Wikipedia:WikiProject on open proxies

Open proxies collaboration

v t e Noticeboards
Wikipedia's centralized discussion, request, and help venues. For a listing of ongoing discussions and current requests, see the dashboard. For a related set of forums which do not function as noticeboards see formal review processes.
General	Administrators Main Incidents Bots Bureaucrats Centralized discussion Closure requests Education Interface admins Main Page errors Open proxies VRT Oversight User permissions
Articles and content	Biographies of living persons Copyrights Questions on media Problems Current events Dispute resolution External links Fringe theories Neutral point of view Original research Pending changes Reliable sources Resource requests Scalable vector graphics Spam Blacklist Whitelist Style Titleblacklist Translation
Page handling	History merges Mergers Splits Moves Protection Importation XfD Articles Redirects Categories Templates Files Miscellany Undeletion
User conduct	Conflict of interest Contributor copyright Edit warring and 3RR Sanctions Personal restrictions General sanctions Contentious topics Sockpuppets Usernames Vandalism
Other	Arbitration Committee noticeboard Requests Enforcement Edit filters Requested False positives Questions Help desk Teahouse Reference desk New articles Requests for comment Village pump Policy Technical Proposals Idea lab WMF Miscellaneous WikiProject proposals
Category:Wikipedia noticeboards

WikiProject on open proxies

Shortcuts WP:WPOP WP:OP The WikiProject on open proxies seeks to identify, verify and block open proxies and anonymity network exit nodes. To prevent abuse or vandalism, only proxy checks by verified users will be accepted. All users are welcome to discuss on the talk page, report possible proxies, or request that a blocked IP be rechecked. If you've been blocked as an open proxy, please see: Help:blocked. To report a proxy check or an incorrect block, see the #Reporting section.

Pre-2012 Archives

Old archives Unhandled Jun-Sep 2007 Unhandled May-Jun 2008 Open proxies Closed proxies Rejected proxies Inconclusive proxies New archives Unblock/2009/June Closed/2009/June Inconclusive/2009/June Open/2009/June Declined/2009/June Unblock/2009/July Closed/2009/July Inconclusive/2009/July Declined/2009/July Open/2009/July Inconclusive/2009/August Declined/2009/August Closed/2009/August Unblock/2009/August Closed/2009/September Open/2009/September Unblock/2009/September Inconclusive/2009/September Open/2009/October Closed/2009/October Inconclusive/2009/October Unblock/2009/October Declined/2009/October Unblock/2009/November Inconclusive/2009/November Open/2009/November Closed/2009/November Open/2009/December Unblock/2009/December Inconclusive/2009/December Closed/2009/December Declined/2009/December Open/2010/January Declined/2010/January Inconclusive/2010/January Closed/2010/January Unblock/2010/January Inconclusive/2010/February Open/2010/February Declined/2010/February Unblock/2010/February Closed/2010/February Open/2010/March Inconclusive/2010/March Unblock/2010/March Closed/2010/March Closed/2010/April Unblock/2010/April Inconclusive/2010/April Open/2010/April Open/2010/May Declined/2010/May Inconclusive/2010/May Unblock/2010/May Unblock/2010/June Inconclusive/2010/June Open/2010/June Closed/2010/June Unblock/2010/July Inconclusive/2010/July Closed/2010/July Open/2010/July Open/2010/August Closed/2010/August Inconclusive/2010/August Unblock/2010/August Open/2010/September Closed/2010/September Unblock/2010/September Inconclusive/2010/October Closed/2010/October Open/2010/October Unblock/2010/October Inconclusive/2010/November Open/2010/November Closed/2010/November Unblock/2010/November Open/2010/December Unblock/2010/December Closed/2010/December Inconclusive/2010/December Unblock/2011/January Closed/2011/January Open/2011/January Unblock/2011/February Open/2011/February Unblock/2011/March Closed/2011/March Inconclusive/2011/March Open/2011/March Unblock/2011/April Closed/2011/April Inconclusive/2011/April Unblock/2011/May Closed/2011/May Open/2011/May Unblock/2011/June Closed/2011/June Open/2011/June Unblock/2011/July Open/2011/July Closed/2011/July Unblock/2011/August Closed/2011/August Open/2011/August 2011/January 2011/December 2011/November 2011/October 2011/September

Open proxies may be blocked from editing

Reporting

Please report IP addresses you suspect are open proxies below. A project member will scan or attempt to connect to the proxy, and if confirmed will block the address.

Before reporting any suspected open proxies here, please remember that not all vandals are open proxies and vandals should not get an automatic check here; remember that it takes the volunteers here about 5-10 minutes to give a request a thorough check.

File a new report here
I.	For block requests: Verify that the following criterion has been met: The IP has made abusive contributions within the past week For unblock requests: Verify that the following criteria has been met: No current criteria
II.	For block requests Replace "IP" below with the IP address you are reporting. For unblock requests Replace "IP" below with the IP address you are reporting.
III.	Fill out the resulting page and fill-in the requested information.
IV.	Save the page.

Verified Users/Sysops Templates

IP is an open proxy {{Proxycheck|confirmed}} for confirmed open proxies and Tor exit nodes.  Likely IP is an open proxy {{Proxycheck|likely}} for likely open proxies and Tor exit nodes.  Possible IP is an open proxy {{Proxycheck|possible}} for possible open proxies and Tor exit nodes.  Unlikely IP is an open proxy {{Proxycheck|unlikely}} for unlikely open proxies and Tor exit nodes. Not currently an open proxy {{Proxycheck|unrelated}} for IP's confirmed not to be an open proxy or Tor exit node. Inconclusive {{Proxycheck|inconclusive}} for IP's that are inconclusive.  Declined to run a check {{Proxycheck|decline}} to decline a check. Open proxy blocked {{Proxycheck|blocked}} for open proxies and Tor nodes that have been blocked. Please add this if you block the IP.

Requests

This section is transcluded from /Requests. (edit | history)

2012-present Archives

6, 7, 8, 9, 10, 11, 12, 13, 14, 15 16, 17, 18, 19, 20, 21, 22, 23, 24, 25 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 36, 37, 38, 39, 40, 41, 42, 43, 44, 45 46, 47, 48

216.194.96.0/20

  A user has requested a proxy check. A proxy checker will shortly look into the case.

• 216.194.96.0/20 · contribs · block · log · stalk · Robtex · whois · Google

Reason: IP range is a possible VPN server, belonging to Cato Networks. 73.67.145.30 (talk) 19:22, 9 January 2023 (UTC)Reply[reply]

61.220.170.133

  – A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

• 61.220.170.133 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Open proxy IP being used by a blocked user Belteshazzar, also mentioned at their SPI [1] Psychologist Guy (talk) 17:47, 31 January 2023 (UTC)Reply[reply]

• Since it's an open proxy, it would make sense to hardblock and extend the expiration date. MarioGom (talk) 22:23, 31 January 2023 (UTC)Reply[reply]

188.215.95.0/24

  – A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

• 188.215.95.0/24 · contribs · block · log · stalk · Robtex · whois · Google

Reason: The range seems to be announced by IPXO (per Hurricane Electric), an "IP marketplace" according to their website. All IPs in the range who have made contributions since 1 January 2023 are active on ExpressVPN, as well as a handful of varying residential proxies according to Spur. I've not done a fully exhaustive check on the range yet, but the only IPs I've seen not flagged as ExpressVPN on the Spur data are .251-.255, though they are still listed as data centre IPs.

It may also be worth the other /24s listed on HE as being announced by IPXO as well for any that haven't yet been blocked (some have) but probably should be. Sideswipe9th (talk) 20:56, 4 February 2023 (UTC)Reply[reply]

Ok, I've checked through the other /24s listed. Most are either locally or globally blocked (sometimes both), but I did find a list of 20 /24 ranges that are not currently blocked. I'll check through that list now and see if I can categorise them briefly before posting them. Sideswipe9th (talk) 21:32, 4 February 2023 (UTC)Reply[reply]

Done some spot checks on the other /24s, alas I don't have the tools or time to do a full check on each range. Results below split into three categories; ExpressVPN, data centre and possible unknown proxy, and unknown. The four ExpressVPN ranges are the ones I'm most confident on, there was only a few IPs in each range for which all were at a consistent last octet that weren't showing as ExpressVPN exit nodes, and the unknown ones at the end are the ones I'm least confident on.

With all of the ranges currently being assigned by IPXO, I suspect the potential for any individual IP in a range to become a proxy or VPN exit node at random is high, even if the range itself is largely not proxy or VPN exit nodes at this time.

ExpressVPN:

• 45.132.227.0/24 · contribs · block · log · stalk · Robtex · whois · Google - last active january 2023 - ExpressVPN on Spur and IPQS, unknown VPN on ProxyCheck,
• 163.5.123.0/24 · contribs · block · log · stalk · Robtex · whois · Google - last active january 2023 - ExpressVPN on Spur and IPQS, compromised servers on ProxyCheck
• 188.215.95.0/24 · contribs · block · log · stalk · Robtex · whois · Google - last active february 2023 - ExpressVPN on Spur and IPQS, unknown proxy on ProxyCheck
• 192.101.67.0/24 · contribs · block · log · stalk · Robtex · whois · Google - last active february 2023 - ExpressVPN and callback proxy on Spur, ExpressVPN on IPQS, unknown VPN on ProxyCheck

Data centre and possible unknown proxy:

• 45.62.162.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter range, no proxys on Spur, unknown VPN detected on ProxyCheck and IPQS
• 45.151.1.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter range, no proxies on Spur, unknown VPN detected on ProxyCheck and IPQS
• 89.47.15.0/24 · contribs · block · log · stalk · Robtex · whois · Google - last active locally 2017 - datacentre range? no VPN usage on Spur, some on IPQS and ProxyCheck
• 89.116.202.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter on Spur, ExpressVPN on IPQS, unknown VPN on ProxyCheck
• 103.163.221.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter on Spur, unknown VPN on IPQS and ProxyCheck
• 104.234.140.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter on Spur, unknown VPN on IPQS and ProxyCheck
• 115.167.79.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter on Spur, ExpressVPN on IPQS, unknown VPN on ProxyCheck
• 141.11.98.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter on Spur, unknown VPN on IPQS and ProxyCheck
• 158.51.110.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter on Spur, no proxy on IPQS, unknown on ProxyCheck
• 185.118.78.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter on Spur, unknown VPN on IPQS and ProxyCheck
• 193.68.85.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - datacenter on Spur, unknown proxy on IPQS and ProxyCheck
• 194.105.21.0/24 · contribs · block · log · stalk · Robtex · whois · Google - last active february 2012 - datacenter on Spur, unknown proxy on IPQS and ProxyCheck

Unknown:

• 86.38.235.0/24 · contribs · block · log · stalk · Robtex · whois · Google - last active locally 2014 - some webhosts, some random servers belonging to various domains, no VPN usage on Spur and IPQualityScore, some on Proxycheck
• 89.116.76.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - assigned by IPXO, no VPN usage on SPUR, ExpressVPN on IPQS, unknown proxy on ProxyCheck
• 89.116.96.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - random servers on various domains, no VPN or datacenter flags on Spur, ExpressVPN on IPQualityScore and ProxyCheck
• 89.116.123.0/24 · contribs · block · log · stalk · Robtex · whois · Google - never active locally - random servers on various domains, no VPN or datacenter flags on Spur, ExpressVPN on IPQualityScore and ProxyCheck

Sideswipe9th (talk) 22:53, 4 February 2023 (UTC)Reply[reply]

Flagging this for admin attention. At least for the VPN and datacenter ranges. MarioGom (talk) 12:54, 19 February 2023 (UTC)Reply[reply]

Could someone please action this? There's a proxy hopping editor on the 192.101.67.0/24 · contribs · block · log · stalk · Robtex · whois · Google range who's just made two disruptive edits against a long standing consensus on Irreversible Damage. Sideswipe9th (talk) 21:24, 7 March 2023 (UTC)Reply[reply]

ExpressVPN ranges done, hoping to circle back to the rest. --Blablubbs (talk) 16:00, 12 March 2023 (UTC)Reply[reply]

207.188.154.0/24

  – A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

207.188.154.0/24 · contribs · block · log · stalk · Robtex · whois · Google

Reason: Just globally unblocked the range after an UTRS appeal. From WHOIS data this seems to belong now to Xfera Móviles S.A.U, from the MasMovil group ISP (Yoigo). Thanks, —MarcoAurelio (talk) 14:39, 16 February 2023 (UTC)Reply[reply]

I'm not so sure. Whois data certainly looks like MásMóvil (mobile ISP), but the IP that appealed, 207.188.154.103, seemed to be a VPN node as recently as January 21st (see shodan). ST47: Do you have any input on this? I guess it can be unblocked and reviewed again in a few weeks. MarioGom (talk) 12:43, 19 February 2023 (UTC)Reply[reply]

I took another look at the range. Services in that range are mostly Synology, HomeAssist, domestic routers, etc. So it is, indeed, a residential range. MarioGom (talk) 21:23, 7 March 2023 (UTC)Reply[reply]

119.160.59.82

  A user has requested a proxy check. A proxy checker will shortly look into the case.

119.160.59.82 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Requested unblock. Says it's not a proxy, just what their mobile provider assigned. Daniel Case (talk) 07:35, 3 March 2023 (UTC)Reply[reply]

Daniel Case: That's likely the case. These P2P proxies run on residential ISPs, often in crowded ranges. I don't think the person posting that appeal is any of the usual suspects who abuse this type of proxy. Changing the block to anon. only might make sense. But it'd be better if the user signed up and requested WP:IPBE and WP:GIPBE. MarioGom (talk) 21:16, 7 March 2023 (UTC)Reply[reply]

150.101.252.89

  – A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

• 150.101.252.89 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: I reverted vandalism on this IP editor, and they responded by saying that it could have been anyone since it's a TOR IP and that the edits on this IP could be from anyone... here's the link. Marleeashton (talk) 07:31, 11 March 2023 (UTC)Reply[reply]

I'm not sure it's a Tor node, but it's definitely a VPN node. MarioGom (talk) 15:54, 12 March 2023 (UTC)Reply[reply]

46.44.180.230

  – A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

• 46.44.180.230 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: https://eu-browse.startpage.com/av/proxy --46.44.180.230 (talk) 15:19, 17 March 2023 (UTC)Reply[reply]

Indeed. This is startpage's proxy: [2]. MarioGom (talk) 00:20, 19 March 2023 (UTC)Reply[reply]

Automated lists and tools

• User:AntiCompositeBot/ASNBlock maintained by User:AntiCompositeBot is a list of hosting provider ranges that need assessment for blocks that is updated daily. Admins are encouraged to review the list and assess for blocks as needed. All administrators are individually responsible for any blocks they make based on that list.
• ISP Rangefinder is a tool that allows administrators to easily identify and hard block all ranges for an entire ISP. It should be used with extreme caution, but is useful for blocking known open proxy providers. All administrators are individually responsible for any blocks they make based on the results from this tool.
• IPCheck is a tool that can help provide clues about potential open proxies.
• Bullseye provides information about IPS, including clues about potential open proxies.
• whois-referral is a generic WHOIS tool.
• Range block finder finds present and past range blocks.

See also

Subpages

• Information for blocked users
• List of users who can verify proxies

Related pages

• Policy on open proxies
• Open proxy detection
• Guide to checking open proxies
• Proxy check result templates
• Advice to users using Tor to bypass the Great Firewall
• meta:XFF project

Sister projects (defunct)

• Meta-Project
• Wikisource
• Wikiversity
• Wiktionary

This is a WikiProject, an area for focused collaboration among Wikipedians. New participants are welcome; please feel free to participate! Guide to WikiProjects Directory of WikiProjects

Shortcuts WP:OP WP:WPOP

v t e   WikiProject Council
WikiProject guides	WikiProject Council Talk Guidelines/Intro WikiProjects Task forces Technical notes Assessment FAQ Work via WikiProjects
Directories and summaries	Directory Proposals Deletion Signpost Shortcuts Popular pages Database reports Watchers
Culture and the arts	Arts Music Performing Plastic Visual Broadcasting Crafts and hobbies Entertainment Games and toys Food and drink Internet culture Language and literature Biography Linguistics Media Philosophy and religion Sports
Geographical	Bodies of water Cities Countries Africa Americas Asia Europe Oceania Landforms Maps Parks, conservation areas and historical sites
History and society	History and society Business and economics Education Military and warfare Politics and government Transportation
Science, technology and engineering	Science Biology Chemistry Economics Geosciences Information science Mathematics Medicine Meteorology Physics Space Technology Time
Wikipedia assistance and tasks	Contents systems Maintenance Files Article improvement and grading Classroom projects WikiProjects