Jump to content

Wikipedia:WikiProject on open proxies/Requests/Archives/39

From Wikipedia, the free encyclopedia


207.241.232.35

{{proxycheckstatus}}

207.241.232.35 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: An IP form the wayback machine. -322UbnBr2 (Talk | Contributions | Actions) 21:36, 29 December 2020 (UTC)

no Declined to run a check I see no reason to bother checking this - the IP is indeed registered to the Internet Archive, but that isn't a reason to check if it's a proxy. No enwiki edits either. GeneralNotability (talk) 01:39, 4 January 2021 (UTC)
@GeneralNotability: You can edit from it, though.

155.254.28.142

{{proxycheckstatus}}

155.254.28.142 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Suspicious edits [1] This IP made a few iffy edits including content blanking. Normchou💬 01:10, 3 January 2021 (UTC)

Ths IP is flagged as a proxy by ipcheck; it has a report at scamalytics.com. EdJohnston (talk) 01:16, 3 January 2021 (UTC)
Actually the whole 155.254.16.0/20 is a webhost ([2]), apparently running VPNs. --MarioGom (talk) 01:26, 3 January 2021 (UTC)
Worse, they spelled a la carte wrong on their website. Will work on a colo block here. GeneralNotability (talk) 01:45, 4 January 2021 (UTC)
Colo-blocked, didn't see anything recent on the unblocked ranges that belong to the same hosting provider. Closing. GeneralNotability (talk) 01:56, 4 January 2021 (UTC)

IP185.246.88.119

{{proxycheckstatus}}

185.246.88.119 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reported at WP:Sockpuppet investigations/Ineedtostopforgetting. The Ipcheck tool says it could be a proxy or a VPN. EdJohnston (talk) 05:16, 6 January 2021 (UTC)

nmap says that it's serving an SSL cert for SurfShark, a known VPN provider. Will block. GeneralNotability (talk) 02:22, 8 January 2021 (UTC)

213.184.101.9

{{proxycheckstatus}}

213.184.101.9 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Suspicious edits DoebLoggs (talk) 10:23, 14 January 2021 (UTC)

@DoebLoggs, could you clarify what you mean by "suspicious edits"? I only see a single vandal edit coming from that IP. Best, Blablubbs|talk 21:57, 20 January 2021 (UTC)
@Blablubbs: thanks for replying. Actually it's the first time I file a report at this venue and I'm not experienced on how this page works. I just noticed that the IP above is marked as a possible proxy or VPN by checking it through the Proxy Checker website. Feel free to ignore my request if you think it is not appropriate and please accept my apologies in that case. --DoebLoggs (talk) 11:57, 21 January 2021 (UTC)
Not seeing anything that indicates this is an open proxy (not even IPQS, which thinks everything is a VPN). Closed. GeneralNotability (talk) 00:10, 25 January 2021 (UTC)

135.181.0.0/16

{{proxycheckstatus}}

135.181.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google

Webhost (Hetzner). Also used by webproxy services; 135.181.35.237 is serving an SSL cert for hideproxy.me on port 443. Blablubbs|talk 20:27, 25 January 2021 (UTC)

I also found some other unblocked Hetzner ranges; most are already gblocked, but one is unblocked and has edits coming from it:
116.202.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google (this one has edited)
88.198.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
95.216.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google
185.141.200.0/24 · contribs · block · log · stalk · Robtex · whois · Google
Blablubbs|talk 20:37, 25 January 2021 (UTC)
Blocked the reported range and the other unblocked range. GeneralNotability (talk) 14:34, 10 February 2021 (UTC)

5.175.40.0/21

{{proxycheckstatus}}

5.175.40.0/21 · contribs · block · log · stalk · Robtex · whois · Google

Reason: Suspicious edits. Range from a Spanish VPS hosting company: axarnet.es (Infortelecom on WHOIS). MarioGom (talk) 00:44, 9 February 2021 (UTC)

Rangeblocked. GeneralNotability (talk) 03:31, 26 February 2021 (UTC)

110.138.151.51

{{proxycheckstatus}}

110.138.151.51 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Suspicious edits Beyond My Ken (talk) 16:19, 21 February 2021 (UTC)

Only two edits in the past 10 years, not seeing much to indicate this is an open proxy/VPN. It appears to be a residential IP, although Spur does flag it as a 'botnet proxy' type endpoint. ƒirefly ( t · c ) 13:07, 25 February 2021 (UTC)
Firefly, I concur that this one is pretty  Unlikely to be an open proxy. However, given the behavioural similarities with the IP reported below which has a vastly different geolocation (and this page history more generally), I'd call it  Possible that it is a different sort of proxy (beans!) that we won't be able to positively confirm, with the other options being meatpuppetry or strange coincidence. Blablubbs|talk 13:20, 25 February 2021 (UTC)
Blablubbs yes I wondered about that (assuming we’re thinking of the same thing) based on the Spur result... ƒirefly ( t · c ) 13:34, 25 February 2021 (UTC)
I think we're all thinking the same thing. Not seeing a lot of value in blocking right now though - very hard to confirm that it's a proxy, only one edit, going to close.

2.57.169.0/24

{{proxycheckstatus}}

2.57.169.0/24 · contribs · block · log · stalk · Robtex · whois · Google

Webhost range. While Equinix offers colocation, this /24 seems to be exclusively used by ExpressVPN per WHOIS and spot checks with the spur API. Blablubbs|talk 20:59, 15 February 2021 (UTC)

Blocked by stwalkerster. GeneralNotability (talk) 03:51, 28 February 2021 (UTC)

ProtonVPN

{{proxycheckstatus}}

37.120.236.0/24 · contribs · block · log · stalk · Robtex · whois · Google - M247
37.120.236.3 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.236.4 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.236.4 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.236.5 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.236.6 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.237.0/24 · contribs · block · log · stalk · Robtex · whois · Google - M247
37.120.237.171 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.237.172 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.237.172 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.237.173 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.237.174 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.237.179 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.237.180 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.237.180 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.237.181 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.237.182 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.0/24 · contribs · block · log · stalk · Robtex · whois · Google - M247
37.120.244.51 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.52 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.52 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.53 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.54 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.59 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.59 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.60 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.61 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.62 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.99 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.100 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.100 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.101 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.102 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.155 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.156 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.156 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.157 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.120.244.158 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
79.142.76.0/23 · contribs · block · log · stalk · Robtex · whois · Google - AltuHost
79.142.76.71 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
79.142.76.72 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
79.142.76.73 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
79.142.76.74 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
85.237.202.0/24 · contribs · block · log · stalk · Robtex · whois · Google - Netuity
85.237.202.6 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
85.237.202.7 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
85.237.202.8 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
85.237.202.9 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
85.237.202.9 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
85.237.202.10 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
85.237.202.11 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
85.237.202.12 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
85.237.202.13 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.0.0/18 · contribs · block · log · stalk · Robtex · whois · Google - WebNX
173.231.59.123 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.59.124 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.59.124 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.59.125 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.59.126 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.63.82 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.63.82 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.63.83 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.63.84 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.63.85 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.63.86 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.63.87 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.63.88 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.63.89 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.63.98 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.63.98 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.63.99 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.63.101 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.63.102 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.63.103 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.63.104 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
173.231.63.105 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
185.139.26.0/24 · contribs · block · log · stalk · Robtex · whois · Google - Netuity
185.139.26.6 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
185.139.26.7 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
185.139.26.8 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
185.139.26.9 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
185.139.26.9 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
185.139.26.10 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
185.139.26.11 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
185.139.26.12 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
185.139.26.13 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
190.184.199.0/29 · contribs · block · log · stalk · Robtex · whois · Google - ????
190.184.199.3 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
190.184.199.3 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
190.184.199.4 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
190.184.199.6 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
190.184.199.7 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
195.88.86.0/24 · contribs · block · log · stalk · Robtex · whois · Google - TerraTransit
195.88.86.6 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
195.88.86.7 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
195.88.86.8 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
195.88.86.9 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
195.88.86.9 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
195.88.86.9 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
195.88.86.10 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
195.88.86.11 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
195.88.86.12 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
195.88.86.13 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Unblocked ProtonVPN IPs (JSON data), grouped by colo. MarioGom (talk) 19:13, 28 February 2021 (UTC)

Thanks for doing the legwork on this. Hardblocked the lot and handed out some colo blocks.

IP173.237.207.37

{{proxycheckstatus}}

173.237.207.37 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Suspicious edits. The WHOIS tool says the range 173.237.192.0/20 (block range · block log (global) · WHOIS (partial)) is operated by Netriplex, a web server company. The name 'Lightwavenetworks' is returned for this single IP by Ipcheck, which gives a 'fraud score' of 100. Another part of the same /16 range, 173.237.0.0/16 (block range · block log (global) · WHOIS (partial)) is currently blocked by User:ST47 as a colocation webhost. This single IP is one of the IPs recently reported in WP:Sockpuppet investigations/Ineedtostopforgetting. Scamalytics says this this IP is a fraud risk, that it's a VPN and that it's open on port 443. EdJohnston (talk) 20:57, 3 February 2021 (UTC)

Whois tells me the /24 belongs to SurfShark, which it does, so I've blocked it as such. There doesn't seem to be anything else currently active on the wider /20, and I haven't pursued that. -- zzuuzz (talk) 21:15, 3 February 2021 (UTC)
Lightwave offers webhosting and colocation, so it probably makes sense to hit the wider twenty as well as everything here with blocks. Blablubbs|talk 11:29, 28 February 2021 (UTC)
Thanks all. Handed out a bunch of colo blocks, closing. GeneralNotability (talk) 01:56, 10 March 2021 (UTC)

192.145.116.0/24 and others

{{proxycheckstatus}}

192.145.116.0/24 · contribs · block · log · stalk · Robtex · whois · Google
192.145.117.0/24 · contribs · block · log · stalk · Robtex · whois · Google
192.145.118.0/24 · contribs · block · log · stalk · Robtex · whois · Google
194.110.84.0/24 · contribs · block · log · stalk · Robtex · whois · Google

Reason: NordVPN. The first two ranges with active exit nodes. The other two found while looking up the AS ([3]). MarioGom (talk) 16:45, 13 February 2021 (UTC)

Good spot. Blocked 'em all. GeneralNotability (talk) 02:34, 10 March 2021 (UTC)

180.244.233.35

{{proxycheckstatus}}

180.244.233.35 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Previously blocked for 2 weeks in 2020 as an open proxy. Only vandalism from this address since block expired. I just blocked it again for 3 months as an open proxy due to the previous block rationale, but then couldn't find a previous record of that IP address here. ~Anachronist (talk) 20:05, 19 February 2021 (UTC)

  • Not currently an open proxy. Neither the IP listed nor the entry node from the block log appear to be currently functioning as open proxies – if the bot had been able to connect to this one through a different entry IP, it would have reblocked. There are proxies that we can not detect by looking at individual IPs (and spur is flagging), but I don't see any signs of this one functioning as an open proxy at this time. --Blablubbs|talk 14:35, 3 March 2021 (UTC)

2400:adc1:1b6:e300:d4f0:aca:b6ed:4e43

{{proxycheckstatus}}

2400:adc1:1b6:e300:d4f0:aca:b6ed:4e43 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · geo · rangeblocks · spur · shodan

Reason: Suspicious edits Beyond My Ken (talk) 16:20, 21 February 2021 (UTC)

Closing because I'm lazy - I really don't want to go proxy-hunting on a IPv6 /64 over two edits.

ZenNet

{{proxycheckstatus}}

119.59.121.0/24 · contribs · block · log · stalk · Robtex · whois · Google

If you select "Thailand" in ZenNet VPN once you created and logged to a dummy trial account there, you'll end up on that range. Aside from WP:No open proxies, there's an unconfirmed rumor going around that the Myanmar junta might start a big editing operation in attempt to sway opinion undeservedly into their favor, which I think would include some of those proxies that would help them hide better. Just to be safe, please block it preferably with the "anon-only" on.John haxor (talk) 11:36, 8 March 2021 (UTC) Reason: (add your reason here) John haxor (talk) 11:36, 8 March 2021 (UTC)

 Confirmed VPN. Didn't look at the entire range, but a spotcheck shows that this is definitely a webhost running proxies – per WHOIS, the actual range is 119.59.96.0/19. Blablubbs|talk 11:45, 8 March 2021 (UTC)
Thanks for looking, good night.John haxor (talk) 11:58, 8 March 2021 (UTC)
/19 is blocked both locally and globally. Closing. GeneralNotability (talk) 02:37, 10 March 2021 (UTC)

46.19.136.0/21

{{proxycheckstatus}}

46.19.136.0/21 · contribs · block · log · stalk · Robtex · whois · Google

Leaky webhost (Private Layer Inc) with a couple of IPsocks bouncing around on it over the years and some hosts owned by VPN providers. There's a bunch of other unblocked ranges belonging to the same VPS provider, some of them with edits coming out of them. Blablubbs|talk 00:30, 9 March 2021 (UTC)

46.19.137.116, the most recently active IP, is an AirVPN node for example, serves a cert for *.airservers.org on port 89; haven't looked at the others – thanks MarioGom for the tip. Blablubbs|talk 00:45, 9 March 2021 (UTC)
The following are also  Confirmed proxy endpoints as they serve easily-identifiable SSL certs.
46.19.137.115 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches AirVPN. Not blocked.
46.19.137.118 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches AirVPN. Not blocked.
46.19.141.66 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.2 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.3 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.4 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.5 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.7 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.8 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.9 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.10 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.11 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.12 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.13 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.14 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.15 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.16 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.17 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.18 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.19 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.20 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.21 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.22 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.23 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.24 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.25 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.26 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.27 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.28 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.29 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.30 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.
46.19.143.31 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - matches RapidVPN. Not blocked.

Probably worth hardblocking the lot and colo-blocking the range. ƒirefly ( t · c ) 12:28, 9 March 2021 (UTC)

Firefly, as far as I can tell the ISP doesn't offer colocation, so a hardblock for the range should be fine. Blablubbs|talk 12:30, 9 March 2021 (UTC)
That also works! ƒirefly ( t · c ) 12:34, 9 March 2021 (UTC)
Range hardblocked. GeneralNotability (talk) 00:43, 11 March 2021 (UTC)

45.123.119.51 and 94.127.213.38 - Likely Bothiman socking

{{proxycheckstatus}}

45.123.119.51 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
94.127.213.38 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Hey all, please see this previous report for more context, because it appears to involve an editor who has used multiple proxies to edit articles related to Indian Tamil-language actor Vijay. In December 2020 here, an editor added some information on who so-and-so character was based on. That IP range was webhost blocked. Here at the same article, we have similar content being added by Anon. Also, since the IP geolocates to Turkey, that makes me suspicious as well. So I think this IP is related to that batch. Regards, Cyphoidbomb (talk) 15:48, 4 March 2021 (UTC)

 Confirmed proxy. Same deal as last time – 45.123.119.0/24 belongs to Serverfield, a dedicated server provider. The same goes for most of the ranges here, most of which should be good to block (some of them seem to be assigned to different colo hosts and some have no meaningful WHOIS output at all, so they will require manual review). Blablubbs|talk 15:53, 4 March 2021 (UTC)
@Blablubbs: Thanks for looking. If you were to speculate, what is this editor doing? Are they paying for a service, like with a VPN, or ___? I honestly have no idea how this works, but I'm interested in what their process might be. Thanks, Cyphoidbomb (talk) 16:04, 4 March 2021 (UTC)
Cyphoidbomb, it's a good question – and I'm not sure I know the definitive answer to the question what exactly is going on here. What I can tell you is that we're looking at webhosts, some of which are affiliated with dodgy-ish VPN providers. Spur, which is usually pretty good at provider identification, flags three of the ones in your first report as touchvpn and urbanvpn and GN previously found an SSL certificate for geosurf on one of them (this isn't necessarily mutually exclusive, many VPN providers operate under multiple names simultaneously). What's interesting is the fact that they are acting as more than just proxies; some of them are hosting an identical spamsite, with seemingly random nonsense in the header and embedded Youtube videos (you can visit http://45.123.119.51:8080 to look at it – maybe disable Javascript first, depending on your level of paranoia), so they are likely operated by the same people. I assume they're using one or multiple "free" VPN services of doubtful trustworthiness. Blablubbs|talk 16:27, 4 March 2021 (UTC)
And yet another addendum: It looks like I was correct about the shadyness of the VPN – UrbanVPN is run by biscience, which "passively collect[s] and measure[s] online behavioral activities". They also run Geosurf, and likely some others. MarioGom and I are looking into that. Blablubbs|talk 14:58, 6 March 2021 (UTC)
  • 94.127.213.38 doesn't appear to be a proxy to me. It belongs to Orbit Telecom / Batelco Jordan, which appears to be a Bahrainian/Jordanian ISP (rather than a hosting service). It's not showing any of the usual signs of suspicious activity (in network terms), so I'm going to go out on a limb and suggest this one is Not currently an open proxy ƒirefly ( t · c ) 16:54, 4 March 2021 (UTC)
  • As an addendum, the Croatian one is croweb.host and belongs to SurfsharkVPN – I've seen Surfshark use that webhost before, so someone may want to have a look at the wider range. --Blablubbs|talk 17:30, 4 March 2021 (UTC)
Blocked most of them. Blablubbs, not seeing strong evidence of 123.215.16.234 being a proxy - what's your thinking there? GeneralNotability (talk) 00:48, 14 March 2021 (UTC)
GeneralNotability, at the time I had looked, Shodan had results with open proxy ports if I recall correctly, but I found nothing when taking another look just now – if you go on a Google dive, you'll find the IP being bounced around on dodgy Russian forums and the like (including in this list on Github), and then there's the behaviour. Looks like this one may have rotated in the meantime (and it hasn't edited in a bit), so I think leaving it unblocked is probably okay too. The Jordanian one (94.127.213.38) could probably use a block though. Blablubbs|talk 00:59, 14 March 2021 (UTC)
Okay. Blocked the Jordanian one (short block - this is more a "behavioral evidence" VPN block than "technical evidence" VPN block). Closing. GeneralNotability (talk) 02:39, 14 March 2021 (UTC)

StrongVPN

{{proxycheckstatus}}

104.36.176.0/21 · contribs · block · log · stalk · Robtex · whois · Google
108.171.96.0/24 · contribs · block · log · stalk · Robtex · whois · Google
199.33.71.0/24 · contribs · block · log · stalk · Robtex · whois · Google

Unblocked Strong VPN ranges per spur and whois. --MarioGom (talk) 12:11, 6 March 2021 (UTC)

Blocked the lot. `GeneralNotability (talk)

103.237.168.0/23

{{proxycheckstatus}}

103.237.168.0/23 · contribs · block · log · stalk · Robtex · whois · Google colo: vastspace
103.237.168.160 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan UrbanVPN

Colo range + UrbanVPN individual IP. MarioGom (talk) 13:44, 6 March 2021 (UTC)

Rangeblocked + individually blocked the one proxy. GeneralNotability (talk) 18:29, 13 March 2021 (UTC)

SurfShark

{{proxycheckstatus}}

107.161.144.0/22 · contribs · block · log · stalk · Robtex · whois · Google (webhost)
107.161.145.4 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.108.117.0/24 · contribs · block · log · stalk · Robtex · whois · Google (webhost)
103.108.117.117 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.108.117.148 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.108.117.150 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

SurfShark (see spur report). I didn't look at the rest of the range yet. MarioGom (talk) 15:57, 11 March 2021 (UTC)

103.108.117.0/24 hardblocked as a webhost. 107.161.144.0/22 softblocked as a colo, individual VPN endpoints hardblocked. Thanks for the report. GeneralNotability (talk) 00:54, 14 March 2021 (UTC)

38.146.55.0/24

{{proxycheckstatus}}

38.146.55.0/24 · contribs · block · log · stalk · Robtex · whois · Google
38.146.55.43 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (Hide My Ass)
38.146.55.92 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (RapidVPN)
38.146.55.105 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (RapidVPN)
38.146.55.114 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (Hide My Ass)
38.146.55.139 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (HotSpot VPN)
38.146.55.142 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (HotSpot VPN)

Colo for VPN and residential proxies. This belongs to EndOffice / Charles River Opetation. The range is within a /8 Cogent block, so it looks as a residential range for many providers. Most servers seem to be VPN, callback proxies or bad actors. The individual IPs I listed are only a sample. I would recommend hard-blocking the /24 range, but if that's not possible, I'll list all individual VPN IPs. MarioGom (talk) 16:01, 12 March 2021 (UTC)

Hardblocked the /24. GeneralNotability (talk) 00:58, 14 March 2021 (UTC)

178.239.198.0/24

{{proxycheckstatus}}

178.239.198.0/24 · contribs · block · log · stalk · Robtex · whois · Google

Express VPN. See spur and whois (VPN-CONSUMER-NETWORK / vpnconsumer.com). MarioGom (talk) 17:52, 12 March 2021 (UTC)

Blocked. GeneralNotability (talk) 02:41, 14 March 2021 (UTC)

195.123.208.0/21

{{proxycheckstatus}}

195.123.208.0/21 · contribs · block · log · stalk · Robtex · whois · Google
195.123.212.51 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (Anonymousvpn)
195.123.213.26 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (Seed4me)
195.123.213.159 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (Seed4me)

The /21 range is a colo provider (ITLDC). Various VPN providers (non-exhaustive list). MarioGom (talk) 17:59, 12 March 2021 (UTC)

Hardblocked the range since the previous blocks on it were also hardblocks (and both were by checkusers, so they might well know more about that range than we do). GeneralNotability (talk) 02:50, 14 March 2021 (UTC)

199.33.68.0/22

{{proxycheckstatus}}

199.33.68.0/22 · contribs · block · log · stalk · Robtex · whois · Google

NetProtect per whois. This serves IPVanish (flagged by spur), StrongVPN, SaferVPN as well as whitelabel VPN for other companies. To the best of my knowledge, they do not provide colo, so the whole range should be trated as VPN. MarioGom (talk) 17:49, 13 March 2021 (UTC)

Hardblocked. GeneralNotability (talk) 02:48, 14 March 2021 (UTC)

173.239.210.0/24

{{proxycheckstatus}}

173.239.210.0/24 · contribs · block · log · stalk · Robtex · whois · Google (VPN)
173.239.192.0/18 · contribs · block · log · stalk · Robtex · whois · Google (colo)

Full range seems to be HotSpot VPN. Attributed individual IPs with spur.us. Shodan also flags as VPN and shows their UDP 500 port. The parent range 173.239.192.0/18 is colo. -- MarioGom (talk) 18:08, 13 March 2021 (UTC)

Hardblocked the /18 based on past blocks. GeneralNotability (talk) 01:22, 15 March 2021 (UTC)

104.244.208.0/22

{{proxycheckstatus}}

104.244.208.0/22 · contribs · block · log · stalk · Robtex · whois · Google incx.net
Individual IPs (SurfShark)
104.244.208.107 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.208.203 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.208.205 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.208.211 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.208.213 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.208.215 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.208.227 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.208.35 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.208.37 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.208.99 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.209.101 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.209.51 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.209.53 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.210.115 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.210.117 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.210.123 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.210.125 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.210.131 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.210.139 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.210.141 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.211.139 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.211.141 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.211.171 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.244.211.179 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Colo range crowded with SurfShark IPs (example on shodan). MarioGom (talk) 23:11, 15 March 2021 (UTC)

Softblocked the range, hardblocked the individual IPs you reported. GeneralNotability (talk) 01:45, 17 March 2021 (UTC)

101.51.139.179

{{proxycheckstatus}}

101.51.139.179 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

http://www.freeproxylists.net/101.51.139.179.html Reason: Open proxy which can be found as a free proxy list Kaseng55 (talk) 05:58, 16 March 2021 (UTC)

The IP is already blocked as an open proxy. --MarioGom (talk) 08:32, 16 March 2021 (UTC)

212.19.134.0/24

{{proxycheckstatus}}

212.19.134.0/24 · contribs · block · log · stalk · Robtex · whois · Google
212.19.134.230 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

The /24 is a colo range hosted in Kazakhstan, the individual IP is being used by an LTA and is flagged as Seed4me VPN by Spur and has an open SSH port per Shodan. Blablubbs|talk 16:42, 17 March 2021 (UTC)

Now gblocked, closing. Blablubbs|talk 19:03, 17 March 2021 (UTC)

202.143.108.0/22

{{proxycheckstatus}}

202.143.108.0/22 · contribs · block · log · stalk · Robtex · whois · Google

Everything on the range that has recently edited is Surfshark. 202.143.111.214 is also accessible as a Shadowsocks node and currently CU-blocked, see here. Blablubbs|talk 17:41, 17 March 2021 (UTC)

Hardblocked the range...which, I'd like to note, belongs to "Digital world data online company". Seems legit. GeneralNotability (talk) 00:14, 18 March 2021 (UTC)

WiTopia

{{proxycheckstatus}}

74.115.160.0/22 · contribs · block · log · stalk · Robtex · whois · Google (see whois)
91.216.105.0/2 · contribs · block · log · stalk · Robtex · whois · Google (see whois)
2606:e100::/32 · contribs · block · log · stalk · Robtex · whois · Google (see whois)
64.27.55.83 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (vpn.denver.witopia.net)
209.135.211.128/25 · contribs · block · log · stalk · Robtex · whois · Google (see whois)
74.221.231.0/26 · contribs · block · log · stalk · Robtex · whois · Google (see whois)
81.17.21.67 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (vpn.zurich.witopia.net)
41.77.137.3 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (vpn.cairo.witopia.net)

WiTopia VPN ranges and IPs. MarioGom (talk) 22:34, 17 March 2021 (UTC)

 Done - All blocked. SQLQuery me! 00:37, 18 March 2021 (UTC)

Intergrid

{{proxycheckstatus}}

103.115.184.0/24 · contribs · block · log · stalk · Robtex · whois · Google
103.75.116.0/24 · contribs · block · log · stalk · Robtex · whois · Google
185.190.83.0/24 · contribs · block · log · stalk · Robtex · whois · Google

Webhost ranges: The first appears to be entirely Hotspot VPN, the second is this VPS provider and the third is a CDN. The rest of the ASN is either hardblocked or sublet to corporations. Blablubbs|talk 13:51, 15 March 2021 (UTC)

TouchVPN servers in other Intergrid ranges:

103.76.164.66 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.70 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

--MarioGom (talk) 23:51, 17 March 2021 (UTC)

Bagged the lot. GeneralNotability (talk) 02:16, 18 March 2021 (UTC)

ExpressVPN

{{proxycheckstatus}}

45.41.180.38 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
45.41.180.53 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.237.53.139 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
104.237.53.171 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
64.185.230.171 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
45.133.4.5 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
45.133.4.13 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
82.81.85.236 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
  • Host: israel-ca-version-2.expressnetw.com
  • Range: apparently residential
154.6.28.4 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
154.6.28.130 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
  • Host: usa-dallas-ca-version-2.expressnetw.com
  • Range: 154.6.16.0/20 Express VPN (see whois)
  • Range: MaxiHost (dedicated servers, within wider Cogent range), rangefinder

Express VPN. Use the DNS for verification, these are hard to fingerprint otherwise. MarioGom (talk) 21:02, 17 March 2021 (UTC)

Think I bagged them all - hardblocks for the VPNs and VPN ranges, softblocks for the colos. Closing.

207.148.91.158

{{proxycheckstatus}}

207.148.91.158 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

This IP is a VPN and it can be found at VPN Gate as a free VPN address. https://www.vpngate.net/en/ Reason: A free VPN address. It belongs to VPN Gate. Kaseng55 (talk) 18:04, 18 March 2021 (UTC)

IP is already rangeblocked both globally and locally – nothing else is needed, so I'm closing. Kaseng55, could I ask you to only report IPs that aren't already blocked? Thanks and best, Blablubbs|talk 18:06, 18 March 2021 (UTC)

109.93.20.87

{{proxycheckstatus}}

109.93.20.87 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: (add your reason here) Beyond My Ken (talk) 11:23, 18 March 2021 (UTC)

 In progress. Blablubbs|talk 11:24, 18 March 2021 (UTC)
Not currently an open proxy. Didn't run any deep checks here. Dynamic mobile IP, nobody is flagging, plus it looks like the same person has used other IPs on the /19 before, which is a good indication that we're dealing with a legitimate connection here. Blablubbs|talk 11:30, 18 March 2021 (UTC)
Thanks. Beyond My Ken (talk) 14:18, 18 March 2021 (UTC)

Zenex webhost ranges

{{proxycheckstatus}}

92.249.30.0/24 · contribs · block · log · stalk · Robtex · whois · Google
2.58.192.0/24 · contribs · block · log · stalk · Robtex · whois · Google
5.182.49.0/24 · contribs · block · log · stalk · Robtex · whois · Google
45.90.104.0/22 · contribs · block · log · stalk · Robtex · whois · Google
79.143.17.0/24 · contribs · block · log · stalk · Robtex · whois · Google

All ranges belong to the same webhost; this one does not appear to offer colocation. One other range and a /29 within 2.58.192.0/24 are already blocked. Everything that has edited appears to be allocated to VPN providers (HotspotVPN and TouchVPN, for the latter note the interesting SSL Cert here). Pink clock Awaiting administrative action: Please hardblock all. Blablubbs|talk 14:36, 20 March 2021 (UTC)

 Done SQLQuery me! 15:14, 20 March 2021 (UTC)

PureVPN

{{proxycheckstatus}}

37.230.182.0/24 · contribs · block · log · stalk · Robtex · whois · Google
43.226.230.0/24 · contribs · block · log · stalk · Robtex · whois · Google
46.243.219.0/24 · contribs · block · log · stalk · Robtex · whois · Google
141.101.148.0/24 · contribs · block · log · stalk · Robtex · whois · Google
172.94.49.0/24 · contribs · block · log · stalk · Robtex · whois · Google
172.94.50.0/24 · contribs · block · log · stalk · Robtex · whois · Google
172.94.94.0/24 · contribs · block · log · stalk · Robtex · whois · Google
172.94.126.0/24 · contribs · block · log · stalk · Robtex · whois · Google
185.118.76.0/25 · contribs · block · log · stalk · Robtex · whois · Google
188.72.101.0/24 · contribs · block · log · stalk · Robtex · whois · Google
188.72.112.0/24 · contribs · block · log · stalk · Robtex · whois · Google
188.72.116.0/24 · contribs · block · log · stalk · Robtex · whois · Google
45.115.24.4 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (th1.pointtoserver.com)
203.69.105.43 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (tw1.pointtoserver.com)

PureVPN. Check whois for PureVPN-NET, pointtoserver.com or ptoserver.com (their DNS for exit nodes) or GZ Systems Limited (parent company). MarioGom (talk) 00:30, 14 March 2021 (UTC)

Per spur, at least the one IP on :103.117.20.0/24 · contribs · block · log · stalk · Robtex · whois · Google
that has edited is also pureVPN. Blablubbs|talk 14:05, 15 March 2021 (UTC)
Thanks, blocked all reported. GeneralNotability (talk) 23:32, 20 March 2021 (UTC)

Leaky Serverfield and Enzo ranges

{{proxycheckstatus}}

Ranges discovered while looking at the ASN for the Serverfield range I found in the Bothiman report. All on the same ASN, different providers – some colo, some DS only. I'm listing only the ones with edits, but all the ranges on the ASN are probably technically good for a webhost or colo block.

Enzu Cloud and Colocation:

5.180.40.0/22 · contribs · block · log · stalk · Robtex · whois · Google
45.66.156.0/24 · contribs · block · log · stalk · Robtex · whois · Google

Serverfield (appears to be dedicated servers only):

45.123.118.0/23 · contribs · block · log · stalk · Robtex · whois · Google
103.103.128.0/22 · contribs · block · log · stalk · Robtex · whois · Google
185.195.76.0/22 · contribs · block · log · stalk · Robtex · whois · Google

Blablubbs|talk 01:15, 14 March 2021 (UTC)

See also the Windscribe report below for more VPN endpoints on Serverfield. MarioGom (talk) 21:09, 14 March 2021 (UTC)
Ranges are softblocked as colos, will hit individual endpoints in the follow-on reports. GeneralNotability (talk) 23:37, 20 March 2021 (UTC)

TunnelBear

{{proxycheckstatus}}

173.205.176.151 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
174.128.176.89 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
174.128.180.119 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
174.128.180.163 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
174.128.180.230 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
174.128.180.231 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
174.128.180.52 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
174.128.180.54 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
174.128.180.56 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
174.128.180.72 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
174.128.181.101 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
174.128.181.121 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
174.128.181.4 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
174.128.181.8 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

These are unblocked servers from TunnelBear. They can be retrieved with a DNS lookup on us.lazerpenguin.com. The ASN should be good for colo blocks (website: [4], [5]). MarioGom (talk) 15:05, 14 March 2021 (UTC)

Added Atlantic Metro to ASNBlock. SQLQuery me! 00:43, 18 March 2021 (UTC)
Blocked the lot, working my way through softblocks on Atlantic Metro. GeneralNotability (talk) 01:55, 21 March 2021 (UTC)

Windscribe

{{proxycheckstatus}}

199.204.208.158 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
31.7.57.242 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
185.226.64.111 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.10.197.99 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
185.165.170.2 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
218.232.76.136 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
218.232.76.179 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
  • Host: kr.windscribe.com
103.103.0.118 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
185.15.21.66 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
202.129.16.147 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
202.129.16.155 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
  • Host: th.windscribe.com
41.231.5.23 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
  • Host: tn.windscribe.com
  • Range: topnet.tn (it seems a residential ISP)
45.123.118.156 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
129.232.167.211 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

--MarioGom (talk) 21:06, 14 March 2021 (UTC)

Blocked the individual IPs, softblocked most of the colos. Closing. GeneralNotability (talk) 00:36, 23 March 2021 (UTC)