WikiProject on open proxies

The WikiProject on open proxies seeks to identify, verify and block open proxies and anonymity network exit nodes. To prevent abuse or vandalism, only proxy checks by verified users will be accepted. All users are welcome to discuss on the talk page, report possible proxies, or request that a blocked IP be rechecked.

  • If you've been blocked as an open proxy, please see: Help:blocked.
  • To report a proxy check or an incorrect block, see the #Reporting section.

Open proxies may be blocked from editing


Reporting[edit]

Please report IP addresses you suspect are open proxies below. A project member will scan or attempt to connect to the proxy, and if confirmed will block the address.

File a new report here
I.
For block requests:

Verify that the following criterion has been met:

  • The IP has made abusive contributions within the past week
For unblock requests:

Verify that the following criteria has been met:

  • No current criteria
II.

For block requests Replace "IP" below with the IP address you are reporting.


For unblock requests Replace "IP" below with the IP address you are reporting.


III. Fill out the resulting page and fill-in the requested information.
IV. Save the page.
Verified Users/Sysops Templates
  • IP is an open proxy ((Proxycheck|confirmed)) for confirmed open proxies and Tor exit nodes.
  •  Likely IP is an open proxy ((Proxycheck|likely)) for likely open proxies and Tor exit nodes.
  •  Possible IP is an open proxy ((Proxycheck|possible)) for possible open proxies and Tor exit nodes.
  •  Unlikely IP is an open proxy ((Proxycheck|unlikely)) for unlikely open proxies and Tor exit nodes.
  • Not currently an open proxy ((Proxycheck|unrelated)) for IP's confirmed not to be an open proxy or Tor exit node.
  • Inconclusive ((Proxycheck|inconclusive)) for IP's that are inconclusive.
  • no Declined to run a check ((Proxycheck|decline)) to decline a check.
  • Open proxy blocked ((Proxycheck|blocked)) for open proxies and Tor nodes that have been blocked. Please add this if you block the IP.

Requests

This section is transcluded from /Requests. (edit | history)


188.215.95.0/24[edit]

– A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

Reason: The range seems to be announced by IPXO (per Hurricane Electric), an "IP marketplace" according to their website. All IPs in the range who have made contributions since 1 January 2023 are active on ExpressVPN, as well as a handful of varying residential proxies according to Spur. I've not done a fully exhaustive check on the range yet, but the only IPs I've seen not flagged as ExpressVPN on the Spur data are .251-.255, though they are still listed as data centre IPs.

It may also be worth the other /24s listed on HE as being announced by IPXO as well for any that haven't yet been blocked (some have) but probably should be. Sideswipe9th (talk) 20:56, 4 February 2023 (UTC)Reply[reply]

Ok, I've checked through the other /24s listed. Most are either locally or globally blocked (sometimes both), but I did find a list of 20 /24 ranges that are not currently blocked. I'll check through that list now and see if I can categorise them briefly before posting them. Sideswipe9th (talk) 21:32, 4 February 2023 (UTC)Reply[reply]
Done some spot checks on the other /24s, alas I don't have the tools or time to do a full check on each range. Results below split into three categories; ExpressVPN, data centre and possible unknown proxy, and unknown. The four ExpressVPN ranges are the ones I'm most confident on, there was only a few IPs in each range for which all were at a consistent last octet that weren't showing as ExpressVPN exit nodes, and the unknown ones at the end are the ones I'm least confident on.
With all of the ranges currently being assigned by IPXO, I suspect the potential for any individual IP in a range to become a proxy or VPN exit node at random is high, even if the range itself is largely not proxy or VPN exit nodes at this time.
ExpressVPN:
Data centre and possible unknown proxy:
Unknown:
  • 86.38.235.0/24 · contribs · block · log · stalk · Robtex · whois · Google - last active locally 2014 - some webhosts, some random servers belonging to various domains, no VPN usage on Spur and IPQualityScore, some on Proxycheck
  • 89.116.76.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - assigned by IPXO, no VPN usage on SPUR, ExpressVPN on IPQS, unknown proxy on ProxyCheck
  • 89.116.96.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - random servers on various domains, no VPN or datacenter flags on Spur, ExpressVPN on IPQualityScore and ProxyCheck
  • 89.116.123.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - random servers on various domains, no VPN or datacenter flags on Spur, ExpressVPN on IPQualityScore and ProxyCheck
Sideswipe9th (talk) 22:53, 4 February 2023 (UTC)Reply[reply]
Flagging this for admin attention. At least for the VPN and datacenter ranges. MarioGom (talk) 12:54, 19 February 2023 (UTC)Reply[reply]
Could someone please action this? There's a proxy hopping editor on the 192.101.67.0/24 · contribs · block · log · stalk · Robtex · whois · Google range who's just made two disruptive edits against a long standing consensus on Irreversible Damage. Sideswipe9th (talk) 21:24, 7 March 2023 (UTC)Reply[reply]
ExpressVPN ranges done, hoping to circle back to the rest. --Blablubbs (talk) 16:00, 12 March 2023 (UTC)Reply[reply]

207.188.154.0/24[edit]

– A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

207.188.154.0/24 · contribs · block · log · stalk · Robtex · whois · Google

Reason: Just globally unblocked the range after an UTRS appeal. From WHOIS data this seems to belong now to Xfera Móviles S.A.U, from the MasMovil group ISP (Yoigo). Thanks, —MarcoAurelio (talk) 14:39, 16 February 2023 (UTC)Reply[reply]

I'm not so sure. Whois data certainly looks like MásMóvil (mobile ISP), but the IP that appealed, 207.188.154.103, seemed to be a VPN node as recently as January 21st (see shodan). ST47: Do you have any input on this? I guess it can be unblocked and reviewed again in a few weeks. MarioGom (talk) 12:43, 19 February 2023 (UTC)Reply[reply]
I took another look at the range. Services in that range are mostly Synology, HomeAssist, domestic routers, etc. So it is, indeed, a residential range. MarioGom (talk) 21:23, 7 March 2023 (UTC)Reply[reply]

161.69.116.0/24[edit]

– A proxy checker has requested a second opinion on this case.

Reason: VPN server. 73.67.145.30 (talk) 18:38, 17 April 2023 (UTC)Reply[reply]

McAfee WGCS is a corporate gateway, technically a VPN, but last time it was discussed here, it was not blocked. Requesting a second opinion. MarioGom (talk) 21:43, 26 April 2023 (UTC)Reply[reply]
Not an admin, so feel free to ignore. Looking at the two prior discussions on this (March 2021, May 2022) it seems that softblocking might be appropriate in this case? There are some McAfee WGCS ranges that we do currently softblock (eg 185.221.70.0/24, 208.81.64.0/21) so this would at least be consistent with them, though there are other ranges that we don't currently softblock (eg 185.125.227.0/24).
Whatever the decision is from this discussion, we may want to look at making things consistent across all of the known ranges. Sideswipe9th (talk) 21:56, 26 April 2023 (UTC)Reply[reply]

212.69.160.0/19[edit]

– A proxy checker has requested a second opinion on this case.

Reason: Datacenter run by Zayo Infrastructure France SA wizzito | say hello! 01:01, 20 April 2023 (UTC)Reply[reply]

165.85.64.0/22[edit]

– A proxy checker has requested a second opinion on this case.

Reason: Amazon AWB. 165.85.64.0 - 165.85.66.255 are all registered to Amazon AWB, hence the /22 range in this report. BLP disruption caught by filter log. 73.67.145.30 (talk) 16:45, 28 April 2023 (UTC)Reply[reply]

2a00:f48:1003:22dd::1[edit]

– A proxy checker has requested a second opinion on this case.

Reason: VPN network/Webhosting service. 73.67.145.30 (talk) 08:05, 1 May 2023 (UTC)Reply[reply]

76.9.240.0/20[edit]

– A proxy checker has requested a second opinion on this case.

Reason: Possible VPN server per WHOIS. 73.67.145.30 (talk) 17:25, 2 May 2023 (UTC)Reply[reply]

125.212.241.0/24[edit]

A user has requested a proxy check. A proxy checker will shortly look into the case.

Reason: Disruption. Possible VPN server. 73.67.145.30 (talk) 19:22, 7 May 2023 (UTC)Reply[reply]

149.7.65.129[edit]

A user has requested a proxy check. A proxy checker will shortly look into the case.

Reason: Possible VPN. 73.67.145.30 (talk) 03:21, 8 May 2023 (UTC)Reply[reply]

117.210.138.86[edit]

– A proxy checker has placed this case on hold pending further information or developments.

Suspected Nord VPN ip Reason: Suspected Nord VPN ip Tonyinman (talk) 18:20, 15 May 2023 (UTC)Reply[reply]

59.91.229.198[edit]

– A proxy checker has placed this case on hold pending further information or developments.

Reason: Suspected NordVPN address Tonyinman (talk) 18:21, 15 May 2023 (UTC)Reply[reply]

117.210.142.151[edit]

– A proxy checker has placed this case on hold pending further information or developments.

Reason: suspected NordVPN ip address Tonyinman (talk) 18:22, 15 May 2023 (UTC)Reply[reply]

59.91.224.115[edit]

– A proxy checker has placed this case on hold pending further information or developments.

Reason: suspected NordVPN ip address Tonyinman (talk) 18:22, 15 May 2023 (UTC)Reply[reply]

61.1.23.137[edit]

– A proxy checker has placed this case on hold pending further information or developments.

Reason: suspected NordVPN ip address Tonyinman (talk) 18:23, 15 May 2023 (UTC)Reply[reply]

59.91.229.17[edit]

– A proxy checker has placed this case on hold pending further information or developments.

Reason: suspected NordVPN ip address Tonyinman (talk) 18:24, 15 May 2023 (UTC)Reply[reply]

66.168.171.57[edit]

– A proxy checker has placed this case on hold pending further information or developments.

Reason: Suspected NordVPN ip address Tonyinman (talk) 18:25, 15 May 2023 (UTC)Reply[reply]

59.91.227.166[edit]

– A proxy checker has placed this case on hold pending further information or developments.

Reason: suspected NordVPN ip address Tonyinman (talk) 18:25, 15 May 2023 (UTC)Reply[reply]

209.35.227.0/24[edit]

– A proxy checker has requested a second opinion on this case.

Reason: VPN. Perimeter 81. 73.67.145.30 (talk) 18:43, 15 May 2023 (UTC)Reply[reply]

165.225.192.0/18[edit]

– A proxy checker has requested a second opinion on this case.

Reason: Webhost/VPN. 73.67.145.30 (talk) 16:23, 17 May 2023 (UTC)Reply[reply]

156.255.1.0/24[edit]

– A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

Reason: Webhost. 73.67.145.30 (talk) 18:12, 25 May 2023 (UTC)Reply[reply]

46.102.156.0/24 and 94.177.9.0/24[edit]

A user has requested a proxy check. A proxy checker will shortly look into the case.

https://www.alwyzon.com/en

Reason: Both ranges belong to Hohl IT e.U. aka (Alwyzon) which is an Austrian provider of dedicated servers. Matthew Tyler-Harrington (aka mth8412) (talk) 03:45, 22 June 2023 (UTC)Reply[reply]

45.248.44.0/23[edit]

– A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

Reason: Webhost server. Was previously blocked for 1 year. 2601:1C0:4401:F60:758F:D0D6:53AE:83C1 (talk) 18:13, 29 June 2023 (UTC)Reply[reply]

176.126.232.134[edit]

A user has requested a proxy check. A proxy checker will shortly look into the case.

176.126.232.134 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Requested unblock. I'm unable to edit wikipedia pages from this IP (our office) even when logged in. The IP is statically allocated to us (since Feb 2022), we're not running any proxy and I'm not seeing any unusual open ports or suspicious network activity. xmath (talk) 19:30, 30 June 2023 (UTC)Reply[reply]

Update: never mind, the block isn't for our IP specifically, apparently the entire IP range has been mistakenly classified as webhosting instead of FTTH/FTTB. xmath (talk) 20:59, 30 June 2023 (UTC)Reply[reply]

202.4.186.179[edit]

– A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

Reason: Blocked before as proxy, tagged as public proxy by whatismyipaddress.com, being used for vandalism by LTA who just 1 day ago used <an IP> (also tagged a public proxy) located very far away from the new IP. 2804:F14:808E:A601:F0B3:ED6F:D12C:B951 (talk) 10:22, 6 July 2023 (UTC)Reply[reply]

14.231.0.0/16 and 113.177.0.0/16[edit]

A user has requested a proxy check. A proxy checker will shortly look into the case.

Individual IP's in these two ranges, 14.231.169.16 and 113.177.23.65, have already been blocked as proxies on the Swedish and Russian Wikipedias respectively. Both blocked IP's were used on those projects by User:Phạm Văn Rạng to evade their global lock. They look to be using a larger portion of these IP ranges for evasion on this project as well. I've already applied some range blocks to deal with the evasion, but some insight into what's going on technically would be appreciated. Courtesy pinging @Riggwelter: and @Q-bit array: who applied to blocks on the other projects, in case you want to weigh in here. Sir Sputnik (talk) 17:19, 30 July 2023 (UTC)Reply[reply]

Automated lists and tools

See also

Subpages
Related pages
Sister projects (defunct)