Wikipedia:WikiProject on open proxies/Requests/Archives/22

95.141.31.6


Reason: Cyberghost proxy. 95.141.31.6 to 9 and  95.141.31.22 to  25
 * Verified. It looks like this was picked up by Mr. Ponyo and blocked for a month as 95.141.31.0/27. Will probably need to be re-applied when it expires. Kuru   (talk)  03:06, 12 October 2015 (UTC)

110.78.187.104


Reason: Disruptive edits & reported as "Confirmed proxy server" by http://whatismyipaddress.com/ip/110.78.187.104. They may be using 110.77.221.89 which is also reported as confirmed proxy, and 110.77.221.193. — Brianhe (talk) 03:40, 4 October 2015 (UTC)


 * 104 is a proxy of some kind, but I'd guess it's a corporate or civil proxy used to aggregate back end clients. While there are several open ports, I could not connect to any of them (one prompted a log in screen). There were a couple of ports that I could not puzzle out what they were, but nothing that indicated an actual open proxy.
 * 89 has a few open ports, but nothing odd and I could not connect to anything.
 * 193 had nothing open at all.
 * That being said, it's clearly the same editor using all three. Likely from three different locations in or near Bangkok (work, school, home, etc). Nothing super suspicious. I didn't immediately see the disruptive behavior, but I didn't look too deep. If there something wrong with the editor, or if this is a sock, then I'd approach the problem through those channels. Kuru   (talk)  23:35, 4 October 2015 (UTC)

213.163.92.164


Requesting unblock; says they're not an open proxy. Daniel Case (talk) 15:54, 4 October 2015 (UTC)
 * Notes: I don't see anything on that IP (nothing open or odd). It does trace to the firm the editor claims and it makes sense that it was a recent 32 address carve-out in that range. I would also note that NewIPNow no longer offers an exit node in that range per their open list, but the other VPN noted in MS's block text does not have an open list to verify. He also used "etc" at the end inferring there was other weirdness. The range contribution tool I like to use at labs is down at the moment, so I can't spot check abusive IPs in the range; can do that later. One more problem:  is a checkuser and may have been acting on more information than is visible.  Kuru   (talk)  18:35, 4 October 2015 (UTC)
 * Unblocked (note, I wasn't a checkuser when I've blocked that range :-P). Materialscientist (talk) 22:22, 4 October 2015 (UTC)
 * Meh. Seems like thousands of years ago. Kuru   (talk)  22:53, 4 October 2015 (UTC)

186.93.0.0/16


I'm not quite sure I understand this block. This is a huge IP range that appears to belong to a Venezuelan ISP. Why is the whole range blocked as a proxy? Maybe there's one or 2 IPs running a proxy, but given that this is an ISP and not a webhost, I don't understand why the whole range was blocked.  M w w 1 1 3    (talk) 01:07, 5 October 2015 (UTC)

Reason: Requested unblock.
 * I don't see obvious proxies on a random sampling of IPs that were used disruptively. The target of he block is pretty obvious; the range has been blocked many times previously, almost always targeting the same troll. You may want to contact the blocking administrator with the context of the unblock request and some assurance that the troll has ceased using the range. Kuru   (talk)  01:57, 5 October 2015 (UTC)
 * Unfortunately, there are things that I can't discuss per the confidentiality agreement or I would give more context. This is helpful information though. Thank you.  M w w 1 1 3    (talk) 04:30, 5 October 2015 (UTC)

62.113.227.63


Reason: IPsock of Gabucho181 who uses open proxies. Also this says "Confirmed proxy server". Geraldo Perez (talk) 21:45, 5 October 2015 (UTC)
 * I see a couple of suspicious open ports and a lot of abuse by various socks in CU log, thus blocked. Materialscientist (talk) 21:50, 5 October 2015 (UTC)
 * Port 25302 is a luminati.io exit node (seven day free trial!). Good block. Kuru   (talk)  02:11, 6 October 2015 (UTC)

212.76.11.80


Reason: Suspicious edits. Same editor had used a different IP yesterday (208.54.4.246, in California) for block evasion. It's unlikley that they're from Khazakstan. BMK (talk) 23:09, 5 October 2015 (UTC)
 * Not sure if this is any help: 212.76.11.80 looks clean, and I can see three other IPs from Kazakhstan poking around Why Be Good? and Gold Diggers of Broadway on two different local ISPs. Probably not a proxy; some other oddness afoot. Kuru   (talk)  02:04, 6 October 2015 (UTC)
 * Thos are all the same editor. BMK (talk) 15:32, 6 October 2015 (UTC)

115.115.222.123


Reason: Suspicious/promo edits, reported as confirmed proxy server by http://whatismyipaddress.com/ip/115.115.222.123 - Brianhe (talk) 19:26, 7 October 2015 (UTC)
 * I was not able to connect to any of the open ports, and did not see any open proxies, but this seems to a mail server for Informatics India which provides some webhost-like services. There's a Zimbra login on port 80. Could webhost block, but I'm not seeing the abusive edits. Did you mean the "Kunal Bhardwaj" COI-like edits a year ago? Kuru   (talk)  00:42, 8 October 2015 (UTC)

2.75.239.135


Reason: Suspicious edits, same editor as above, Khazakstan location. BMK (talk) 15:32, 6 October 2015 (UTC)
 * Just to be clear: the editor involved is User:Jakeleereed, He got a 60 hour block for disruptive editing from Bishonen, and immediately socked with an IP from California, which Bishonen blocked.  The next day he was back, editing the same articles, with the IP I reported above, 212.76.11.80. from Kazakhstan.  Today he's editing from this IP, also from Khazakhstan.  There was a vague possibility that yesterday's edits might not have been him (same suite of articles, but not the same edit), but today he's reverting to his previous material, which was deleted because it went against consensus (the reason for Bishonen's block).I am by no means knowledgable about this kind of stuff, but when an editor from California (consistent with JLR's hours of editing) shows up in Kazakhstan, it seems highly likely that the IPs involved are open proxies.  Can I suggest a second look at 212.76.11.80? BMK (talk) 17:00, 6 October 2015 (UTC)
 * Certainly! Here are the five IPs from Kazakhstan:
 * , no open ports, traceroute to ISP of record (Kcell).
 * , no open ports, traceroute to ISP of record (2day.kz).
 * , no open ports, traceroute to ISP of record (2day.kz).
 * , no open ports, traceroute to ISP of record (2day.kz); host is a bank, though (ftp.kisc.kz).
 * , no open ports, ISP is Llp Alma-tv.
 * None of these have open ports to analyze (the main way of spotting these), at least not any that I can see. None of these IPs show up on public open proxy lists. These could be webhosts, but they just seem to be normal ISPs (and cable providers). I've seen enough really odd proxies to know there's no magic pixie dust in verifying them, though. Will leave this in case someone else wants to take a crack at it. Seems obvious that it's your boy, though, proxy or not.  Kuru   (talk)  01:25, 7 October 2015 (UTC)
 * Yeah, I took a look at the contribs, and there's little doubt that it's him. So, just assuming for the moment that my scenario above is right, how did an editor from California get access to an IP from Kazakhstan? BMK (talk) 01:27, 7 October 2015 (UTC)
 * Don't answer if WP:BEANS is a concern. BMK (talk) 01:31, 7 October 2015 (UTC)
 * Unclear, but considering he's editing from work (kisc.kz), home (2day ISP), cable/TV (alma-tv) and his cell phone (kcell), I'd probably flip the question and ask how a Kazakhstan resident edited from a t-mobile wireless IP in California. S/he's not a master of english communication skills, although there's not much to go on. Lots of comical seething for Mr. Ken and Ms. Bish, lots of love for the roaring 20's film. Interesting.  Kuru   (talk)  02:18, 7 October 2015 (UTC)
 * Hmmm. That flip is interesting, I hadn't thought about that. It might explain the communication problem a bit. BMK (talk) 03:48, 7 October 2015 (UTC)
 * So today he's using 176.222.136.233, also from Kazakhstan. Maybe you'd better check the California IP he used to see of it is an OP: 208.54.4.246 BMK (talk) 19:51, 7 October 2015 (UTC)
 * First thing I did in your previous report. :) It's a bog standard t-mobile wireless IP; nothing odd, other than the fact that people apparently still use t-mobile.  Before you ask,  is another 2day IP with no open ports and nothing funny. I realize how spectacularly unhelpful all this is.  Kuru   (talk)  00:13, 8 October 2015 (UTC)
 * No, not "unhelpful", just a bit mystifying. I do appreciate your checking these things out.  I guess I won't post any further Kazakhstan-based IPs here (I'm assuming he'll be back tomorrow), I'll only come back if he starts using something different.  In the meantime, I'm reverting and Bishonen is blocking. BMK (talk) 00:27, 8 October 2015 (UTC)
 * One or two more from that 176.222.* range and we can calculate a good range block. I suspect the traffic from that ISP is close to zero except for him.  Kuru   (talk)  00:44, 8 October 2015 (UTC)
 * Today he made an account, User:Keydy iphone, but I did find an old Kazakhstan IP, 37.99.109.87 Too bad it's not in the 176 range. I'm beginning to think that the California IP is another person, who just got caught up in the net accidentally. BMK (talk) 21:28, 8 October 2015 (UTC)
 * Here's another 176 for you: 176.222.186.94 Also, 212.76.24.24 from Kazakhstan. BMK (talk) 01:40, 9 October 2015 (UTC)

CU logs suggest a simple picture: no proxies, and no obvious socking - just two (or more) IP hoppers with access to several IP ranges, one hopper in the US and one in Kazakhstan. Materialscientist (talk) 02:12, 9 October 2015 (UTC)
 * Behaviorally the Kazakhstan IPs all appear to be identical to the named accounts, Jakeleereed (blocked for disruption) and today's Keydy iphone. The California IP I now believe to be someone else, which I guess means no necessity for there to be open proxies involved. BMK (talk) 02:33, 9 October 2015 (UTC)
 * A note of caution - many movie fans have similar editing patterns (for example, there are hundreds of different wikieditors, registered or not, who tweak boxoffice data for Indian movies, in an apparently "coordinated" fashion). CU logs suggest (no certainty) a couple of similarly mistaken assumptions in this case too. Materialscientist (talk) 03:17, 9 October 2015 (UTC)
 * OK, maybe a group of American silent movie fans in Kazakhstan, I dunno. The edits are non-consensual, so it hardly matters, except in terms of blocks. BMK (talk) 04:43, 9 October 2015 (UTC)
 * -- zzuuzz (talk) 07:05, 10 April 2016 (UTC)

188.166.8.88


Reason: Vandalistic edits to a page in my user space. (Other similar edits have turned out to be OPs.) BMK (talk) 01:40, 12 October 2015 (UTC)
 * , Free Proxy operating on port 80. Blocked for six months and retained the talk page block. Kuru   (talk)  02:03, 12 October 2015 (UTC)

216.177.129.188


Reason: Suspicious edits alongside blocked undisclosed paid editor at Delhi Poetry Festival and Poets Corner Group. Reported as a confirmed proxy by http://whatismyipaddress.com/ip/216.177.129.188 and http://whatismyipaddress.com/ip/203.122.8.2 — Brianhe (talk) 06:46, 13 October 2015 (UTC)
 * I don't see proxies on these two IPs, no open ports too. Materialscientist (talk) 08:22, 13 October 2015 (UTC)

107.167.107.245


Reason: Suspicious edits and listed as pera Mini Proxy ISP and confirmed proxy server by http://whatismyipaddress.com/ip/107.167.107.245

Brianhe (talk) 13:53, 14 October 2015 (UTC)
 * Clearly a part of Opera's mini-proxy service, and already blocked three months ago as such. Kuru   (talk)  00:02, 15 October 2015 (UTC)

77.243.189.227


Reason: Suspicious edits - Had trouble with IP 50.65.161.197, who was leaving hostile comments about sourcing at Scooby Doo. IP geolocates to St. Albert Canada. I blocked them for disruption, they returned as 77.243.189.227, which geolocates to the Netherlands. A fast trip for one user to make so quickly. The info at WhatIsMyIPAddress.com says that it's a confirmed proxy server—I know the site isn't always reliable for this info, but I thought I'd run it past y'all. Thanks, Cyphoidbomb (talk) 19:56, 17 October 2015 (UTC)
 * . Blocked a range of Cyberghost proxies. Kuru   (talk)  20:07, 17 October 2015 (UTC)

54.193.24.151


Reason: Requested unblock. Block reason: webhostblock. עוד מישהו Od Mishehu 19:02, 19 October 2015 (UTC)
 * It's am Amazon Web Services IP so I've declined the unblock request.-- Jezebel's Ponyo bons mots 20:37, 19 October 2015 (UTC)

106.51.133.200


Continuously editing racist and unwarranted edits on Newar people, Shrestha, Shresthas pages with absolutely no reference or citations. Nepalichoro255 (talk) 04:16, 21 October 2015 (UTC)
 * -- zzuuzz (talk) 07:07, 10 April 2016 (UTC)

63.143.226.248
Reason: A whois of this IP address indicates this is an open proxy. Likely sock account of User:IHeardFromBob, who had previously used optonline servers editing the same article. TuvaluEditor3 (talk) 09:00, 21 October 2015 (UTC)


 * whatismyipaddress.com never "indicates this is an open proxy": at the most it can indicate that it's a proxy. At present it doesn't even indicate that, whatever may have been at the time of this report. The editor who uses the pseudonym "JamesBWatson" (talk) 13:15, 26 July 2016 (UTC)

173.231.123.130

 * (entertainment company spamming)
 * (same entertainment company)
 * (Search Engine Marketing spam)
 * (spamming)
 * (editing a specific Hollywood person article/talkpage)
 * (ditto)
 * (ditto)
 * (ditto)
 * (ditto)
 * (ditto)

Reason: Suspicious edits as shown. Brianhe (talk) 00:27, 25 October 2015 (UTC)
 * I don't see anything. Just seems to be a dynamically allocated IP. Kuru   (talk)  00:38, 25 October 2015 (UTC)

121.52.154.98


Reason: Disruptive editing [//en.wikipedia.org/w/index.php?title=Zaqistan&diff=prev&oldid=687743443] following identical disruption from other US based IPs [//en.wikipedia.org/w/index.php?title=Zaqistan&diff=687660670&oldid=687653915][//en.wikipedia.org/w/index.php?title=Zaqistan&diff=next&oldid=687661538][//en.wikipedia.org/w/index.php?title=Zaqistan&diff=next&oldid=687665355][//en.wikipedia.org/w/index.php?title=Zaqistan&diff=next&oldid=687665856]; reported by whatismyipaddress.com as a confirmed proxy server in Pakistan, which is geo-unlikely for this particular topic. Brianhe (talk) 17:26, 27 October 2015 (UTC)


 * WhatIsMyIPAddress shows it ask a suspected proxy, but port scan can't find any open ports. -- TerraCodes (talk to me) 07:43, 25 October 2016 (UTC)

38.95.108.246


Reason: Requested unblock. Block reason: blocked proxy. עוד מישהו Od Mishehu 21:30, 28 October 2015 (UTC)
 * cypberghostvpn -- zzuuzz (talk) 18:46, 9 November 2015 (UTC)

8.37.224.0/20


Reason: We've blocked several of these IPs as open proxies already. A quick whois of this range shows that it belongs to some sort of mobile content accelerator. A search of the range contribs reveals several blocks and loads of problematic edits. I know that this IP range uses XFF headers but as of yet they are not part of the trusted list at the XFF project on meta. For now I think it might be wise to block the whole range, contact the owners of the range, and hope they have themselves added to the trusted list. It seams to me that every IP on this range is probably a proxy, and if we're going to block some of them, we might as well just block the range.  M w w 1 1 3    (talk) 03:57, 29 October 2015 (UTC)
 * Not much activity on the range, if any. Closed as stale. Kuru   (talk)  03:44, 20 January 2017 (UTC)

67.55.34.248


Reason: Webhost. Previously blocked for a long history of problematic edits. Easily confirmed by simple whois.  M w w 1 1 3    (talk) 04:34, 29 October 2015 (UTC)
 * This does appear to primarily a webhost, but there has been zero activity on this IP since this report more than a year ago. Closed as stale. Kuru   (talk)  03:46, 20 January 2017 (UTC)

52.8.126.110


Reason: Suspicious edits. - MrX 21:08, 27 August 2015 (UTC)
 * Comment: Seems to be ✅ webhost. WHOIS and DNS show it belongs to Amazon AWS.  M w w 1 1 3    (talk) 05:37, 29 October 2015 (UTC)

#wikipedia-en-help harassment IPs


Reason: All are IPs which, all within the span of two hours, have been used to spam/harass helpers in #wikipedia-en-help on IRC. Given all the disparate IPs and speed with which the user behind them switches IPs open proxies/anonymising services are suspected. — Jeremy  v^_^v  Bori! 21:51, 3 November 2015 (UTC)
 * Spot checked a few of these and saw nothing odd. Stale. Kuru   (talk)  03:58, 20 January 2017 (UTC)

93.110.xx.xx


Reason: Suspicious edits from 93.110.xx.xx -- geolocates to Iran, but virtually all editing from this range is on Asian beauty pageants [//tools.wmflabs.org/xtools/rangecontribs/?project=en.wikipedia.org&text=93.110.1.1%2F16&begin=2015-10-01&end=&namespace=all&limit=20]. General topic is under discussion on COIN. Brianhe (talk) 21:22, 5 November 2015 (UTC)
 * Note, 93.110.32.0/19 is listed on the Spamhaus Policy Block List (PBL) . Brianhe (talk) 12:00, 6 November 2015 (UTC)
 * Not seeing proxies, but it appears the questionable activity persists. Not clear how to handle; maybe re-open to COIN discussion? Kuru   (talk)  13:03, 20 January 2017 (UTC)

24.246.127.180


Reason: Suspicious edits Address belongs to a school system. Geolocate reports it as an open proxy. Donatetom (talk) 18:27, 9 November 2015 (UTC)
 * Nice account you have there. Please note that a confirmed proxy server is not a confirmed open proxy, however in this case, port 8080, blocked. -- zzuuzz (talk) 18:52, 9 November 2015 (UTC)

‎104.42.106.203


Reason: Suspicious edits, has similar edits to a long-time sock puppet that primarily targets this page, and particularly this edit. According to this it is a Confirmed Proxy Server. --Peace world  18:59, 10 November 2015 (UTC)
 * 104.42.106.203 confirmed port 8080 and
 * 71.162.154.162: exit point, possibly from 71.162.154.163:3130, but not confirmed at this time. -- zzuuzz (talk) 19:41, 10 November 2015 (UTC)
 * 71.162.154.162, exit for 71.162.154.163:3130, now confirmed -- zzuuzz (talk) 11:49, 11 November 2015 (UTC)

95.141.29.38


Reason: Vandal account, Suspicious edits

That IP address and several nearby IP addresses have numerous open ports, and the one you mention was listed on a proxy-listing site back in March, but I have not been able to connect to any of them. That is not enough evidence to justify a proxy block, but it is enough to be suspicious. If you see any more evidence, please let me know. The editor who uses the pseudonym "JamesBWatson" (talk) 16:49, 12 November 2015 (UTC)


 * Now range-blocked by Bsadowski1. The editor who uses the pseudonym "JamesBWatson" (talk) 22:00, 3 December 2015 (UTC)

45.33.130.46


Reason: Suspicious edits
 * Corrected the IP number per James's comments below. EdJohnston (talk) 21:21, 11 November 2015 (UTC)

Reported on my talk page for making unsubstantiated sock charges against User:Athenean and User:SilentResident. Another part of the same /20 range was used in a revert war at Greeks per this 3RR complaint from August. (Search the report for 45.33).

This range belongs to cloudmosa.com, which appears to operate server farms. To my knowledge they are not an ISP, though they sell a mobile app called Puffin. I am tempted to do a softblock of 45.33.128.0/20 with the tag 'webhostblock'.

The range contributions from the /20 are short on any good faith work. EdJohnston (talk) 15:24, 11 November 2015 (UTC)
 * This IP is probably a proxy of some sort, though it doesn't appear to be open. It could be their free browser app, which is probably similar to Template:OperaMiniBlock, which is currently blocked at . Maybe just a vague 'anonblock' would do? -- zzuuzz (talk) 18:31, 11 November 2015 (UTC)


 * Is the IP address at the top of this section a typo? 45.33.130.37 has not edited since June (though its edits then were all vandalism), and the IP address reported on EdJohnston's talk page was 45.33.130.46. Of course it's not important, as they are both within the range mentioned, but it might confuse someone. "Puffin" is clearly a proxy, and since it is apparently available to anyone who chooses to buy the app, it is an open proxy, as far as I can see. Its publisher claims that its purpose is "to enhance web browser speed and features on mobile and tablet devices", in which case I don't see that blocking it prevents any legitimate editor from editing Wikipedia: it just makes them have to wait a bit longer for edits to take. I don't know whether it is Puffin that is involved here, but either way it seems to me we are probably dealing with something which qualifies for a webhost block or proxy block. The one outstanding question is whether to make the block anon-only. The editor who uses the pseudonym "JamesBWatson" (talk) 21:10, 11 November 2015 (UTC)
 * I fixed the IP number above. The IP that edited on 11 November and made the bogus sock charge was 45.33.130.46 as noted by James. Suggest at least anonblock and at least for six months. EdJohnston (talk) 21:21, 11 November 2015 (UTC)
 * Whether to block anon-only really depends, to me, on whether there's any associated sock accounts, or any genuine accounts. A checkuser might be able to help scope the range. However I agree with James that people are unlikely to be inconvenienced much - they will have an alternative browser on the same machine. I suggested an anonblock block reason, as users of a browser app are likely to be confused by the real reasons of proxy- or webhost-block. I think of the block appeals from people keen to prove they are using an app, and not using an open proxy or a web server. -- zzuuzz (talk) 06:00, 12 November 2015 (UTC)
 * For the present I have blocked the /20 range anon-only for a year, but I am by no means committed to that being the best decision, so if either of you wishes to amend the block then please go ahead. I can see a case for at least preventing account creation, even if not preventing logged-in editing. Is it worth consulting a CheckUser to see if there seems to be any reason for or against doing one or both of those? The editor who uses the pseudonym "JamesBWatson" (talk) 16:24, 12 November 2015 (UTC)
 * See User talk:Bbb23 for a comment from a checkuser. Based on Bbb23's opinion I think leaving this as a one-year anonblock is reasonable. EdJohnston (talk) 17:26, 13 November 2015 (UTC)

41.164.163.114


This relates to an unblock request at User talk:Baharini, where it is stated that there is an open proxy block, but that the IP address is not an open proxy. The IP address was blocked by ProcseeBot on 7 November, for a year, as an exit IP for 169.255.77.27:8080. I have connected via 169.255.77.27:8080, confirming that it is an open proxy, but the connection went directly to 169.255.77.27, not 41.164.163.114 or any other IP address. Nmap shows that 41.164.163.114 has no open ports. My feeling is that the IP address is no longer an open proxy, and that it should be unblocked, but I have an element of doubt, so if anyone else can contribute anything relevant I shall be grateful. If nobody comes up with anything I shall probably unblock. The editor who uses the pseudonym "JamesBWatson" (talk) 12:28, 15 November 2015 (UTC)
 * After 12 days, nobody has responded. I have repeated the same tests I made before, with the same results, so I shall unblock the IP address. The editor who uses the pseudonym "JamesBWatson" (talk) 21:07, 27 November 2015 (UTC)
 * Since I wrote that, my attention has been drawn to the tool at http://whatismyipaddress.com, which enabled me to confirm that while I was connected to the proxy at 169.255.77.27 my IP address was showing as 41.164.163.114, so I have re-blocked the IP address. The editor who uses the pseudonym "JamesBWatson" (talk) 21:54, 3 December 2015 (UTC)
 * Ping JamesBWatson. I previously had the opportunity to look at 169.255.77.27. My finding at the time, when using 169.255.77.27 as a proxy, was that 41.164.163.114 is only an exit for sites without HTTPS. Since Wikipedia enforces SSL, to my knowledge, you can't edit through this proxy and 41.164.163.114 at this site. -- zzuuzz (talk) 07:31, 4 December 2015 (UTC)
 * That would explain why, when I connected to the proxy, it showed up as 41.164.163.114 on whatismyipaddress.com, but as 169.255.77.27 on Wikipedia, which had puzzled me. In that case presumably there is no reason not to unblock 41.164.163.114 again? You evidently know more about this than I do. The editor who uses the pseudonym "JamesBWatson" (talk) 09:23, 4 December 2015 (UTC)
 * That would be my guess :) One can never fully trust proxy exits, but given the evidence so far, my guess is that blocked users on this IP are going to be innocent of proxy-using. -- zzuuzz (talk) 11:09, 4 December 2015 (UTC)
 * Sorry for the trouble and thanks for the clarification . Regards— UY Scuti  Talk  15:50, 4 December 2015 (UTC)
 * OK, on the basis of what zzuuzz says, I have unblocked again. Scuti, don't worry about the small amount of trouble, which in any case has been offset by the learning that I gained from this. The editor who uses the pseudonym "JamesBWatson" (talk) 17:14, 4 December 2015 (UTC)

IP 83.220.237.58


Reason: Suspicious edits - filed an SPI on, who is known to harass. Mrschimpf's comments: "Seems like an open Russian proxy; obvious behavior with a usual goad on Geraldo Perez's talk page and their usual attempt to insert the Dan Vs. "comeback" on Pop (U.S. TV network)." Cyphoidbomb (talk) 16:03, 21 November 2015 (UTC)
 * The fact that someone who shows every sign of being Gabucho181 was using a Russian IP address certainly suggests some sort of proxy or VPN or something of the sort, but beyond that I can find no evidence. The editor who uses the pseudonym "JamesBWatson" (talk) 21:33, 27 November 2015 (UTC)

63.92.227.169


IP check indicates proxy server.

Reason: Suspicious edits. TuvaluEditor3 (talk) 13:02, 23 November 2015 (UTC)
 * I wonder what you think is suspicious about the editing. The fact that http://whatismyipaddress.com says "confirmed proxy server" really doesn't mean much, both because whatismyipaddress.com is unreliable, giving at best a rough guide as to what is likely, and also because most proxies are not open proxies: it is only open proxies that are not allowed to edit. I have run a scan with Nmap, and searched on Google for mentions of the IP address as a proxy, and neither of those provided any evidence at all of an open proxy. The editor who uses the pseudonym "JamesBWatson" (talk) 21:23, 27 November 2015 (UTC)

168.94.0.0/16


This range was blocked on the basis that this might be an open proxy. I'm requesting this be reviewed since I doubt that bestbuy would allow their store's internet connection to be accessed remotely and be made into an open proxy that could be used to edit Wikipedia from outside. While it's true that a publicly accessible computer could be used to make counterproductive edits, I believe that the parameters could be tweaked so that at least logged in users could edit

Reason: Requested unblock. — Preceding unsigned comment added by 97.47.65.51 (talk • contribs)
 * My understanding is that this range is blocked, not because of open proxies in the traditional sense, but precisely because registered users abuse their publicly accessible computers. Why would anyone need to edit from Best Buy store computers? -- zzuuzz (talk) 13:18, 28 November 2015 (UTC)
 * It would be silly to assume that the purpose of publicly accessible computers is to abuse communication and social networking sites like this one. Yes, there has been abuse but you can't possibly assume everyone that logs in from places like best buy and apple store would do so in order to vandalize wikipedia 97.47.65.51 (talk) 16:06, 28 November 2015 (UTC)
 * This doesn't really answer the question of why anyone would want to, let alone need to edit an encyclopaedia while they're out shopping, in a shop. I suggest that even if so inclined, consensus to unblock this range is out of scope here - it would need to go through the blocking admins and/or WP:AN. -- zzuuzz (talk) 19:13, 28 November 2015 (UTC)

As the original requester is a suspected WP:DUCK reported at Sockpuppet investigations/BuickCenturyDriver, this is likely an attempt at block evasion. I'd recommend this request be denied.—Bagumba (talk) 21:10, 30 November 2015 (UTC)

46.20.71.233


Reason: Requested unblock.


 * The user impacted by this block sent in an OTRS ticket indicating that they verified the proxy, and it is not open. ProcseeBot detected an open port on the IP two days ago. I'd like someone to verify this and unblock the IP if it indeed isn't (or is no longer) an open proxy. Thanks in advance! ☺ ·  Salvidrim!   ·  &#9993;  19:21, 25 August 2015 (UTC)
 * Sorry to bug you directly but could I ask you a big favour and get you to look at this when you have a moment? I still have the user's OTRS ticket waiting on this. I'll owe you a big one. :) 13:34, 8 September 2015 (UTC)
 * This is also the IP address of magenta-medical.com. It is puzzling that anybody would find themselves needing to log into Wikipedia from a web server. That is a technique for hiding your true IP address. This normally qualifies for webhostblock. EdJohnston (talk) 13:49, 8 September 2015 (UTC)
 * Comment: This looks to me. It's a webhost (magenta-medical.com & magenta-technology.ru) and there are a bunch of suspicious open ports.  M w w 1 1 3     (talk) 04:54, 29 October 2015 (UTC)
 * Blocked already— UY Scuti Talk  06:26, 13 April 2016 (UTC)

91.207.105.12


Reason: Suspicious edits. Apparently another anonymous proxy used by user:Asdisis to EVADE. - MrX 19:29, 27 August 2015 (UTC)
 * Comment: Looks to me. A few open ports and blacklist listings but no open proxies that I can see.  M w w 1 1 3     (talk) 05:29, 29 October 2015 (UTC)
 * — UY Scuti Talk  06:44, 13 April 2016 (UTC)

182.239.98.81


Hong Kong IP suddenly used for many disruptive edits in userspace. Beeblebrox (talk) 19:18, 5 December 2015 (UTC) Listed some of the more obviously related IPs in the range. -- zzuuzz (talk) 19:37, 5 December 2015 (UTC)
 * . Nothing jumps out. Moving around such a wide range, which includes legitimate edits, it's going to be difficult to find any proxy. It might well be a Hong Kong user on a dynamic range. -- zzuuzz (talk) 19:54, 5 December 2015 (UTC)
 * Fairly certain, -- zzuuzz (talk) 19:13, 3 April 2016 (UTC)

97.73.150.149 and more


These recently-used IPs are related to a long-term disruptive user who typically prefaces his talk page comments and edit summaries with "Joshua Raymond Hahn", and is possibly Long-term abuse/The UPN Vandal Some of the older IPs he's used (circa 2014) are:
 * - this one was blocked for 2 years, 7 months. Mama!
 * - this one was blocked for 2 years, 7 months. Mama!
 * - this one was blocked for 2 years, 7 months. Mama!
 * - this one was blocked for 2 years, 7 months. Mama!

I dunno if those are worth checking. Just including to show some consistency with the newer ranges, 97.73.* and 172.16*.* Some of the newer IPs are flagged by whatismyipaddress.com as being suspected proxy servers, which I know doesn't mean that they are. Thanks. Cyphoidbomb (talk) 18:03, 10 December 2015 (UTC)
 * 97.73.150.149 - nothing. Some activity from your friend, but nothing recent.
 * 172.164.* is just him hopping around on AOL.
 * No action taken. Kuru   (talk)  02:53, 25 January 2017 (UTC)

41.220.68.227


WhatIsMyIPAddress reports that this is confirmed as a proxy server (not necessarily open), and a spam source.

"Services:	Confirmed proxy server Recently reported forum spam source. (1)"

A small number of recent suspicious edits. --joe deckertalk 00:00, 22 December 2015 (UTC)

Reason: Suspicious edits


 * WhatIsMyIPAddress says that it is not a proxy. -- TerraCodes  (talk to me) 07:15, 25 October 2016 (UTC)
 * Kuru  (talk)  12:58, 20 January 2017 (UTC)

194.75.171.106


Reason: Suspicious edits; reported by WhatIsMyIP.com as confirmed proxy. Brianhe (talk) 22:43, 22 December 2015 (UTC)
 * . Do not see anything. Kuru   (talk)  13:05, 20 January 2017 (UTC)

73.15.177.210 and others


Reason: Suspicious edits; two IPs associated with reliablehosting.com and one associated with cable provider reverted after he reverted a CU-confirmed Orangemoody sock at Myfreeimplants. Brianhe (talk) Brianhe (talk) 10:40, 26 December 2015 (UTC)
 * 73.15.177.210 has some kind of remote storage on 443. Just a local comcast ISP.
 * 216.169.136.172 and 108.171.111.75 are webhosts, as noted. The latter was rangeblocked.
 * As this is stale, and there have been no abusive edits since this report, no action taken. Kuru   (talk)  02:48, 25 January 2017 (UTC)