Wikipedia:WikiProject on open proxies/Requests/Archives/50

Add links
Source: Wikipedia, the free encyclopedia.

65.151.155.241

{{proxycheckstatus}}

Reason: WHOIS reports "Network sharing device or proxy server"; Spur says "belongs to a call-back proxy network". Suspicious edits like https://en.wikipedia.org/w/index.php?title=Talk:HTTP_cookie&diff=prev&oldid=1145743447Bri (talk) 16:28, 3 January 2024 (UTC)

@Bri: IP is an open proxy, but not in active use: last edits were ~6mo ago, so I think no action is needed. If a passing admin wants to block I won't object though. — Mdaniels5757 (talk • contribs) 01:10, 4 January 2024 (UTC)
@Mdaniels5757. These types of proxies are rarely blocked for more than a few days. As they have been inactive for months, I'm inclined take no action. Malcolmxl5 (talk) 23:53, 9 March 2024 (UTC)

212.82.69.130

{{proxycheckstatus}}

Reason: Made a unconstructive edit. Has a history of reverted edits. SPUR says Residental/Call-Back Proxy. Nobody (talk) 09:12, 5 March 2024 (UTC)

It’s a school website with an open port 443, the default port for HTTPS, but the website is not secure. The contributions look like typical juvenile stuff rather than proxy use but I’ll block anyway. Malcolmxl5 (talk) 20:56, 23 March 2024 (UTC)

41.215.169.49

{{proxycheckstatus}}

41.215.169.49 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: ACC request - Looks to a CGNAT belonging to Airtel Ghana (mobile operator). If cannot unblock, please soften down to AO - RichT|C|E-Mail 23:25, 5 March 2024 (UTC)

Unfortunately this seems to fall in the 'secret-sauce' portion of the bot, since it looks like there was spam activity in the past, but not seeing anything current, so would love some feedback from @ST47:. Q T C 23:25, 6 March 2024 (UTC)
@Rich Smith@OverlordQ. The block has expired. Is there anything left to do? Malcolmxl5 (talk) 14:47, 24 March 2024 (UTC)

161.69.57.14

{{proxycheckstatus}}

Reason: VPN according to proxycheck.io. Recent editing might be greenwashing of petroleum industry-related articles. ☆ Bri (talk) 19:37, 4 April 2024 (UTC)

I’ve checked every IP in the range 16.69.0.0/16 since the beginning of the year and all of them resolve to MCAFEE WGCS VPN service with many being part of other proxy networks. I’ve blocked the /16 range for two years. Malcolmxl5 (talk) 21:24, 5 April 2024 (UTC)

193.187.88.0/24

{{proxycheckstatus}}

Reason: Flagged as proxy by GetIPIntel and IPHub. Firestar464 (talk) 23:25, 5 April 2024 (UTC)

Has just been globally blocked as such. Firestar464 (talk) 23:28, 5 April 2024 (UTC)

46.102.156.0/24 and 94.177.9.0/24

{{proxycheckstatus}} 

https://www.alwyzon.com/en

Reason: Both ranges belong to Hohl IT e.U. aka (Alwyzon) which is an Austrian provider of dedicated servers. Matthew Tyler-Harrington (aka mth8412) (talk) 03:45, 22 June 2023 (UTC)

 Confirmed as to the ranges with "Customers" in the name (/26), but I didn't check them all. This might also be a job for the ASNbot (AS40994) @AntiCompositeNumber:Mdaniels5757 (talk • contribs) 00:36, 8 December 2023 (UTC)
I’ve blocked the two /26. Malcolmxl5 (talk) 13:15, 23 March 2024 (UTC)
Closing. — Mdaniels5757 (talk • contribs) 23:07, 14 April 2024 (UTC)

5.42.72.0/21

{{proxycheckstatus}}

Reason: IP range belongs to webhosting/VPN service. 2601:1C0:4401:F60:817:B3DA:A0F9:1195 (talk) 18:34, 20 August 2023 (UTC)

 Confirmed along with most things in [1]. Perhaps User:AntiCompositeNumber could add this (ASN 210644) to User:AntiCompositeBot/ASNBlock? — Mdaniels5757 (talk • contribs) 00:28, 8 December 2023 (UTC)
All the /24 in the /21 are currently globally blocked. I’ve added a local block for the /21. Malcolmxl5 (talk) 12:57, 23 March 2024 (UTC)
Closing. — Mdaniels5757 (talk • contribs) 23:08, 14 April 2024 (UTC)

24.192.34.183

{{proxycheckstatus}}

Reason: Did some vandalism, SPUR says Possible Proxy. Nobody (talk) 09:16, 16 April 2024 (UTC)

Spur now says "24.192.34.183 - Not Anonymous 24.192.34.183 itself does not appear to be part of anonymization infrastructure". Nothing else suggests proxy use. Closing with no action. --Malcolmxl5 (talk) 21:36, 20 April 2024 (UTC)

103.4.93.51

{{proxycheckstatus}}

Reason: See filter log. Has been blocked as a Proxy in the past. Spur says Possible Proxy. Nobody (talk) 07:07, 24 April 2024 (UTC)

220.241.9.173

{{proxycheckstatus}}

Reason: Vandalism, SPUR says Forticlient VPN. Nobody (talk) 07:20, 26 April 2024 (UTC)

Blocked. --Malcolmxl5 (talk) 14:55, 27 April 2024 (UTC)

104.151.103.93

{{proxycheckstatus}}

104.151.103.93 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Requested unblock. This IP address is the public facing IP address of the Wikimedia Deutschland (WMDE) office. The IP address belongs to an IP range of 1&1 Versatel, our internet provider, who statically assigned this address to our fiber optics uplink. We often have events where we introduce future volunteers into editing Wikipedia or their sister projects. Among our colleagues are also many volunteers who get affected by this block. Masin Al-Dujaili (WMDE) (talk) 10:10, 11 April 2024 (UTC)

There's certainly something fishy going on in other parts of the range. Courtesy ping for NinjaRobotPirate. Maybe split the range in half, i.e. block the lower /18? -- zzuuzz (talk) 12:21, 11 April 2024 (UTC)
Sure, sounds fine. I don't remember the exact details of this block any more, but I usually block 1&1 on sight. From Ionos, it looks like they're branching out of just web hosting now, though. NinjaRobotPirate (talk) 16:27, 11 April 2024 (UTC)

IPfe80::e122:d2f:7437:7f9c192.168.255.245

{{proxycheckstatus}}

[[User:|]] · contribs · block · log · stalk · Robtex · whois · Google

Reason: Requested unblock. Agasarah (talk) 21:17, 4 May 2024 (UTC)

89.197.204.196

{{proxycheckstatus}}

Reason: VPN server. 73.67.145.30 (talk) 16:56, 18 June 2024 (UTC)

192.155.107.54

{{proxycheckstatus}}

Reason: Confirmed VPN via Geolocate. Jalen Folf (Bark[s]) 07:10, 29 June 2024 (UTC)

2A10:BCC2:2029:6030:3C22:44CA:5B85:B2BC

{{proxycheckstatus}}

User admitted to being proxy after vandalizing pages. Interestingly, their Uncyclopedia page reveals that their IP is an open proxy for pawns.app. OhHaiMark (talk) 22:24, 29 May 2024 (UTC)

I can’t corroborate that but I’ve blocked the /64 for vandalism anyway while noting that this IP self-admitted to being an open proxy. Malcolmxl5 (talk) 00:32, 2 July 2024 (UTC)

202.134.9.141

{{proxycheckstatus}}

202.134.9.141 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Same proxy sock that got blocked earlier for both ban evasion and editing with proxy. [2] He is still socking to restore the same article.[3][4] Ratnahastin (talk) 15:22, 8 March 2024 (UTC)

There’s a lot of blocks in the history, the most recent is a 3 month /12 block in September for block evasion. Malcolmxl5 (talk) 11:06, 13 March 2024 (UTC)

163.47.119.0/24

{{proxycheckstatus}}

Note sure how reliable this is, but it's identified as a VPN server on the goeloacate link on the contributions page. Assuming that's accurate, I suspect the VPN is being used by at least some one of the editors on this range to evade IP range blocks. Sir Sputnik (talk) 00:31, 12 May 2024 (UTC)

It’s a VPS hosting service. Now blocked. -- Malcolmxl5 (talk) 12:41, 4 July 2024 (UTC)

95.153.32.34 and others

{{proxycheckstatus}}

Reason: recently used by particularly vile LTA. Drmies (talk) 16:29, 8 July 2024 (UTC)

57.140.32.8

{{proxycheckstatus}}

Seems to be a Menlo Security VPN. Checked using Spur (public version) and IPQualityScore and returned as a VPN. Edit history also indicates that it might be a shared IP. However, other services (shown on IPCheck) indicates that it may not be a proxy. ~~2NumForIce (speak|edits) 15:04, 16 May 2024 (UTC)

 Possible IP is an open proxy Appears to be a VDI/DaaS solution rather than an 'open to the public' proxy, but still anonymizing, so 57.140.32.0/24 · contribs · block · log · stalk · Robtex · whois · Google blocked as such. Q T C 22:09, 23 July 2024 (UTC)

15.248.0.0/16

{{proxycheckstatus}}

Reason: Amazon AWS webhosting services. Recently used for vandalism/disruption. 73.67.145.30 (talk) 15:59, 31 May 2024 (UTC)

 Completed as {{Colocationwebhost}} Q T C 22:02, 23 July 2024 (UTC)

136.226.3.95

{{proxycheckstatus}}

136.226.3.95 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

The range 136.226.0.0/16 was blocked recently. Unfortunately my user account uses a static IP in this range. I use different devices for my editing, but only edit under my account. I also accept if the block will remain in place as it does use ZScaler (an open proxy), but am wondering if an exception could be granted. My account has never been blocked nor have I been under scrutiny for being blocked. Reason: Requested unblock. Conyo14 (talk) 16:42, 20 June 2024 (UTC)

@Conyo14. Consider requesting WP:IPBE. -- Malcolmxl5 (talk) 11:19, 22 June 2024 (UTC)
no Declined to run a check As mentioned, since this is a ZScaler range an exemption should be requested, as this is blocked not only locally, but on the global level as well. Q T C 21:58, 23 July 2024 (UTC)

208.184.210.151

{{proxycheckstatus}}

Reason: ipcheck.toolforge.org reports this as a proxy and geolocation data shows it might be a datacenter ☆ Bri (talk) 22:49, 27 June 2024 (UTC)

Inconclusive This range appears to be part of Zayo's Direct Internet Access offering which is business/enterprise connectivity, so while there may be a possibility of an open proxy, this seems to be more along the lines of somebody editing at work. Q T C 21:52, 23 July 2024 (UTC)
Retrieved from "https://en.wikipedia.org/w/index.php?title=Wikipedia:WikiProject_on_open_proxies/Requests/Archives/50&oldid=1236352264"