This is anarchive of past discussions onWikipedia:Open proxies noticeboard.Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on thecurrent main page.

– This proxy check request isclosed and will soon be archived by a bot.

185.97.92.116/29 ·contribs ·block ·block log ·active blocks ·stalk ·Robtex ·whois ·Google

Used by a pretty determined editor (who uses others as well, including 185.104.253.51 ) and keeps on including unverified information/data without explanation. See for instance disruption atReligion in Lebanon.Drmies (talk)16:25, 9 June 2019 (UTC)

 Completed: Checked IPs at abuseat.org and it appears to be abotnet using theSpecial:Contribs/185.97.92.113/28 range (C2 domain:mtmdj33s0.ru). Please block for a year (incl. logged in users) using block reason{{zombie proxy}}: <!-- botnet -->.MrClog (talk)19:11, 7 September 2019 (UTC)

@MrClog: I've put this on hold pending something a bit stronger. Lebanon is one of those countries where almost every IP is going to end up on a blacklist at some point. From what I can see, the edits are geo-appropriate, and combine exclusively with other dynamic IPs from the same region. Maybe I've missed something, But I don't think there's enough for a zombie block here. --zzuuzz^(talk)19:38, 7 September 2019 (UTC)

@Zzuuzz: The IPs were all logged as part of the same botnet yesterday by abuseat.org. Besides that, there was one thing I noticed, which is that the IP is registered toMazraa-Barbrour-STAR CENTER in Beirut, yet I wasn't able to find anything with this name. I am not sure what that would indicate. --MrClog (talk)19:51, 7 September 2019 (UTC)

As I mentioned above, this seems geo-appropriate, and in a country with limited IPs and lots of proxies, not every IP is going to be perfect. I don't see sufficient for a proxy block here. If abuse starts hammering in, let's reconsider. --zzuuzz^(talk)17:32, 3 October 2019 (UTC)

– This proxy check request isclosed and will soon be archived by a bot.

202.80.213.234 ·talk ·contribs ·block ·block log ·active blocks ·stalk ·Robtex ·whois ·Google ·ipcheck ·HTTP ·geo ·rangeblocks ·spur ·shodan

49.146.2.201 ·talk ·contribs ·block ·block log ·active blocks ·stalk ·Robtex ·whois ·Google ·ipcheck ·HTTP ·geo ·rangeblocks ·spur ·shodan

Reason: Suspicious edits & address is listed at Composite Blocking List (abuseat.org). GetIPIntel returns p=0.985. Further context atthis COIN thread. More IPs are listed there as well. - ☆Bri (talk)04:15, 18 September 2019 (UTC)

Added second IP from the COIN case, also with GetIPIntel p=0.985 ☆Bri (talk)04:45, 18 September 2019 (UTC)

 UnlikelyIP is an open proxy - Looking at these, it appears both while on the CBL, haven't been active in days for one, and weeks for the other. I can't find any technical evidence of either ip being a current open proxy.SQL^{Query me!}03:41, 28 September 2019 (UTC)

– This proxy check request isclosed and will soon be archived by a bot.

85.90.247.215 ·talk ·contribs ·block ·block log ·active blocks ·stalk ·Robtex ·whois ·Google ·ipcheck ·HTTP ·geo ·rangeblocks ·spur ·shodan

Reason: Another Linode host used by Shingling334.IamNotU (talk)17:37, 26 September 2019 (UTC)

Blocked the range for 2 years.SQL^{Query me!}03:35, 28 September 2019 (UTC)

– This proxy check request isclosed and will soon be archived by a bot.

37.58.158.114 ·talk ·contribs ·block ·block log ·active blocks ·stalk ·Robtex ·whois ·Google ·ipcheck ·HTTP ·geo ·rangeblocks ·spur ·shodan

Reason: Adista cloud hosting/vpn company. Used for disruptive editing.IamNotU (talk)21:02, 30 September 2019 (UTC)

Yep, that's a webhost. Blocked the range, will look at the rest of the ISP.SQL^{Query me!}21:20, 30 September 2019 (UTC)

– This proxy check request isclosed and will soon be archived by a bot.

43.251.158.212 ·talk ·contribs ·block ·block log ·active blocks ·stalk ·Robtex ·whois ·Google ·ipcheck ·HTTP ·geo ·rangeblocks ·spur ·shodan

Reason: I have blocked this IP three days for personal attacks, due to losing their temper in anWP:ARBMAC dispute. Details may be seen here:User talk:43.251.158.212. The same IP was blocked three months byUser:Materialscientist in April 2019 as a proxy. I am hoping someone can check that this IP is still active as a proxy, in which case a longer block will be justified. Judging from their web page, it is possible that IPTelecom-Global is a web hosting company. If correct, this would justify a webhost block.EdJohnston (talk)16:40, 3 October 2019 (UTC)

It's listed onthis page, in particular inthis image, from about two weeks ago. This seems credible. See alsohttp://43.251.158.140. Two years for the /24? --zzuuzz^(talk)17:12, 3 October 2019 (UTC)

On second thoughts, I'll block them individually. --zzuuzz^(talk)17:18, 3 October 2019 (UTC)

– This proxy check request isclosed and will soon be archived by a bot.

2400::/12 ·contribs ·block ·block log ·active blocks ·stalk ·Robtex ·whois ·Google

This seems to be some sort of proxy or webhosting service. IPv6 range is too large for MediaWiki. There is one user making continuous empty edit requests on the pageTalk:TikTok.Whois of one provider shows that it belongs to some provider in Asia.AwesomeAasim16:27, 4 October 2019 (UTC)

I don't think that this is an open proxy, or a webhost. Looking at the IP's from that talkpage history, they are all fromReliance Jio Infocomm Limited, an indian cellular / fiber optic provider see:Jio. It's very likely that clients on this provider get very short lived dhcp leases. I'll leave this open, and see if anyone else has a differing opinion.SQL^{Query me!}00:07, 5 October 2019 (UTC)

Consider semiprotectingTalk:TikTok for a month.EdJohnston (talk)02:14, 6 October 2019 (UTC)

Not currently an open proxy This network is a highly dynamic, very large and very busy, regular ISP. --zzuuzz^(talk)03:12, 7 October 2019 (UTC)

– This proxy check request isclosed and will soon be archived by a bot.

216.52.165.1 ·talk ·contribs ·block ·block log ·active blocks ·stalk ·Robtex ·whois ·Google ·ipcheck ·HTTP ·geo ·rangeblocks ·spur ·shodan

UTRS appeal #27000--v/r -TP16:19, 5 October 2019 (UTC)

I think we're going to have to ping@TonyBallioni:. Due to their wide range of uses, I rarely find the terms 'data center', 'colo' or 'cloud' to be that helpful (which is what this network is). For example they can be mandatory (and legitimate) in all sorts of corporate settings. A lot will depend on the nature of the unblock request (and the nature of any abuse). --zzuuzz^(talk)03:09, 7 October 2019 (UTC)

Yeah, it's a cloud hosting provider. Many of them are used as backbones for commercial VPNs, which is why we have been blocking them. There are a few cases where corporations use them for mandatory VPNs, etc. but in those cases, when there is an established user, we can always grant IPBE. The UTRS case linked above appears to be for an account created for the specific purposes of requesting an unblock of the IP while at work. I don't see that as a good reason to undo the range block, but I'll also pingSQL on it since he's also been blocking these ranges.TonyBallioni (talk)03:16, 7 October 2019 (UTC)

@TonyBallioni andZzuuzz:, I've left comments on this request @ UTRS.SQL^{Query me!}03:34, 7 October 2019 (UTC)

My block, but as SQL has commented in UTRS, I'm going ahead and closing this.TonyBallioni (talk)02:01, 10 October 2019 (UTC)

I can't find the proper template, but can someone check this range? Thanks!Drmies (talk)20:57, 15 October 2019 (UTC)

Drmies, That's a tricky one. Viettel is a mobile provider, but resolving some of the /24's in that /17. I'm seeing a lot of websites and mailservers mixed in. That being said, I start seeing ADSL ranges around 125.212.136.0-ish. If this is specifically about 125.212.220.48 - yes, that does appear to be either a proxy, or a compromised host of some sort.SQL^{Query me!}21:34, 15 October 2019 (UTC)

User:SQL, thank you--is there anything you think I need to do more than I already did? Thanks,Drmies (talk)01:26, 16 October 2019 (UTC)