Wikipedia:WikiProject on open proxies/Requests/Archives/35

5.2.190.123


Reason: IP recently used for vandalism, was blocked by the bot back in October as an open proxy. Block duration should be extended (if it doesn't expire by the time this report is actioned). 60.138.0.247 (talk) 19:30, 16 May 2019 (UTC)
 * Reblocked by and then  - current block is until May 2020  DannyS712 (talk) 13:57, 20 July 2019 (UTC)
 * Confirmed open proxy. --Malcolmxl5 (talk) 23:23, 20 July 2019 (UTC)

213.183.59.80


Reason: Shingling334 on Melbicom hosting/colocation. IamNotU (talk) 16:35, 17 May 2019 (UTC)
 * Blocked by for a year -  --DannyS712 (talk) 20:49, 20 July 2019 (UTC)
 * 213.183.59.0/24 blocked by SQL as a colocation/webhost until 12 February 2022. --Malcolmxl5 (talk) 23:21, 20 July 2019 (UTC)

184.75.208.0/20


Reason: Webhost back to disruptive editing after their last block recently expired in April 2019. 126.106.254.136 (talk) 03:44, 23 May 2019 (UTC)
 * ✅. I forget your username, but I'm pretty sure you're a sock, too.  This range has been a pain, though. NinjaRobotPirate (talk) 15:28, 2 July 2019 (UTC)

5.196.91.229


Reason: OVH Hosting, used by Shingling334 sock IamNotU (talk) 19:40, 24 May 2019 (UTC)
 * Range blocked. NinjaRobotPirate (talk) 20:31, 2 July 2019 (UTC)

119.160.65.118


Reason: Pakistani IP seems to be carrying on edit warring of other IPs in e.g. Africa. Listed as "high risk" and "blacklisted" by IPQualityScore. IamNotU (talk) 22:23, 27 May 2019 (UTC)
 * IP was blocked May 30, and has since been unblocked as it no longer served as VPN. --MrClog (talk) 20:41, 20 July 2019 (UTC)

162.250.2.84


Reason: Used by obvious sock of Shingling334, listed as proxy by IPQualityCheck. IamNotU (talk) 13:11, 9 June 2019 (UTC)
 * Anexia, a webhost. Range blocked. NinjaRobotPirate (talk) 20:29, 2 July 2019 (UTC)

45.41.181.140


Reason: Sockpupptry please see Sockpuppet investigations/Strongwik2324. GSS (talk |c|em ) 16:05, 1 July 2019 (UTC)
 * Seems to be ExpressVPN. Range blocked.  I'm not sure what Web2Objects is, so I left that alone.  Probably a webhost, though. NinjaRobotPirate (talk) 15:20, 2 July 2019 (UTC)
 * , IIRC I've run into web2objects a lot on hosting asns, I think there's a strong connection with "consumervpn" usually. SQL Query me!  22:02, 20 July 2019 (UTC)

103.212.20.243


Reason: Some (though not all) edits are blatant vandalism. Reported as proxy/vpn by whatismyipaddress.com and ipqualityscore.com IamNotU (talk) 11:39, 8 July 2019 (UTC)
 * . Maybe a hotel or something similar. -- zzuuzz (talk) 07:29, 22 July 2019 (UTC)

178.120.6.7


Reason: Suspicious edits ☆ Bri (talk) 16:49, 11 July 2019 (UTC)
 * . It's quite a dynamic range, so we can't rule out the possibility that it might have been. I think it's unlikely, but at least it's probably not now. -- zzuuzz (talk) 07:33, 22 July 2019 (UTC)

198.57.27.196


Reason: Yet another Shingling334 sock proxy on GlobalTeleHost. Reported as blacklisted and proxy/vpn by IPQualityscore. IamNotU (talk) 19:23, 18 July 2019 (UTC)
 * Blocked by zzuuzz. --IamNotU (talk) 13:13, 20 July 2019 (UTC)

8.37.154.122


Reason: geforce now ip, using the steam browser to type this, can be used for disruptive editing so iam requesting a block. 8.37.154.122 (talk) 14:13, 4 May 2019 (UTC)
 * Only edit from the IP was the one above, no other edits on Special:Contributions/8.37.154.122/21, no bad edits on Special:Contributions/8.37.154.122/19 --DannyS712 (talk) 20:47, 20 July 2019 (UTC)
 * I am not sure if the IP is still used by the Steam browser—at the moment closing with no action per lack of abuse. MrClog (talk) 16:39, 6 September 2019 (UTC)

45.121.208.0/22


Reason: Suspicious edits located during Japanelemu sockfarm cleanup. Edits from 45.121.208.0/22, WHOIS lists an Australian server farm provider ☆ Bri (talk) 19:54, 18 May 2019 (UTC)
 * Good catch, sorry about the delay. I have added this ISP to NBCH, and they should be blocked shortly. SQL Query me!  20:55, 22 July 2019 (UTC)

91.207.171.121, 81.200.17.161, 91.027.170.240


We've had an ongoing massive campaign to insert the same reference spamming type edit into a range of machine learning articles. I'd estimate at least 30 attempts over the year that I've been closely watching. The pattern is a batch / rash of edits by brand new ip's in a single geographic area. I see that the source of a previous batch is now blocked. They just started another burst, the same edit edits as before, this from three new (single edit) IP's in the same area in Russia, triple entering the same edit on one article in 2 days. Sincerely, North8000 (talk) 01:39, 21 May 2019 (UTC)
 * 3rd IP is invalid, assuming you mean 91.207.170.240. All IPs seem to be dynamic IPs connected to Seven Sky/IskraTelecom (same company nowadays it seems--https://www.iskratelecom.net/ redirects you to Seven Sky's website). (The first IP is registered as, other two as  .) . Closing. --MrClog (talk) 17:53, 8 September 2019 (UTC)
 * Thanks for checking!North8000 (talk) 08:01, 9 September 2019 (UTC)

5.34.66.26


Reason: Not sure if it's an open proxy or not, but the host name "client.fttb.2day.kz" seems a bit suspicious. 123.218.188.28 (talk) 17:13, 21 May 2019 (UTC)
 * SQL Query me! 20:49, 22 July 2019 (UTC)

67.226.220.0/22


Reason: Amazon AWS webhosting. 123.218.188.28 (talk) 18:59, 21 May 2019 (UTC)
 * While IPQS Says that the ISP name is Amazon, actually checking the whois says differently. SQL Query me!  20:42, 22 July 2019 (UTC)

72.52.64.0/18


Reason: Hurricane Electric. 60.133.229.157 (talk) 05:02, 18 June 2019 (UTC)
 * Hurricane Electric does more than just colocation services, it is also a global ISP. I looked at some IPs in the range, and they are connected to various companies. I found a few connected to Sophidea, all of which were already globally locked as LTA. Some were connected to Blue Rim Networks, which provides internet services to multi-family communities. I see no reason to block the entire range. --MrClog (talk) 18:08, 8 September 2019 (UTC)

2a01:4f9:2a:6d5::/64


Reason: Open proxy/web hosting. Most recently abused from. 92.17.91.122 (talk) 22:41, 23 July 2019 (UTC)
 * IP registered to Hetzner, who assigns each of its customers their own /64 range. Please block for 1–2 years (incl. logged in users) with blockreason  MrClog (talk) 18:19, 7 September 2019 (UTC)
 * Hosting provider range blocked 2 years. –Darkwind (talk) 09:33, 12 September 2019 (UTC)

102.129.224.2


Reason: Suspicious edits; recently blocked 31 hrs. Stalk toy also indicates two blocks on other wikis. Zaxxon0 (talk) 06:50, 6 August 2019 (UTC)
 * (non-clerk comment) IP Quality reports "This IP address appears to be a high risk proxy connection." --DannyS712 (talk) 06:59, 6 August 2019 (UTC)
 * 2 years on this specific IP. Leaving open in case someone wants to check the range. –Darkwind (talk) 09:41, 12 September 2019 (UTC)
 * To make sure that it can be later confirmed that an IP is still an open proxy, and to allow anyone to confirm this is a good block, could you which port or website can be used to access this open proxy? --MrClog (talk) 16:31, 12 September 2019 (UTC)
 * This was based on the Proxy API Check tool results, which showed positive ID as a proxy from proxycheck.io, IPQualityScore, and teoh.io, as well as hits from StopForumSpam, and open ports 80, 220, and 443. –Darkwind (talk) 06:13, 13 September 2019 (UTC)
 * Please (re)read the Guide to checking open proxies. It states: "Do not use [blacklists] for this purpose, as they are often stale and often misinterpreted". In additition, none of the ports you mentioned allowed me to use the proxy. In my opinion, . I have placed the request on hold awaiting further evidence. --MrClog (talk) 15:10, 13 September 2019 (UTC)
 * Excellent advice about the blacklists, however, running nginx on port 80 combined with Host1Plus is a clear duck. Additionally, it's hosting a SSL certificate from diltwo.com, and that domain is related to Hoxx VPN. I'm not seeing anything else on nearby ranges - closed as a webhost and duck VPN. -- zzuuzz (talk) 21:26, 15 September 2019 (UTC)

212.71.250.215


Reason: Linode cloud server, used by obvious sock of Shingling334, listed as high-risk blacklisted proxy by IPQualityScore. IamNotU (talk) 14:20, 11 August 2019 (UTC)
 * Range blocked. NinjaRobotPirate (talk) 14:36, 7 September 2019 (UTC)

198.57.27.142


Reason: Another socking proxy. GlobalTeleHost, IPQualityScore lists as blacklisted/proxy. Same thing as now-blocked Special:Contributions/198.57.27.196. IamNotU (talk) 12:18, 14 August 2019 (UTC)
 * Colo used for vandalism (multiple IPs). Please block Special:Contribs/198.57.26.0/23 for 2 years (incl. logged in users) with block reason . MrClog (talk) 14:05, 7 September 2019 (UTC)
 * Range blocked. NinjaRobotPirate (talk) 14:42, 7 September 2019 (UTC)

107.77.253.12


Reason: Reported as blacklisted, high-risk proxy; long edit history of little but vandalism. --IamNotU (talk) 21:01, 26 August 2019 (UTC)
 * Second opinion requested. In my opinion MrClog (talk) 13:48, 7 September 2019 (UTC)
 * Concur this is unlikely an open proxy (but the usual definition). It appears to be a normal proxy from a mobile network IP. -- zzuuzz (talk) 21:32, 17 September 2019 (UTC)

172.105.28.198


Reason: Another obvious Shingling334 sock on another linode host... IamNotU (talk) 22:23, 31 August 2019 (UTC)
 * IP is registered to Linode. Please block for 1 year (incl. prevent logged in users from editing) with block reason: .  MrClog (talk) 13:30, 7 September 2019 (UTC)
 * /15 range blocked. NinjaRobotPirate (talk) 14:33, 7 September 2019 (UTC)

198.98.48.0/20


Reason: IP is by "FranTech Solutions" Zaxxon0 (talk) 09:36, 10 September 2019 (UTC)
 * Web host range blocked 2 years. –Darkwind (talk) 09:49, 12 September 2019 (UTC)

IP 81.162.224.114


Reason: Requested unblock. 81.162.224.114 (talk) 14:45, 14 September 2019 (UTC)
 * There's not enough information here to respond to this request. The reporting IP is obviously not blocked. -- zzuuzz (talk) 21:04, 17 September 2019 (UTC)

172.107.93.6


Reason: Another Shingling334 proxy. IamNotU (talk) 22:03, 26 September 2019 (UTC)
 * This is a webhost IP. I've blocked the related /15, and will work on blocking the rest of the hosts. SQL Query me!  22:07, 26 September 2019 (UTC)