Jump to content

Wikipedia:WikiProject on open proxies/Requests/Archives/40

From Wikipedia, the free encyclopedia


TouchVPN

{{proxycheckstatus}}

12.202.180.3 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
12.202.180.7 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
  • Residential range (AT&T)
2.58.194.132 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
2.58.194.134 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
2.58.194.135 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
2.58.194.144 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
2.58.194.145 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
2.58.194.146 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
2.58.194.147 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
2.58.194.148 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
2.58.194.149 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
2.58.194.151 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
2.58.194.153 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
2.58.194.154 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
2.58.194.155 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
31.7.58.170 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
45.90.104.10 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
45.91.72.34 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
45.91.72.35 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
  • Range: 45.91.72.0/22 LONCONNECT LTD (no idea what is this, within larger Cogent block)
81.17.19.54 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
83.229.32.133 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
83.229.32.134 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
83.229.32.135 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
83.229.32.136 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
83.229.32.137 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
83.229.32.138 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
91.245.255.170 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

TouchVPN. I've lost the DNS for these, but I can retrieve them again if needed. Spur identifies them and only the first 2 are on a residential range. MarioGom (talk) 08:39, 18 March 2021 (UTC)

Hardblocked most of the individual IPs, softblocked the colos, hardblocked Private Layer since they look more than a little sketchy. GeneralNotability (talk) 02:21, 22 March 2021 (UTC)

175.158.49.123

{{proxycheckstatus}}

175.158.49.123 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: A new IP that has been adding improper categories to articles, e.g. [1]. Normchou💬 17:22, 22 March 2021 (UTC)

This is Red X not currently an open proxy. Spur and IPQS are flagging and there has been problematic activity originating from this IP in the past, but I think we might be looking at a shared IP that has some problematic hosts behind it. The traffic from both the individual IP and the range is consistent with the geolocation, which is an additional indicator that whoever is using it is not on a proxy. Closing. Blablubbs|talk 19:15, 22 March 2021 (UTC)

IPVanish

{{proxycheckstatus}}

198.181.163.0/24 · contribs · block · log · stalk · Robtex · whois · Google (full range is IPVanish, see Mudhook Marketing Inc on whois, global block expiring this year)
194.88.143.4 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
194.88.143.6 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
194.88.143.8 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
194.88.143.10 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
194.88.143.12 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
194.88.143.14 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
194.88.143.16 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
  • Range: 194.88.143.0/24 (kgovps)
  • Range: 194.88.142.0/23 (HostRoyale)
  • The even IPs are IPVanish, the missing odd IPs in the middle are WLVPN, which is the same parent company (NetProtect). I didn't scan the scan the /24 range though.

IPVanish round. MarioGom (talk) 10:26, 23 March 2021 (UTC)

Hardblocked both ranges. GeneralNotability (talk) 01:08, 26 March 2021 (UTC)

89.187.179.57

{{proxycheckstatus}}

89.187.179.57 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
108.62.49.129 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
209.58.142.158 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
185.230.126.3 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Proton VPN. Must be a proxy as I made this report while using it.--- Possibly (talk) 19:44, 26 March 2021 (UTC)

Possibly, this range has been hardblocked both globally and locally since December – are you sure you have your VPN turned on? Blablubbs|talk 21:23, 26 March 2021 (UTC)
@Blablubbs: There's always the chance that it was malfunctioning, but it said it was active and that I was connected via 89.187.179.57. A checkuser can confirm this by looking at the IP for my first edit here. .--- Possibly (talk) 22:00, 26 March 2021 (UTC)
I added another from Proton that also allows me to edit (108.62.49.129)... very curious. whatismyipaddress.com also confirms 108.62.49.129 is my IP.--- Possibly (talk) 22:03, 26 March 2021 (UTC)
And this edit made with a third Proton VPN IP, also confirmed via whatismyipaddress.com: 209.58.142.158. Obviously I have hit the magic bit or something.--- Possibly (talk) 22:10, 26 March 2021 (UTC)
Possibly, uh, yeah, all of those are hardblocked. I'm going to whistle up a checkuser to see if you're actually going through those IPs. GeneralNotability (talk) 00:59, 27 March 2021 (UTC)
good idea. --- Possibly (talk) 01:08, 27 March 2021 (UTC)
I'm looking. EdJohnston (talk) 02:19, 27 March 2021 (UTC)
All the rangeblocks appear to be working as designed. Note that a hardblock of an IP doesn't keep you from logging in, it only keeps you from making any edits through that IP. User:Possibly, my guess is that the tools you are using do not report correctly the actual IP you are using to edit Wikipedia. I reviewed one of the IPs in detail and all I could see were user sign-ins (which are not blocked), and edits by people who were IP-block exempt. EdJohnston (talk) 02:33, 27 March 2021 (UTC)
@EdJohnston: Thanks. I still think something funny is happening, because this reply is coming to you from 185.230.126.3, which is a Sencca Ohio IP via Proton VPN. I'm in Montreal. --- Possibly (talk) 02:38, 27 March 2021 (UTC)
Not from what I can see. EdJohnston (talk) 02:42, 27 March 2021 (UTC)
Thanks. As far as I can tell, Proton is routing Wikipedia traffic directly, even if the VPN is on. Good for them. 184.162.187.170 (talk) 03:00, 27 March 2021 (UTC) yes that was me with VPN on.--- Possibly (talk) 03:01, 27 March 2021 (UTC)
 Check declined by a checkuser - per my understanding of the local checkuser policy, we cannot publicly reveal an account's IP even by the accountholder's request (this is a difference from the global policy). I would have suggested trying to edit logged out to see what IP you're actually connecting to Wikipedia with, but it looks like you've already done that. Ivanvector (Talk/Edits) 12:49, 27 March 2021 (UTC)
I'm going to close this - every reported IP is both locally and globally blocked, this looks more like some kind of weird routing/VPN issues on Possibly's end. GeneralNotability (talk) 21:56, 27 March 2021 (UTC)

ExpressVPN (II)

{{proxycheckstatus}}

45.41.180.0/24 · contribs · block · log · stalk · Robtex · whois · Google
  • This is LeaseWeb, all IPs that edited are ExpressVPN.
  • 45.41.128.0/18 is Web2Objects, which is quite obscure but always related to different VPN providers.
64.140.160.234/29 · contribs · block · log · stalk · Robtex · whois · Google

New ExpressVPN batch. MarioGom (talk) 08:21, 27 March 2021 (UTC)

Blocks applied. GeneralNotability (talk) 01:26, 31 March 2021 (UTC)

103.2.198.0/24

{{proxycheckstatus}}

103.2.198.71 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.2.198.72 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
  • Host: aus-melbourne.privacy.network (Private Internet Access)
  • Range: 103.2.198.0/24 Servers Australia Pty. Ltd serversaustralia.com.au

Unblocked Private Internet Access (VPN service) IPs. MarioGom (talk) 13:38, 27 March 2021 (UTC)

Other IPs in the range that edited recently are PIA too. MarioGom (talk) 13:40, 27 March 2021 (UTC)
Hardblocked the range, there were enough VPN endpoints in there. GeneralNotability (talk) 21:43, 27 March 2021 (UTC)

95.175.104.51

{{proxycheckstatus}}

95.175.104.51 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
95.175.104.51 (talk) 12:19, 30 March 2021 (UTC)

Reason: (This is a VPN address and it should been blocked. Please check the whole ip range of this.) 95.175.104.51 (talk) 12:19, 30 March 2021 (UTC)

Example this ip 95.175.104.30. --95.175.104.30 (talk) 12:39, 30 March 2021 (UTC)
And this 95.175.104.196. --95.175.104.196 (talk) 12:41, 30 March 2021 (UTC)
Thanks for, uh, reporting yourself, I guess? Hardblocked the /24, belongs to Freedome. GeneralNotability (talk) 02:07, 31 March 2021 (UTC)

Phantom Avira VPN

{{proxycheckstatus}}

195.191.241.12 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ch.phantom.avira-vpn.com
85.194.243.137 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan pl.phantom.avira-vpn.com

Unblocked Phantom Avira VPN servers. MarioGom (talk) 08:40, 2 April 2021 (UTC)

Blocked both. GeneralNotability (talk) 23:20, 3 April 2021 (UTC)

Flow VPN

{{proxycheckstatus}}

Unblocked Flow VPN IPs
103.115.164.116 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
114.46.66.74 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
124.109.0.5 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
132.226.224.132 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
140.238.13.177 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
152.67.211.67 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
158.101.142.145 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
158.101.152.214 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
179.50.78.194 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
185.133.208.85 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
188.94.75.181 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
194.182.89.26 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
194.36.45.35 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
195.231.71.237 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
200.122.128.152 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
210.1.226.50 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.143.131.218 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
37.46.83.159 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
43.225.108.85 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
43.225.110.97 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
45.137.217.163 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
45.152.70.206 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
45.155.225.185 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
91.230.110.74 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
95.59.26.65 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Here's all the unblocked Flow VPN addresses. I think it has been used by a UPE sockfarm and it was mostly unblocked. Let me know if you would prefer a report about the parent ranges. MarioGom (talk) 16:42, 5 April 2021 (UTC)

Ooops. I've noticed there's some stale data in this report. I'll clean it up with better verification. MarioGom (talk) 16:46, 5 April 2021 (UTC)
Done. Removed IPs that were positively fingerprinted in the past but which do not present the fingerprint right now. MarioGom (talk) 16:51, 5 April 2021 (UTC)
Bagged the lot. GeneralNotability (talk) 18:43, 10 April 2021 (UTC)

SurfShark (II)

{{proxycheckstatus}}

SurfShark
27.131.138.174 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
27.131.138.175 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
27.131.138.176 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
27.131.138.177 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
  • The /18 range is kirz.com, I'm not sure if it's blockable.
41.208.72.157 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
41.208.72.159 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
41.208.72.204 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
41.208.72.208 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
  • Parent range seems to be residential.
91.219.215.0/24 · contribs · block · log · stalk · Robtex · whois · Google
  • M247 with many SurfShark IPs
91.245.254.0/24 · contribs · block · log · stalk · Robtex · whois · Google
  • M247, almost every IP is SurfShark
95.57.207.195 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
95.57.207.200 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
95.57.207.201 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
95.57.207.202 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
95.57.207.203 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
95.57.207.204 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
95.57.207.205 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
95.57.207.206 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
  • Range: 95.57.207.192/28 apparently colocation provider, but can't be sure
95.111.253.63 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
95.111.253.64 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
95.111.253.65 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
95.111.253.66 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
  • Range: 95.111.252.0/23
  • Range: 95.111.240.0/20 (Contabo, VPS/DS)
103.39.132.187 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.39.132.188 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.39.132.189 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.39.132.190 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
139.28.176.0/24 · contribs · block · log · stalk · Robtex · whois · Google
  • M247, many SurfShark IPs across the range
192.158.224.110 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
192.158.224.111 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
192.158.224.112 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
192.158.224.113 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
217.148.143.211 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
217.148.143.212 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
217.148.143.213 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
217.148.143.214 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
217.148.143.219 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
217.148.143.220 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
217.148.143.221 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
217.148.143.222 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Another SurfShark round. MarioGom (talk) 16:57, 27 March 2021 (UTC)

Blocked. GeneralNotability (talk) 01:46, 18 April 2021 (UTC)

211.72.35.152

{{proxycheckstatus}}

211.72.35.152 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

According to Spur, this is a SockHub proxy. It is a malware network. If you check details on Shodan, it clearly appears to be a compromised web server (e.g. many ports open, including a MySQL server) on a residential network. It seems it runs an open shadowsocks proxy. MarioGom (talk) 08:24, 13 April 2021 (UTC)

Spur's not showing that for me, and there are indeed a lot of ports but I don't see anything clearly proxyish. Closing. GeneralNotability (talk) 01:51, 18 April 2021 (UTC)

83.136.106.119

{{proxycheckstatus}}

83.136.106.119 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (Uvpn, see Spur)
83.136.106.0/24 · contribs · block · log · stalk · Robtex · whois · Google (SeFlow hosting)

Active Uvpn node. The /24 should be ok to block. MarioGom (talk) 19:58, 15 April 2021 (UTC)

Done. GeneralNotability (talk) 02:06, 18 April 2021 (UTC)

101.99.64.65

{{proxycheckstatus}}

101.99.64.65 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Astrill VPN node (see Spur). MarioGom (talk) 17:37, 17 April 2021 (UTC)

This is shinjiru, a webhosting provider. I went through – the entire ASN is good to whack, it's all this provider. Pink clock Awaiting administrative action – please block the lot. While they do offer colocation, they also host VPNs and there has been abuse of these ranges by socks see (Wikipedia:Sockpuppet investigations/Lesbianadvocate), so I'd go with hardblocks (especially because positions on whether to soft- or hardblock mixed webhost/colo ranges seem to vary widely in the first place). Blablubbs|talk 23:20, 19 April 2021 (UTC)
Done. GeneralNotability (talk) 02:14, 20 April 2021 (UTC)

WorldVPN

{{proxycheckstatus}}

153.92.127.152 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan nl8.ocservvpn.com
160.119.249.252 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan za1.ocservvpn.com
188.213.161.98 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan it6.ocservvpn.com
212.237.15.100 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan it7.ocservvpn.com
212.237.19.59 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan it1.ocservvpn.com
31.220.30.209 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us22.ocservvpn.com
31.220.30.210 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us16.ocservvpn.com
31.220.30.217 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us25.ocservvpn.com
31.220.30.231 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us54.ocservvpn.com
31.220.30.233 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us35.ocservvpn.com
31.220.30.234 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us37.ocservvpn.com
31.220.30.242 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us86.ocservvpn.com
31.220.30.250 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us85.ocservvpn.com
45.67.218.131 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us18.ocservvpn.com
45.67.218.133 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us24.ocservvpn.com
45.67.218.137 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us38.ocservvpn.com
45.67.218.13 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us13.ocservvpn.com
45.67.218.140 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us30.ocservvpn.com
45.67.218.141 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us29.ocservvpn.com
45.67.219.140 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us19.ocservvpn.com
45.67.219.38 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us32.ocservvpn.com
45.67.219.39 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us11.ocservvpn.com
45.67.219.72 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us64.ocservvpn.com
45.67.219.73 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us63.ocservvpn.com
45.67.219.74 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us62.ocservvpn.com
45.67.219.75 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us61.ocservvpn.com
45.67.219.79 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan us52.ocservvpn.com
5.34.183.101 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ua2.ocservvpn.com
5.34.183.151 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ua3.ocservvpn.com
77.73.66.184 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ru2.ocservvpn.com
77.73.66.18 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ru1.ocservvpn.com
77.81.230.14 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan it4.ocservvpn.com
80.211.162.141 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan it9.ocservvpn.com
93.186.255.177 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan it5.ocservvpn.com
94.177.163.36 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan it2.ocservvpn.com
94.177.164.168 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan it3.ocservvpn.com
94.242.59.31 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ru3.ocservvpn.com

Unblocked WorldVPN IPs. It seems there are also many ranges worth blocking here. MarioGom (talk) 17:17, 22 April 2021 (UTC)

Done. SQLQuery me! 21:11, 23 April 2021 (UTC)

154.5.245.195

{{proxycheckstatus}}

154.5.245.195 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Ipqualityscore believes this is a proxy. Spamhaus thinks it is a compromised device. Safari and Chrome, when asked to search for this IP, believe the site has a bad security certificate. EdJohnston (talk) 00:50, 28 April 2021 (UTC)

@EdJohnston: I'd call this  Likely based on a mix of various factors. Compromised device (more specifically, compromised router) seems like a good guess. Blablubbs|talk 07:19, 28 April 2021 (UTC)
Also shodan labels it as VPN, although that does not include which service. MarioGom (talk) 18:11, 28 April 2021 (UTC)
I would be inclined to hardblock for six months based on this feedback. EdJohnston (talk) 22:03, 28 April 2021 (UTC)
@EdJohnston: That sounds reasonable to me. Blablubbs|talk 22:07, 28 April 2021 (UTC)
Blocked six months. EdJohnston (talk) 22:24, 28 April 2021 (UTC)
Excellent. Closing. --Blablubbs|talk 22:27, 28 April 2021 (UTC)

103.120.228.44

{{proxycheckstatus}}

103.120.228.44 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Suspicious editing as only editor with substantial additions at Steve Starks, after it was created by a sockfarm that is known for using residential proxies (see COIN and SPI evidence) Bri.public (talk) 17:49, 28 April 2021 (UTC)

  •  In progress. --Blablubbs|talk 17:50, 28 April 2021 (UTC)
  • @Bri: This was a bit of a rabbit hole. Technical indicators and APIs say "probably not", but my gut says "probably yes", so I'll have to leave you with  Inconclusive. To explain what I mean by that: While this IP isn't being flagged anywhere, the behaviour does make it look suspicious, as does the ISP. The ASN belongs to "HONG KONG BRIDGE INFO-TECH LIMITED, HK", and the actual range is owned by "UNION FU WAH DIGITAL TECHNOLOGY LIMITED". The former seems to be a webshop selling networking equipment to business customers (you'll have to skip the cert error or believe me on that). For both, there is very little information – I talked to a Chinese speaker who didn't find much else either. The ISPs we are looking at are solidly in the "dodgy" category – other hosts on the ASN that have edits coming out of them are almost certainly webhosts ([2][3]) and might be running proxies, but I can't give you anything more than that on the ISP front. This specific device is a MikroTik router; they are cheap, ubiquitous, and have a good number of security issues. The edits coming out of the IP don't really seem consistent with the geographical location, and the sockfarm link is intriguing, even though this is not the type of proxy that this sockfarm is known to be on. From a purely technical standpoint however, I don't see anything that would make it clear farm this is indeed a proxy, and it might well not be; I'm closing this without action – if you're confident in the behavioural link, I'd consider taking this to SPI instead; the IP looks rather static, so it would likely be good for a long block. --Blablubbs|talk 18:47, 28 April 2021 (UTC)
  • Blocked the two  Confirmed IPs above, they seem to be most of the recent activity on the range - checked a couple older edits from the /24 and they aren't showing as proxies. GeneralNotability (talk) 23:07, 28 April 2021 (UTC)

66.244.236.246

{{proxycheckstatus}}

66.244.236.246 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Ipcheck says this IP is identified as: papers1.tricubemedia.com

“TriCube Media is a New Media company based out of Medicine Hat, Alberta offering web design and development as well as business building and branding services."

“At TriCube Media we offer a wide range of services such as web design and development, internet advertising, company branding and collateral design, multimedia presentations and more. We have all the tools needed for any size job, whether you are a small local business or a large company.”

Evidently this IP is not operated as an ISP serving end users, it is most likely a web host. The underlying ISP is Shaw Communications Inc. My guess is that this is a misconfigured business computer that is being used in unauthorized fashion as an open proxy. What spur.us says is:

  • "66.244.236.246 proxies traffic for residential or call-back proxy networks. The owner of 66.244.236.246 is likely unaware of this activity. There are not many devices that use 66.244.236.246. Our API or data feeds identify VPN, proxy and malware associations with 66.244.236.246."

Reason: Suspected open proxy. EdJohnston (talk) 01:37, 29 April 2021 (UTC)

  • @EdJohnston: I'm going to call it very  Unlikely that the people using this IP on WP are on proxy. It is true that the device(s) behind the IP tunnel(s) traffic for some callback networks, but those specific networks are not the type that are frequently going to be used for proxying on Wikipedia. The actual IP is indeed owned by Tricube though (sublet from Shaw's business branch), and I'll go out on a limb and say that if there are accounts on them that are editing in a COI-ish manner and don't have big disclosure notices on their userpages, they should probably be indeffed. IP, if you're reading, you should probably uninstall some apps. Closing. --Blablubbs|talk 11:09, 29 April 2021 (UTC)

Some Astrill VPN nodes

{{proxycheckstatus}}

38.107.114.10 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
210.3.160.226 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
60.249.94.199 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
212.13.66.35 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
79.172.193.80 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
134.73.239.70 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Yet another Astrill VPN server used by Lesbianadvocate sockfarm. MarioGom (talk) 19:08, 29 April 2021 (UTC)

Added one more. MarioGom (talk) 19:09, 29 April 2021 (UTC)
And one more. MarioGom (talk) 19:10, 29 April 2021 (UTC)
And one more. Sorry for the premature report. I'll file a separate report once I get another full batch. MarioGom (talk) 19:17, 29 April 2021 (UTC)
And two more. I think that will be it at the moment. MarioGom (talk) 19:39, 29 April 2021 (UTC)
 In progress. IPs are all Astrill, going to go look for blockable webhosts. --Blablubbs|talk 20:18, 29 April 2021 (UTC)
134.73.239.70 is already blocked, I think, labeled as a colo...? - Bri.public (talk) 20:25, 29 April 2021 (UTC)
A quick ASN dive found the following three blockable webhost ranges, some riddled with proxies:
Pink clock Awaiting administrative action Please hardblock all individual IPs and the ranges for two years each. @Bri.public: Yep, already caught up in a rangeblock, but probably still good to note it here. --Blablubbs|talk 20:35, 29 April 2021 (UTC)
Hardblocked the IPs, rangeblocked the hosts, too lazy to hit the full Szevernet ASN. GeneralNotability (talk) 21:58, 29 April 2021 (UTC)

158.140.187.211

{{proxycheckstatus}}

158.140.187.211 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: I just blocked this individual IP. Geolocate said it was likely a proxy. EvergreenFir (talk) 03:03, 30 April 2021 (UTC)

182.54.236.190

{{proxycheckstatus}}

182.54.236.190 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

An apparent webhost ("Virtual Private Server (VPS) Hosting Services") owned by GPLHost LLC. Giving several positive results for VPN or proxy at IPcheck. 182.54.236.0/24 previously blocked as a webhost. --Malcolmxl5 (talk) 18:34, 3 May 2021 (UTC)

@Malcolmxl5: This is a  Confirmed UrbanVPN node. Pink clock Awaiting administrative action: Please hardblock 182.54.236.0/24 (talk+ · tag · contribs · filter log · WHOIS · RBLs · proxy check · block user · block log · cross-wiki contribs · CheckUser (log)) for 3 years. --Blablubbs|talk 10:46, 5 May 2021 (UTC)
 Done --Malcolmxl5 (talk) 10:55, 5 May 2021 (UTC)
Thanks, closing. --Blablubbs|talk 11:02, 5 May 2021 (UTC)

93.177.116.0/23

{{proxycheckstatus}}

93.177.116.0/23 · contribs · block · log · stalk · Robtex · whois · Google

Fine VPN. See Spur and Whois. Please, hardblock the range. MarioGom (talk) 20:40, 1 May 2021 (UTC)

 Confirmed, and I concur. Pink clock Awaiting administrative action: Please hardblock the range for three years. The rest of the ASN is already dealt with. --Blablubbs|talk 10:36, 5 May 2021 (UTC)
 Done --Malcolmxl5 (talk) 21:59, 5 May 2021 (UTC)
Thanks. Closing. --Blablubbs|talk 23:28, 5 May 2021 (UTC)

162.253.133.103+

{{proxycheckstatus}}

66.185.22.77 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
162.253.133.102 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
162.253.133.103 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.206.133.72 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.206.134.106 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

5 IPs with similar behavior on the same article, whois points to a "rent-a-mac" colocation host (https://macminivault.com) and/or CyberLynk, some IPs blocked on other wikis as open proxies. ~ANM🐁 T·C 02:21, 4 May 2021 (UTC)

 In progress. --Blablubbs|talk 10:15, 5 May 2021 (UTC)
These are indeed all macminivault ranges, and all sublet from Cyberlink. MMV is essentially a dedicated server provider and should be hardblocked as such, though I do not think that this is necessarily a deliberate attempt at anonymisation. Cyberlink does both Colocation and Webhosting. Pink clock Awaiting administrative action: The following are macminivault ranges and should be hardblocked:
The following are other cyberlink ranges that have edits coming out of them, including abusive ones. If someone has the time to do the entire ASN (see here) that's good as well. Whether you hand out soft- or hardblocks is a matter of preference (if they are hard, the above ranges can be left alone, otherwise those subranges will have to be reinforced as separate hardblocks):
--Blablubbs|talk 10:35, 5 May 2021 (UTC)
Bagged macminivault and Cyberlynk. GeneralNotability (talk) 23:33, 5 May 2021 (UTC)

ZenMate

{{proxycheckstatus}}

146.70.13.0/16 · contribs · block · log · stalk · Robtex · whois · Google

Reason: ZenMate proxy. Anon-block may be more preferable at the moment. 146.70.13.8 (talk) 09:37, 5 May 2021 (UTC)

 Confirmed VPN (Zenmate/Cyberghost) per SSL fingerprint. There are multiple such hosts on the range, which appears to be 146.70.13.0/24 (talk+ · tag · contribs · filter log · WHOIS · RBLs · proxy check · block user · block log · cross-wiki contribs · CheckUser (log)) as opposed to a /16. The range is infested and M247 is VPN-heavy, so I don't see the need to stick with an anon-block; Pink clock Awaiting administrative action please hardblock the /24 for 3 years. Cc @Jon Kolbert: You may want to gblock this one as well. --Blablubbs|talk 10:13, 5 May 2021 (UTC)
Hardblocked the range. gblocked, too. Closing. GeneralNotability (talk) 23:28, 5 May 2021 (UTC)

TunnelBear (II)

{{proxycheckstatus}}

212.44.120.248 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com
212.44.120.229 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com
212.44.120.230 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com
212.44.120.237 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com
212.44.120.231 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com
212.44.120.245 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com
212.44.120.233 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com
212.44.120.239 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com
212.44.120.249 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com
212.44.120.246 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com
212.44.120.234 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com
212.44.120.250 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com
212.44.120.247 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com
212.44.120.240 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com
212.44.120.241 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com
212.44.120.232 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com
212.44.120.238 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com
212.44.120.242 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan si.lazerpenguin.com

212.44.112.0/20 should be good for a block (DHH hosting). MarioGom (talk) 18:10, 6 May 2021 (UTC)

Yep, that 20 is full of Tunnelbear. Pink clock Awaiting administrative action: Please hardblock 212.44.112.0/20 (talk+ · tag · contribs · filter log · WHOIS · RBLs · proxy check · block user · block log · cross-wiki contribs · CheckUser (log)) for two years. --Blablubbs|talk 12:02, 7 May 2021 (UTC)
 Done SQLQuery me! 02:26, 10 May 2021 (UTC)

ExpressVPN (III)

{{proxycheckstatus}}

136.144.33.183 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan usa-losangeles-1-ca-version-2.expressnetw.com
136.144.33.98 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan usa-losangeles-1-ca-version-2.expressnetw.com
95.214.235.58 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ukraine-ca-version-2.expressnetw.com
95.214.235.51 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ukraine-ca-version-2.expressnetw.com
191.101.177.139 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan usa-losangeles-2-ca-version-2.expressnetw.com
191.101.177.145 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan usa-losangeles-2-ca-version-2.expressnetw.com
91.213.233.146 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan kyrgyzstan-ca-version-2.expressnetw.com
91.213.233.57 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan kyrgyzstan-ca-version-2.expressnetw.com

Unblocked ExpressVPN nodes. MarioGom (talk) 18:13, 6 May 2021 (UTC)

 Done SQLQuery me! 02:24, 10 May 2021 (UTC)

27.55.80.36,27.55.90.44

{{proxycheckstatus}}

27.55.80.36 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
27.55.90.44 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Saw on my Huggle session today that there were these two IPs that displayed similar behavior. I was wondering if it would be possible to check if they're related. CyanoTex (talk) 22:28, 9 May 2021 (UTC)

IPs are Red X not proxies; they are however related in the sense that they're on the same range (27.55.80.0/20 (talk+ · tag · contribs · filter log · WHOIS · RBLs · proxy check · block user · block log · cross-wiki contribs · CheckUser (log))). Closing. --Blablubbs|talk 08:42, 10 May 2021 (UTC)
Thank you, Blablubbs.
I do suggest checking both of their edit histories, I couldn't help but notice a similar behavior between them. CyanoTex (talk) 11:57, 10 May 2021 (UTC)
CyanoTex, yes, they were most certainly used by the same person, but that does not make them proxies; some ISPs assign their IPs very dynamically, meaning that an individual user may go through a number of IP addresses in short periods of time. This is especially common for mobile internet connections, which is what we're looking at here. --Blablubbs|talk 12:04, 10 May 2021 (UTC)

Witopia (II)

{{proxycheckstatus}}

78.109.24.73 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan vpn.kiev.witopia.net
41.77.137.3 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan vpn.cairo.witopia.net

Unblocked Witopia exit nodes. MarioGom (talk) 18:09, 6 May 2021 (UTC)

 In progress. Checking for blockable ranges. --Blablubbs|talk 11:26, 7 May 2021 (UTC)
The above are both  Confirmed Witopia VPN nodes. The range for the first one belongs to a webhost from the "dodgy" category that has some other VPN nodes on its ranges, including Astrill. Hardblocks seem warranted; Pink clock Awaiting administrative action: Please hardblock
two years each. The other ASN is more annoying, and I'd have to look into that some more, however,
is CityNet Telecom. Egypt. Dedicated Servers. per WHOIS. Please hardblock that range for two years as well. --Blablubbs|talk 11:44, 7 May 2021 (UTC)}}
Hardblocked the lot. — Preceding unsigned comment added by GeneralNotability (talkcontribs) 00:23, 15 May 2021 (UTC)

37.236.140.19

{{proxycheckstatus}}

37.236.140.19 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Open Proxy per Proxy Api Checker -- LemonSlushie 🍋 (talk) (edits) 16:54, 10 May 2021 (UTC)

Spur says residential proxy, blocked for a month. GeneralNotability (talk) 00:25, 15 May 2021 (UTC)

HideMyAss

{{proxycheckstatus}}

198.134.108.66 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.108.67 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan in.us.hma.rocks
198.134.108.68 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.108.69 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.108.70 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.108.71 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.108.72 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.108.73 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.108.74 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.108.75 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.108.76 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.108.77 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.108.78 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.109.130 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.109.131 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan in.us.hma.rocks
198.134.109.132 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.109.133 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.109.134 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.109.135 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.109.136 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.109.137 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.109.138 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.109.139 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.109.140 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.109.141 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
198.134.109.142 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
154.3.222.162 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
154.3.222.163 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan ma.us.hma.rocks
154.3.222.164 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
154.3.222.165 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
154.3.222.166 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
154.3.222.167 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
204.15.110.130 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
204.15.110.131 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan wi.us.hma.rocks
204.15.110.132 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
204.15.110.133 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
204.15.110.134 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
204.15.110.135 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
204.15.110.162 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
204.15.110.163 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan wi.us.hma.rocks
204.15.110.164 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
204.15.110.165 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
204.15.110.166 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
204.15.110.167 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
31.3.152.118 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan se.hma.rocks
31.3.152.191 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
31.3.152.192 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan se.hma.rocks
31.3.152.193 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
31.3.152.194 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
31.3.152.195 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
31.3.152.196 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
31.3.152.197 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
31.3.152.198 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
31.3.152.199 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
31.3.152.200 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.2 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.3 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan nz.hma.rocks
103.76.164.4 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.5 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.6 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.7 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.8 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.9 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.10 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.11 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.12 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.13 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.14 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.18 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.19 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan nz.hma.rocks
103.76.164.20 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.21 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.22 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.23 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.24 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.25 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.26 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.27 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.28 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.29 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
103.76.164.30 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

My initial assessments of ISPs and ranges:

--MarioGom (talk) 17:37, 11 May 2021 (UTC)