Wikipedia:WikiProject on open proxies/Requests/Archives/44
This is an archive of past discussions about Wikipedia:WikiProject on open proxies. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current main page. |
PrivateVPN
{{proxycheckstatus}}
- 62.115.255.160/27 · contribs · block · log · stalk · Robtex · whois · Google
- 80.239.199.96/27 · contribs · block · log · stalk · Robtex · whois · Google
- 193.180.119.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 217.212.240.64/27 · contribs · block · log · stalk · Robtex · whois · Google
- 217.212.244.64/27 · contribs · block · log · stalk · Robtex · whois · Google
- 217.212.245.64/27 · contribs · block · log · stalk · Robtex · whois · Google
- 45.148.7.0/24 · contribs · block · log · stalk · Robtex · whois · Google
more info
|
---|
|
All these ranges are PrivateVPN. See whois in most of them (PVDATA, PVDATANET, Privat Kommunikation Sverige AB), Spur in the reported IPs (see collapsed box) and DNS records. MarioGom (talk) 21:24, 4 July 2021 (UTC)
- In progress, looking for blockable ranges. --Blablubbs (talk) 11:20, 28 July 2021 (UTC)
- Confirmed all. Awaiting administrative action – please hardblock all listed ranges for two years. The upstream provider (Telia) is mixed and too large for me to check. --Blablubbs (talk) 11:30, 28 July 2021 (UTC)
- All Done. --Malcolmxl5 (talk) 13:48, 28 July 2021 (UTC)
- Confirmed all. Awaiting administrative action – please hardblock all listed ranges for two years. The upstream provider (Telia) is mixed and too large for me to check. --Blablubbs (talk) 11:30, 28 July 2021 (UTC)
152.228.208.0/21
{{proxycheckstatus}}
- 152.228.208.0/21 · contribs · block · log · stalk · Robtex · whois · Google
- 152.228.210.107 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan · WorldVPN · fr2.ocservvpn.com
- 152.228.215.225 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan · WorldVPN · fr3.ocservvpn.com
OVH range hosting WorldVPN. Listing the narrower range found on whois (/21) instead of the wider (/17) which could contain residential subranges. MarioGom (talk) 21:33, 4 July 2021 (UTC)
- Handled. GeneralNotability (talk) 13:41, 17 July 2021 (UTC)
ProtonVPN (III)
{{proxycheckstatus}}
- 162.12.206.0/24 · contribs · block · log · stalk · Robtex · whois · Google · ASN: Serverion
- 194.31.97.0/24 · contribs · block · log · stalk · Robtex · whois · Google · ASN: Serverion
- 194.99.44.0/24 · contribs · block · log · stalk · Robtex · whois · Google · ASN: Serverion
- 46.20.152.0/24 · contribs · block · log · stalk · Robtex · whois · Google · ASN: Doratelekom
more info
|
---|
|
ProtonVPN nodes. The Serverion ranges should be good to hardblock based on previous blocks. I'm not sure about the Doratelekom range. All individual IPs are listed in the collapsed section. MarioGom (talk) 23:06, 4 July 2021 (UTC)
- Handled. GeneralNotability (talk) 13:37, 17 July 2021 (UTC)
91.149.252.0/24
{{proxycheckstatus}}
Windscribe VPN. See whois, also DNS for ca.windscribe.com and aq.windscribe.com. Active vandalism today. MarioGom (talk) 16:31, 16 July 2021 (UTC)
14.192.215.62
{{proxycheckstatus}}
- 14.192.215.62 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
OpenVPN IP. Firestar464 (talk) 12:06, 21 July 2021 (UTC)
Self admitted. --Firestar464 (talk) 06:20, 22 July 2021 (UTC)
- Highly likely. Spur is flagging as vpngate and it's lighting up other proxy detection services (plus the admission), but it lacks the two known signatures for that provider. Awaiting administrative action – the IP is already gblocked, but please reinforce with a local hardblock (expiry 21 July 2022, 13:31) to match the global one. This is a mixed range, nothing else immediately visible. --Blablubbs (talk) 09:01, 22 July 2021 (UTC)
- Done --Malcolmxl5 (talk) 12:05, 28 July 2021 (UTC)
149.14.226.240/29
{{proxycheckstatus}}
Astrill VPN (AKA Veloxee Corp), see whois. Also see spur. The range is new and has no contributions yet, but given the amount of abuse we see from Astrill, I'd recommend hard-blocking. MarioGom (talk) 16:56, 23 July 2021 (UTC)
- Confirmed, and Mario is spot on as usual. The upstream ISP is Cogent, so an ASN dive won't be possible. Awaiting administrative action – please hardblock the range for two years. Thanks. --Blablubbs (talk) 10:32, 28 July 2021 (UTC)
- Done --Malcolmxl5 (talk) 12:01, 28 July 2021 (UTC)
41.254.65.39
{{proxycheckstatus}}
- 41.254.65.39 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Out-of-the blue Libyan IP makes geeky requests, this one in particular looking rather suspicious. IPQS screams bloody murder, but having been guilty of bad judgement in some recent cases, I'm calling on your expertise. Favonian (talk) 17:40, 26 July 2021 (UTC)
- (Non-verified user here) The IP is currently a node for a residential proxy network (verified with spur API), but it's also likely some kind of gateway. That is, long blocks will be ineffective, and it's possible that there's collateral damage if hardblocked. Some other recent IPs in the range (see 41.254.65.0/24) seem to be the same person, and are currently part of the same residential proxy network. MarioGom (talk) 18:21, 26 July 2021 (UTC)
- In progress. --Blablubbs (talk) 20:18, 26 July 2021 (UTC)
- @Favonian: Somewhere between Unlikely and Inconclusive. The interest in Indiana public TV stations etc. that can be found on the range is strange, and there is a fair amount of proxies on the continent. However, the only technical signature I can see is a residential proxy service that's far more likely to be bought by companies for data scraping than by individuals for anonymising their browsing traffic. It's possible, but it's far too expensive for most people. There is a non-negligible chance that there is something else running, but if there is, it's not something I can easily get a read on. Closing without action. --Blablubbs (talk) 20:32, 26 July 2021 (UTC)
- Thanks, MarioGom and Blablubbs! I'll put a lid on my bloodthirst and abstain in sullen resentment from taking action on the sneaky so-and-so's RfPP requests. Favonian (talk) 21:38, 26 July 2021 (UTC)
- @Favonian: Somewhere between Unlikely and Inconclusive. The interest in Indiana public TV stations etc. that can be found on the range is strange, and there is a fair amount of proxies on the continent. However, the only technical signature I can see is a residential proxy service that's far more likely to be bought by companies for data scraping than by individuals for anonymising their browsing traffic. It's possible, but it's far too expensive for most people. There is a non-negligible chance that there is something else running, but if there is, it's not something I can easily get a read on. Closing without action. --Blablubbs (talk) 20:32, 26 July 2021 (UTC)
94.140.8.0/24
{{proxycheckstatus}}
Nord VPN, see whois and spur. Vandalizing right now. MarioGom (talk) 18:55, 26 July 2021 (UTC)
- Confirmed. Awaiting administrative action – please hardblock the range for two years. Thanks. --Blablubbs (talk) 10:30, 28 July 2021 (UTC)
- Done --Malcolmxl5 (talk) 11:59, 28 July 2021 (UTC)
185.5.46.1
{{proxycheckstatus}}
- 185.5.46.1 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Anonine VPN – see spur. Mojoworker (talk) 05:31, 28 July 2021 (UTC)
The /25 is mostly VPN servers, see results from spur:
--MarioGom (talk) 10:11, 28 July 2021 (UTC)
- Thank you both. Confirmed. Awaiting administrative action – please hardblock for two years. The rest of the ASN is already blocked. --Blablubbs (talk) 10:29, 28 July 2021 (UTC)
- Done --Malcolmxl5 (talk) 11:56, 28 July 2021 (UTC)
129.187.244.28
{{proxycheckstatus}}
- 129.187.244.28 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Caught by proxycheck.io. Firestar464 (talk) 10:49, 30 July 2021 (UTC)
- Some services like proxycheck and IPQS are not very reliable. They conflate proxy flags of very different proxy types, and also maintain flags even long after an IP ceases to be a proxy. Spur, which is pretty reliable, does not currently flag this IP. Shodan shows nothing. I have scanned with ike-scan, which catches a lot of VPN, and nothing. I don't see any evidence suggesting this IP is a VPN right now. MarioGom (talk) 11:59, 30 July 2021 (UTC)
- Not a proxy, closing. --Blablubbs (talk) 12:05, 30 July 2021 (UTC)
Hide My Ip
{{proxycheckstatus}}
- 103.25.57.17 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 103.25.57.81 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 162.250.169.162 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.82.218.234 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 185.8.61.235 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 194.5.212.22 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 45.84.1.29 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 93.119.104.54 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 93.119.104.58 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Follow up to the previous Hide My IP report. These are unblocked IPs from their basic offering. MarioGom (talk) 19:54, 14 July 2021 (UTC)
- All Confirmed. I don't have time for a deep range dive, so there's probably more here. Awaiting administrative action: Please hardblock the following for two years each:
- (Ransom IT VPS Hosting)
- 4goodhosting) (
- itldc hosting) (
- cloudhosting LV, they do colocation as well, but my rule of thumb is "ranges with proxies on them are usually fine to hardblock". The underlying could use a soft- or hardblock as well, as could most ranges in the ASN (
- (M247)
- PQ Hosting) (
- Virtono) (
- Other Virtono ranges:
- Thanks. --Blablubbs (talk) 13:58, 15 July 2021 (UTC)
- I’ve blocked all of these except
The underlying 185.8.60.0/22 (talk+ · tag · contribs · filter log · WHOIS · RBLs · proxy check · block user · block log · cross-wiki contribs) could use a soft- or hardblock as well, as could most ranges in the ASN
, which someone else needs to look into. --Malcolmxl5 (talk) 16:08, 1 August 2021 (UTC)- About this /22, here's a VPN node outside the initially reported /24: 185.8.60.29 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan. MarioGom (talk) 07:18, 5 August 2021 (UTC)
- That looks straightforward enough. I’ve hardblocked it for two years. --Malcolmxl5 (talk) 10:37, 6 August 2021 (UTC)
- Thanks! I think this could be closed already. MarioGom (talk) 13:18, 6 August 2021 (UTC)
- Yeah, probably fine to leave the range alone for now, as long as we get the confirmed VPN endpoints. Thank you both, closing. --Blablubbs (talk) 13:20, 6 August 2021 (UTC)
- Thanks! I think this could be closed already. MarioGom (talk) 13:18, 6 August 2021 (UTC)
- That looks straightforward enough. I’ve hardblocked it for two years. --Malcolmxl5 (talk) 10:37, 6 August 2021 (UTC)
- About this /22, here's a VPN node outside the initially reported /24: 185.8.60.29 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan. MarioGom (talk) 07:18, 5 August 2021 (UTC)
- I’ve blocked all of these except
193.111.61.165
{{proxycheckstatus}}
- 193.111.61.165 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
VPN Point. This exit node seems to be used by a cross-wiki UPE sockfarm (Çelebicihan). Other exit nodes seem to be caught by coloblocks already. See spur. Also there is a somewhat reliable fingerprint visible in shodan. MarioGom (talk) 18:05, 1 August 2021 (UTC)
- In progress. --Blablubbs (talk) 13:21, 6 August 2021 (UTC)
- Confirmed, and I'll throw in some additional dodgy hosting ranges for free:
- 193.111.60.0/22 · contribs · block · log · stalk · Robtex · whois · Google –
VPS-UA-NET2
- 31.131.16.0/20 · contribs · block · log · stalk · Robtex · whois · Google –
VPS-UA
- 45.83.192.0/24 · contribs · block · log · stalk · Robtex · whois · Google –
NL-TWINSERVERS
; can't find much about that one, but that's usually not a good sign and the ASN description isVPS-UA-AS, UA
again - 45.94.156.0/24 · contribs · block · log · stalk · Robtex · whois · Google –
UA-HOSTIQ
, see [1]
- 193.111.60.0/22 · contribs · block · log · stalk · Robtex · whois · Google –
- Awaiting administrative action – please hardblock all ranges above for two years. Thanks. --Blablubbs (talk) 13:29, 6 August 2021 (UTC)
- Done --Malcolmxl5 (talk) 21:56, 6 August 2021 (UTC)
- Confirmed, and I'll throw in some additional dodgy hosting ranges for free:
M247
{{proxycheckstatus}}
- 185.252.221.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 194.5.213.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 194.5.214.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 217.148.141.0/24 · contribs · block · log · stalk · Robtex · whois · Google
A few M247 ranges that were not caught by ASNBlock and have active VPNs.. MarioGom (talk) 21:09, 1 August 2021 (UTC)
- In progress. Looks like there's some more unblocked stuff on ASN 9009 that deserves a look. --Blablubbs (talk) 13:39, 6 August 2021 (UTC)
- The above are all M247 with a bunch of VPN nodes on them. The first one is already blocked. I'll also throw in three ranges that are already gblocked, but should be reinforced since our IPBE granting requirements can differ.
- Awaiting administrative action – please hardblock the three unblocked ranges from the filing, plus the ones I listed for two years each. Thanks. --Blablubbs (talk) 13:47, 6 August 2021 (UTC)
- Done --Malcolmxl5 (talk) 22:02, 6 August 2021 (UTC)
NordVPN (II)
{{proxycheckstatus}}
- 192.145.119.0/24 · contribs · block · log · stalk · Robtex · whois · Google (all NordVPN, see whois, PacketHub)
- 185.65.50.0/24 · contribs · block · log · stalk · Robtex · whois · Google (PacketHub, mostly blocked colo, NordVPN at 185.65.50.11, 185.65.50.17, 185.65.50.23, 185.65.50.29, 185.65.50.35)
- 195.216.219.0/25 · contribs · block · log · stalk · Robtex · whois · Google (PacketHub, NordVPN at 195.216.219.121)
- 195.216.219.128/25 · contribs · block · log · stalk · Robtex · whois · Google (PacketHub, NordVPN on many addresses from 195.216.219.129 to 195.216.219.155).
Unblocked NordVPN ranges. MarioGom (talk) 21:52, 1 August 2021 (UTC)
- In progress. --Blablubbs (talk) 10:47, 13 August 2021 (UTC)
- All Confirmed; no range check possible, unfortunately, but I have some ideas there – @MarioGom: I'll hit you up off-wiki. In the meantime: Awaiting administrative action – please hardblock the fist two plus 195.216.219.0/24 · contribs · block · log · stalk · Robtex · whois · Google, which covers the two /25s at the bottom, for two years each. --Blablubbs (talk) 10:50, 13 August 2021 (UTC)
- Done --Malcolmxl5 (talk) 13:28, 13 August 2021 (UTC)
- All Confirmed; no range check possible, unfortunately, but I have some ideas there – @MarioGom: I'll hit you up off-wiki. In the meantime: Awaiting administrative action – please hardblock the fist two plus 195.216.219.0/24 · contribs · block · log · stalk · Robtex · whois · Google, which covers the two /25s at the bottom, for two years each. --Blablubbs (talk) 10:50, 13 August 2021 (UTC)
5.63.151.76
{{proxycheckstatus}}
- 5.63.151.76 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan uk.torguardvpnaccess.com
TorGuard exit node. 5.63.151.72/29 · contribs · block · log · stalk · Robtex · whois · Google is probably good for a webhost block. MarioGom (talk) 22:48, 1 August 2021 (UTC)
- The entirety of 5.63.144.0/21 · contribs · block · log · stalk · Robtex · whois · Google is
Hosting Services Inc
, aka eu100tb hosting, which appears to be a VPS only provider. Awaiting administrative action – please harddblock it for two years. Thanks. --Blablubbs (talk) 10:57, 13 August 2021 (UTC)- Done I see 5.63.144.0/21 has been blocked multiple times. --Malcolmxl5 (talk) 13:35, 13 August 2021 (UTC)
154.17.22.58
{{proxycheckstatus}}
- 154.17.22.58 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: spammer, hostname host-by.dmit.io. cursory web search on domain name returns "DMIT - High Performance VM in DMIT.IO Cloud Infrastructure" ☆ Bri (talk) 14:26, 6 August 2021 (UTC)
- Confirmed VPS, along with the rest of 154.17.0.0/19 · contribs · block · log · stalk · Robtex · whois · Google (dmit.io, not seeing any colo offerings). No VPN service signature immediately visible. The rest of the ASN is already blocked. Awaiting administrative action – please hardblock the /19 for two years. Thanks. --Blablubbs (talk) 14:30, 6 August 2021 (UTC)
- Done --Malcolmxl5 (talk) 22:06, 6 August 2021 (UTC)
193.105.73.170
{{proxycheckstatus}}
- 193.105.73.170 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: I came across this self-confessed open proxy owned by BEHOSTINGS; host name resolves to diogenius.net. The range 193.105.73.160/27 has been globally blocked and I've hard blocked the range for two years on that basis but it may be worth checking out the ASN VERIXI SA - I think I see:
- Thgnet-Vps 128.127.180.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- Diogenius SPRL 109.69.218.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- THGNET-ITX2 185.192.44.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- THGNET-ITX1 185.192.45.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- Diogenius SPRL 193.105.133.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- Diogenius SPRL 193.138.101.0/24 · contribs · block · log · stalk · Robtex · whois · Google
Malcolmxl5 (talk) 12:17, 7 August 2021 (UTC)
- In progress. --Blablubbs (talk) 10:58, 13 August 2021 (UTC)
- The listed ranges are all confirmed to belong to BEhostings, the one IP on them that has edited logged-out is a VPN, and all are good to hardblock. VERIXI is a mixed provider, so this isn't the easiest ASN to search. Some of the ranges on the ASN are clearly not hosting, some I'm simply not sure about. I will however throw in
- Awaiting administrative action – please hardblock all ranges for two years. Thanks. --Blablubbs (talk) 11:15, 13 August 2021 (UTC)
- Done --Malcolmxl5 (talk) 13:44, 13 August 2021 (UTC)
Several
{{proxycheckstatus}}
- 41.36.35.247 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 213.166.77.9 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 197.239.91.241 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 154.62.180.122 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 160.177.234.226 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 119.73.112.16 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 154.232.46.56 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 102.41.170.240 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 41.37.239.214 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 173.76.23.85 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 41.45.224.136 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 41.204.44.235 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 196.170.103.184 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 111.88.112.9 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 24.76.105.82 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 184.146.38.102 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 85.250.178.53 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 93.173.75.187 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 196.170.74.182 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 102.137.102.238 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 197.133.111.173 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 41.142.162.197 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 95.70.154.105 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 156.223.183.228 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 160.176.189.69 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 41.13.114.213 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 154.177.139.53 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 95.158.49.148 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 105.196.223.68 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 77.91.136.105 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 91.148.156.186 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 190.219.207.49 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 65.18.127.93 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 14.192.213.86 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 95.53.18.176 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 49.144.14.219 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Numerous IPs edit warring on the articles Seagate Technology (edit | talk | history | protect | delete | links | watch | logs | views), Education in Northern Ireland (edit | talk | history | protect | delete | links | watch | logs | views) and Coolkeeragh power station (edit | talk | history | protect | delete | links | watch | logs | views), generally around the name of Derry but they also attempt to remove page protection requests to deal with their use of proxiess. FDW777 (talk) 16:13, 11 August 2021 (UTC)
- I'll keep adding as necessary, I won't bother updating the list of articles as it doesn't seem necessary. FDW777 (talk) 16:31, 11 August 2021 (UTC)
- Some of these are P2P proxies (perhaps they all are); all have been blocked for a week or two. --Malcolmxl5 (talk) 18:56, 11 August 2021 (UTC)
- Do I need to keep reporting them here for possible longer-term solutions? FDW777 (talk) 18:58, 11 August 2021 (UTC)
- If you don't mind, it would be helpful. I'm still trying to figure out what we are looking at, exactly. MarioGom (talk) 19:01, 11 August 2021 (UTC)
- That's no problem at all. 93.173.75.187 added (I'll add a note of what's been added now there's some replies). FDW777 (talk) 19:03, 11 August 2021 (UTC)
- 196.170.74.182 added. FDW777 (talk) 20:05, 11 August 2021 (UTC)
- 102.137.102.238 added. FDW777 (talk) 20:15, 11 August 2021 (UTC)
- 197.133.111.173 added. FDW777 (talk) 20:22, 11 August 2021 (UTC)
- 41.142.162.197 added. FDW777 (talk) 21:10, 11 August 2021 (UTC)
- 160.176.189.69 added. FDW777 (talk) 21:34, 11 August 2021 (UTC)
- 41.13.114.213 added. FDW777 (talk) 22:00, 11 August 2021 (UTC)
- 154.177.139.53 added. FDW777 (talk) 22:17, 11 August 2021 (UTC)
- I only had a cursory glance at the original handful of IPs a few hours ago, and from what I saw there (low confidence for now), I concur with both Mario and Maclolmxl5; this is most likely overwhelmingly P2P proxy usage, and more data is very much welcome. --Blablubbs (talk) 22:36, 11 August 2021 (UTC)
- Plus 95.158.49.148 and 105.196.223.68 --Malcolmxl5 (talk) 22:47, 11 August 2021 (UTC)
- If you don't mind, it would be helpful. I'm still trying to figure out what we are looking at, exactly. MarioGom (talk) 19:01, 11 August 2021 (UTC)
- Do I need to keep reporting them here for possible longer-term solutions? FDW777 (talk) 18:58, 11 August 2021 (UTC)
- Some of these are P2P proxies (perhaps they all are); all have been blocked for a week or two. --Malcolmxl5 (talk) 18:56, 11 August 2021 (UTC)
- 77.91.136.105 and 91.148.156.186 added. FDW777 (talk) 07:13, 12 August 2021 (UTC)
- 190.219.207.49, 65.18.127.93, 14.192.213.86 and 95.53.18.176 added. FDW777 (talk) 09:56, 12 August 2021 (UTC)
- And 49.144.14.219. FDW777 (talk) 10:01, 12 August 2021 (UTC)
Arbitrary break
- 62.74.5.139 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 180.246.16.101 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 85.194.199.215 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 51.253.55.211 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 124.106.150.104 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 180.178.188.98 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 157.42.17.95 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 188.252.196.176 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 180.195.80.123 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 78.81.155.24 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 171.4.227.53 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 112.201.129.251 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 45.229.80.77 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 201.219.103.44 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 223.204.251.254 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 171.100.22.23 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 62.201.192.153 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 118.101.50.67 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 89.28.75.15 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 201.207.239.132 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 216.215.64.198 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 49.228.224.75 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 177.228.6.114 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 218.173.148.222 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 163.47.148.161 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 49.148.117.188 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 190.69.53.36 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 181.199.31.113 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 202.137.135.242 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 58.69.117.72 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 45.4.132.84 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 191.98.180.196 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 75.88.16.45 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 2.75.156.19 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 123.231.109.103 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
And more. FDW777 (talk) 10:19, 12 August 2021 (UTC)
- I noticed one 91.148.156.186 that had been blocked twice before by ST47ProxyBot. --Malcolmxl5 (talk) 11:33, 12 August 2021 (UTC)
- 201.207.239.132 added. FDW777 (talk) 12:13, 12 August 2021 (UTC)
- + 216.215.64.198. --Malcolmxl5 (talk) 12:22, 12 August 2021 (UTC)
- Added 49.228.224.75. FDW777 (talk) 12:25, 12 August 2021 (UTC)
- Added 177.228.6.114 and 218.173.148.222. FDW777 (talk) 12:30, 12 August 2021 (UTC)
- Added 163.47.148.161. FDW777 (talk) 12:32, 12 August 2021 (UTC)
- Added 49.148.117.188 and 190.69.53.36. FDW777 (talk) 12:42, 12 August 2021 (UTC)
- Added 181.199.31.113. FDW777 (talk) 12:44, 12 August 2021 (UTC)
- Added 202.137.135.242. FDW777 (talk) 12:45, 12 August 2021 (UTC)
- Added 58.69.117.72. FDW777 (talk) 12:56, 12 August 2021 (UTC)
- Added 45.4.132.84. FDW777 (talk) 13:02, 12 August 2021 (UTC)
- Added 191.98.180.196. FDW777 (talk) 13:07, 12 August 2021 (UTC)
- Added 75.88.16.45. FDW777 (talk) 13:16, 12 August 2021 (UTC)
- Added 2.75.156.19. FDW777 (talk) 13:20, 12 August 2021 (UTC)
- + 123.231.109.103 --Malcolmxl5 (talk) 13:33, 12 August 2021 (UTC)
- Thanks FDW777 and Malcolmxl5. It is obvious it is a P2P proxy as you pointed out, and I think it is a service known to us (don't mention the name on wiki if you know, per WP:BEANS). It is quite frustrating that they are pulling this many unblocked IPs. Let's see if we can improve approach used by ST47ProxyBot. MarioGom (talk) 20:56, 12 August 2021 (UTC)
- Thank you all for your efforts, this provides us with a very helpful dataset. There isn't much left we can do here at WPOP, so I'll close this, but we will be using these for future research. --Blablubbs (talk) 10:46, 13 August 2021 (UTC)
185.198.243.0/24
{{proxycheckstatus}}
The /24 is a hosting company ([2]), it has at least 3 ExpressVPN nodes:
- 185.198.243.12 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan uk-berkshire-2-ca-version-2.expressnetw.com
- 185.198.243.73 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan uk-berkshire-2-ca-version-2.expressnetw.com
- 185.198.243.167 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (see spur)
The last one was already used for vandalism. MarioGom (talk) 21:17, 13 August 2021 (UTC)
- Confirmed, found another node on that range too. Awaiting administrative action – please block 185.198.243.0/24 · contribs · block · log · stalk · Robtex · whois · Google for two years. In addition, please consider reinforcing the block on 185.217.117.0/24 · contribs · block · log · stalk · Robtex · whois · Google with a local hardblock. Thanks. --Blablubbs (talk) 20:34, 14 August 2021 (UTC)
- Blocked the two /24 ranges for two years each per the above request. EdJohnston (talk) 20:46, 14 August 2021 (UTC)
- Thanks, closing. --Blablubbs (talk) 21:06, 14 August 2021 (UTC)
- Blocked the two /24 ranges for two years each per the above request. EdJohnston (talk) 20:46, 14 August 2021 (UTC)
- Confirmed, found another node on that range too. Awaiting administrative action – please block 185.198.243.0/24 · contribs · block · log · stalk · Robtex · whois · Google for two years. In addition, please consider reinforcing the block on 185.217.117.0/24 · contribs · block · log · stalk · Robtex · whois · Google with a local hardblock. Thanks. --Blablubbs (talk) 20:34, 14 August 2021 (UTC)
45.138.86.0/24
{{proxycheckstatus}}
Previous blocks in the ASN
|
---|
VPN nodes
|
---|
|
The range is primarily TunnelBear and CyberGhost. MarioGom (talk) 21:19, 13 August 2021 (UTC)
- Hardblocked the range. — Preceding unsigned comment added by GeneralNotability (talk • contribs) 13:11, 21 August 2021 (UTC)