This is a WikiProject, an area for focused collaboration among Wikipedians. New participants are welcome; please feel free to join! Guide to WikiProjects Directory of WikiProjects

Shortcuts WP:OP WP:WPOP

Before reporting any suspected open proxies here, please remember that not all vandals are open proxies and vandals should not get an automatic check here; remember that it takes the volunteers here about 5-10 minutes to give a request a thorough check.

←Administration index

MetaProject on open proxies (en-Wikipedia chapter)

If you've been blocked as an open proxy, please see: Help:blocked. The multiwiki MetaProject on open proxies seeks to identify, verify and block open proxies and anonymity network exit nodes. To prevent abuse or vandalism, only proxy checks by verified users will be accepted. All users are welcome to discuss on the talk page, report possible proxies, or request that a blocked IP be rechecked.

Open proxies may be blocked from editing

Pre-2012 Archives
Old archives Unhandled Jun-Sep 2007 Unhandled May-Jun 2008 Open proxies Closed proxies Rejected proxies Inconclusive proxies New archives Unblock/2009/June Closed/2009/June Inconclusive/2009/June Open/2009/June Declined/2009/June Unblock/2009/July Closed/2009/July Inconclusive/2009/July Declined/2009/July Open/2009/July Inconclusive/2009/August Declined/2009/August Closed/2009/August Unblock/2009/August Closed/2009/September Open/2009/September Unblock/2009/September Inconclusive/2009/September Open/2009/October Closed/2009/October Inconclusive/2009/October Unblock/2009/October Declined/2009/October Unblock/2009/November Inconclusive/2009/November Open/2009/November Closed/2009/November Open/2009/December Unblock/2009/December Inconclusive/2009/December Closed/2009/December Declined/2009/December Open/2010/January Declined/2010/January Inconclusive/2010/January Closed/2010/January Unblock/2010/January Inconclusive/2010/February Open/2010/February Declined/2010/February Unblock/2010/February Closed/2010/February Open/2010/March Inconclusive/2010/March Unblock/2010/March Closed/2010/March Closed/2010/April Unblock/2010/April Inconclusive/2010/April Open/2010/April Open/2010/May Declined/2010/May Inconclusive/2010/May Unblock/2010/May Unblock/2010/June Inconclusive/2010/June Open/2010/June Closed/2010/June Unblock/2010/July Inconclusive/2010/July Closed/2010/July Open/2010/July Open/2010/August Closed/2010/August Inconclusive/2010/August Unblock/2010/August Open/2010/September Closed/2010/September Unblock/2010/September Inconclusive/2010/October Closed/2010/October Open/2010/October Unblock/2010/October Inconclusive/2010/November Open/2010/November Closed/2010/November Unblock/2010/November Open/2010/December Unblock/2010/December Closed/2010/December Inconclusive/2010/December Unblock/2011/January Closed/2011/January Open/2011/January Unblock/2011/February Open/2011/February Unblock/2011/March Closed/2011/March Inconclusive/2011/March Open/2011/March Unblock/2011/April Closed/2011/April Inconclusive/2011/April Unblock/2011/May Closed/2011/May Open/2011/May Unblock/2011/June Closed/2011/June Open/2011/June Unblock/2011/July Open/2011/July Closed/2011/July Unblock/2011/August Closed/2011/August Open/2011/August 2011/January 2011/December 2011/November 2011/October 2011/September

Automated lists and tools[edit]

• User:SQL/Non-blocked compute hosts maintained by User:SQLBot is a list of open proxy ranges that need assessment for blocks that is updated daily. Admins are encouraged to review the list and assess for blocks as needed. All administrators are individually responsible for any blocks they make based on that list.
• ISP Rangefinder is a tool that allows administrators to easily identify and hard block all ranges for an entire ISP. It should be used with extreme caution, but is useful for blocking known open proxy providers. All administrators are individually responsible for any blocks they make based on the results from this tool.
• IPCheck is a tool that can help provide clues about potential open proxies.

Reporting[edit]

Please report IP addresses you suspect are open proxies below. A project member will scan or attempt to connect to the proxy, and if confirmed will block the address.

File a new report here
I.	For block requests:
	Verify that the following criteria has been met: The IP has made abusive contributions within the past week
	For unblock requests:
	Verify that the following criteria has been met: No current criteria
II.	For block requests	For unblock requests
	Replace "IP" below with the IP address you are reporting.	Replace "IP" below with the IP address you are reporting.
III.	Fill out the resulting page and fill-in the requested information.
IV.	Save the page.

Requests[edit]

2012-present Archives
6, 7, 8, 9, 10, 11, 12, 13, 14, 15 16, 17, 18, 19, 20, 21, 22, 23, 24, 25 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 36, 37, 38

96.18.179.66[edit]

– This request has been addressed by a user who is not a verified proxy checker. It is awaiting review and closure by a verified proxy checker.

96.18.179.66 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk

Reason: Blanked Wikipedia: Open proxies and claims to be one in their contributions Pahunkat (talk) 21:47, 9 November 2020 (UTC)

1. Just checked again with more time and it seems unlikely this is an open proxy Pahunkat (talk) 22:21, 9 November 2020 (UTC)

• {{proxycheck}} Does not appear to be an open proxy, none of the likely ports are open, the various proxy checkers don't say it's one. If someone's claiming it's an open proxy, possibly IPsharkk or similar. GeneralNotability (talk) 13:30, 10 November 2020 (UTC)

 Likely IP is an open proxy There is definitely at minimum P2P activites coming from the IP, they may have shown on proxy lists in the past, there are two RDNS entries and the edits themselves claiming being an OP. -- Amanda (aka DQ) 07:34, 16 November 2020 (UTC)

104.219.234.142[edit]

– This request has been addressed by a user who is not a verified proxy checker. It is awaiting review and closure by a verified proxy checker.

104.219.234.142 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk

Reason: This IP belongs to a web-host provider (DataWagon, LLC) and it's linked to CollabVM where it can easily be abused by just using a collaborative virtual machine. AsphereOfficial (talk) 05:41, 14 November 2020 (UTC)

I've colo-blocked the /24 (anon-only, account creation blocked) and have asked a couple other admins for a second opinion on whether to block the other ranges owned by this company. GeneralNotability (talk) 15:28, 15 November 2020 (UTC)

@GeneralNotability: The larger /21 is still DataWagon as noted on whois. Either way, the service does not seem to offer colocation, just rack services, so I would switch to full webhostblock. -- Amanda (aka DQ) 07:34, 16 November 2020 (UTC)

AmandaNP, thanks, changed the block to the /21 as a webhostblock. GeneralNotability (talk) 14:43, 21 November 2020 (UTC)

31.168.172.141[edit]

– This request has been addressed by a user who is not a verified proxy checker. It is awaiting review and closure by a verified proxy checker.

31.168.172.140 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk

31.168.172.141 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk

Reason: Suspicious edits. That is, these IPs were obtained via CU in a subject area full of socks--though none were found on these two. Drmies (talk) 23:47, 20 November 2020 (UTC)

Investigating now. IPQS says suspected proxy/VPN, which doesn't mean much, but proxycheck.io says possible proxy as well. GeneralNotability (talk) 01:36, 21 November 2020 (UTC)

They both are VPN endpoints for privateinternetaccess.com, so not open proxies but  Confirmed VPN (though WHOIS says they're assigned to a normal ISP). Working on a wider scan to see if anything else on that range is from the same group. GeneralNotability (talk) 02:05, 21 November 2020 (UTC)

Looks like it's just those two (nothing else on their /20 is serving an SSL cert for privateinternetaccess.com). Both blocked one year as anonymizing VPNs. GeneralNotability (talk) 14:39, 21 November 2020 (UTC)

72.140.224.197 and others[edit]

– This request has been addressed by a user who is not a verified proxy checker. It is awaiting review and closure by a verified proxy checker.

72.140.224.197 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk

176.119.25.52 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk

61.222.202.195 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk

121.127.11.235 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk

61.221.12.80 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk

Reason: Quick BG: Vijay is an Indian actor in Tamil-language films. At several Vijay-related articles lately, there has been an uptick in edits trying to inflate the actor or his films' gross values. This might be related to LTA sock operator Bothiman, who was a known Vijay lickspittle. Most recently 72.140.224.197 was blocked. This apparently geolocates to Canada. (See also 72.140.224.195 (talk · contribs · WHOIS)). Then recently at Puli (2015 film), edits from 176.119.25.52, a French IP that is also interested in Vijay articles. And prior to that, 61.222.202.195, a Chinese IP that is also interested in Vijay articles. Seems fishy. If anyone could take a look, I'd appreciate it. Thanks, Cyphoidbomb (talk) 21:05, 14 December 2020 (UTC)

Cyphoidbomb, the 72. and 176. currently host websites, with the first two obviously being run by the same people; the same seems to be the case for the 61. IP, but I can't access it. Pretty sure they're all proxies. Can take a closer look in a bit. Blablubbs|talk 21:27, 14 December 2020 (UTC)

Okay, had a second look at the 72.x one, which hosts some sort of spamsite. It belongs to a rogers-hosted datacentre (host: unallocated-static.datacentres.rogers.com nameservers dnsX.datacentres.rogers.com) and has an open port 8080 which, when proxied through, sends us to a different spamsite. Other IPs from that datacentre range have edited as well. I'm mostly here to lurk and learn, but I'll take a poorly educated guess and say that it's a proxy and should probably be (range-)blocked. Blablubbs|talk 22:01, 14 December 2020 (UTC)

Also noting that the other two are both flagged by multiple proxy APIs. Blablubbs|talk 22:09, 14 December 2020 (UTC)

@Blablubbs: Thanks for the info! This high-level technical stuff is beyond my brain's abilities, so I'll have to wait for someone to do the dirty work. Cyphoidbomb (talk) 23:31, 14 December 2020 (UTC)

I noticed ST47 blocked 176.119.24.0/21. I wonder if that was related to this query or an independent discovery. Cyphoidbomb (talk) 14:20, 15 December 2020 (UTC)

It was due to this report. ST47 (talk) 19:17, 15 December 2020 (UTC)

Then thanks! Cyphoidbomb (talk) 21:04, 15 December 2020 (UTC)

• I've added another to the list, 121.127.11.235. This one geolocates to Algeria, and just dumped a bunch of promotional awards at at an award article for Vijay. Cyphoidbomb (talk) 23:18, 15 December 2020 (UTC)

• Cyphoidbomb, it's this Filipino data centre (range). The IP also hosts a website landing page; open port 8080 – I can tunnel through it, but get empty replies from the target servers. I'll again go out on a semi-educated limb and say that this is a proxy. Blablubbs|talk 13:09, 16 December 2020 (UTC)

  Colo-blocked 121.127.0.0/19 with a soft block, scanning all of the IPs listed here to see if they need individual open proxy blocks. GeneralNotability (talk) 00:28, 17 December 2020 (UTC)

121.127.11.235 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk: Poking at its open Squid port revealed that it's GeoSurf, which is a VPN provider. Hardblocked.

176.119.25.52 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk: I have no idea what's going on with that host or why it's claiming to be serving an out-of-date Microsoft Update cert. Hardblocked as a webhost.

72.140.224.197 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk: Even weirder than the last one. Some kind of webhost? Hardblocked too.

• Still waiting on nmap for the 61. IP before I can close this. GeneralNotability (talk) 02:39, 17 December 2020 (UTC)

• @GeneralNotability: Not sure if you're still looking at these, but I just added another one, 61.221.12.80. It geolocates to Spain, but is somehow interested in puffing up Vijay articles. Same MO as the others. Cyphoidbomb (talk) 22:06, 21 December 2020 (UTC)

• Cyphoidbomb, sorry, forgot to close this out. Your latest proxy is yet another GeoSurf proxy, so not open but a proxy just the same. I've hardblocked it. Closing. — Preceding unsigned comment added by GeneralNotability (talk • contribs) 00:15, 22 December 2020 (UTC)

174.95.181.23[edit]

A user has requested a proxy check. A proxy checker will shortly look into the case.

174.95.181.23 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk

Reason: Suspicious edits Beyond My Ken (talk) 17:53, 22 December 2020 (UTC)

This does not seem to be an open proxy. ProcrastinatingReader (talk) 01:52, 27 December 2020 (UTC)

142.114.15.168[edit]

A user has requested a proxy check. A proxy checker will shortly look into the case.

142.114.15.168 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk

Reason: Suspicious edits Beyond My Ken (talk) 17:57, 22 December 2020 (UTC)

This does not seem to be an open proxy. ProcrastinatingReader (talk) 01:52, 27 December 2020 (UTC)

IP 91.250.240.141[edit]

A user has requested a proxy check. A proxy checker will shortly look into the case.

91.250.240.141 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk

Reason: Suspicious edits. Per a complaint at WP:AN3 about reverts at 2022 Winter Olympics. I blocked two months on suspicion after seeing the results of the toolforge proxy checker. Probably a better quality of confirmation should be attempted. This IP is in a /24 range operated by the provider, HostRoyale. An online service called scamalytics.com says "We consider HostRoyale Technologies Pvt Ltd to be a potentially very high​ fraud risk ISP.." EdJohnston (talk) 17:13, 23 December 2020 (UTC)

Definitely open on 443 and 8443. /24 blocked by ST47. ProcrastinatingReader (talk) 01:52, 27 December 2020 (UTC)

74.127.203.23[edit]

A user has requested a proxy check. A proxy checker will shortly look into the case.

74.127.203.23 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk

Reason: This user confessed to being a VPN on this diff, and IPQS shows that the IP is likely a VPN, but I'd like someone more experienced in this field to help me determine if this IP is truly a VPN. JJP...MASTER!_{[talk to] JJP... master?} 00:24, 29 December 2020 (UTC)

207.241.232.35[edit]

A user has requested a proxy check. A proxy checker will shortly look into the case.

207.241.232.35 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk

Reason: An IP form the wayback machine. -³²²UbnBr₂ (Talk | Contributions | Actions) 21:36, 29 December 2020 (UTC)

193.85.188.238[edit]

A user has requested a proxy check. A proxy checker will shortly look into the case.

193.85.188.238 - talk - edits - block - log - current blocks - ipinfo - Robtex - WHOIS - IPQS - ipcheck - Google - HTTP - stalk

Reason: Suspicious edits in beauty pageant space w/ prolific socking. Host name mail.bohemiacargo.cz looks like it's potentially a mail server being used as a proxy. Bri.public (talk) 22:35, 30 December 2020 (UTC)

See also[edit]

Subpages

• Blacklist of open or zombie proxies
• Information for blocked users
• List of users who can verify proxies
• Preventing access to Wikipedia from your Tor node

Related pages

• Policy on open proxies
• Open proxy detection
• Guide to checking open proxies
• Proxy check result templates
• Advice to users using Tor to bypass the Great Firewall
• meta:XFF project
• Tor exit checker

Sister projects

• Meta-Project
• Wikisource
• Wikiversity
• Wiktionary