Wikipedia:WikiProject on open proxies/Requests/Archives/50
This is an archive of past discussions about Wikipedia:WikiProject on open proxies. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current main page. |
65.151.155.241
{{proxycheckstatus}}
- 65.151.155.241 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 65.151.155.243 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: WHOIS reports "Network sharing device or proxy server"; Spur says "belongs to a call-back proxy network". Suspicious edits like https://en.wikipedia.org/w/index.php?title=Talk:HTTP_cookie&diff=prev&oldid=1145743447 ☆ Bri (talk) 16:28, 3 January 2024 (UTC)
- @Bri: IP is an open proxy, but not in active use: last edits were ~6mo ago, so I think no action is needed. If a passing admin wants to block I won't object though. — Mdaniels5757 (talk • contribs) 01:10, 4 January 2024 (UTC)
- @Mdaniels5757. These types of proxies are rarely blocked for more than a few days. As they have been inactive for months, I'm inclined take no action. Malcolmxl5 (talk) 23:53, 9 March 2024 (UTC)
- Closing with no action. --Malcolmxl5 (talk) 18:52, 19 March 2024 (UTC)
212.82.69.130
{{proxycheckstatus}}
- 212.82.69.130 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Made a unconstructive edit. Has a history of reverted edits. SPUR says Residental/Call-Back Proxy. Nobody (talk) 09:12, 5 March 2024 (UTC)
- It’s a school website with an open port 443, the default port for HTTPS, but the website is not secure. The contributions look like typical juvenile stuff rather than proxy use but I’ll block anyway. Malcolmxl5 (talk) 20:56, 23 March 2024 (UTC)
41.215.169.49
{{proxycheckstatus}}
- 41.215.169.49 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: ACC request - Looks to a CGNAT belonging to Airtel Ghana (mobile operator). If cannot unblock, please soften down to AO - RichT|C|E-Mail 23:25, 5 March 2024 (UTC)
- Unfortunately this seems to fall in the 'secret-sauce' portion of the bot, since it looks like there was spam activity in the past, but not seeing anything current, so would love some feedback from @ST47:. Q T C 23:25, 6 March 2024 (UTC)
- @Rich Smith@OverlordQ. The block has expired. Is there anything left to do? Malcolmxl5 (talk) 14:47, 24 March 2024 (UTC)
- Closing. The IP is not blocked. --Malcolmxl5 (talk) 10:01, 31 March 2024 (UTC)
161.69.57.14
{{proxycheckstatus}}
- 161.69.57.14 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: VPN according to proxycheck.io. Recent editing might be greenwashing of petroleum industry-related articles. ☆ Bri (talk) 19:37, 4 April 2024 (UTC)
- I’ve checked every IP in the range 16.69.0.0/16 since the beginning of the year and all of them resolve to MCAFEE WGCS VPN service with many being part of other proxy networks. I’ve blocked the /16 range for two years. Malcolmxl5 (talk) 21:24, 5 April 2024 (UTC)
193.187.88.0/24
{{proxycheckstatus}}
Reason: Flagged as proxy by GetIPIntel and IPHub. Firestar464 (talk) 23:25, 5 April 2024 (UTC)
- Has just been globally blocked as such. Firestar464 (talk) 23:28, 5 April 2024 (UTC)
- I’ve added a local block. --Malcolmxl5 (talk) 09:57, 6 April 2024 (UTC)
46.102.156.0/24 and 94.177.9.0/24
{{proxycheckstatus}}
- 46.102.156.0/24 · contribs · block · log · stalk · Robtex · whois · Google
- 94.177.9.0/24 · contribs · block · log · stalk · Robtex · whois · Google
https://www.alwyzon.com/en
Reason: Both ranges belong to Hohl IT e.U. aka (Alwyzon) which is an Austrian provider of dedicated servers. Matthew Tyler-Harrington (aka mth8412) (talk) 03:45, 22 June 2023 (UTC)
- Confirmed as to the ranges with "Customers" in the name (/26), but I didn't check them all. This might also be a job for the ASNbot (AS40994) @AntiCompositeNumber: — Mdaniels5757 (talk • contribs) 00:36, 8 December 2023 (UTC)
- I’ve blocked the two /26. Malcolmxl5 (talk) 13:15, 23 March 2024 (UTC)
- Closing. — Mdaniels5757 (talk • contribs) 23:07, 14 April 2024 (UTC)
- I’ve blocked the two /26. Malcolmxl5 (talk) 13:15, 23 March 2024 (UTC)
5.42.72.0/21
{{proxycheckstatus}}
Reason: IP range belongs to webhosting/VPN service. 2601:1C0:4401:F60:817:B3DA:A0F9:1195 (talk) 18:34, 20 August 2023 (UTC)
- Confirmed along with most things in [1]. Perhaps User:AntiCompositeNumber could add this (ASN 210644) to User:AntiCompositeBot/ASNBlock? — Mdaniels5757 (talk • contribs) 00:28, 8 December 2023 (UTC)
- All the /24 in the /21 are currently globally blocked. I’ve added a local block for the /21. Malcolmxl5 (talk) 12:57, 23 March 2024 (UTC)
- Closing. — Mdaniels5757 (talk • contribs) 23:08, 14 April 2024 (UTC)
- All the /24 in the /21 are currently globally blocked. I’ve added a local block for the /21. Malcolmxl5 (talk) 12:57, 23 March 2024 (UTC)
24.192.34.183
{{proxycheckstatus}}
- 24.192.34.183 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Did some vandalism, SPUR says Possible Proxy. Nobody (talk) 09:16, 16 April 2024 (UTC)
- Spur now says "24.192.34.183 - Not Anonymous 24.192.34.183 itself does not appear to be part of anonymization infrastructure". Nothing else suggests proxy use. Closing with no action. --Malcolmxl5 (talk) 21:36, 20 April 2024 (UTC)
103.4.93.51
{{proxycheckstatus}}
- 103.4.93.51 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: See filter log. Has been blocked as a Proxy in the past. Spur says Possible Proxy. Nobody (talk) 07:07, 24 April 2024 (UTC)
- A Karachi IP attempting to edit a Karachi topic. Unlikely to be proxy use on this occasion and already blocked in any case. --Malcolmxl5 (talk) 00:48, 25 April 2024 (UTC)
220.241.9.173
{{proxycheckstatus}}
- 220.241.9.173 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Vandalism, SPUR says Forticlient VPN. Nobody (talk) 07:20, 26 April 2024 (UTC)
- Blocked. --Malcolmxl5 (talk) 14:55, 27 April 2024 (UTC)
104.151.103.93
{{proxycheckstatus}}
- 104.151.103.93 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Requested unblock. This IP address is the public facing IP address of the Wikimedia Deutschland (WMDE) office. The IP address belongs to an IP range of 1&1 Versatel, our internet provider, who statically assigned this address to our fiber optics uplink. We often have events where we introduce future volunteers into editing Wikipedia or their sister projects. Among our colleagues are also many volunteers who get affected by this block. Masin Al-Dujaili (WMDE) (talk) 10:10, 11 April 2024 (UTC)
- There's certainly something fishy going on in other parts of the range. Courtesy ping for NinjaRobotPirate. Maybe split the range in half, i.e. block the lower /18? -- zzuuzz (talk) 12:21, 11 April 2024 (UTC)
- Sure, sounds fine. I don't remember the exact details of this block any more, but I usually block 1&1 on sight. From Ionos, it looks like they're branching out of just web hosting now, though. NinjaRobotPirate (talk) 16:27, 11 April 2024 (UTC)
- The IP address is unblocked. Closing. --Malcolmxl5 (talk) 02:26, 30 April 2024 (UTC)
IPfe80::e122:d2f:7437:7f9c192.168.255.245
{{proxycheckstatus}}
Reason: Requested unblock. Agasarah (talk) 21:17, 4 May 2024 (UTC)
- Malformed and unclear request. --Malcolmxl5 (talk) 01:50, 8 May 2024 (UTC)
89.197.204.196
{{proxycheckstatus}}
- 89.197.204.196 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: VPN server. 73.67.145.30 (talk) 16:56, 18 June 2024 (UTC)
- Blocked. -- Malcolmxl5 (talk) 11:20, 22 June 2024 (UTC)
192.155.107.54
{{proxycheckstatus}}
- 192.155.107.54 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Confirmed VPN via Geolocate. Jalen Folf (Bark[s]) 07:10, 29 June 2024 (UTC)
- Blocked. --Malcolmxl5 (talk) 15:19, 29 June 2024 (UTC)
2A10:BCC2:2029:6030:3C22:44CA:5B85:B2BC
{{proxycheckstatus}}
- 2A10:BCC2:2029:6030:3C22:44CA:5B85:B2BC · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · geo · rangeblocks · spur · shodan
User admitted to being proxy after vandalizing pages. Interestingly, their Uncyclopedia page reveals that their IP is an open proxy for pawns.app. OhHaiMark (talk) 22:24, 29 May 2024 (UTC)
- I can’t corroborate that but I’ve blocked the /64 for vandalism anyway while noting that this IP self-admitted to being an open proxy. Malcolmxl5 (talk) 00:32, 2 July 2024 (UTC)
202.134.9.141
{{proxycheckstatus}}
- 202.134.9.141 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Same proxy sock that got blocked earlier for both ban evasion and editing with proxy. [2] He is still socking to restore the same article.[3][4] Ratnahastin (talk) 15:22, 8 March 2024 (UTC)
- There’s a lot of blocks in the history, the most recent is a 3 month /12 block in September for block evasion. Malcolmxl5 (talk) 11:06, 13 March 2024 (UTC)
- A Deeper Network VPN according to Spur. I have blocked it. -- Malcolmxl5 (talk) 09:27, 6 July 2024 (UTC)
163.47.119.0/24
{{proxycheckstatus}}
Note sure how reliable this is, but it's identified as a VPN server on the goeloacate link on the contributions page. Assuming that's accurate, I suspect the VPN is being used by at least some one of the editors on this range to evade IP range blocks. Sir Sputnik (talk) 00:31, 12 May 2024 (UTC)
- It’s a VPS hosting service. Now blocked. -- Malcolmxl5 (talk) 12:41, 4 July 2024 (UTC)
95.153.32.34 and others
{{proxycheckstatus}}
- 95.153.32.34 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 82.212.77.242 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 108.181.136.17 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: recently used by particularly vile LTA. Drmies (talk) 16:29, 8 July 2024 (UTC)
- All belong to the Urban VPN anonymization network according to Spur. I’ve blocked them all. --Malcolmxl5 (talk) 21:22, 9 July 2024 (UTC)
57.140.32.8
{{proxycheckstatus}}
- 57.140.32.8 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Seems to be a Menlo Security VPN. Checked using Spur (public version) and IPQualityScore and returned as a VPN. Edit history also indicates that it might be a shared IP. However, other services (shown on IPCheck) indicates that it may not be a proxy. ~~2NumForIce (speak|edits) 15:04, 16 May 2024 (UTC)
15.248.0.0/16
{{proxycheckstatus}}
Reason: Amazon AWS webhosting services. Recently used for vandalism/disruption. 73.67.145.30 (talk) 15:59, 31 May 2024 (UTC)
- Completed as {{Colocationwebhost}} Q T C 22:02, 23 July 2024 (UTC)
136.226.3.95
{{proxycheckstatus}}
- 136.226.3.95 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
The range 136.226.0.0/16 was blocked recently. Unfortunately my user account uses a static IP in this range. I use different devices for my editing, but only edit under my account. I also accept if the block will remain in place as it does use ZScaler (an open proxy), but am wondering if an exception could be granted. My account has never been blocked nor have I been under scrutiny for being blocked. Reason: Requested unblock. Conyo14 (talk) 16:42, 20 June 2024 (UTC)
- @Conyo14. Consider requesting WP:IPBE. -- Malcolmxl5 (talk) 11:19, 22 June 2024 (UTC)
- Declined to run a check As mentioned, since this is a ZScaler range an exemption should be requested, as this is blocked not only locally, but on the global level as well. Q T C 21:58, 23 July 2024 (UTC)
208.184.210.151
{{proxycheckstatus}}
- 208.184.210.151 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: ipcheck.toolforge.org reports this as a proxy and geolocation data shows it might be a datacenter ☆ Bri (talk) 22:49, 27 June 2024 (UTC)
- Inconclusive This range appears to be part of Zayo's Direct Internet Access offering which is business/enterprise connectivity, so while there may be a possibility of an open proxy, this seems to be more along the lines of somebody editing at work. Q T C 21:52, 23 July 2024 (UTC)
157.167.128.0/24
{{proxycheckstatus}}
Reason: Cloud server/VPN. This is an odd one, because the IP range geolocates to Turkey, and is listed as a VPN network; but most of the edits are to Turkish-related articles. Is this some sort of corporate cloud network? 2601:1C0:4401:F60:8C11:4CC3:7E71:B4CE (talk) 20:54, 13 August 2023 (UTC)
Inconclusive. It’s showing up as a Forcepoint gateway proxy. Forcepoint is a company that provides cybersecurity services for businesses and governments so, yes, coupled with it geolocating to Turkey and editing Turkish topics, which is not typical proxy behaviour, this probably is a corporate gateway. It's not very busy and looks low risk; I’ll mark it as inconclusive. Closing. --Malcolmxl5 (talk) 12:05, 2 August 2024 (UTC)
192.189.187.125
{{proxycheckstatus}}
- 192.189.187.125 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason:Listed ISP is FedEx which is not a legitimate provider, in addition these various FedEx proxy ranges are used by a LTA and extensive sock puppeteer HaughtonBrit to block evade and push tendentious edits in various South Asian topics. Southasianhistorian8 (talk) 21:13, 3 April 2024 (UTC)
Unlikely IP is an open proxy. It's not uncommon for an IP address or range of IP addresses to be owned by non-ISP organisations and I can't corroborate that this is a proxy or VPN. That’s not to say that disruptive editing can’t be blocked where it occurs but this is one edit almost four months ago handled by a revert so there is nothing more to be done now. Closing. --Malcolmxl5 (talk) 12:19, 31 July 2024 (UTC)
110.93.85.16 and others
{{proxycheckstatus}}
- 110.93.85.16 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (July 2024)
- 110.93.85.239 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan (June 2024)
Reason: Questionable beauty pageant editing for some time from IPs in 110.93.85.0/24, and recent use by those noted above; spur reports both belong to a call-back proxy network. ☆ Bri (talk) 19:44, 2 July 2024 (UTC)
- While the behaviour is obviously the one person, their contributions are not abusive. Spur now shows them as 'not anonymous'. An IP has pointed out that the IPs are reported as public proxies in IP2Location (see talk page). However, I can’t see a way to connect to them. Closing.
- Inconclusive Malcolmxl5 (talk) 11:45, 23 August 2024 (UTC)
37.140.254.206
{{proxycheckstatus}}
- 37.140.254.206 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: vpn ltbdl (talk) 10:10, 2 August 2024 (UTC)
Confirmed as Express VPN. Closing. --Malcolmxl5 (talk) 10:29, 2 August 2024 (UTC)
72.14.126.22
{{proxycheckstatus}}
- 72.14.126.22 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: It appears https://spur.us/context/72.14.126.22 is a known proxy and it seems suspiciously used. Pastillawheel (talk) 16:14, 26 August 2024 (UTC)
- Spur notes a 'possible proxy' and that the IP address belongs to a particular proxy network. Activity from this IP address is likely a mix of anonymous and normal activity. This means not all traffic from this IP address belongs to this proxy network. So I look at the contributions. It’s a long-standing stable connection located in the US with an interest in US subjects. I see no signs of abuse of editing privileges. I think there is unlikely to be proxy use at this time. --Malcolmxl5 (talk) 11:08, 29 August 2024 (UTC)
102.141.49.156 and 94.200.5.30
{{proxycheckstatus}}
- 102.141.49.156 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 94.200.5.30 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: suspicious back-to-back edits with another IP on the same article but the IPs geolocate to different continents, and Spur indicates at least one is in a call-back network. ☆ Bri (talk) 00:55, 29 August 2024 (UTC)
- Likely proxy use given the behaviour. Blocked both for a week. --Malcolmxl5 (talk) 11:17, 29 August 2024 (UTC)
103.242.22.207
{{proxycheckstatus}}
- 103.242.22.207 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Added an EFFPR report without triggering an filter, which is something an LTA has been doing with IPs from the IPA region. SPUR also says Possible Proxy. Nobody (talk) 17:42, 30 August 2024 (UTC)
- Spur notes a 'possible proxy' and that the IP address belongs to a particular proxy network. Activity from this IP address is likely a mix of anonymous and normal activity. This means not all traffic from this IP address belongs to this proxy network. A single edit, while odd, is not enough to make a determination. Closing. --Malcolmxl5 (talk) 15:05, 1 September 2024 (UTC)
104.128.72.34 Comment
{{proxycheckstatus}}
- 104.128.72.34 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Wikipedia:Sockpuppet investigations/TotalTruthTeller24 block evasion; https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/104.128.72.34 and https://ipcheck.toolforge.org/index.php?ip=104.128.72.34 confirm it is a proxy. C F A 💬 02:40, 1 September 2024 (UTC)
- Open proxy blocked. Spur identifies this IP as belonging to the Rus VPN anonymization network. Blocked. --Malcolmxl5 (talk) 14:59, 1 September 2024 (UTC)
203.82.39.231
{{proxycheckstatus}}
- 203.82.39.231 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
This is one of a large group of IPs who go on vandalism sprees with no subtlety at all. The edits are copy/paste junk, and the edit summaries are copy/paste junk. No attempt to hide. As soon as one is blocked, another takes over. On every talk page, they've linked an article, like Atelier Ayesha: The Alchemist of Dusk, although there are several others. If you look at the list of user talk pages that link to that article, there are a LOT, and just about every one of them has participated in a similar spree at some point. I noticed just now that the IP I'm reporting quietly came back after I blocked them and removed the article link. Not sure if they're using the article wikilinks to communicate, or to bookmark the IPs they're using? I'm suspicious of the entire IP group, but this one was one of the most recent I've encountered. Joyous! Noise! 23:12, 8 September 2024 (UTC)
- Open proxy blocked. Certainly is, Joyous!. I was able to log onto it and make a a few marks on the user talk page a couple of minutes ago. I’ve reblocked, a hard block, for two years. -- Malcolmxl5 (talk) 01:10, 9 September 2024 (UTC)
205.239.40.3
{{proxycheckstatus}}
- 205.239.40.3 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Says on whatismyipaddress.com that it is a VPN server. Edits align with that consensus, as it appears clearly to have been used by multiple different users. CutlassCiera 15:49, 1 October 2024 (UTC)
- Unlikely IP is an open proxy. Looks like a shared IP address with people editing from a workplace rather than a VPN. It is currently blocked for a week with tpa removed. --Malcolmxl5 (talk) 13:41, 5 October 2024 (UTC)
41.216.42.170
{{proxycheckstatus}}
- 41.216.42.170 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Appears to be a proxy according to proxycheck.io, GetIPIntel, and IPQualityScore (via ipcheck.toolforge.org). Behaviour is not yet abusive, but reminds me of an LTA who hounds me for a couple of years now: first he is interested in Ukraine, next in one of the unrelated random articles that I've edited recently. At least it's definitely not a new user. — Mike Novikoff 12:59, 13 October 2024 (UTC)
- Open proxy blocked. And blocked. --Malcolmxl5 (talk) 21:50, 13 October 2024 (UTC)
186.180.79.22
{{proxycheckstatus}}
- 186.180.79.22 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Looks much the same as 41.216.42.170 just blocked yesterday: a proxy according to proxycheck.io, GetIPIntel, and IPQualityScore; the edits are similar too. This one has a block log already. — Mike Novikoff 12:40, 14 October 2024 (UTC)
- Open proxy blocked. Yep. Malcolmxl5 (talk) 15:45, 14 October 2024 (UTC)
5.58.98.183
{{proxycheckstatus}}
- 5.58.98.183 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Our old friend SwissArmyGuy (now I'm sure it's him) won't stop. Just look at this and that! And, of course, the IP has SOCKS5 on port 8081. — Mike Novikoff 23:50, 14 October 2024 (UTC)
- Better please stop, I was moving for a concise versions of Help:IPA, rather than "Standard German" or "Modern Standard Arabic". --5.58.98.183 (talk) 00:09, 15 October 2024 (UTC)
- Bingo! You have learned the word "concise" at last, it took only two months. You keep watching all my edits, you don't even deny your identity, yet you don't see what page we are on and what the topic is. — Mike Novikoff 00:28, 15 October 2024 (UTC)
- As per Wikipedia:Requested moves, you have to comment like support or oppose as part of the policy. 5.58.98.183 (talk) 00:33, 15 October 2024 (UTC)
- Also no evidence related to later IP edits after Pavel Durov. 5.58.98.183 (talk) 00:35, 15 October 2024 (UTC)
- Bingo! You have learned the word "concise" at last, it took only two months. You keep watching all my edits, you don't even deny your identity, yet you don't see what page we are on and what the topic is. — Mike Novikoff 00:28, 15 October 2024 (UTC)
- Open proxy blocked. Confirmed open proxy, no comment on other matters. --Malcolmxl5 (talk) 00:54, 15 October 2024 (UTC)
103.17.213.98
{{proxycheckstatus}}
- 103.17.213.98 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
The LTA has gone bananas, the open port is now 8080. It's not the first time that he accuses me of "block evasion" and "disruption". I wonder if I can do anything with this madness besides reporting the proxies. — Mike Novikoff 03:25, 15 October 2024 (UTC)
- Open proxy blocked. --Malcolmxl5 (talk) 10:10, 15 October 2024 (UTC)
2.147.21.242
{{proxycheckstatus}}
- 2.147.21.242 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious editing in a topic area with a ton of blocked socks; appears possible to be an Iranian proxy. ☆ Bri (talk) 16:20, 15 October 2024 (UTC)
- Unlikely IP is an open proxy. Odd that an Iran IP should show an interest in a Zimbabwean beauty pageant contestant but I see nothing to corroborate that this is a proxy. --Malcolmxl5 (talk) 17:26, 23 October 2024 (UTC)
64.124.54.99
{{proxycheckstatus}}
- 64.124.54.99 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Per check at ipcheck. Thanks, Myrealnamm's Alternate Account (talk) 15:42, 23 October 2024 (UTC)
Closing without action. 64.124.0.0/17 is globally blocked until 23 October 2026. --Malcolmxl5 (talk) 17:15, 23 October 2024 (UTC)
- The global block has been removed. Reopening. --Malcolmxl5 (talk) 15:35, 24 October 2024 (UTC)
- Inconclusive. This appears to be a Zayo Bandwidth datacenter. Space will be leased to other organisations but I can’t identify the organisation that this IP (and range) is leased to. The behaviour suggests a school to me. Marking as inconclusive. This does not preclude sanctions if there is disruption from the IP. --Malcolmxl5 (talk) 02:24, 31 October 2024 (UTC)
45.230.196.67
{{proxycheckstatus}}
- 45.230.196.67 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Abuse by an LTA, targeting editors in edit summaries Joyous! Noise! 16:41, 28 October 2024 (UTC)
- Likely IP is an open proxy. If it’s the LTA I’m thinking of, it’s definitely proxy use. Already blocked. --Malcolmxl5 (talk) 12:06, 31 October 2024 (UTC)
5.202.174.253
{{proxycheckstatus}}
- 5.202.174.253 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Port 8080 according to proxycheck.io. Looks like yet another block evasion, see revision history of Help talk:IPA/Standard German. — Mike Novikoff 15:45, 29 October 2024 (UTC)
- Open proxy blocked. Confirmed open proxy. --Malcolmxl5 (talk) 00:45, 31 October 2024 (UTC)
- Thanks, but perhaps you have forgotten to implement the block actually. — Mike Novikoff 13:55, 31 October 2024 (UTC)
- Oops, now done. :D --Malcolmxl5 (talk) 16:05, 31 October 2024 (UTC)
- Thanks, but perhaps you have forgotten to implement the block actually. — Mike Novikoff 13:55, 31 October 2024 (UTC)
85.117.239.26
{{proxycheckstatus}}
- 85.117.239.26 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
And yet another instance of the same, port 3128. Roaches bloody roaches. — Mike Novikoff 14:01, 31 October 2024 (UTC)
- Open proxy blocked. Confirmed open proxy. --Malcolmxl5 (talk) 16:21, 31 October 2024 (UTC)
37.157.242.57
{{proxycheckstatus}}
- 37.157.242.57 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 37.157.242.0/23 · contribs · block · log · stalk · Robtex · whois · Google
Reason: The specific IP mentioned showed up on my radar with vandalism. A little investigation showed it is in a range owned by range redstation.com Internet as a Service, i.e. server farm. Probably 37.157.242.0/23 if WHOIS is giving me good data. ☆ Bri (talk) 19:59, 6 November 2024 (UTC)
- Open proxy blocked. Yes, redstation is a webhosting company. The ISP is iomart (37.157.240.0/21) who offer cloud and managed hosting services including colocation. I have blocked the /21 accordingly. -- Malcolmxl5 (talk) 22:57, 6 November 2024 (UTC)
93.127.170.206
{{proxycheckstatus}}
- 93.127.170.206 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: VPN; cf. Spur. Eryk Kij (talk) 15:03, 16 November 2024 (UTC)
- Open proxy blocked. Spur identifies this IP as belonging to the Express VPN anonymization network. --Malcolmxl5 (talk) 15:15, 16 November 2024 (UTC)