Wikipedia:WikiProject on open proxies/Requests/Archives/38
This is an archive of past discussions on Wikipedia:WikiProject on open proxies. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current main page. |
165.225.197.20
{{proxycheckstatus}}
- 165.225.197.20 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Appears to be an open proxy based on whois results. Vandalism has occurred, but very few edits, so not not sure if any action actually needed however. ~~ Alex Noble/1-2/TRB 18:58, 17 August 2020 (UTC)
- This is a Zscaler IP. These are typically shared and dynamic, and used by large major corporations (for example AstraZeneca and Carlsberg Group), with lots of potential collateral. They aren't generally regarded as 'open'. One half (/17) of this range was actually soft-blocked by AmandaNP this year, so they get a ping, but I'm not seeing a pressing need to block the rest of it. -- zzuuzz (talk) 21:27, 17 August 2020 (UTC)
- Range is currently anonblocked: link -- zzuuzz (talk) 22:47, 2 September 2020 (UTC)
36.77.0.0/16
{{proxycheckstatus}}
Discussion disruption at Talk:History of English#Requested move 31 July 2020: 36.77.92.121 (talk · contribs · WHOIS) added a bunch of articles as subjects of the RM despite the OP's (Soumya-8974) intention. Later 36.77.92.128 (talk · contribs · WHOIS) added a comment that copied a sentence from someone else's almost verbatim, likely in an attempt to create an impression of canvassing or puppetry.
The latter tests poorly on IPQualityScore. The range has been blocked in the past by Berean Hunter. Nardog (talk) 04:38, 6 August 2020 (UTC)
- @Nardog: Unlikely IP is an open proxy. The range you're looking for (including 1 from your ANI report) is 36.77.92.0/23. I'm going to leave this open for someone else to take a look, to see if a block is indicated anyways. —Mdaniels5757 (talk) 20:45, 7 August 2020 (UTC)
- User:Berean Hunter had previously twice blocked all of 36.77.0.0/16 for three months, anon-only, account creation blocked, for "CheckUser block: squelch sock account creation and IP socking". It's possible they might see a reason to reapply that block based on technical data. But if we just look at the behavior of Special:Contributions/36.77.92.0/23 I don't think it is quite vandalistic enough to justify a block on its own. Though a /23 is much narrower if we were tempted at all. The worst thing I noticed was the behavior at Talk:History of English that was already noted above. EdJohnston (talk) 16:20, 28 August 2020 (UTC)
- Thanks EdJohnston. I have blocked that /16 again. That sockmaster is appearing in more than the /23, see 36.77.101.211, 36.77.135.116, 36.77.139.145, 36.77.111.114 as a few examples. He has multiple blocked accounts but was editing while logged out in this range.
— Berean Hunter (talk) 18:07, 28 August 2020 (UTC)
- Thanks EdJohnston. I have blocked that /16 again. That sockmaster is appearing in more than the /23, see 36.77.101.211, 36.77.135.116, 36.77.139.145, 36.77.111.114 as a few examples. He has multiple blocked accounts but was editing while logged out in this range.
- User:Berean Hunter had previously twice blocked all of 36.77.0.0/16 for three months, anon-only, account creation blocked, for "CheckUser block: squelch sock account creation and IP socking". It's possible they might see a reason to reapply that block based on technical data. But if we just look at the behavior of Special:Contributions/36.77.92.0/23 I don't think it is quite vandalistic enough to justify a block on its own. Though a /23 is much narrower if we were tempted at all. The worst thing I noticed was the behavior at Talk:History of English that was already noted above. EdJohnston (talk) 16:20, 28 August 2020 (UTC)
143.244.48.0/22
{{proxycheckstatus}}
Reason: Personal attacks on talk page after block. WHOIS data indicates some sort of colowebhost. The IP has already been temporarily blocked for disruptive editing however I'm wondering if the entire range should be blocked. -- LuK3 (Talk) 15:26, 28 August 2020 (UTC)
- Confirmed, Already blocked. Closing without further action. —Mdaniels5757 (talk • contribs) 20:28, 28 August 2020 (UTC)
152.32.109.37
{{proxycheckstatus}}
- 152.32.109.37 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 152.32.108.72 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits, IP Reported as Blacklisted Proxy/VPN Detection Proxy/VPN Proxy/VPN Detected ☆ Bri (talk) 14:31, 1 September 2020 (UTC)
- 152.32.108.72 similar edits same range ☆ Bri (talk) 14:49, 1 September 2020 (UTC)
- No proxy found on either; closing. —Mdaniels5757 (talk • contribs) 22:04, 1 September 2020 (UTC)
- @Mdaniels5757: Sometimes I get results like this, and it's puzzling. Do you know why IPQualityScore shows checkmarks by the first IP for proxy and recent abuse? ☆ Bri (talk) 04:58, 2 September 2020 (UTC)
- @Bri: IPQualityScore isn't particularly accurate; it also can give old results (I don't know how recent they mean by "recent", but many proxies aren't active for long). —Mdaniels5757 (talk • contribs) 15:56, 2 September 2020 (UTC)
- @Mdaniels5757: Sometimes I get results like this, and it's puzzling. Do you know why IPQualityScore shows checkmarks by the first IP for proxy and recent abuse? ☆ Bri (talk) 04:58, 2 September 2020 (UTC)
80.161.48.203
{{proxycheckstatus}}
- 80.161.48.203 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Requested unblock. This proxy used is not public and I can not see why it is blocked? — Preceding unsigned comment added by 217.16.108.164 (talk) 07:59, 2 September 2020 (UTC)
- Declined to run a check IP is not blocked; no signs that it's a proxy anyways. Closing. —Mdaniels5757 (talk • contribs) 15:59, 2 September 2020 (UTC)
202.65.154.182
{{proxycheckstatus}}
- 202.65.154.182 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits, appears to be a data center, ipqualityscore reports VPN or proxy & fraud score 99.
There are other suspicious IPs editing in same set of articles, I have reported two of them before. Running list at User:Bri/COIbox97 ☆ Bri (talk) 17:02, 3 September 2020 (UTC)
- Confirmed {{colocationwebhost}} via WHOIS and open SSH port, as is the rest of the 202.65.128.0/19 range. {{Colocationwebhost}} block of the 202.65.128.0/19 range requested: last global block, which recently expired, was for a year, so I'd go for 1-3 years. —Mdaniels5757 (talk • contribs) 16:15, 4 September 2020 (UTC)
36.73.190.62
{{proxycheckstatus}}
- 36.73.190.62 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits: another beauty pageant IP that is reported proxy by ipqualityscore.com. ☆ Bri (talk) 02:45, 9 September 2020 (UTC)
Found it to be a low-risk proxy via the proxy checker. Firestar464 (talk) 06:15, 14 October 2020 (UTC)
- Unlikely IP is an open proxy IPQS is the only one flagging it and I can't see any other indication of abuse from any other source. -- Amanda (aka DQ) 20:29, 21 October 2020 (UTC)
138.43.96.0/20
{{proxycheckstatus}}
Reason: Seeing some edit filter hits on a few IPs within this range. WHOIS indicates some sort of colo. -- LuK3 (Talk) 18:29, 21 September 2020 (UTC)
- Reading between the lines on the provider's website, it looks like some kind of fancy cloud VPN with monitoring. I see almost nothing constructive coming out of the range. Colo softblock is probably appropriate here, I'll give it a six month block. GeneralNotability (talk) 14:52, 12 October 2020 (UTC)
- I updated the block to the standard. Iboss does seem like colocation. -- Amanda (aka DQ) 20:32, 21 October 2020 (UTC)
152.32.108.102
{{proxycheckstatus}}
- 152.32.108.102 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits, multiple sock farms active at article this IP has edited, likely block evasion. IPqualityscore reports IP Reported as Blacklisted & Proxy/VPN Detected. ☆ Bri (talk) 13:24, 26 September 2020 (UTC)
Ths IP appears to be a high-risk proxy based on the proxy checker. Firestar464 (talk) 06:44, 14 October 2020 (UTC)
- Firestar464, you need to do a more in-depth search than just reading what the proxy checker says. Same for the below. GeneralNotability (talk) 22:35, 14 October 2020 (UTC)
- GeneralNotability I'm not certified. I'm just presenting my findings. Firestar464 (talk) 01:57, 15 October 2020 (UTC)
- Not currently an open proxy IPQS is the only one indicating. Some spam from March, but nothing to be concerning. -- Amanda (aka DQ) 20:36, 21 October 2020 (UTC)
Beauty pageant SPA proxies
{{proxycheckstatus}}
- 108.21.69.90 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan IPQualityScore lists as proxy & VPN, fraud score 75
- 209.52.89.130 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan IPQualityScore lists as proxy & VPN, fraud score 75
- 202.80.213.234 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan IPqualityscore lists as a proxy
Reason: Suspicious single-purpose editing; edits in a common set of beauty pageant articles. ☆ Bri (talk) 22:09, 4 October 2020 (UTC)
- 209.52.89.130 resolves to w2kweb.pacificgroup.net, Nmap gives me two open ports - one is SSH, the other is 8080 but doesn't appear to be an open proxy (though it appears to be some kind of embedded management device).
The first one is not a proxy. The second is a high-risk proxy. The third is a low-risk proxy. Firestar464 (talk) 06:21, 14 October 2020 (UTC)
- 108.21.69.90 - Not currently an open proxy - IPQS is the only one flagging.
- 209.52.89.130 - Not currently an open proxy - IP is sublet from telus to Pacific Customs Brokers. IPQS is the only one flagging.
- 202.80.213.234 - Not currently an open proxy - 8080 requires login, therefore not an open proxy, and not blockable based on that alone.
- -- Amanda (aka DQ) 20:46, 21 October 2020 (UTC)
76.85.70.60
{{proxycheckstatus}}
- 76.85.70.60 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Likely an open proxy-other IPs used. Check for "loser". Likely from IPShark. --67.85.37.186 (talk) 21:22, 14 October 2020 (UTC)
- Not likely to be an open proxy it is a low-risk IP from a guanine ISP (Spectrum) but should likely be blocked due to vandalism 🌸 1.Ayana 🌸 (talk) 22:22, 14 October 2020 (UTC)
- 1.Ayana, did you do any checking besides reading the output of the "proxy checker" link? You will need to do a more in-depth check than that. Open proxies can be operating from real ISPs. GeneralNotability (talk) 22:36, 14 October 2020 (UTC)
- GeneralNotability I should have done a more in-depth check before posting so please disregard my post.🌸 1.Ayana 🌸 (talk) 22:49, 14 October 2020 (UTC)
- It appears to be coming from IPSharkk. Abuse reported. See also extensive ANI thread. --67.85.37.186 (talk) 22:54, 14 October 2020 (UTC)
- 67.85.37.186 The proxy checker showed that this is a normal IP. Firestar464 (talk) 02:02, 15 October 2020 (UTC)
- Not currently an open proxy IPQS is the only one flagging. Charter is not one to regularly host proxies either. -- Amanda (aka DQ) 20:49, 21 October 2020 (UTC)
2.181.49.113
{{proxycheckstatus}}
- 2.181.49.113 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 2.181.56.253 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits, possible beauty pageant sockfarm block evasion & listed as proxy by IPQualityScore ☆ Bri (talk) 13:11, 22 October 2020 (UTC)
- Note regarding the first IP: A quick
curl -x
session gives no responses for HTTP, SOCKS4 or SOCKS5 proxies running on ports 80, 1080, 8080, 8888, 3128 or 8000. Haven't done any other checks yet (and would appreciate for someone to re-check anyway, given my lack of experience). Blablubbs (talk • contribs) 14:43, 22 October 2020 (UTC) - Declined to run a check Not on the basis of IPQS and potential block evasion alone. -- Amanda (aka DQ) 07:34, 16 November 2020 (UTC)
86.57.56.189
{{proxycheckstatus}}
- 86.57.56.189 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits : beauty pageant block evasion likely (see [1]). IPQS reports proxy. ☆ Bri (talk) 05:34, 16 November 2020 (UTC)
- Declined to run a check Not on the basis of IPQS and potential block evasion alone. -- Amanda (aka DQ) 07:34, 16 November 2020 (UTC)
103.130.78.8
{{proxycheckstatus}}
- 103.130.78.8 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
EDIT:IPQS high risk at https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/%20103.130.78.8
Reason: Suspicious edits. Why is a New-Zealand based IP so focused on posting defamation at an American politician article, Elena Parent??. 4thfile4thrank (talk) 05:00, 5 December 2020 (UTC)
- Noting that the /22 is already blocked as a proxy. Blablubbs|talk 13:44, 5 December 2020 (UTC)
- Closing per Blablubbs - range is proxy-blocked for three years, no value in checking whether it's an open proxy or not. GeneralNotability (talk) 03:36, 6 December 2020 (UTC)
199.66.88.0/21
{{proxycheckstatus}}
- 199.66.88.0 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Webhost, associated with ExpressVPN (a friend has a subscription and showed me the IP, which is how I found it). /23 is currently colo-blocked, but the entire /21 seems to belong to the host. Blablubbs|talk 02:13, 9 January 2021 (UTC)
- Rangeblocked. GeneralNotability (talk) 04:07, 9 January 2021 (UTC)
102.130.119.0/24
{{proxycheckstatus}}
- 102.130.119.0 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Webhost: xneelo Blablubbs|talk 13:26, 12 January 2021 (UTC)
- Colo-blocked 102.130.112.0/20 (whole range is part of ASN 37153). GeneralNotability (talk) 01:38, 13 January 2021 (UTC)
124.217.128.0/18
{{proxycheckstatus}}
Reason: Suspicious edits Matthew hk (talk) 05:26, 21 January 2021 (UTC)
The ip range is from HGC (which for household usually it is static ip) (edit: not HGC but Hutchison Telecommunications Hong Kong Holdings 11:44, 23 January 2021 (UTC)), an ISP. But it seems it is leased by a company DOMAIN FIVE ENTERPRISES LIMITED to run as an open proxy / VPN. Matthew hk (talk) 05:26, 21 January 2021 (UTC)
- Example, Talk:List of lighthouses in China (124.217.188.172, 124.217.189.103 ), Talk:Holy Trinity Cathedral, Hong Kong#Edit war Matthew hk (talk) 05:44, 21 January 2021 (UTC)
- You originally kick-started this section with my IP address.[2][3] but the reasons why you did so remain unknown. Meanwhile as you've been told you got the burden to factcheck before you submit allegations as such. Domain Five Enterprises Ltd is not known anywhere for VPNs/open proxies. It's a wholly owned subsidiary of Hutchison Telecom, a CK-Hutchison company and the second largest mobile network operator in the territory; whereas HGC had been sold to a private equity firm like three or four years ago such they they are no longer associated in any way. And if you bother to google Domain Five Enterprises is an authorised insurance agency. You've yet to demonstrate how Domain Five Enterprises is (iff they are an ISP) relevant to the picture here and how their IPs (if there's any) are related to Hutchison Telecom and/or HGC. 124.217.189.34 (talk) 16:52, 21 January 2021 (UTC)
- In any way, it seems you abuse your company ip at work then..... Matthew hk (talk) 19:46, 21 January 2021 (UTC)
- These aren't the only IPs as well. There's also:
- 14.0.180.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 118.140.95.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 124.217.189.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 203.145.95.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 218.255.111.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 219.73.73.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 219.76.24.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- 219.76.15.0/23 · contribs · block · log · stalk · Robtex · whois · Google
- And god knows how many more there are. While it might not be a proxy, its more like WP:LOUTSOCK at work, and they are getting emboldened as it's hard to get these blocked. Every one of them geolocates to Hong Kong, that's for sure. I'd say to just semiprotect the articles that they frequent and ignore such edit requests from these ranges. ShelteredCook (talk) 20:10, 21 January 2021 (UTC)
- These aren't the only IPs as well. There's also:
- In any way, it seems you abuse your company ip at work then..... Matthew hk (talk) 19:46, 21 January 2021 (UTC)
- C'mon they don't even belong to the same ISP do they? Loutsock? Loutsock at work!? 124.217.189.34 (talk) 20:58, 21 January 2021 (UTC)
- (Re User:Matthew hk 19:46, 21 January 2021 (UTC)) What? How could you come up with such a wild conclusion that I work there? Meanwhile did you actually read this?
[4] 124.217.189.34 (talk) 20:56, 21 January 2021 (UTC)Domain Five Enterprises Limited, a wholly owned subsidiary of Hutchison Telecommunications Hong Kong Holdings Limited, is an authorized insurance agency in Hong Kong and registered with the Insurance Agents Registration Board (Registration No.: FA2643). Domain Five Enterprises Limited is an authorized insurance distributor of FWD Lift Insurance Company (Bermuda) Limited and FWD General Insurance Company Limited. Hutchison Telephone Company Limited provides IT and network supports to Domain Five Enterprises Limited.
- (Re User:Matthew hk 19:46, 21 January 2021 (UTC)) What? How could you come up with such a wild conclusion that I work there? Meanwhile did you actually read this?
- Domain Five Enterprises is a subsidiary of an ISP in the business of non-ISP....so you don't work for Domain Five Enterprises but have access to that ip range, did you prove yourself the range has became an open proxy? I never heard of insurance company provide their end-user customer internet access. Matthew hk (talk) 12:30, 22 January 2021 (UTC)
- Also, yes i made a mistake to mixed up HGC with its former parent company Hutchison Telecommunications Hong Kong Holdings. On top of the ip was blocked so that they cannot self defence anymore, it would be nice to explain how they are able use the ip range. Are they the customer of 3 (telecommunications), or they really somehow turned that range to private use. Matthew hk (talk) 11:43, 23 January 2021 (UTC)
- For admin . Please read also Wikipedia:Sockpuppet investigations/14.0.180.170/Archive. I don't know why the ip has a misconception of not opening an account is good for them, but their off site canvassing (and meatsock and sock) from lihkg and telegram group is out of control and there should be some way to deal with it. Matthew hk (talk) 12:06, 22 January 2021 (UTC)
- Link on discussion in lihkg (https://lihkg.com/thread/2373493/page/1}) which contains a screenshot of such telegram group....Not sure the group is for zh-wiki or also for en-wiki..... Matthew hk (talk) 12:43, 22 January 2021 (UTC)
Not all VPNs are open proxies. Many of them are subscription-only, i.e. closed proxies. And with the Hong Kong national security law in force, more and more editors from HK will have legitimate reasons to edit through proxies. Hence while a sockpuppetry case may be relevant (Wikipedia:Sockpuppet investigations/14.0.180.170 etc) I don't think an open proxy investigation is a helpful path to pursue. Deryck C. 13:14, 23 January 2021 (UTC)
- If the ip at first stated they are using 3 mobile broadband and have no idea why in whois record marked as Domain Five Enterprises, then it is not likely an open proxy (or close proxy, since it is an ISP). Now it still can't tell why the ip range is marked as "Domain Five Enterprises", a non-ISP subsidiary of a telecom company. Matthew hk (talk) 23:20, 23 January 2021 (UTC)
Comment: I haven't looked too deeply, but glancing at the ISPs, I don't really see any indication that these are webhosts (though granted, I can find very little other English-language information on "Domain Five Enterprises Ltd."). Frankly, given the active SPI, this strikes me as a little forum-shoppy. There's certainly evidence of disruption coming from those ranges, but I don't really see that as grounds for a check – given that they all geolocate to the same area, I think it's more likely we're dealing with either meatpuppetry or simply someone with access to a bunch of different ranges. (Soft-)Blocking these ranges or semiprotecting affected articles on those grounds is of course still a reasonable idea, but that's out of scope for WPOP. Blablubbs|talk 13:14, 24 January 2021 (UTC)
- I don't see a case for performing a proxy check here. Closing. Disruptive IP ranges may be dealt with at venues like WP:ANI if needed. GeneralNotability (talk) 02:16, 26 January 2021 (UTC)
172.58.4.10
{{proxycheckstatus}}
- 172.58.4.10 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: See WP:AIV and history of Kevin McCarthy (California politician); WP:IPSOCK. Firestar464 (talk) 11:02, 4 February 2021 (UTC)
- Declined to run a check, see below. Blablubbs|talk 15:01, 6 February 2021 (UTC)
- Also, this range is T-Mobile's mobile phone range, which is generally mostly dynamic. Any proxy has probably gone away already. -- zzuuzz (talk) 15:37, 8 February 2021 (UTC)
96.18.179.66
{{proxycheckstatus}}
- 96.18.179.66 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Blanked Wikipedia: Open proxies and claims to be one in their contributions Pahunkat (talk) 21:47, 9 November 2020 (UTC)
- Just checked again with more time and it seems unlikely this is an open proxy Pahunkat (talk) 22:21, 9 November 2020 (UTC)
- {{proxycheck}} Does not appear to be an open proxy, none of the likely ports are open, the various proxy checkers don't say it's one. If someone's claiming it's an open proxy, possibly IPsharkk or similar. GeneralNotability (talk) 13:30, 10 November 2020 (UTC)
- Likely IP is an open proxy There is definitely at minimum P2P activites coming from the IP, they may have shown on proxy lists in the past, there are two RDNS entries and the edits themselves claiming being an OP. -- Amanda (aka DQ) 07:34, 16 November 2020 (UTC)
104.219.234.142
{{proxycheckstatus}}
- 104.219.234.142 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: This IP belongs to a web-host provider (DataWagon, LLC) and it's linked to CollabVM where it can easily be abused by just using a collaborative virtual machine. AsphereOfficial (talk) 05:41, 14 November 2020 (UTC)
- I've colo-blocked the /24 (anon-only, account creation blocked) and have asked a couple other admins for a second opinion on whether to block the other ranges owned by this company. GeneralNotability (talk) 15:28, 15 November 2020 (UTC)
- @GeneralNotability: The larger /21 is still DataWagon as noted on whois. Either way, the service does not seem to offer colocation, just rack services, so I would switch to full webhostblock. -- Amanda (aka DQ) 07:34, 16 November 2020 (UTC)
- AmandaNP, thanks, changed the block to the /21 as a webhostblock. GeneralNotability (talk) 14:43, 21 November 2020 (UTC)
- @GeneralNotability: The larger /21 is still DataWagon as noted on whois. Either way, the service does not seem to offer colocation, just rack services, so I would switch to full webhostblock. -- Amanda (aka DQ) 07:34, 16 November 2020 (UTC)
31.168.172.141
{{proxycheckstatus}}
- 31.168.172.140 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 31.168.172.141 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits. That is, these IPs were obtained via CU in a subject area full of socks--though none were found on these two. Drmies (talk) 23:47, 20 November 2020 (UTC)
- Investigating now. IPQS says suspected proxy/VPN, which doesn't mean much, but proxycheck.io says possible proxy as well. GeneralNotability (talk) 01:36, 21 November 2020 (UTC)
- They both are VPN endpoints for privateinternetaccess.com, so not open proxies but Confirmed VPN (though WHOIS says they're assigned to a normal ISP). Working on a wider scan to see if anything else on that range is from the same group. GeneralNotability (talk) 02:05, 21 November 2020 (UTC)
- Looks like it's just those two (nothing else on their /20 is serving an SSL cert for privateinternetaccess.com). Both blocked one year as anonymizing VPNs. GeneralNotability (talk) 14:39, 21 November 2020 (UTC)
72.140.224.197 and others
{{proxycheckstatus}}
- 72.140.224.197 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 176.119.25.52 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 61.222.202.195 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 121.127.11.235 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 61.221.12.80 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Quick BG: Vijay is an Indian actor in Tamil-language films. At several Vijay-related articles lately, there has been an uptick in edits trying to inflate the actor or his films' gross values. This might be related to LTA sock operator Bothiman, who was a known Vijay lickspittle. Most recently 72.140.224.197 was blocked. This apparently geolocates to Canada. (See also 72.140.224.195 (talk · contribs · WHOIS)). Then recently at Puli (2015 film), edits from 176.119.25.52, a French IP that is also interested in Vijay articles. And prior to that, 61.222.202.195, a Chinese IP that is also interested in Vijay articles. Seems fishy. If anyone could take a look, I'd appreciate it. Thanks, Cyphoidbomb (talk) 21:05, 14 December 2020 (UTC)
- Cyphoidbomb, the 72. and 176. currently host websites, with the first two obviously being run by the same people; the same seems to be the case for the 61. IP, but I can't access it. Pretty sure they're all proxies. Can take a closer look in a bit. Blablubbs|talk 21:27, 14 December 2020 (UTC)
- Okay, had a second look at the 72.x one, which hosts some sort of spamsite. It belongs to a rogers-hosted datacentre (host: unallocated-static.datacentres.rogers.com nameservers dnsX.datacentres.rogers.com) and has an open port 8080 which, when proxied through, sends us to a different spamsite. Other IPs from that datacentre range have edited as well. I'm mostly here to lurk and learn, but I'll take a poorly educated guess and say that it's a proxy and should probably be (range-)blocked. Blablubbs|talk 22:01, 14 December 2020 (UTC)
- Also noting that the other two are both flagged by multiple proxy APIs. Blablubbs|talk 22:09, 14 December 2020 (UTC)
- @Blablubbs: Thanks for the info! This high-level technical stuff is beyond my brain's abilities, so I'll have to wait for someone to do the dirty work. Cyphoidbomb (talk) 23:31, 14 December 2020 (UTC)
- I noticed ST47 blocked 176.119.24.0/21. I wonder if that was related to this query or an independent discovery. Cyphoidbomb (talk) 14:20, 15 December 2020 (UTC)
- It was due to this report. ST47 (talk) 19:17, 15 December 2020 (UTC)
- Then thanks! Cyphoidbomb (talk) 21:04, 15 December 2020 (UTC)
- It was due to this report. ST47 (talk) 19:17, 15 December 2020 (UTC)
- Also noting that the other two are both flagged by multiple proxy APIs. Blablubbs|talk 22:09, 14 December 2020 (UTC)
- Okay, had a second look at the 72.x one, which hosts some sort of spamsite. It belongs to a rogers-hosted datacentre (host: unallocated-static.datacentres.rogers.com nameservers dnsX.datacentres.rogers.com) and has an open port 8080 which, when proxied through, sends us to a different spamsite. Other IPs from that datacentre range have edited as well. I'm mostly here to lurk and learn, but I'll take a poorly educated guess and say that it's a proxy and should probably be (range-)blocked. Blablubbs|talk 22:01, 14 December 2020 (UTC)
- I've added another to the list, 121.127.11.235. This one geolocates to Algeria, and just dumped a bunch of promotional awards at at an award article for Vijay. Cyphoidbomb (talk) 23:18, 15 December 2020 (UTC)
- Cyphoidbomb, it's this Filipino data centre (range). The IP also hosts a website landing page; open port 8080 – I can tunnel through it, but get empty replies from the target servers. I'll again go out on a semi-educated limb and say that this is a proxy. Blablubbs|talk 13:09, 16 December 2020 (UTC)
- Colo-blocked 121.127.0.0/19 with a soft block, scanning all of the IPs listed here to see if they need individual open proxy blocks. GeneralNotability (talk) 00:28, 17 December 2020 (UTC)
- 121.127.11.235 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan: Poking at its open Squid port revealed that it's GeoSurf, which is a VPN provider. Hardblocked.
- 176.119.25.52 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan: I have no idea what's going on with that host or why it's claiming to be serving an out-of-date Microsoft Update cert. Hardblocked as a webhost.
- 72.140.224.197 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan: Even weirder than the last one. Some kind of webhost? Hardblocked too.
- Still waiting on nmap for the 61. IP before I can close this. GeneralNotability (talk) 02:39, 17 December 2020 (UTC)
- @GeneralNotability: Not sure if you're still looking at these, but I just added another one, 61.221.12.80. It geolocates to Spain, but is somehow interested in puffing up Vijay articles. Same MO as the others. Cyphoidbomb (talk) 22:06, 21 December 2020 (UTC)
- Cyphoidbomb, sorry, forgot to close this out. Your latest proxy is yet another GeoSurf proxy, so not open but a proxy just the same. I've hardblocked it. Closing. — Preceding unsigned comment added by GeneralNotability (talk • contribs) 00:15, 22 December 2020 (UTC)
- Cyphoidbomb, it's this Filipino data centre (range). The IP also hosts a website landing page; open port 8080 – I can tunnel through it, but get empty replies from the target servers. I'll again go out on a semi-educated limb and say that this is a proxy. Blablubbs|talk 13:09, 16 December 2020 (UTC)
174.95.181.23
{{proxycheckstatus}}
- 174.95.181.23 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits Beyond My Ken (talk) 17:53, 22 December 2020 (UTC)
- This does not seem to be an open proxy. ProcrastinatingReader (talk) 01:52, 27 December 2020 (UTC)
- Concur with Proc, this appears to be a router of some sort, doesn't seem to be an open proxy - only open port I saw was for a config GUI. GeneralNotability (talk) 02:43, 4 January 2021 (UTC)
- Thanks. Beyond My Ken (talk) 01:53, 21 January 2021 (UTC)
- Concur with Proc, this appears to be a router of some sort, doesn't seem to be an open proxy - only open port I saw was for a config GUI. GeneralNotability (talk) 02:43, 4 January 2021 (UTC)
142.114.15.168
{{proxycheckstatus}}
- 142.114.15.168 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits Beyond My Ken (talk) 17:57, 22 December 2020 (UTC)
- This does not seem to be an open proxy. ProcrastinatingReader (talk) 01:52, 27 December 2020 (UTC)
- Same deal as 174.95.181.23, doesn't appear to be an open proxy. GeneralNotability (talk) 02:44, 4 January 2021 (UTC)
- Thank you. Beyond My Ken (talk) 01:54, 21 January 2021 (UTC)
- Same deal as 174.95.181.23, doesn't appear to be an open proxy. GeneralNotability (talk) 02:44, 4 January 2021 (UTC)
IP 91.250.240.141
{{proxycheckstatus}}
- 91.250.240.141 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits. Per a complaint at WP:AN3 about reverts at 2022 Winter Olympics. I blocked two months on suspicion after seeing the results of the toolforge proxy checker. Probably a better quality of confirmation should be attempted. This IP is in a /24 range operated by the provider, HostRoyale. An online service called scamalytics.com says "We consider HostRoyale Technologies Pvt Ltd to be a potentially very high fraud risk ISP.." EdJohnston (talk) 17:13, 23 December 2020 (UTC)
- Definitely open on 443 and 8443. /24 blocked by ST47. ProcrastinatingReader (talk) 01:52, 27 December 2020 (UTC)
- Closing per above - blocked as a colo. GeneralNotability (talk) 01:36, 4 January 2021 (UTC)
74.127.203.23
{{proxycheckstatus}}
- 74.127.203.23 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: This user confessed to being a VPN on this diff, and IPQS shows that the IP is likely a VPN, but I'd like someone more experienced in this field to help me determine if this IP is truly a VPN. JJP...MASTER![talk to] JJP... master? 00:24, 29 December 2020 (UTC)
- Unlikely IP is an open proxy Everything I checked on TCP was firewalled, so I don't think this is likely to be an open proxy. Could be a P2P proxy, but it's hard to pick those out. GeneralNotability (talk) 01:59, 5 January 2021 (UTC)
193.85.188.238
{{proxycheckstatus}}
- 193.85.188.238 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits in beauty pageant space w/ prolific socking. Host name mail.bohemiacargo.cz looks like it's potentially a mail server being used as a proxy. Bri.public (talk) 22:35, 30 December 2020 (UTC)
- Unlikely IP is an open proxy (there are some odd HTTP ports open, but none of them appear to be open proxy ports), and given that its area of interest is in Czech pageantry I don't see good reason to block. Could be some weird internal routing, or maybe someone at bohemiacargo.cz is editing from a mail server. GeneralNotability (talk) 02:36, 4 January 2021 (UTC)
173.11.1.217
{{proxycheckstatus}}
- 173.11.1.217 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Found via IPProxyCheck Firestar464 (talk) 07:40, 6 February 2021 (UTC)
- Declined to run a check, see below. Blablubbs|talk 15:01, 6 February 2021 (UTC)
96.35.172.222
{{proxycheckstatus}}
- 96.35.172.222 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Found via IPProxyCheck Firestar464 (talk) 07:41, 6 February 2021 (UTC)
- Declined to run a check. I'm bulk-declining the recent requests by Firestar464; none of these ISPs strike me as likely candidates for hosting open proxies – IPQS is the only provider that's flagging, but it flags basically everything that has ever been connected to the internet and that flag isn't grounds for a check on its own. The only suspicious one based on another API I use is 172.58.4.10, but that's already proxyblocked for one year; the other two IPs haven't edited since 2010. Blablubbs|talk 15:01, 6 February 2021 (UTC)
85.10.51.92
{{proxycheckstatus}}
- 85.10.51.92 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits. The IP had no editing history before, but initiated a RfC on RSN today [5]. Normchou 💬 03:24, 7 February 2021 (UTC)
- Confirmed VPN; serving SSL cert for Surfshark on port 443. Had a quick look at the /25: The same is the case for
- Given that zzuuzz recently blocked another Surfshark IP that's on the same /20, but not /25, I'll have a look at the wider range too. It would probably also be a good idea for someone with the relevant buttons to block the ones above. Blablubbs|talk 12:15, 7 February 2021 (UTC)
Additional results:
- 85.10.50.34 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (Softether VPN)
- 85.10.50.164 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (Surfshark)
- 85.10.50.165 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (Surfshark)
- 85.10.50.166 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (Surfshark)
- 85.10.50.167 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (Surfshark)
- 85.10.50.178 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (IPVanish)
- 85.10.51.3 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (vpnunlimitedapp.com)
- 85.10.51.29 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (IPVanish)
- 85.10.51.37 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (WLVPN.com)
- 85.10.51.89 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (Surfshark)
- 85.10.51.90 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (Surfshark)
- 85.10.51.91 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (Surfshark)
- 85.10.51.92 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (Surfshark)
- 85.10.56.3 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (vpnunlimitedapp)
- 85.10.56.4 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (vpnunlimitedapp)
- 85.10.56.100 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (vpnunlimitedapp)
- 85.10.56.128 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (windscribe)
- 85.10.56.130 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (windscribe)
- 85.10.56.190 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (surfshark)
- 85.10.56.191 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (surfshark)
- 85.10.56.192 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (surfshark)
- 85.10.56.193 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (surfshark)
- 85.10.56.225 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (surfshark)
- 85.10.56.226 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (surfshark)
- 85.10.56.227 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ^
- 85.10.56.228 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ^
- 85.10.56.232 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ExpressVPN
- 85.10.56.240 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ^
- 85.10.62.197 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (Softether)
Blablubbs|talk 12:45, 7 February 2021 (UTC)
- Nice work Blablubbs. I've hardblocked the IPs you called out. Based on the sheer number of proxies on the same range, I think this is a colo or the like, so I've also colo-blocked 85.10.48.0/20. GeneralNotability (talk) 15:47, 10 February 2021 (UTC)
128.174.151.220
{{proxycheckstatus}}
- 128.174.151.220 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Caught by IpProxyCheck Reason: Suspicious edits Firestar464 (talk) 06:21, 11 February 2021 (UTC)
- Declined to run a check. University IP, no edits since 2014, noone except IPQS is flagging. Blablubbs|talk 10:14, 11 February 2021 (UTC)
172.93.147.64/29
{{proxycheckstatus}}
Reason: NordVPN. Possibly used by banned sockfarm. MarioGom (talk) 15:28, 13 February 2021 (UTC)
- The entire /20 is nexeon, which seems to also offer colocation, so the reviewing admin may want to consider hitting that with a soft block while hardblocking the /29. Blablubbs|talk 15:35, 13 February 2021 (UTC)
- ST47 blocked the /20 as a colo, I hardened the block on the /29. Closing. GeneralNotability (talk) 00:56, 25 February 2021 (UTC)
167.88.0.0/20
{{proxycheckstatus}}
- 167.88.0.0/20 · contribs · block · log · stalk · Robtex · whois · Google
- 167.88.7.187 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 167.88.10.75 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 167.88.10.91 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 167.88.10.163 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 167.88.10.179 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 167.88.10.219 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 167.88.10.243 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 167.88.15.3 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: The /20 block is a hosting provider (Nexeon). The individual IPs are active NordVPN nodes. MarioGom (talk) 16:12, 13 February 2021 (UTC)
- Hardblocked the ranges that WHOIS showed as belonging to NordVPN, the larger range is already softblocked. Closing.
209.216.92.203
{{proxycheckstatus}}
- 209.216.92.203 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits. This IP had little contributions in the past, but recently wrote on another user's talk page citing a number of community policies to make unfounded, WP:ASPERSIONS-ish accusations. [6]. Normchou 💬 21:38, 17 February 2021 (UTC)
- 209.216.92.0/24 is Ace Host. This specific IP is Surfshark VPN according to spur.us API. --MarioGom (talk) 18:28, 18 February 2021 (UTC)
- Confirmed VPN – serving Surfshark SSL cert on port 443. This one does offer colocation, but it might also be an option to just hardblock it anyway – otherwise a wider scan is probably needed. Blablubbs|talk 18:32, 18 February 2021 (UTC)
More SurfShark in this range:
- 209.216.92.3 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.4 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.5 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.6 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.8 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.9 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.10 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.11 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.13 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.14 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.15 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.16 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.195 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.196 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.197 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.198 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.200 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.201 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.202 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.203 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.215 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.216 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.217 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.218 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.220 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.221 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.222 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.223 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.225 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.226 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.227 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 209.216.92.228 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
--MarioGom (talk) 14:53, 19 February 2021 (UTC)
- I've blocked the ranges in AS398779. SQLQuery me! 17:48, 21 February 2021 (UTC)
- Closing - rangeblocked by SQL. GeneralNotability (talk)
185.188.61.0/24
{{proxycheckstatus}}
- 185.188.61.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 185.188.61.3 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.4 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.5 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.6 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.7 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.8 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.13 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.14 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.15 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.16 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.17 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.18 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.19 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.20 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.21 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.22 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.23 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.24 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.25 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.26 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.27 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.28 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.33 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.34 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.35 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.36 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.37 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.38 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.39 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.40 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.41 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.42 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.43 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.44 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.45 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.46 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.47 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.48 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.52 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.53 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.54 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.55 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.56 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.57 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.58 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.59 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.61 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.62 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.64 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.188.61.65 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits. The /24 range is Comforhost. The individual IPs are SurfShark VPN (SSL certificates served on port 443). MarioGom (talk) 14:31, 19 February 2021 (UTC)
- I've blocked ranges in AS43578, where appropriate. SQLQuery me! 17:48, 21 February 2021 (UTC)
- Rangeblocked by SQL, closing. GeneralNotability (talk) 00:49, 25 February 2021 (UTC)