Wikipedia:WikiProject on open proxies/Requests/Archives/45
This is an archive of past discussions about Wikipedia:WikiProject on open proxies. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current main page. |
Seed4me
{{proxycheckstatus}}
- 212.199.61.44 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan il.seed4.me
- 103.227.252.147 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan id.seed4.me
- 103.227.254.51 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan id.seed4.me
- 45.129.96.133 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ee.seed4.me
- 45.129.96.135 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ee.seed4.me
- 193.39.15.61 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan hu.seed4.me
- 88.151.99.251 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan hu.seed4.me
- 37.153.89.100 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan es.seed4.me
- 190.103.177.28 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ar.seed4.me
Unblocked nodes of Seed4me VPN, which has been recently abused for logged out socking. MarioGom (talk) 21:57, 13 August 2021 (UTC)
- Blocked the lot. GeneralNotability (talk) 13:12, 21 August 2021 (UTC)
IP 104.149.167.26
{{proxycheckstatus}}
- 104.149.167.26 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Requested unblock. Eka343 (talk) 12:00, 14 August 2021 (UTC)
- @Eka343: Where have they requested unblock, Eka343? Noting that this IP is caught up in a global rangeblock 104.149.0.0/16 across all Wikimedia projects. --Malcolmxl5 (talk) 12:57, 14 August 2021 (UTC)
- @Malcolmxl5: please ignore this. I helped my friend because he cant make an account on wiki. it turn out That he using VPN all along. LOL Eka343 (talk) 13:35, 14 August 2021 (UTC)
- @Eka343: Ah well, he just needs to turn off his VPN. OK, I’ll close this report then. --Malcolmxl5 (talk) 13:39, 14 August 2021 (UTC)
P2Ps in Egypt, Peru?
{{proxycheckstatus}}
- 174.18.8.189 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 197.49.219.111 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 156.215.60.25 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 156.195.177.57 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 196.117.136.124 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 201.240.147.63 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 154.182.242.238 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 154.160.22.115 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Likely Wikipedia:Long-term_abuse/Nate_Speed who is known to use proxies; in any case, the same user jumping IP ranges and making the same disruptive edits and hassling users. P2P proxies? OhNoitsJamie Talk 02:48, 17 August 2021 (UTC)
- Yeah, it's Nate. I suppose I should've reported him earlier, but was having too much fun bantering back & forth with him, on my talkpage. PS - I'm rather annoyed, that he didn't continue, with his new IPs, at my talkpage.GoodDay (talk) 02:52, 17 August 2021 (UTC)
P2P checks are tricky because they are snapshots in time; keep in mind that results may have been different if I had checked three days ago, and will be different if I recheck in 24 hours.
- Confirmed P2P: 197.49.219.111, 201.240.147.63, 154.182.242.238, 154.160.22.115.
- Likely: 156.215.60.25, 156.195.177.57, 196.117.136.124
- Possible, leaning Unlikely: 174.18.8.189.
Judging from the confirmed group, the technical fingerprint is consistent with Nate Speed; generally speaking, his IPs are usually good for 72h proxy-hardblocks. Everything here is already (range-)blocked, closing. --Blablubbs (talk) 14:08, 17 August 2021 (UTC)
154.3.129.0/24
{{proxycheckstatus}}
EndOffice. This is a colocation service whose ranges are subranges of Cogent, and is a common service provider for VPNs. This sugrange is used by Hide My Ass: 154.3.129.84 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan, 154.3.129.54 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan, 154.3.129.75 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan, etc. MarioGom (talk) 11:28, 21 August 2021 (UTC)
- There is a large number of Confirmed proxies on this /24 (mostly clustered at the bottom end of the range, but I don't think it's worth trying to figure out what's what here); please hardblock it for two years. --Blablubbs (talk) 10:37, 22 August 2021 (UTC)
- Done --Malcolmxl5 (talk) 19:37, 22 August 2021 (UTC)
206.72.192.0/20
{{proxycheckstatus}}
Reason: Interserver, Inc. A webhosting provider offering hosting, VPS, dedicated servers, and colocation services, Has been blocked almost continuously since February 2013 either locally[1] or globally[2], About to come off a five year global block so I guess another long webhost block will be needed. --Malcolmxl5 (talk) 22:27, 21 August 2021 (UTC)
- Might as well. Local block re-upped. — Preceding unsigned comment added by GeneralNotability (talk • contribs) 01:52, 22 August 2021 (UTC)
185.195.233.0/24
{{proxycheckstatus}}
Mullvad VPN. MarioGom (talk) 16:54, 25 August 2021 (UTC)
- As Confirmed as can be (I'm typing this comment from that range). Awaiting administrative action – please hardblock the /24 for two years. --Blablubbs (talk) 08:48, 3 September 2021 (UTC)
- Done --Malcolmxl5 (talk) 09:03, 3 September 2021 (UTC)
135.148.148.205
{{proxycheckstatus}}
- 135.148.148.205 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: OVH is a webhosting provider offering VPS (like the one used by this IP). I haven't listed an IP range as I wasn't sure whether that's appropriate. M.Bitton (talk) 19:45, 29 August 2021 (UTC)
- (Non-verified user here) The IP is Halo VPN (see spur). 135.148.148.0/23 · contribs · block · log · stalk · Robtex · whois · Google is OVH VPS (see whois) and should be good to hard block. It's not so easy to verify if the wider /16 range is fully VPS or also contains residential. MarioGom (talk) 21:02, 29 August 2021 (UTC)
- In progress. --Blablubbs (talk) 08:53, 3 September 2021 (UTC)
- Confirmed, not sure about the underlying range either. Awaiting administrative action – please hardblock 135.148.148.0/23 · contribs · block · log · stalk · Robtex · whois · Google for two years. --Blablubbs (talk) 09:13, 3 September 2021 (UTC)
- Done --Malcolmxl5 (talk) 10:00, 3 September 2021 (UTC)
- Confirmed, not sure about the underlying range either. Awaiting administrative action – please hardblock 135.148.148.0/23 · contribs · block · log · stalk · Robtex · whois · Google for two years. --Blablubbs (talk) 09:13, 3 September 2021 (UTC)
- In progress. --Blablubbs (talk) 08:53, 3 September 2021 (UTC)
FreeOpenVPN
{{proxycheckstatus}}
- 109.248.11.129 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ru2.freeopenvpn.org
- 109.248.11.201 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ru3.freeopenvpn.org
- 79.141.160.49 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us1.freeopenvpn.org
- 45.153.231.225 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ru1.freeopenvpn.org
Free VPN nodes. MarioGom (talk) 21:07, 29 August 2021 (UTC)
- In progress. --Blablubbs (talk) 09:15, 3 September 2021 (UTC)
- The individual IPs are all Confirmed, and the webhosts involved (hz hosting/hostzealot and PQ hosting and contell) have a bunch of unblocked ranges, many with more proxies on them. The following are HZ-hosting and related:
- 5.149.248.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 5.149.252.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 5.149.253.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 5.149.254.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 79.141.160.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 79.141.164.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 79.141.166.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 79.141.170.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 79.141.172.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 185.81.114.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 185.117.90.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 185.125.51.0/24 · contribs · block · log · stalk · Robtex · whois · Google (Creanova, offers colocation)
- 185.174.139.0/24 · contribs · block · log · stalk · Robtex · whois · Google (
SUPERSERVERSDATACENTER
) - 188.119.148.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 194.124.229.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 2a01:8640::/48 · contribs · block · log · stalk · Robtex · whois · Google
- 2a01:8640:1::/48 · contribs · block · log · stalk · Robtex · whois · Google
- 2a01:8640:2::/48 · contribs · block · log · stalk · Robtex · whois · Google
- 2a01:8640:3::/48 · contribs · block · log · stalk · Robtex · whois · Google
- 2a01:8640:4::/48 · contribs · block · log · stalk · Robtex · whois · Google
- 2a01:8640:7::/48 · contribs · block · log · stalk · Robtex · whois · Google
- 2a01:8640:8::/48 · contribs · block · log · stalk · Robtex · whois · Google
- The following are PQ-Hosting/
Webhost LLC
- 45.67.230.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 91.236.136.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 185.179.191.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 2a09:7c47::/32 · contribs · block · log · stalk · Robtex · whois · Google
- 2a0a:8d80::/48 · contribs · block · log · stalk · Robtex · whois · Google
- The following are Kontel and related:
- 45.130.8.0/24 · contribs · block · log · stalk · Robtex · whois · Google (selectel
- 45.151.144.0/24 · contribs · block · log · stalk · Robtex · whois · Google (ruvds)
- 46.8.18.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 46.8.220.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 46.8.255.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 95.182.79.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 109.248.10.0/23 · contribs · block · log · stalk · Robtex · whois · Google (cf. [3])
- 109.248.200.0/22 · contribs · block · log · stalk · Robtex · whois · Google
- 185.154.20.0/22 · contribs · block · log · stalk · Robtex · whois · Google
- 185.247.140.0/22 · contribs · block · log · stalk · Robtex · whois · Google
- 188.130.132.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 2a0d:c580::/29 · contribs · block · log · stalk · Robtex · whois · Google
- A fraction of these ranges is already gblocked, but most aren't and local reinforcement can't hurt. Awaiting administrative action – please hardblock all listed ranges for two years, with the exception of the Creanova range, which should be softblocked for the same duration. Thanks. --Blablubbs (talk) 09:40, 3 September 2021 (UTC)
- Done --Malcolmxl5 (talk) 10:41, 3 September 2021 (UTC)
- The individual IPs are all Confirmed, and the webhosts involved (hz hosting/hostzealot and PQ hosting and contell) have a bunch of unblocked ranges, many with more proxies on them. The following are HZ-hosting and related:
2a01:d0:e76c:0:e516:1426:2c78:89e
{{proxycheckstatus}}
- 2a01:d0:e76c:0:e516:1426:2c78:89e · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · geo · rangeblocks · spur · shodan
Reason: Requested unblock. 2A01:D0:E76C:0:E516:1426:2C78:89E (talk) 20:16, 30 August 2021 (UTC)
- Well, that’s you isn’t it? And you’re obviously not blocked. But given it’s a "NetAssist free IPv6 tunnel broker", perhaps it should be. --Malcolmxl5 (talk) 20:43, 30 August 2021 (UTC)
- The NetAssist is the internet-provider and these addresses refer to the addresses of the end users. Besides, a "IPv6 tunnel" is not a VPN or a proxy. It does not provide additional anonymity. Given the priority of IPv6 over IPv4 in typical settings, the blocking looks strange Dobergroup (talk) 21:14, 30 August 2021 (UTC)
- What blocking? This address is not blocked. --Malcolmxl5 (talk) 21:19, 30 August 2021 (UTC)
- The NetAssist is the internet-provider and these addresses refer to the addresses of the end users. Besides, a "IPv6 tunnel" is not a VPN or a proxy. It does not provide additional anonymity. Given the priority of IPv6 over IPv4 in typical settings, the blocking looks strange Dobergroup (talk) 21:14, 30 August 2021 (UTC)
== 2A01:D0:0:0:0:0:0:0/32 ==
{{proxycheckstatus}}
Reason: Requested unblock. 2A01:D0:E76C:0:E516:1426:2C78:89E (talk) 20:21, 30 August 2021 (UTC)
- As above, that range is not blocked. Why are you requesting unblock? --Malcolmxl5 (talk) 21:02, 30 August 2021 (UTC)
- I merged the two reports. What we're looking at is a free IPv6 tunnel broker that only requires an email to sign up (netassist.ua). While not marketed as an anonymiser, this can be used as one, and there have been problematic edits on the range in the past. Awaiting administrative action – please block 2A01:D0:8000::/33 · contribs · block · log · stalk · Robtex · whois · Google for two years; I'd personally opt for a hardblock, but softblocking is a viable option as well. --Blablubbs (talk) 09:51, 3 September 2021 (UTC)
- Done Hardblocked. --Malcolmxl5 (talk) 10:07, 3 September 2021 (UTC)
139.28.179.0/24
{{proxycheckstatus}}
- 139.28.179.50 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 139.28.179.0/24 · contribs · block · log · stalk · Robtex · whois · Google
Reason: IP in range used by M247, I noticed that ranges by this service have been blocked previously. Currently used by a very active sock to evade their latest block. Range is (at least) Special:Contributions/139.28.179.0/24. Ravensfire (talk) 14:24, 8 September 2021 (UTC)
- Confirmed, the /24 is M247. Blocked. GeneralNotability (talk) 14:33, 8 September 2021 (UTC)
M247
{{proxycheckstatus}}
- 139.28.178.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 217.148.142.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 37.120.238.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 37.120.239.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 37.120.245.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 37.120.246.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 37.120.247.0/24 · contribs · block · log · stalk · Robtex · whois · Google
M247 ranges, not caught by ASNBlock so far. For those unfamiliar, M247 is the top colocation service used by VPNs, most ranges are locally and globally blocked. MarioGom (talk) 13:45, 9 September 2021 (UTC)
- All Confirmed. Awaiting administrative action: Please hardblock all the listed ranges for two years. I recommend blocking 37.120.244.0/22 · contribs · block · log · stalk · Robtex · whois · Google instead of individual blocks for 37.120.245.0/24, 37.120.246.0/24 and 37.120.247.0/24. Thanks. --Blablubbs (talk) 10:08, 11 September 2021 (UTC)
- Now done. Closing. --Blablubbs (talk) 13:36, 11 September 2021 (UTC)
Astrill
{{proxycheckstatus}}
- 149.11.180.160/29 · contribs · block · log · stalk · Robtex · whois · Google (see whois: Veloxee Corp)
- 149.6.162.80/29 · contribs · block · log · stalk · Robtex · whois · Google (see whois: Veloxee Corp)
- 38.32.68.192/29 · contribs · block · log · stalk · Robtex · whois · Google (see whois: Veloxee Corp)
- 198.255.66.30 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (see spur)
Some Astrill VPN ranges and addresses. Veloxee Corp is Astrill's company. MarioGom (talk) 21:19, 9 September 2021 (UTC)
- Confirmed and blocked (for the last one, I went with a hardblock on 198.255.66.0/23 and a softblock on the underlying /17. Closing. --Blablubbs (talk) 13:53, 11 September 2021 (UTC)
37.111.128.0/24
{{proxycheckstatus}}
Reason: turned up in a check on a user that was using it abusively, and I noticed they were hopping between IPs on this range in a daily basis. Additional CU showed a lot of suspicious but probably unrelated accounts and several IPs in the range have been blocked by ST47ProxyBot as P2P proxies recently. – Joe (talk) 05:49, 10 September 2021 (UTC)
- Not really a good candidate for a rangeblock. This is a very crowded residential range. Assignment within the range is probably very dynamic, and dozens or even hundreds of users may use each IP simultaneously or in a short period of time. A block of the /24 is likely to incur in considerable collateral damage. As for P2P proxy presence, ~6 out of 256 IPs simultaneously flagged as P2P proxy is not too much in a crowded residential range. MarioGom (talk) 20:41, 10 September 2021 (UTC)
- I see the /24 has been blocked twice before and the /18 twice before. The /24 had a one year block in 2017 for long term abuse, checkusers have stamped on the /24 and /18 in 2017 and 2019, and the /18 was blocked for three days for disruptive editing just a couple of weeks ago. This seems a problematic range that could well be blocked just to stop the disruptive editing coming from it. --Malcolmxl5 (talk) 23:30, 10 September 2021 (UTC)
- @Joe Roe, Malcolmxl5: Mario hits the nail on the head regarding the proxy side of this. The P2P density is not high enough to justify blocking, especially considering that the IPs are very likely shared, and that individual users will probably float across different ranges in relatively short periods of time. The pattern of IP-hopping described in the report makes me think that this user is not on proxy and that Telenor Pakistan's assignment is to blame instead (this appears to be a mobile range, so rapid reassignment is not unexpected). Joe: I can't say much more publicly (there are some noses to protect here), but I'd be happy to email you if you want a more detailed explanation. No objections to a rangeblock if there's disruption coming from the range of course, it just can't be a proxyblock. Closing, though I'm happy to reopen if there's something I missed or misunderstood. --Blablubbs (talk) 10:05, 11 September 2021 (UTC)
- Thanks all, that makes sense as far the CU data goes, especially if it's a mobile range. I don't think the disruption that is there is consistent enough for a rangeblock at this time. – Joe (talk) 10:10, 11 September 2021 (UTC)
8.214.0.0/24
{{proxycheckstatus}}
Reason: After inspection, the batch of server hosting services belonging to Alibaba. The IP segment is being used by a Wikipedia mirror. There may be a larger IP segment that also belongs to Alibaba.--Here's 28 and did I make a mess? 06:36, 10 September 2021 (UTC)
- The entire /12 is Alibaba cloud. That's more than the CIDR rangeblock limit, so I'll block the following:
- 8.209.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
- 8.210.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
- 8.211.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
- 8.212.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
- 8.213.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
- 8.214.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
- 8.215.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
- 8.216.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
- 8.217.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
- 8.218.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
- 8.219.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
- 8.220.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
- 8.221.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
- 8.222.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
- 8.223.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
- 8.208 is already blocked. I'll go with softblocks since I don't see any evidence of recent abuse and this isn't exclusively VPS stuff. No objections to reinforcements on specific subranges if proxies are found. --Blablubbs (talk) 14:29, 11 September 2021 (UTC)
G-Core Labs (I)
{{proxycheckstatus}}
- 5.188.1.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.2.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.3.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.4.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.5.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.6.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.7.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.33.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.34.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.35.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.37.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.38.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.39.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.109.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.189.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.191.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.212.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.214.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.224.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.225.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.226.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.227.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.228.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.229.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.230.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.189.220.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.189.221.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.189.223.0/24 · contribs · block · log · stalk · Robtex · whois · Google
G-Core Labs, common VPN colocation. Everything that isprangefinder finds is blocked, but there are some missing. Here's a first batch. The /16 is full of coloblocks and proxyblocks (stalktoy: 5.188.0.0/16), but the assignments are fragmented, so the /16 cannot be blocked directly. MarioGom (talk) 17:09, 15 September 2021 (UTC)
- In progress. --Blablubbs (talk) 17:13, 15 September 2021 (UTC)
- Blocked. Closing. --Blablubbs (talk) 17:18, 15 September 2021 (UTC)
185.14.45.24
{{proxycheckstatus}}
- 185.14.45.24 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Owned by G-Core Labs S.A. Hostname (vps.supervpn360.com) indicates that this is used by a VPN. Malcolmxl5 (talk) 11:52, 16 September 2021 (UTC)
- Confirmed. Hardblocked the /22 for two years, and I'll see what else I can find on the ASNs. I've also added G-Core to ASNBlock following the report above. Thanks for reporting. --Blablubbs (talk) 13:10, 16 September 2021 (UTC)
- For the record: I found and blocked the following on AS202422
- 92.38.180.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 92.38.154.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 79.133.124.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.215.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.190.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 213.156.144.0/20 · contribs · block · log · stalk · Robtex · whois · Google
- 213.156.136.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 87.120.167.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 146.185.248.0/22 · contribs · block · log · stalk · Robtex · whois · Google
- 213.156.142.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 213.156.140.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.188.32.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 185.202.93.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 89.43.109.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 45.67.209.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 185.202.94.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 103.30.211.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 213.156.157.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 95.85.76.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 185.202.92.0/22 · contribs · block · log · stalk · Robtex · whois · Google
- 2.56.220.0/22 · contribs · block · log · stalk · Robtex · whois · Google
- 185.183.130.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- --Blablubbs (talk) 13:27, 16 September 2021 (UTC)
- And some more from AS199524:
- 95.85.88.0/21 · contribs · block · log · stalk · Robtex · whois · Google
- 89.44.199.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 91.243.85.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 87.120.164.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 92.38.128.0/18 · contribs · block · log · stalk · Robtex · whois · Google
- 79.133.126.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 31.184.206.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 89.44.193.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 92.38.128.0/20 · contribs · block · log · stalk · Robtex · whois · Google
- 79.133.109.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 83.229.25.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- --Blablubbs (talk) 13:44, 16 September 2021 (UTC)
- And some more from AS199524:
SuperVPN 360
{{proxycheckstatus}}
Some unblocked nodes for SuperVPN 360. Found with shodan, verified with spur. MarioGom (talk) 09:13, 18 September 2021 (UTC)
Ranges, all G-Core:
- 5.8.41.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.181.27.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 79.133.120.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 79.133.121.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 89.43.107.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 89.44.194.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 89.44.196.0/24 · contribs · block · log · stalk · Robtex · whois · Google
--MarioGom (talk) 09:27, 18 September 2021 (UTC)
- (edit conflict) All G-Core ranges, with some additional adjacent ones. Confirmed and blocked:
- Closing. Thanks for reporting. --Blablubbs (talk) 09:33, 18 September 2021 (UTC)
149.19.32.0/19
{{proxycheckstatus}}
Reason: IP range has a lot of vandalism and disruption coming from it. IP range appears to be registered to a cloud-computing security company with proxy/webhosting services. If this range is not blockable as a webhosting range, it may still need to be blocked for all the continuous disruption. 2601:1C0:4401:24A0:4909:31C8:B003:385D (talk) 19:31, 21 September 2021 (UTC)
- This is IBOSS; if my memory isn't failing me, they have valid XFF. The range looks like it might be a school or similar. I softblocked (
{{colocationwebhost-soft}}
) given the vandalism. Closing. --Blablubbs (talk) 11:39, 25 September 2021 (UTC)
193.58.179.144
{{proxycheckstatus}}
- 193.58.179.144 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: BitWeb LLC seems to not be blocked for some reason. Vandalism at Special:Contributions/193.58.179.144. ASN 57271. Their IP ranges should probably be blocked? ProcrastinatingReader (talk) 11:32, 25 September 2021 (UTC)
- Confirmed, already blocked. I also found the following unblocked ranges:
- 45.15.253.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 37.44.198.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 45.129.236.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 45.132.50.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 45.133.217.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 45.133.235.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 45.135.132.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 45.137.189.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 45.137.190.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 45.140.16.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 45.140.18.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 45.142.39.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 45.142.255.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 5.183.154.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 81.16.141.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 85.117.233.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 85.235.82.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 91.236.120.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 176.53.132.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 192.144.18.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 193.32.191.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 193.56.186.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 193.58.179.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- All blocked. Thanks for reporting, ProcrastinatingReader. Closing. --Blablubbs (talk) 11:56, 25 September 2021 (UTC)
139.255.70.162
{{proxycheckstatus}}
- 139.255.70.162 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Indonesia's open proxy. [4]。In editing Wikipedia:Sandbox (see diff), he claimed that some Wikipedians in Japan (incl. reporter) are ja:LTA:PAL. This editing behavior is characteristic in ja:LTA:MSHARED. Motodai (talk) 05:02, 26 September 2021 (UTC)
- Confirmed https proxy (port 8080). Blocked. Thanks for reporting. --Blablubbs (talk) 10:49, 26 September 2021 (UTC)
101.99.64.0/19
{{proxycheckstatus}}
Reason: Proxy block is expired, zhwiki has been range blocked.--Here's 28 and did I make a mess? 05:48, 26 September 2021 (UTC)
- Confirmed webhost (shinjiru). Blocked. Thanks for reporting. --Blablubbs (talk) 10:53, 26 September 2021 (UTC)
102.23.96.7
{{proxycheckstatus}}
- 102.23.96.7 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Confirmed VPN/open proxy by several proxy checking websites. 2601:1C0:4401:24A0:4D33:A476:86EB:73C5 (talk) 19:35, 29 September 2021 (UTC)
- 102.23.96.0/22 · contribs · block · log · stalk · Robtex · whois · Google is Opera VPN, blocked. Don't have time to look further than that right now, so I'll leave this open. --Blablubbs (talk) 20:01, 29 September 2021 (UTC)
- Also found, Confirmed, and blocked:
- 107.167.96.0/19 · contribs · block · log · stalk · Robtex · whois · Google
- 103.83.120.0/22 · contribs · block · log · stalk · Robtex · whois · Google
- 64.255.164.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 2400:9340::/32 · contribs · block · log · stalk · Robtex · whois · Google
- 2c0f:eb50::/32 · contribs · block · log · stalk · Robtex · whois · Google
- Closing. Thanks for reporting. --Blablubbs (talk) 10:50, 30 September 2021 (UTC)
- Also found, Confirmed, and blocked:
45.144.113.0/24
{{proxycheckstatus}}
Reason: Confirmed NordVPN service. See WHOIS and db-ip. 2601:1C0:4401:24A0:6CA7:E631:AEE2:5C3E (talk) 19:21, 30 September 2021 (UTC)
- There's quite a bit here. The above range is Confirmed and blocked. I ran a quick search for unblocked ranges in the ASN that should have some more results than isprangefinder, see User:Blablubbs/62240. Some of it is already gblocked, much of it is not; I picked out some targets of opportunity in the same ASN
- 2.57.168.0/24 · contribs · block · log · stalk · Robtex · whois · Google (ExpressVPN)
- 159.48.53.0/24 · contribs · block · log · stalk · Robtex · whois · Google (NordVPN)
- 193.107.20.0/24 · contribs · block · log · stalk · Robtex · whois · Google (Inception Hosting)
- 64.40.24.0/22 · contribs · block · log · stalk · Robtex · whois · Google (Catalyst Host)
- 103.105.48.0/22 · contribs · block · log · stalk · Robtex · whois · Google (VMHaus)
- I also reinforced some gblocks. A good chunk of the ASN remains unblocked, and I don't have the time to work through all of it because there seems to be lots of subleasing to "harmless" entities going here and I want to avoid collateral. The good news is that almost none of these have (anonymous) edits coming out of them. I'll try to tackle more of these as I find time, help is of course appreciated. Closing. Thanks for the report, IP. --Blablubbs (talk) 21:39, 30 September 2021 (UTC)
163.120.64.0/19
{{proxycheckstatus}}
Reason: IP range registered to iBoss VPN/cloud network. 2601:1C0:4401:24A0:8C9F:F938:CA59:D8FF (talk) 20:09, 1 October 2021 (UTC)
- iBoss isn't really a conventional webhost, but some sort of cloud security proxy provider, frequently used by schools and the like – if memory serves me right, they send valid XFF. There are a lot of bad edits coming from this range, so I'll give it a soft coloblock. Closing. --Blablubbs (talk) 11:04, 4 October 2021 (UTC)
209.160.96.0/22
{{proxycheckstatus}}
Reason: Webhosting range with dedicated servers. 2601:1C0:4401:24A0:8C9F:F938:CA59:D8FF (talk) 20:30, 1 October 2021 (UTC)
- Confirmed, blocked. Thanks, IP. I'll see if I can find anything else in a bit. --Blablubbs (talk) 21:01, 1 October 2021 (UTC)
- Also found on the same ASN, plus some additional VPN endpoints:
- Blocked, closing. Thanks again. --Blablubbs (talk) 21:32, 1 October 2021 (UTC)
2A06:2EC0:0:0:0:0:0:0/32
{{proxycheckstatus}}
Reason: IP range registered to webhosting service. Recently used for disruption. 2601:1C0:4401:24A0:7596:24C8:3939:92AC (talk) 17:47, 11 October 2021 (UTC)
- Blocked the /29, plus some other ranges. Closing. --Blablubbs (talk) 11:19, 12 October 2021 (UTC)
93.191.152.0/21
{{proxycheckstatus}}
Reason: IP range registered to webhosting service. Recently used for disruption. 2601:1C0:4401:24A0:7596:24C8:3939:92AC (talk) 17:57, 11 October 2021 (UTC)
- Incredibly annoying ASN to check. I did block the range above though, and hope to revisit. Closing for now. Thanks for reporting. --Blablubbs (talk) 11:13, 12 October 2021 (UTC)
240d:c010:30::/48
{{proxycheckstatus}}
Reason: This IP segment is considered to be a proxy in zhwiki and is banned, so I should be treated the same in local.--Here's 28 and did I make a mess? 02:07, 10 October 2021 (UTC)
- @Blablubbs:--Here's 28 and did I make a mess? 12:27, 14 October 2021 (UTC)
- Confirmed webhost range. Blocked, closing. Thanks for reporting. --Blablubbs (talk) 08:12, 26 October 2021 (UTC)
66.94.96.0/19
{{proxycheckstatus}}
Reason: Dedicated server with recent disruption. 2601:1C0:4401:24A0:11FF:65FF:8E86:342A (talk) 05:58, 12 October 2021 (UTC)
- In progress --Blablubbs (talk) 10:49, 12 October 2021 (UTC)
- Confirmed VPN nodes there. Blocked on that ASN:
- 176.57.165.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 38.105.232.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 176.57.165.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 209.126.0.0/20 · contribs · block · log · stalk · Robtex · whois · Google
- 144.126.128.0/19 · contribs · block · log · stalk · Robtex · whois · Google
- 209.126.70.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 209.126.77.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 209.126.79.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 162.246.248.0/21 · contribs · block · log · stalk · Robtex · whois · Google
- 199.102.166.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 209.16.202.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 209.96.64.0/19 · contribs · block · log · stalk · Robtex · whois · Google
- 207.244.240.0/20 · contribs · block · log · stalk · Robtex · whois · Google
- 207.244.224.0/19 · contribs · block · log · stalk · Robtex · whois · Google
- 209.145.48.0/20 · contribs · block · log · stalk · Robtex · whois · Google
- 209.126.64.0/22 · contribs · block · log · stalk · Robtex · whois · Google
- 209.126.68.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 209.126.71.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 209.126.72.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 209.126.73.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 209.126.74.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 209.126.75.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 209.126.76.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 209.126.78.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 176.57.165.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 66.94.96.0/19 · contribs · block · log · stalk · Robtex · whois · Google
- Thanks for reporting. Closing. --Blablubbs (talk) 11:03, 12 October 2021 (UTC)
- Confirmed VPN nodes there. Blocked on that ASN:
134.195.196.0/22
{{proxycheckstatus}}
Reason: Dedicated server with recent disruption. 2601:1C0:4401:24A0:11FF:65FF:8E86:342A (talk) 05:59, 12 October 2021 (UTC)
- In progress --Blablubbs (talk) 11:03, 12 October 2021 (UTC)
- Confirmed, blocked; looks like everything else is, too. Closing. --Blablubbs (talk) 11:06, 12 October 2021 (UTC)
Vangate VPNs
{{proxycheckstatus}}
- 160.86.149.43 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 221.105.231.49 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 112.147.8.80 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 123.255.232.47 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 203.171.9.137 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 49.228.17.31 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 60.103.218.198 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 175.212.148.26 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Vpngate VPNs per Spur. Malcolmxl5 (talk) 14:26, 20 October 2021 (UTC)
- They're all exceedingly Likely, so I've hardblocked all the individual IPs for 6 months. Not more I can do here, unfortunately. Closing, thanks for reporting. --Blablubbs (talk) 10:56, 22 October 2021 (UTC)
PLDT call-back proxies associated with sockfarm
{{proxycheckstatus}}
- 49.149.138.0 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan reference, blocked with sockmaster, call-back proxy
- 49.146.32.246 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan IPQualityScore fraud score 100, proxy
- 49.146.33.225 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan score 100, proxy
- 49.146.37.70 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan score 100, proxy
- 49.146.40.133 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan score 73, proxy
- 49.146.39.232 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan score 20, proxy
Reason: Suspicious edits, coincident with beauty pageant sockfarm [5][6][7], & IPQualityScore reports 100% fraud score & spur findings on each are "call-back proxy network". ☆ Bri (talk) 04:06, 21 October 2021 (UTC)
- Fairly Unlikely in the sense that while there are services running, they aren't the type that is likely to be used for socking, and the user in question is probably just a residential customer on an infected range. Closing without action. --Blablubbs (talk) 11:01, 22 October 2021 (UTC)
204.74.208.0/20
{{proxycheckstatus}}
Reason: Take 2 Hosting. Blocked twice before as proxy/webhost[8], for five and three years. Last block expired in January. Malcolmxl5 (talk) 10:43, 26 October 2021 (UTC)
- @Malcolmxl5: Confirmed the full /20 via whois; looks good to block. —Mdaniels5757 (talk • contribs) 15:25, 26 October 2021 (UTC)
- Holding for a bit, it looks like there might be more here, I can take a look in a bit. No objections to anyone blocking in the meantime. --Blablubbs (talk) 17:16, 26 October 2021 (UTC)
- The following are Take 2 Hosting:
- 50.115.128.0/20 · contribs · block · log · stalk · Robtex · whois · Google
- 74.82.160.0/19 · contribs · block · log · stalk · Robtex · whois · Google
- 173.252.192.0/18 · contribs · block · log · stalk · Robtex · whois · Google
- 198.144.240.0/20 · contribs · block · log · stalk · Robtex · whois · Google
- 204.74.208.0/20 · contribs · block · log · stalk · Robtex · whois · Google
- Same ASN, different ISP (
FEDERAL-ONLINE-GROUP-LLC
), almost certainly also hosting judging by shodan results and this: - Different ASN, also FEDERAL-ONLINE-GROUP:
- All blocked. I think there's some more for the latter ISP, will try to follow up. Closing. --Blablubbs (talk) 20:01, 26 October 2021 (UTC)
Unblock 89.38.160.43
{{proxycheckstatus}}
- 89.38.160.43 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: whois says Fiber to the Home/Business Network. Likely not an open proxy anymore? Can you review and unblock? I already removed the gblock. Martin Urbanec (talk) 11:29, 26 October 2021 (UTC)
- @Martin Urbanec: Possible IP is an open proxy. There is an open port (1723) that is used for VPN access. It requires a username and password for access. Admin: please decide appropriate action. —Mdaniels5757 (talk • contribs) 15:32, 26 October 2021 (UTC)
- Username and password makes it a closed (for authenticated-only users) proxy, unless anyone can obtain a valid combination. Or am I missing something? Martin Urbanec (talk) 16:18, 26 October 2021 (UTC)
- It's not uncommon for carrier grade routers to have 1723 open – and I also think Martin Urbanec' reasoning here is sound. This looks like it's collateral from an ASN block, since the /22 is registered to NFOrce, and that specific /24 is assigned to a home broadband provider; blocking the entire range would arguably be too wide anyway. I'm inclined to unblock; ping @ST47 as the blocking admin: Would you be okay with me lifting the block on the /24? --Blablubbs (talk) 19:04, 26 October 2021 (UTC)
- Go ahead if you wish to unblock it. ST47 (talk) 20:02, 26 October 2021 (UTC)
- It's not uncommon for carrier grade routers to have 1723 open – and I also think Martin Urbanec' reasoning here is sound. This looks like it's collateral from an ASN block, since the /22 is registered to NFOrce, and that specific /24 is assigned to a home broadband provider; blocking the entire range would arguably be too wide anyway. I'm inclined to unblock; ping @ST47 as the blocking admin: Would you be okay with me lifting the block on the /24? --Blablubbs (talk) 19:04, 26 October 2021 (UTC)
- Username and password makes it a closed (for authenticated-only users) proxy, unless anyone can obtain a valid combination. Or am I missing something? Martin Urbanec (talk) 16:18, 26 October 2021 (UTC)
- Thanks. Unblocked the /22 and reblocked everything but that specific /24. Closing. --Blablubbs (talk) 10:41, 27 October 2021 (UTC)
220.86.0.33
{{proxycheckstatus}}
- 220.86.0.33 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: See below. —Mdaniels5757 (talk • contribs) 16:07, 26 October 2021 (UTC)
- Confirmed -- IP is an open proxy (OpenVPN port 1873). Admin: please consider a block. —Mdaniels5757 (talk • contribs) 16:07, 26 October 2021 (UTC)
- Yeah, that's a VPNgate node. Blocked, closing. --Blablubbs (talk) 17:10, 26 October 2021 (UTC)
Vpngate VPNs
{{proxycheckstatus}}
- 1.224.248.6 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 1.241.166.89 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 59.136.57.69 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 61.84.98.103 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 114.165.186.124 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 210.96.184.160 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 211.177.27.221 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Vpngate VPNs per Spur. Malcolmxl5 (talk) 20:55, 26 October 2021 (UTC)
- Very Likely. Blocked, closing. --Blablubbs (talk) 11:49, 27 October 2021 (UTC)
wikimirror.org
{{proxycheckstatus}}
- 8.214.0.175 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 8.214.0.2 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: The information for both IP addresses is wikimirror.org , and this domain name has appeared on the page on zhwiki mirror fork list.--Here's 28 and did I make a mess? 13:38, 30 October 2021 (UTC)
- @Q28: Confirmed both are still Alibaba
{{colocationwebhost}}
s. Looks like wikimirror buys hosting from Alibaba's cloud. Both were already blocked and should remain blocked. —Mdaniels5757 (talk • contribs) 16:18, 30 October 2021 (UTC)
119.160.58.0/23
{{proxycheckstatus}}
Reason: Multiple IPs on this range are already blocked via ST47ProxyBot. IPs on this range have vandalized multiple pages as well as hijacked redirects. Owner is Mobilink Infinity WiMAX. Jalen Folf (talk) 18:05, 6 November 2021 (UTC)
- From a proxy perspective, the current blocks are sufficient here. If vandalism is occuring from the range, please report to AIV. Closing without action. --Blablubbs (talk) 19:10, 6 November 2021 (UTC)
67.202.78.4
{{proxycheckstatus}}
- 67.202.78.4 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Steadfast, a Chicago based company providing webhosting services. Flagged by db-ip, proxycheck.io, getipintel, IPQS and IPHub. Multiple local and global blocks in logs at /18.[9][10] Malcolmxl5 (talk) 21:36, 8 November 2021 (UTC)
- Blocked, along with most of the other unblocked ranges on the ASN. Closing, thanks for reporting. --Blablubbs (talk) 16:40, 9 November 2021 (UTC)
148.59.127.0/24
{{proxycheckstatus}}
Reason: Registered to VirtualShield LLC (a VPN service). 2601:1C0:4401:24A0:C0D7:275F:595C:9A8A (talk) 20:32, 10 November 2021 (UTC)
216.24.45.0/24
{{proxycheckstatus}}
Reason: Amazon AWS Cloud. 2601:1C0:4401:24A0:F421:B01C:5D8:AEFB (talk) 18:00, 3 November 2021 (UTC)
- For this and the below report, I'm inclined to say no; the ranges in question appear to belong to a cloud security provider (Menlo Security), and while it's anonymizing I wouldn't call it "open" since only corporate customers are routing traffic through it. GeneralNotability (talk) 20:08, 10 November 2021 (UTC)
- I concur with GN, closing both without action. --Blablubbs (talk) 12:59, 13 November 2021 (UTC)
168.245.155.0/24
{{proxycheckstatus}}
Reason: Amazon AWS Cloud. 2601:1C0:4401:24A0:F421:B01C:5D8:AEFB (talk) 18:59, 3 November 2021 (UTC)
- Closing per above. --Blablubbs (talk) 12:59, 13 November 2021 (UTC)
2A0A:C802:4:0:0:0:0:0/48
{{proxycheckstatus}}
Reason: IP range belongs to webhosting/cloud service. Recently used for abuse. 2601:1C0:4401:24A0:C0D7:275F:595C:9A8A (talk) 18:18, 10 November 2021 (UTC)
- Abuse?! sheesh, nothing abusive in the range at as far as I can see, but then again it's probably mostly me. Let's try a little WP:AGF, and maybe remember WP:NPA. Of course I have no idea what's going on with the logged-in edits but then again neither do you so...I can't answer the technical questions here, not my area, however it is a free application that is
anonymising
so I suspect it's blockable. I also suspect that english monoglots are unlikely to be able to find this application or use it so it's unlikely to be a big risk. It may also be unavailable in some parts of the world where the editor base is concentrated, but that's mostly speculative based on some not at all recent travel experience with different apps.Sorry to bother you Blablubbs, I told myself I wasn't going to create makework for anyone by spontaneously reporting every random IP I was assigned, but since we're here it might be best if you took a look. If this does become a recurring issue I am of course open to any suggestions you have to make things less awkward. For obvious reasons I won't be responding directly to this thread if the range is blockable, but you can be assured that I'll see your response. Regards, 2A0A:C802:4:1:0:0:0:34 (talk) 19:49, 10 November 2021 (UTC) - Upon review there was something weird going on the 20th of June, but I wouldn't necessarily call that recent, and it hasn't been repeated but it is a tad concerning, I don't think that increases the urgency here but I could see how someone could reasonably disagree. Regards, 2A0A:C802:4:1:0:0:0:34 (talk) 19:57, 10 November 2021 (UTC)
- I believe you can request a block exemption so that you won't be affected by the block (see: Wikipedia:IP block exemption), although you will have to create an account first. 2601:1C0:4401:24A0:C0D7:275F:595C:9A8A (talk) 20:30, 10 November 2021 (UTC)
- Gah, I had typed out a response to this but apparently forgot to post it. Tldr: It's a Confirmed webhost and I blocked, along with some others, and whether the edits are constructive or not didn't play into that determination; I have no way of knowing what might happen with these ranges in the future, or what is currently happening on them through registered accounts. Closing. --Blablubbs (talk)
- @2601:1C0:4401:24A0::/64 not happening, see meatball:LoginsAreEvil; I note you never did strike that last sentence, oh well. Regards, 62.78.92.89 (talk) 05:32, 13 November 2021 (UTC)
- I believe you can request a block exemption so that you won't be affected by the block (see: Wikipedia:IP block exemption), although you will have to create an account first. 2601:1C0:4401:24A0:C0D7:275F:595C:9A8A (talk) 20:30, 10 November 2021 (UTC)