Jump to content

Wikipedia:WikiProject on open proxies/Requests/Archives/50

Add links
From Wikipedia, the free encyclopedia


65.151.155.241

{{proxycheckstatus}}

Reason: WHOIS reports "Network sharing device or proxy server"; Spur says "belongs to a call-back proxy network". Suspicious edits like https://en.wikipedia.org/w/index.php?title=Talk:HTTP_cookie&diff=prev&oldid=1145743447Bri (talk) 16:28, 3 January 2024 (UTC)

@Bri: IP is an open proxy, but not in active use: last edits were ~6mo ago, so I think no action is needed. If a passing admin wants to block I won't object though. — Mdaniels5757 (talk • contribs) 01:10, 4 January 2024 (UTC)
@Mdaniels5757. These types of proxies are rarely blocked for more than a few days. As they have been inactive for months, I'm inclined take no action. Malcolmxl5 (talk) 23:53, 9 March 2024 (UTC)

212.82.69.130

{{proxycheckstatus}}

Reason: Made a unconstructive edit. Has a history of reverted edits. SPUR says Residental/Call-Back Proxy. Nobody (talk) 09:12, 5 March 2024 (UTC)

It’s a school website with an open port 443, the default port for HTTPS, but the website is not secure. The contributions look like typical juvenile stuff rather than proxy use but I’ll block anyway. Malcolmxl5 (talk) 20:56, 23 March 2024 (UTC)

41.215.169.49

{{proxycheckstatus}}

41.215.169.49 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: ACC request - Looks to a CGNAT belonging to Airtel Ghana (mobile operator). If cannot unblock, please soften down to AO - RichT|C|E-Mail 23:25, 5 March 2024 (UTC)

Unfortunately this seems to fall in the 'secret-sauce' portion of the bot, since it looks like there was spam activity in the past, but not seeing anything current, so would love some feedback from @ST47:. Q T C 23:25, 6 March 2024 (UTC)
@Rich Smith@OverlordQ. The block has expired. Is there anything left to do? Malcolmxl5 (talk) 14:47, 24 March 2024 (UTC)

161.69.57.14

{{proxycheckstatus}}

Reason: VPN according to proxycheck.io. Recent editing might be greenwashing of petroleum industry-related articles. ☆ Bri (talk) 19:37, 4 April 2024 (UTC)

I’ve checked every IP in the range 16.69.0.0/16 since the beginning of the year and all of them resolve to MCAFEE WGCS VPN service with many being part of other proxy networks. I’ve blocked the /16 range for two years. Malcolmxl5 (talk) 21:24, 5 April 2024 (UTC)

193.187.88.0/24

{{proxycheckstatus}}

Reason: Flagged as proxy by GetIPIntel and IPHub. Firestar464 (talk) 23:25, 5 April 2024 (UTC)

Has just been globally blocked as such. Firestar464 (talk) 23:28, 5 April 2024 (UTC)

46.102.156.0/24 and 94.177.9.0/24

{{proxycheckstatus}} 

https://www.alwyzon.com/en

Reason: Both ranges belong to Hohl IT e.U. aka (Alwyzon) which is an Austrian provider of dedicated servers. Matthew Tyler-Harrington (aka mth8412) (talk) 03:45, 22 June 2023 (UTC)

 Confirmed as to the ranges with "Customers" in the name (/26), but I didn't check them all. This might also be a job for the ASNbot (AS40994) @AntiCompositeNumber:Mdaniels5757 (talk • contribs) 00:36, 8 December 2023 (UTC)
I’ve blocked the two /26. Malcolmxl5 (talk) 13:15, 23 March 2024 (UTC)
Closing. — Mdaniels5757 (talk • contribs) 23:07, 14 April 2024 (UTC)

5.42.72.0/21

{{proxycheckstatus}}

Reason: IP range belongs to webhosting/VPN service. 2601:1C0:4401:F60:817:B3DA:A0F9:1195 (talk) 18:34, 20 August 2023 (UTC)

 Confirmed along with most things in [1]. Perhaps User:AntiCompositeNumber could add this (ASN 210644) to User:AntiCompositeBot/ASNBlock? — Mdaniels5757 (talk • contribs) 00:28, 8 December 2023 (UTC)
All the /24 in the /21 are currently globally blocked. I’ve added a local block for the /21. Malcolmxl5 (talk) 12:57, 23 March 2024 (UTC)
Closing. — Mdaniels5757 (talk • contribs) 23:08, 14 April 2024 (UTC)

24.192.34.183

{{proxycheckstatus}}

Reason: Did some vandalism, SPUR says Possible Proxy. Nobody (talk) 09:16, 16 April 2024 (UTC)

Spur now says "24.192.34.183 - Not Anonymous 24.192.34.183 itself does not appear to be part of anonymization infrastructure". Nothing else suggests proxy use. Closing with no action. --Malcolmxl5 (talk) 21:36, 20 April 2024 (UTC)

103.4.93.51

{{proxycheckstatus}}

Reason: See filter log. Has been blocked as a Proxy in the past. Spur says Possible Proxy. Nobody (talk) 07:07, 24 April 2024 (UTC)

220.241.9.173

{{proxycheckstatus}}

Reason: Vandalism, SPUR says Forticlient VPN. Nobody (talk) 07:20, 26 April 2024 (UTC)

Blocked. --Malcolmxl5 (talk) 14:55, 27 April 2024 (UTC)

104.151.103.93

{{proxycheckstatus}}

104.151.103.93 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Requested unblock. This IP address is the public facing IP address of the Wikimedia Deutschland (WMDE) office. The IP address belongs to an IP range of 1&1 Versatel, our internet provider, who statically assigned this address to our fiber optics uplink. We often have events where we introduce future volunteers into editing Wikipedia or their sister projects. Among our colleagues are also many volunteers who get affected by this block. Masin Al-Dujaili (WMDE) (talk) 10:10, 11 April 2024 (UTC)

There's certainly something fishy going on in other parts of the range. Courtesy ping for NinjaRobotPirate. Maybe split the range in half, i.e. block the lower /18? -- zzuuzz (talk) 12:21, 11 April 2024 (UTC)
Sure, sounds fine. I don't remember the exact details of this block any more, but I usually block 1&1 on sight. From Ionos, it looks like they're branching out of just web hosting now, though. NinjaRobotPirate (talk) 16:27, 11 April 2024 (UTC)

IPfe80::e122:d2f:7437:7f9c192.168.255.245

{{proxycheckstatus}}

[[User:|]] · contribs · block · log · stalk · Robtex · whois · Google

Reason: Requested unblock. Agasarah (talk) 21:17, 4 May 2024 (UTC)

89.197.204.196

{{proxycheckstatus}}

Reason: VPN server. 73.67.145.30 (talk) 16:56, 18 June 2024 (UTC)

192.155.107.54

{{proxycheckstatus}}

Reason: Confirmed VPN via Geolocate. Jalen Folf (Bark[s]) 07:10, 29 June 2024 (UTC)

2A10:BCC2:2029:6030:3C22:44CA:5B85:B2BC

{{proxycheckstatus}}

User admitted to being proxy after vandalizing pages. Interestingly, their Uncyclopedia page reveals that their IP is an open proxy for pawns.app. OhHaiMark (talk) 22:24, 29 May 2024 (UTC)

I can’t corroborate that but I’ve blocked the /64 for vandalism anyway while noting that this IP self-admitted to being an open proxy. Malcolmxl5 (talk) 00:32, 2 July 2024 (UTC)

202.134.9.141

{{proxycheckstatus}}

202.134.9.141 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Same proxy sock that got blocked earlier for both ban evasion and editing with proxy. [2] He is still socking to restore the same article.[3][4] Ratnahastin (talk) 15:22, 8 March 2024 (UTC)

There’s a lot of blocks in the history, the most recent is a 3 month /12 block in September for block evasion. Malcolmxl5 (talk) 11:06, 13 March 2024 (UTC)

163.47.119.0/24

{{proxycheckstatus}}

Note sure how reliable this is, but it's identified as a VPN server on the goeloacate link on the contributions page. Assuming that's accurate, I suspect the VPN is being used by at least some one of the editors on this range to evade IP range blocks. Sir Sputnik (talk) 00:31, 12 May 2024 (UTC)

It’s a VPS hosting service. Now blocked. -- Malcolmxl5 (talk) 12:41, 4 July 2024 (UTC)

95.153.32.34 and others

{{proxycheckstatus}}

Reason: recently used by particularly vile LTA. Drmies (talk) 16:29, 8 July 2024 (UTC)

57.140.32.8

{{proxycheckstatus}}

Seems to be a Menlo Security VPN. Checked using Spur (public version) and IPQualityScore and returned as a VPN. Edit history also indicates that it might be a shared IP. However, other services (shown on IPCheck) indicates that it may not be a proxy. ~~2NumForIce (speak|edits) 15:04, 16 May 2024 (UTC)

 Possible IP is an open proxy Appears to be a VDI/DaaS solution rather than an 'open to the public' proxy, but still anonymizing, so 57.140.32.0/24 · contribs · block · log · stalk · Robtex · whois · Google blocked as such. Q T C 22:09, 23 July 2024 (UTC)

15.248.0.0/16

{{proxycheckstatus}}

Reason: Amazon AWS webhosting services. Recently used for vandalism/disruption. 73.67.145.30 (talk) 15:59, 31 May 2024 (UTC)

 Completed as {{Colocationwebhost}} Q T C 22:02, 23 July 2024 (UTC)

136.226.3.95

{{proxycheckstatus}}

136.226.3.95 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

The range 136.226.0.0/16 was blocked recently. Unfortunately my user account uses a static IP in this range. I use different devices for my editing, but only edit under my account. I also accept if the block will remain in place as it does use ZScaler (an open proxy), but am wondering if an exception could be granted. My account has never been blocked nor have I been under scrutiny for being blocked. Reason: Requested unblock. Conyo14 (talk) 16:42, 20 June 2024 (UTC)

@Conyo14. Consider requesting WP:IPBE. -- Malcolmxl5 (talk) 11:19, 22 June 2024 (UTC)
no Declined to run a check As mentioned, since this is a ZScaler range an exemption should be requested, as this is blocked not only locally, but on the global level as well. Q T C 21:58, 23 July 2024 (UTC)

208.184.210.151

{{proxycheckstatus}}

Reason: ipcheck.toolforge.org reports this as a proxy and geolocation data shows it might be a datacenter ☆ Bri (talk) 22:49, 27 June 2024 (UTC)

Inconclusive This range appears to be part of Zayo's Direct Internet Access offering which is business/enterprise connectivity, so while there may be a possibility of an open proxy, this seems to be more along the lines of somebody editing at work. Q T C 21:52, 23 July 2024 (UTC)

157.167.128.0/24

{{proxycheckstatus}}

Reason: Cloud server/VPN. This is an odd one, because the IP range geolocates to Turkey, and is listed as a VPN network; but most of the edits are to Turkish-related articles. Is this some sort of corporate cloud network? 2601:1C0:4401:F60:8C11:4CC3:7E71:B4CE (talk) 20:54, 13 August 2023 (UTC)

Inconclusive. It’s showing up as a Forcepoint gateway proxy. Forcepoint is a company that provides cybersecurity services for businesses and governments so, yes, coupled with it geolocating to Turkey and editing Turkish topics, which is not typical proxy behaviour, this probably is a corporate gateway. It's not very busy and looks low risk; I’ll mark it as inconclusive. Closing. --Malcolmxl5 (talk) 12:05, 2 August 2024 (UTC)

192.189.187.125

{{proxycheckstatus}}

Reason:Listed ISP is FedEx which is not a legitimate provider, in addition these various FedEx proxy ranges are used by a LTA and extensive sock puppeteer HaughtonBrit to block evade and push tendentious edits in various South Asian topics. Southasianhistorian8 (talk) 21:13, 3 April 2024 (UTC)

 Unlikely IP is an open proxy. It's not uncommon for an IP address or range of IP addresses to be owned by non-ISP organisations and I can't corroborate that this is a proxy or VPN. That’s not to say that disruptive editing can’t be blocked where it occurs but this is one edit almost four months ago handled by a revert so there is nothing more to be done now. Closing. --Malcolmxl5 (talk) 12:19, 31 July 2024 (UTC)

110.93.85.16 and others

{{proxycheckstatus}}

Reason: Questionable beauty pageant editing for some time from IPs in 110.93.85.0/24, and recent use by those noted above; spur reports both belong to a call-back proxy network. ☆ Bri (talk) 19:44, 2 July 2024 (UTC)

  • While the behaviour is obviously the one person, their contributions are not abusive. Spur now shows them as 'not anonymous'. An IP has pointed out that the IPs are reported as public proxies in IP2Location (see talk page). However, I can’t see a way to connect to them. Closing.
Inconclusive Malcolmxl5 (talk) 11:45, 23 August 2024 (UTC)

37.140.254.206

{{proxycheckstatus}}

Reason: vpn ltbdl (talk) 10:10, 2 August 2024 (UTC)

 Confirmed as Express VPN. Closing. --Malcolmxl5 (talk) 10:29, 2 August 2024 (UTC)

72.14.126.22

{{proxycheckstatus}}

Reason: It appears https://spur.us/context/72.14.126.22 is a known proxy and it seems suspiciously used. Pastillawheel (talk) 16:14, 26 August 2024 (UTC)

  • Spur notes a 'possible proxy' and that the IP address belongs to a particular proxy network. Activity from this IP address is likely a mix of anonymous and normal activity. This means not all traffic from this IP address belongs to this proxy network. So I look at the contributions. It’s a long-standing stable connection located in the US with an interest in US subjects. I see no signs of abuse of editing privileges. I think there is unlikely to be proxy use at this time. --Malcolmxl5 (talk) 11:08, 29 August 2024 (UTC)

102.141.49.156 and 94.200.5.30

{{proxycheckstatus}}

Reason: suspicious back-to-back edits with another IP on the same article but the IPs geolocate to different continents, and Spur indicates at least one is in a call-back network. ☆ Bri (talk) 00:55, 29 August 2024 (UTC)

Retrieved from "https://en.wikipedia.org/w/index.php?title=Wikipedia:WikiProject_on_open_proxies/Requests/Archives/50&oldid=1244828585"