September 2023 (UTC)
- Confirmed - 154.47.25.162 and 154.47.25.146 are Proton VPN, 154.47.16.0/24 is CDNEXT, and 154.47.16.0/20 is CDN77. So the wider /20 is good for a webhost block. MarioGom (talk) 18:12, 13 September 2023 (UTC)
- Closed Blocked by Blablubbs. --Malcolmxl5 (talk) 19:30, 22 October 2023 (UTC)
103.171.44.0/23
{{proxycheckstatus}}
Reason: Cloud/VPN server. 2601:601:51C:D94:6487:982:C0FF:2E5D (talk) 19:46, 10 September 2023 (UTC)
- Confirmed - 103.171.44.94 is Pandapro/Plex VPN and is already blocked, but the /23 range should also be good for a webhost block (cloudtechtiq.com). MarioGom (talk) 18:10, 13 September 2023 (UTC)
- Closed Blocked and closing. --Malcolmxl5 (talk) 19:27, 22 October 2023 (UTC)
87.236.146.236
{{proxycheckstatus}}
- 87.236.146.236 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Despite the recent block in French Wikipedia due to remove sources on the Angolan Civil War article, the proxy IP had started various sources in Wikipedias of other languages. SpinnerLaserzthe2nd (talk) 14:29, 6 November 2023 (UTC)
- Closed Already blocked; the /24 is blocked as well. --Malcolmxl5 (talk) 14:42, 9 November 2023 (UTC)
38.95.10.252
{{proxycheckstatus}}
- 38.95.10.252 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: The IP is hosted on Acehost. See also the edit summary on this diff. --Leonidlednev (T, C, L) 05:45, 4 August 2023 (UTC)
- Closed. Globally blocked by Tegel. --Malcolmxl5 (talk) 00:13, 11 November 2023 (UTC)
5.161.0.0/16
{{proxycheckstatus}}
Reason: Webhost IP range recently used for disruption. 2601:1C0:4401:F60:D587:449F:646D:BACC (talk) 17:59, 18 August 2023 (UTC)
- Closed. Already blocked by ST47. --Malcolmxl5 (talk) 00:10, 11 November 2023 (UTC)
194.165.59.0/24
{{proxycheckstatus}}
Reason: Repeating blocked IP edits via use of VPN; see edit history of Hispanics and Latinos in Los Angeles. Jalen Folf (talk) 01:27, 12 October 2023 (UTC)
- Closed. Globally blocked by Superpes15. --Malcolmxl5 (talk) 17:45, 10 November 2023 (UTC)
89.119.251.40
{{proxycheckstatus}}
- 89.119.251.40 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: This IP has been detected as a proxy IP (https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/89.119.251.40). According to CleanTalk, this IP is reported as a spam IP that also committed brute force attacks. SpinnerLaserzthe2nd (talk) 20:24, 26 October 2023 (UTC)
- Closed. Blocked by HJ Mitchell. --Malcolmxl5 (talk) 21:36, 16 November 2023 (UTC)
156.255.1.0/24
{{proxycheckstatus}}
Reason: Webhost. 73.67.145.30 (talk) 18:12, 25 May 2023 (UTC)
- The /24 is announced by an Armenian cloud hosting provider, and data on Shodan has many of the IPs running common server OSes. Should be safe to webhost block the range. There's 17 other /24 ranges from the same provider listed on HE, though some are currently locally and globally blocked. I'll append a list of the unblocked ranges to this report shortly that should also be safe for a webhost block. Sideswipe9th (talk) 01:22, 17 July 2023 (UTC)
- The following /24s are all announced by the same hosting provider and should be safe for a webhost block. I also discovered a second AS for the same provider. Three of the ranges from this provider are currently webhost or coloblocked.
- 45.195.200.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 45.195.250.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 82.115.17.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 82.115.20.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 82.115.21.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 82.115.24.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 82.115.25.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 82.115.26.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 156.236.31.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 156.241.0.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 156.253.5.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 156.255.1.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 185.110.191.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 185.202.113.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 185.110.188.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 185.110.189.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 185.110.190.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 185.208.172.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 195.248.240.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 195.248.241.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 195.248.242.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 195.248.243.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- I don't think there's any more ranges from this particular provider, though I've reached my HE BGP query cap for the day so can't be sure. Sideswipe9th (talk) 01:49, 17 July 2023 (UTC)
- The following /24s are all announced by the same hosting provider and should be safe for a webhost block. I also discovered a second AS for the same provider. Three of the ranges from this provider are currently webhost or coloblocked.
- Closed. All blocked. Closing. --Malcolmxl5 (talk) 12:57, 29 November 2023 (UTC)
5.181.248.0/22
{{proxycheckstatus}}
Reason: Webhost/VPN range. 2601:1C0:4401:F60:592C:6755:67BE:F9D9 (talk) 20:27, 26 August 2023 (UTC)
- Not currently an open proxy — Mdaniels5757 (talk • contribs) 00:31, 8 December 2023 (UTC)
208. 184.89.11
{{proxycheckstatus}}
- 208.184.89.11 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Webhost/VPN Seawolf35 (talk) 16:20, 28 September 2023 (UTC)
- Unlikely IP is an open proxy — Mdaniels5757 (talk • contribs) 00:32, 8 December 2023 (UTC)
158.248.81.61
{{proxycheckstatus}}
- 158.248.81.61 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: This is likely to be block-evasion from Belteshazzar who has been globally banned by the WMF [2]. From a search I did, the IP is listed as an open proxy. Psychologist Guy (talk) 20:30, 8 October 2023 (UTC)
- Not currently an open proxy — Mdaniels5757 (talk • contribs) 00:05, 8 December 2023 (UTC)
210.3.160.0/19
{{proxycheckstatus}}
Reason: Open proxy per block on Commons, see their blocking log. -- LemonSlushie 🍋 (talk) (edits) 07:01, 25 October 2023 (UTC)
- The entire range is not a proxy, but some IPs in it are. Given minimal recent disruption, best to block them when they come up. — Mdaniels5757 (talk • contribs) 00:08, 8 December 2023 (UTC)
IP2603:7000:2101:AA00:A043:72FB:85CE:2E30
{{proxycheckstatus}}
- 2603:7000:2101:AA00:A043:72FB:85CE:2E30 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · geo · rangeblocks · spur · shodan
Reason: Undoing categorization work which was done after an informal discussion and is now in my talk page demanding an explaination. Omnis Scientia (talk) 21:44, 7 December 2023 (UTC)
- @Omnis Scientia: could you expand briefly on why you think this IPv6 is a proxy? Sideswipe9th (talk) 23:19, 7 December 2023 (UTC)
- They have a disagreement with a few category moves I made per an informal discussion. Also, they have an issue with a discussion on going in WP:CFD but, instead of going there, are harrassing me since I'm the one who began it. I believe they have made disruptive edits as well and are making similar demands from other users.
- (if I am doing this incorrectly, apologies. this is my first time making such a request). Omnis Scientia (talk) 23:27, 7 December 2023 (UTC)
- @Omnis Scientia: While that might warrant a discussion at WP:ANI or another relevant behavioural noticeboard, if there is an intractable behavioural issue (note a disagreement isn't strictly an intractable behavioural issue), I'm still unclear why you think this IP is an open proxy. Are your only concerns with the editor behavioural and not technical? Sideswipe9th (talk) 00:17, 8 December 2023 (UTC)
- I suppose my concerns about this editor are behavioural. I do apologize; clearly, I did this incorrectly. Omnis Scientia (talk) 06:01, 8 December 2023 (UTC)
- @Omnis Scientia: No worries. As I said, if there is a behavioural issue, you may wish to bring it to one of the relevant behavioural noticeboards. You'll find some helpful info at WP:DR for how to handle this type of situation in general. As there doesn't seem to be a question surrounding proxy use, I'm going to close this check as denied. Sideswipe9th (talk) 18:12, 8 December 2023 (UTC)
- @Sideswipe9th, thank you for the suggestions. Much appreciated! Omnis Scientia (talk) 18:20, 8 December 2023 (UTC)
- @Omnis Scientia: No worries. As I said, if there is a behavioural issue, you may wish to bring it to one of the relevant behavioural noticeboards. You'll find some helpful info at WP:DR for how to handle this type of situation in general. As there doesn't seem to be a question surrounding proxy use, I'm going to close this check as denied. Sideswipe9th (talk) 18:12, 8 December 2023 (UTC)
- I suppose my concerns about this editor are behavioural. I do apologize; clearly, I did this incorrectly. Omnis Scientia (talk) 06:01, 8 December 2023 (UTC)
- @Omnis Scientia: While that might warrant a discussion at WP:ANI or another relevant behavioural noticeboard, if there is an intractable behavioural issue (note a disagreement isn't strictly an intractable behavioural issue), I'm still unclear why you think this IP is an open proxy. Are your only concerns with the editor behavioural and not technical? Sideswipe9th (talk) 00:17, 8 December 2023 (UTC)
- Declined to run a check Declining per above discussion. Sideswipe9th (talk) 18:13, 8 December 2023 (UTC)
223.29.224.0/24
{{proxycheckstatus}}
Reason: Disruption, possibly a VPN server. 2601:1C0:4401:F60:817:B3DA:A0F9:1195 (talk) 20:01, 19 August 2023 (UTC)
- Unlikely IP is an open proxy as to the range, Confirmed as to Special:Contributions/223.29.224.103 and Special:Contributions/223.29.224.82, please block the single IPs only. — Mdaniels5757 (talk • contribs) 00:20, 8 December 2023 (UTC)
- 223.29.224.103 and 223.29.224.82 blocked. Closing. --Malcolmxl5 (talk) 20:08, 10 December 2023 (UTC)
156.96.150.0/23
{{proxycheckstatus}}
Reason: VPN server. Previously blocked. 2601:1C0:4401:F60:7C72:5877:80EB:F896 (talk) 19:31, 14 August 2023 (UTC)
- Inconclusive as to the range, Confirmed as to Special:Contributions/User:156.96.151.132. Please block the single IP only. — Mdaniels5757 (talk • contribs) 00:16, 8 December 2023 (UTC)
- 156.96.151.132 blocked. Closing. --Malcolmxl5 (talk) 21:58, 11 December 2023 (UTC)
86.58.254.34
{{proxycheckstatus}}
- 86.58.254.34 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: VPN server/datacenter IP. Vandalism, see edit filter log. 2601:1C0:4401:F60:B09F:5E03:B2DE:5C0F (talk) 17:49, 12 August 2023 (UTC)
- Confirmed that the range Special:Contributions/86.58.224.0/19 is a cloud provider; please rangeblock. — Mdaniels5757 (talk • contribs) 00:12, 8 December 2023 (UTC)
- Range blocked and closing. --Malcolmxl5 (talk) 00:04, 19 December 2023 (UTC)
2a02:27aa::/32
{{proxycheckstatus}}
Pro forma. — Mdaniels5757 (talk • contribs) 21:37, 17 December 2023 (UTC)
- Confirmed via WHOIS. — Mdaniels5757 (talk • contribs) 21:37, 17 December 2023 (UTC)
- Blocked by Materialscientist. Closing. --Malcolmxl5 (talk) 19:28, 20 December 2023 (UTC)
204.186.235.14
{{proxycheckstatus}}
- 204.186.235.14 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: disruptive edits, multiple blocks over the years, including proxy block. Nobody (talk) 14:12, 3 January 2024 (UTC)
- @1AmNobody24: Not currently an open proxy This is a school, I think. — Mdaniels5757 (talk • contribs) 01:01, 4 January 2024 (UTC)
- @Mdaniels5757: Thanks for checking. Malcolmxl5 has already tagged the talk page. Nobody (talk) 06:24, 4 January 2024 (UTC)
49.228.98.251
{{proxycheckstatus}}
- 49.228.98.251 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: This IP came up on UTRS. Blocked both globally and locally, but from my checks it seems like it isn't a proxy any longer. DatGuyTalkContribs 19:31, 1 January 2024 (UTC)
- @DatGuy: I agree, Not currently an open proxy. Posted to m:SRG, I assume you can handle the local block. — Mdaniels5757 (talk • contribs) 00:58, 4 January 2024 (UTC)
- Completed. DatGuyTalkContribs 20:56, 4 January 2024 (UTC)
- Closed. — Mdaniels5757 (talk • contribs) 19:35, 6 January 2024 (UTC)
103.127.218.172
{{proxycheckstatus}}
- 103.127.218.172 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Listed as proxy at IPQualityScore. The whole range 103.127.216.1-103.127.219.254 belongs to the same provider. Siawase (talk) 10:32, 3 January 2024 (UTC)
- Confirmed this is http://www.cwis.jp/service/aboutcw.php, please {{webhostblock}} 103.127.218.0/23. — Mdaniels5757 (talk • contribs) 00:51, 4 January 2024 (UTC)
- Blocked 1y. DatGuyTalkContribs 20:56, 4 January 2024 (UTC)
- Closed. — Mdaniels5757 (talk • contribs) 19:35, 6 January 2024 (UTC)
86.40.130.39
{{proxycheckstatus}}
- 86.40.130.39 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Listed as a VPN server. 2601:5CC:8300:A7F0:7186:1FB7:1CA:90A5 (talk) 23:39, 16 January 2024 (UTC)
- Likely IP is an open proxy This IP is likely a residential proxy, active on multiple services. A short term block would be appropriate if any admin is patrolling the page at the moment, however if disruption is ongoing it may be more expedient to report this to WP:AIV or WP:ANI. Sideswipe9th (talk) 23:48, 16 January 2024 (UTC)
- User:Sideswipe9th I do not think there is really ongoing disruption unless people are using accounts. The one edit I reverted, as best I could interpret from the confusing edit summary, looked like confusion but not malice. The IP does have a previous block for vandalism though [3], so maybe it is a long-term on-and-off proxy. I will leave the determination of how to best address that potentiality to people more experienced in this area. 2601:5CC:8300:A7F0:7186:1FB7:1CA:90A5 (talk) 00:03, 17 January 2024 (UTC)
- This type of proxy, a residential proxy, is typically short lived, with most appearing and disappearing on one or more proxy networks within a few days. It's not the sort of proxy that we issue a long term block for because they are typically transient. Sideswipe9th (talk) 00:05, 17 January 2024 (UTC)
- Fair enough, so you can close this unless you believe it may be used by people with accounts for disruption, and I will report to WP:AIV if someone disrupts past a fourth warning. 2601:5CC:8300:A7F0:7186:1FB7:1CA:90A5 (talk) 00:08, 17 January 2024 (UTC)
- User:Sideswipe9th, the proxy has now been blocked by User:TheresNoTime, should this be closed? 2601:5CC:8300:A7F0:A5EF:77D4:910:538E (talk) 06:37, 18 January 2024 (UTC)
- Yes, I’ll close it. Malcolmxl5 (talk) 02:17, 20 January 2024 (UTC)
- This type of proxy, a residential proxy, is typically short lived, with most appearing and disappearing on one or more proxy networks within a few days. It's not the sort of proxy that we issue a long term block for because they are typically transient. Sideswipe9th (talk) 00:05, 17 January 2024 (UTC)
- User:Sideswipe9th I do not think there is really ongoing disruption unless people are using accounts. The one edit I reverted, as best I could interpret from the confusing edit summary, looked like confusion but not malice. The IP does have a previous block for vandalism though [3], so maybe it is a long-term on-and-off proxy. I will leave the determination of how to best address that potentiality to people more experienced in this area. 2601:5CC:8300:A7F0:7186:1FB7:1CA:90A5 (talk) 00:03, 17 January 2024 (UTC)
75.162.119.220
{{proxycheckstatus}}
- 75.162.119.220 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Spur reports "belongs to a call-back proxy network". See Talk:Catalent#Undisclosed paid edits and recurring attempts by IPs to add unreferenced financial info to the article, and now this IP is doing same.
See WP:WikiProject on open proxies/Requests/Archives/46#175.158.155.92/Requests/Archives/46#175.158.155.92 for MarioGom's findings on proxy IP(s) at the same article in 2022. ☆ Bri (talk) 18:29, 19 January 2024 (UTC)
- Blocked for one week. Little point in blocking these types of proxies for longer as they are so short lived. Malcolmxl5 (talk) 02:12, 20 January 2024 (UTC)
165.225.192.0/18
{{proxycheckstatus}}
Reason: Webhost/VPN. 73.67.145.30 (talk) 16:23, 17 May 2023 (UTC)
- I'm in two minds about this one. The range is a webhost who provide a proxy service on it, but it's Zscaler. There are Zscaler ranges that are currently locally blocked (eg 137.83.128.0/24, 89.167.131.0/24, quarry for other ranges) and even some that are globally blocked (like 104.129.192.0/20), but the service itself has been discussed a couple of times at AN (September 2021, August 2020) and there seems to be a consensus that a {{Colocationwebhost-soft}}/softblock might be appropriate in some circumstances. But, this is a pretty big range, and even with some problematic IP edits here, there'd be a lot of collateral. Not sure what to recommend off this one, but I'm going to ping Zzuuzz and ST47 as you both seem to have handled many of these IPs and ranges. Sideswipe9th (talk) 02:28, 17 July 2023 (UTC)
- As I previously commented on those linked threads, I usually strongly oppose blocking Zscaler just because it's Zscaler. We don't need to aim for consistency here, just block where there's disruption. Looking at the range, nothing really jumps out to me. -- zzuuzz (talk) 08:49, 17 July 2023 (UTC)
- Hmmm. Personally I like consistency, as it makes handling cases like this easier. Though, I do of course recognise that Zscaler has a large number of legitimate users. There are certainly disruptive edits in the range, they're more visible if you filter the contribs by mw-reverted, or one of the "possible BLP/vandalism" tags, but with a range this large that's kinda to be expected I guess. I guess it comes down to what our policy on general paid proxies is, and the global policy is certainly that paid proxies may be blocked without warning for an indefinite period, but that discussion seems out of scope for this request. Sideswipe9th (talk) 18:31, 17 July 2023 (UTC)
- As I previously commented on those linked threads, I usually strongly oppose blocking Zscaler just because it's Zscaler. We don't need to aim for consistency here, just block where there's disruption. Looking at the range, nothing really jumps out to me. -- zzuuzz (talk) 08:49, 17 July 2023 (UTC)
- Now softblocked, so moot, closing. For the record, I concur with zzuuzz – zscaler blocks are generally only worth it if abused. --Blablubbs (talk) 03:03, 21 January 2024 (UTC)
14.231.0.0/16 and 113.177.0.0/16
{{proxycheckstatus}}
- 14.231.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
- 113.177.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
Individual IP's in these two ranges, 14.231.169.16 and 113.177.23.65, have already been blocked as proxies on the Swedish and Russian Wikipedias respectively. Both blocked IP's were used on those projects by User:Phạm Văn Rạng to evade their global lock. They look to be using a larger portion of these IP ranges for evasion on this project as well. I've already applied some range blocks to deal with the evasion, but some insight into what's going on technically would be appreciated. Courtesy pinging @Riggwelter: and @Q-bit array: who applied to blocks on the other projects, in case you want to weigh in here. Sir Sputnik (talk) 17:19, 30 July 2023 (UTC)
- Sir Sputnik: There might be some individual open proxies within the ranges, but the ranges themselves seem to be residential, and a few IPs with contribs appear to be just normal residential connections. MarioGom (talk) 22:57, 4 September 2023 (UTC)
- Stale by now, closing. --Blablubbs (talk) 02:59, 21 January 2024 (UTC)
190.150.219.167
{{proxycheckstatus}}
- 190.150.219.98 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 190.150.219.167 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 190.150.219.92 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 190.150.219.207 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 190.150.219.107 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 190.150.219.222 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 190.150.219.235 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 190.150.219.248 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Identified as VPN server by WHOIS. Spur reports "belongs to a call-back proxy network". IP hopping/proxy use at beauty pageant pages strongly suggests nefarious editing, there are many sockfarms active at the same pages these are editing. IPs are listed roughly from most recent to least. ☆ Bri (talk) 04:16, 18 January 2024 (UTC)
- Not seeing it; ISP is residential, editor is stable on /24; verbose Spur output also doesn't give cause for concern. Closing without action. --Blablubbs (talk) 02:52, 21 January 2024 (UTC)
23.184.48.0/24
{{proxycheckstatus}}
Reason: IncogNet LLC. Listed as VPN by WP:IP Info feature. Someone who's wrong on the internet (talk) 06:02, 18 January 2024 (UTC)
- Yes. Blocked, along with many of these + added to ASNblock. Closing. --Blablubbs (talk) 02:58, 21 January 2024 (UTC)
103.153.64.34
{{proxycheckstatus}}
- 103.153.64.34 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Proxy IP check by Proxy API Checker SpinnerLaserzthe2nd (talk) 00:10, 21 January 2024 (UTC)
- Might've been one at the time, doesn't look to be one anymore. Closing without action --Blablubbs (talk) 03:06, 21 January 2024 (UTC)
43.252.46.2
{{proxycheckstatus}}
- 43.252.46.2 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: IP made some unconstructive edits today and in the past. Nobody (talk) 14:41, 15 February 2024 (UTC)
- Blocked. --Malcolmxl5 (talk) 11:16, 16 February 2024 (UTC)
Proxies used by BBB
{{proxycheckstatus}}
- 197.146.201.82 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 41.140.202.137 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 105.157.73.79 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 105.69.1.243 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 197.144.87.33 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 148.101.197.40 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Used by known proxy-hopping LTA. See Wikipedia:Sockpuppet investigations/Blue Barette Bam. Someone who's wrong on the internet (talk) 23:45, 24 January 2024 (UTC)
- Very likely, BBB is known to use a type of proxy that is transient. All these IPs are blocked or were blocked at the time they were used for various reasons, some as proxies. No further action needed at this time. Malcolmxl5 (talk) 10:56, 28 February 2024 (UTC)
188.215.95.0/24
{{proxycheckstatus}}
Reason: The range seems to be announced by IPXO (per Hurricane Electric), an "IP marketplace" according to their website. All IPs in the range who have made contributions since 1 January 2023 are active on ExpressVPN, as well as a handful of varying residential proxies according to Spur. I've not done a fully exhaustive check on the range yet, but the only IPs I've seen not flagged as ExpressVPN on the Spur data are .251-.255, though they are still listed as data centre IPs.
It may also be worth the other /24s listed on HE as being announced by IPXO as well for any that haven't yet been blocked (some have) but probably should be. Sideswipe9th (talk) 20:56, 4 February 2023 (UTC)
- Ok, I've checked through the other /24s listed. Most are either locally or globally blocked (sometimes both), but I did find a list of 20 /24 ranges that are not currently blocked. I'll check through that list now and see if I can categorise them briefly before posting them. Sideswipe9th (talk) 21:32, 4 February 2023 (UTC)
- Done some spot checks on the other /24s, alas I don't have the tools or time to do a full check on each range. Results below split into three categories; ExpressVPN, data centre and possible unknown proxy, and unknown. The four ExpressVPN ranges are the ones I'm most confident on, there was only a few IPs in each range for which all were at a consistent last octet that weren't showing as ExpressVPN exit nodes, and the unknown ones at the end are the ones I'm least confident on.
- With all of the ranges currently being assigned by IPXO, I suspect the potential for any individual IP in a range to become a proxy or VPN exit node at random is high, even if the range itself is largely not proxy or VPN exit nodes at this time.
- ExpressVPN:
- ✔️ 45.132.227.0/24 · contribs · block · log · stalk · Robtex · whois · Google - last active january 2023 - ExpressVPN on Spur and IPQS, unknown VPN on ProxyCheck,
- ✔️ 163.5.123.0/24 · contribs · block · log · stalk · Robtex · whois · Google - last active january 2023 - ExpressVPN on Spur and IPQS, compromised servers on ProxyCheck
- ✔️ 188.215.95.0/24 · contribs · block · log · stalk · Robtex · whois · Google - last active february 2023 - ExpressVPN on Spur and IPQS, unknown proxy on ProxyCheck
- ✔️ 192.101.67.0/24 · contribs · block · log · stalk · Robtex · whois · Google - last active february 2023 - ExpressVPN and callback proxy on Spur, ExpressVPN on IPQS, unknown VPN on ProxyCheck
- Data centre and possible unknown proxy:
- ✔️ 45.62.162.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter range, no proxys on Spur, unknown VPN detected on ProxyCheck and IPQS
- ❌ 45.151.1.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter range, no proxies on Spur, unknown VPN detected on ProxyCheck and IPQS
- ✔️ 89.47.15.0/24 · contribs · block · log · stalk · Robtex · whois · Google - last active locally 2017 - datacentre range? no VPN usage on Spur, some on IPQS and ProxyCheck
- ✔️ 89.116.202.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter on Spur, ExpressVPN on IPQS, unknown VPN on ProxyCheck
- ❌ 103.163.221.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter on Spur, unknown VPN on IPQS and ProxyCheck
- ✔️ 104.234.140.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter on Spur, unknown VPN on IPQS and ProxyCheck
- ❌ 115.167.79.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter on Spur, ExpressVPN on IPQS, unknown VPN on ProxyCheck
- ✔️ 141.11.98.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter on Spur, unknown VPN on IPQS and ProxyCheck
- ❌ 158.51.110.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter on Spur, no proxy on IPQS, unknown on ProxyCheck
- ❌ 185.118.78.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter on Spur, unknown VPN on IPQS and ProxyCheck
- ❌ 193.68.85.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter on Spur, unknown proxy on IPQS and ProxyCheck
- ❌ 194.105.21.0/24 · contribs · block · log · stalk · Robtex · whois · Google - last active february 2012 - datacenter on Spur, unknown proxy on IPQS and ProxyCheck
- Unknown:
- ❌ 86.38.235.0/24 · contribs · block · log · stalk · Robtex · whois · Google - last active locally 2014 - some webhosts, some random servers belonging to various domains, no VPN usage on Spur and IPQualityScore, some on Proxycheck
- ❌ 89.116.76.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - assigned by IPXO, no VPN usage on SPUR, ExpressVPN on IPQS, unknown proxy on ProxyCheck
- ❌ 89.116.96.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - random servers on various domains, no VPN or datacenter flags on Spur, ExpressVPN on IPQualityScore and ProxyCheck
- ❌ 89.116.123.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - random servers on various domains, no VPN or datacenter flags on Spur, ExpressVPN on IPQualityScore and ProxyCheck
- Sideswipe9th (talk) 22:53, 4 February 2023 (UTC)
- Flagging this for admin attention. At least for the VPN and datacenter ranges. MarioGom (talk) 12:54, 19 February 2023 (UTC)
- Could someone please action this? There's a proxy hopping editor on the 192.101.67.0/24 · contribs · block · log · stalk · Robtex · whois · Google range who's just made two disruptive edits against a long standing consensus on Irreversible Damage. Sideswipe9th (talk) 21:24, 7 March 2023 (UTC)
- ExpressVPN ranges done, hoping to circle back to the rest. --Blablubbs (talk) 16:00, 12 March 2023 (UTC)
- @Blablubbs I don't know if you even remember this but just thought I'd remind you after a year. Kline • talk to me! • contribs 22:01, 1 March 2024 (UTC)
- ExpressVPN ranges done, hoping to circle back to the rest. --Blablubbs (talk) 16:00, 12 March 2023 (UTC)
- Could someone please action this? There's a proxy hopping editor on the 192.101.67.0/24 · contribs · block · log · stalk · Robtex · whois · Google range who's just made two disruptive edits against a long standing consensus on Irreversible Damage. Sideswipe9th (talk) 21:24, 7 March 2023 (UTC)
- Flagging this for admin attention. At least for the VPN and datacenter ranges. MarioGom (talk) 12:54, 19 February 2023 (UTC)
- Blocked hosts, didn't block ISPs or ranges that were currently assigned to non-webhost companies. Q T C 20:18, 6 March 2024 (UTC)
161.69.116.0/24
{{proxycheckstatus}}
Reason: VPN server. 73.67.145.30 (talk) 18:38, 17 April 2023 (UTC)
- McAfee WGCS is a corporate gateway, technically a VPN, but last time it was discussed here, it was not blocked. Requesting a second opinion. MarioGom (talk) 21:43, 26 April 2023 (UTC)
- Not an admin, so feel free to ignore. Looking at the two prior discussions on this (March 2021, May 2022) it seems that softblocking might be appropriate in this case? There are some McAfee WGCS ranges that we do currently softblock (eg 185.221.70.0/24, 208.81.64.0/21) so this would at least be consistent with them, though there are other ranges that we don't currently softblock (eg 185.125.227.0/24).
- Whatever the decision is from this discussion, we may want to look at making things consistent across all of the known ranges. Sideswipe9th (talk) 21:56, 26 April 2023 (UTC)
- I have opened Wikipedia talk:WikiProject on open proxies#Corporate VPNs as an attempt to harmonize criteria for corporate proxies. MarioGom (talk) 22:52, 25 September 2023 (UTC)
- Softblocked Q T C 20:23, 6 March 2024 (UTC)
2a00:f48:1003:22dd::1
{{proxycheckstatus}}
- 2a00:f48:1003:22dd::1 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · geo · rangeblocks · spur · shodan
Reason: VPN network/Webhosting service. 73.67.145.30 (talk) 08:05, 1 May 2023 (UTC)
- Unlikely IP is an open proxy While ipcheck states it's likely a proxy due to some API data, I'm not seeing any activity on Spur and Shodan, and technical research into the IP didn't turn up anything of note. However, the /48 range this IP belongs to is currently announced by a web and VPS hosting provider from Germany, and the /32 range is assigned to a colocation provider also in Germany. A webhostblock on the /48 or a colocationwebhost block on the /32 might be appropriate in the circumstances. Flagging for a second opinion though because either choice is a big range. Sideswipe9th (talk) 20:26, 17 July 2023 (UTC)
- I agree a webhost block on the /47 could be appropriate. Flagging for admin attention for the final call. MarioGom (talk) 09:10, 27 August 2023 (UTC)
- Blocked the /48. Q T C 20:34, 6 March 2024 (UTC)
176.126.232.134
{{proxycheckstatus}}
- 176.126.232.134 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Requested unblock. I'm unable to edit wikipedia pages from this IP (our office) even when logged in. The IP is statically allocated to us (since Feb 2022), we're not running any proxy and I'm not seeing any unusual open ports or suspicious network activity. xmath (talk) 19:30, 30 June 2023 (UTC)
Update: never mind, the block isn't for our IP specifically, apparently the entire IP range has been mistakenly classified as webhosting instead of FTTH/FTTB. xmath (talk) 20:59, 30 June 2023 (UTC)
- Not currently an open proxy, please unblock the range. — Mdaniels5757 (talk • contribs) 00:42, 15 August 2023 (UTC)
- Done Q T C 05:55, 2 March 2024 (UTC)
117.55.242.132
{{proxycheckstatus}}
- 117.55.242.132 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Made an unsourced BLP edit. SPUR shows possible call-back proxy. Nobody (talk) 12:38, 1 March 2024 (UTC)
- Blocked for one week given the nature of the proxy. --Malcolmxl5 (talk) 04:01, 4 March 2024 (UTC)
5.78.0.0/16
{{proxycheckstatus}}
Reason: Colocation webhost. Looking at the WHOIS info, it appears to belong to Hetzner, a provider of cloud servers, dedicated servers, colocation and web hosting, according to their website. Looking at the block log of this IP, it was blocked in February 2022 for two years as a colocation webhost before. Reason why I'm reporting is because soon after the expiration of that 2 year block, some user at least seems to be using it to vandalise various music-related articles; see Wikipedia:Administrators' noticeboard/Incidents#Need a rangeblock for Oregon IPs for more insight on this. This is an example of their vandalism, where they're introducing incorrect information into the article, with no explanation, sources, etc. There are so many recent edits like these from this range. — AP 499D25 (talk) 13:32, 4 March 2024 (UTC)
- Hetzner has quite a few ranges. See here for some examples. Nobody (talk) 13:55, 4 March 2024 (UTC)
- I've renewed the colocation webhost block for another two years. --Malcolmxl5 (talk) 16:04, 6 March 2024 (UTC)