Wikipedia:WikiProject on open proxies/Requests/Archives/13

  – This proxy check request is closed and will soon be archived by a bot.

217.33.165.66 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Obvious troll editing from a confirmed proxy server. GabeMc ^{(talk|contribs)} 20:07, 1 July 2013 (UTC) Reason: Suspicious edits from a confirmed proxy server.

• Might be a confirmed proxy, but it doesn't appear to be an open proxy, so needs to be treated like any other IP. No ports open. Dennis Brown | 2¢ | WER 20:26, 1 July 2013 (UTC)

Looks like an unusually busy ip, but doesn't look to be a proxy. Closing with no action. Sailsbystars (talk) 04:27, 3 July 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

199.127.248.170 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: VPN. Triggered a filter. Possible spambot. [oakweb.com] — Ginsuloft (talk) 14:48, 2 July 2013 (UTC)

• Suspicious activity on port 1027, the only one open. Still haven't determined if it is active or not. Dennis Brown | 2¢ | WER 15:47, 2 July 2013 (UTC)
• I've blocked. Dennis Brown | 2¢ | WER 16:06, 2 July 2013 (UTC)
  • Uh, are you're sure you only came back with 1027 open? I get a helluva a lot more ports open, including 8080 (one of the standard proxy ports) which appears to work albeit slowly. Anyway, the end result is more or less the same (good block), but I'm puzzled as to why we're getting such different port results. Sailsbystars (talk) 04:21, 3 July 2013 (UTC)
    • When I checked, only 1027 was open, and I did a number of tests (I was bored). Of course, that was only a single snapshot in time. I just checked again and found zero ports open this time, using four different methods on two different platforms. They must be actively tweaking it. Dennis Brown | 2¢ | WER 10:12, 3 July 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

170.20.11.14 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

• Confirmed proxy according to whatismyip Can any of you technical guys point me to a "how to" for checking to see if these are proxies? It would make reporting a little easier. Darkness Shines (talk) 22:05, 3 July 2013 (UTC)

  See User:Zzuuzz/Guide_to_checking_open_proxies. This IP is hardly an open proxy - no open ports, no obvious hints for the proxy mechanism. Materialscientist (talk) 22:26, 3 July 2013 (UTC)

• Also checked, no open ports and not a likely source anyway. Closing it up. Dennis Brown | 2¢ | WER 22:38, 3 July 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

190.235.83.32 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Suspicious edits. This user displays an uncanny knowledge of our policies for such a short editing career. The IP geolocates to a non-English speaking county (Peru) and is in the same block as a known honeypot-trapped spam mail server. - MrX 20:02, 10 July 2013 (UTC)

  Unlikely IP is an open proxy Host is down, but circumstantial evidence for a proxy is minimal (although not non-existent). There's an unusual amount of activity on this IP, I'll see if I can get it while it's up later. Sailsbystars (talk) 02:39, 11 July 2013 (UTC)

Finally caught the host up, but all ports were closed or filtered. Sailsbystars (talk) 05:33, 16 July 2013 (UTC)

Hmmm. Well, thanks for looking into it. - MrX 13:25, 30 October 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

67.142.183.27 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Suspicious edits –— Preceding unsigned comment added by Bigpoliticsfan (talk • contribs) 00:55, 19 July 2013   Not currently an open proxy This is at least the third time this ISP has been reported here. To me, this seems like a satellite internet provider that uses either caching proxies or just a highly dynamic range. It does not appear to be an open proxy, nor have any of the other similar ones I've seen. Sailsbystars (talk) 19:36, 20 July 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

87.82.223.170 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Port 8080 open Ginsuloft (talk) 19:04, 22 July 2013 (UTC)

Port 8080 is indeed open as http proxy, but I can't connect through it right now. Anonblocked until further checks. Materialscientist (talk) 22:32, 22 July 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

2001:41D0:0:0:0:0:0:0/40 · contribs · block · log · stalk · Robtex · whois · Google

The range was blocked on 6 April 2013 by Elockid, the reason given being {{webhostblock}}. There is now an unblock request at User talk:Pankkake, saying "2001:41D0:0:0:0:0:0:0/40 is not an "open proxy", it's a whole hoster and ISP, OVH". I would be grateful if someone with more knowledge of these things than me would look at it. JamesBWatson (talk) 09:49, 23 July 2013 (UTC)

I have also consulted the blocking administrator. JamesBWatson (talk) 09:53, 23 July 2013 (UTC)

Well, it's explained at the blocking template about webhosts which by the description of the unblock request is already known that it is. This webhost has been abused by several blocked/banned users, some of which are very high in severity. Elockid ^(Talk) 17:31, 23 July 2013 (UTC)

OVH is all servers and a lot of bad news (they're on my mental list of providers which have repeatedly hosted proxies). The user should disable their proxy to edit. Simple as that. Oh and hey, just for good measure they were just hacked. Sailsbystars (talk) 01:24, 24 July 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

87.239.159.223 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Port 80 open + edits are spambot-like. (Several edits were speedy deleted, incase a non-admin is wondering "what edits") Ginsuloft (talk) 22:47, 23 July 2013 (UTC)

Blocked as webhost. Port 80 is indeed open, but I couldn't make it work as an open proxy upon a quick try. Materialscientist (talk) 23:03, 23 July 2013 (UTC)

  IP is an open proxy web proxy, wide open. Block seems appropriate length, so closing. Sailsbystars (talk) 02:35, 24 July 2013 (UTC)

Yep, I forgot to CTRL-F "proxy" and alike on the rdns page. Materialscientist (talk) 09:21, 24 July 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

210.211.124.99 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: As above, port 80 open + spambot-style editing. Ginsuloft (talk) 07:41, 24 July 2013 (UTC)

Confirmed, blocked, thanks. Materialscientist (talk) 09:32, 24 July 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

195.37.210.55 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Requested unblock via UTRS. Note that from the unblock request this is the "Rhine-Waal University's NAT IP for all HTTP/HTTPS traffic of LAN users, transparently routed through a Web Security Gateway to secure LAN users on these kinds of traffic".--Jezebel'sPonyo^{bons mots} 15:58, 24 July 2013 (UTC)

  Not currently an open proxy Looks like it was open as a brief glitch which has since been rectified. Confirmed proxy is no longer open. Please unblock it. Sailsbystars (talk) 04:23, 25 July 2013 (UTC)

  Done--Jezebel'sPonyo^{bons mots} 18:52, 25 July 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

123.150.182.201 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

123.150.182.208 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

123.150.182.209 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

123.150.182.220 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Suspicious edits. It just occurred to me that these might be spambots and I whois'd them and they were registered to Chinanet (lots of spambots from that ISP). TCP port 80 seems to be intermittently open. Ginsuloft (talk) 21:11, 1 August 2013 (UTC)

Yes, port 80 is open, but I don't see an open proxy mechanism right away. I've rangeblocked those IPs though (anonblock). Materialscientist (talk) 23:25, 2 August 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

186.88.10.64 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: User talk:Arielco is caught in a proxy block of the noted IP address.--Jezebel'sPonyo^{bons mots} 17:54, 2 August 2013 (UTC)

There was an open proxy on port 8080, but it is gone. There is an open port on 6881: open bittorrent-tracker, but I don't know what to make out of it. My suggestion is unblock. Materialscientist (talk) 23:20, 2 August 2013 (UTC)

  Unlikely IP is an open proxy Agree the block should probably be dropped, although the situation appears a bit odd from my looking. The oddness isn't enough to justify keeping a productive user blocked though. Sailsbystars (talk) 02:10, 7 August 2013 (UTC)

I've unblocked the IP that was effecting the editor in question.--Jezebel'sPonyo^{bons mots} 17:33, 7 August 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

89.187.216.184 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Requested unblock on talk page  Ronhjones  ^(Talk) 19:45, 4 August 2013 (UTC)

ports open: 21, 22, 82, 587 (I'm not a proxy checker, just providing info) Ginsuloft (talk) 00:41, 5 August 2013 (UTC)

  Likely IP is an open proxy Appears to intermittently be a proxy. Not functional at the moment. May possibly be a compromised computer. Anyway, suffice it to say I do not believe it is safe to unblock. Sailsbystars (talk) 02:02, 7 August 2013 (UTC)

Unblock declined.--Jezebel'sPonyo^{bons mots} 17:34, 9 August 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

69.73.133.54 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan Sys they're not an open proxy. Daniel Case (talk) 10:01, 9 August 2013 (UTC)

It's a webhost with at least one open port (21). But it's possible there are 10 others. Note: I'm not a proxy checker, just adding some info. Callanecc (talk • contribs • logs) 07:08, 13 August 2013 (UTC)

I have declined the unblock based on this. Daniel Case (talk) 10:59, 13 August 2013 (UTC)

  IP is an open proxy confirmed web proxy. Sailsbystars (talk) 06:37, 5 September 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

97.73.64.148 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Requested unblock via UTRS.--Jezebel'sPonyo^{bons mots} 16:36, 14 August 2013 (UTC)

There was a tunnel proxy, and it seems it's gone; all ports filtered, but, I have bad memories about the host (direcway), and thus would appreciate other opinions. Materialscientist (talk) 21:56, 14 August 2013 (UTC)

Hmmm, no further opinions so far. Should it be unblocked, or is it best to err on the side of caution? Note that the unblock request was made from an .edu email address.--Jezebel'sPonyo^{bons mots} 18:36, 21 August 2013 (UTC)

Whois shows it as still being registered to DirecWay.--Bigpoliticsfan (talk) 22:05, 21 August 2013 (UTC)

@ Materialscientist - it appears that no other proxy checkers have voiced any opinion. As the unblock request is still open should I remove the block? --Jezebel'sPonyo^{bons mots} 20:28, 4 September 2013 (UTC)

Direcway=hughes satellite internet. Presumably they use some kind of a caching proxy. I've seen them come up here a fair number of times recently, but usually there wasn't any proxy there when I checked... This particular one is sort of half open, as it will let me connect (which is more than a full dead one would do), but then I wouldn't get any data back. It's probably safe to unblock. Sailsbystars (talk) 06:46, 5 September 2013 (UTC)

Unblocked; thank you.--Jezebel'sPonyo^{bons mots} 16:28, 5 September 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

134.134.137.71 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: This one has a weird editing history. Sometimes it looks like an Intel engineer, sometimes like an experienced Wikipedian, sometimes like a child, sometimes like someone in Washington State, sometimes like someone in India. Could it be an open proxy? Wifi Hotspot? Or maybe someone is using a VPN and his kids are sharing his connection? Weird edits include: Very useful edit,[1] Spam, [2] Intel-related technical information,[3] Removal of a template,[4] and Vandalism.[5] --Guy Macon (talk) 17:46, 18 August 2013 (UTC)

Clicking "whois" above tells us that this is an Intel IP located at 2200 Mission College Blvd., CA. This might explain your observations, i.e. I suspect it is a shared, school IP. I see no sign of an open proxy. Ports are filtered. Materialscientist (talk) 22:03, 18 August 2013 (UTC)

Ah. I missed that. That address is the Intel Corporate headquarters (File:Intel_HQ_exterior_1.JPG)) and the Intel Museum, and Mission Community College is down the street at 3000 Mission College Blvd. Not a particularly strange editing pattern given that fact, and there is almost no abuse from that IP. I think we can close this. Thanks! -Guy Macon (talk)

  – This proxy check request is closed and will soon be archived by a bot.

46.163.64.0/18 · contribs · block · log · stalk · Robtex · whois · Google

Reason: At UTRS #8566, the user claims to be using a private proxy to edit. If there are indeed innocent users and/or legitimate closed proxies in the range, could it be reduced to a softblock? -- King of ♥ ♦ ♣ ♠ 03:37, 20 August 2013 (UTC)

  Completed -- zzuuzz ^(talk) 07:13, 20 August 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

41.203.89.245 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Requested unblock via UTRS.--Jezebel'sPonyo^{bons mots} 22:33, 4 September 2013 (UTC)

  Not currently an open proxy No longer an open proxy... however it looks like this one goes through periods of proxy (e.g. Sept-Nov of last year and July of this on) and not a proxy (possibly a dynamic IP). It's dead now to me and to various proxy checking sites so safe to unblock for now, but wouldn't be surprised if it got caught by procseebot again in a few months time. Sailsbystars (talk)

Cheers - now unblocked.--Jezebel'sPonyo^{bons mots} 16:19, 5 September 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

88.171.0.0 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: At UTRS #8648, user claims it is his normal Free (ISP) IP address. If it is found that not all of the range can be used as an open proxy, could it be unblocked or at least reduced to softblock? -- King of ♥ ♦ ♣ ♠ 08:32, 5 September 2013 (UTC)

Um, I'm sorry to say this looks like a bad block to me. None of the IPs are used for webhosting (much less a proxy) as far as I can tell, and it's a pretty active range. I checked a few of the more active IPs and found no sign of a proxy. Recommend immediate unblocking of the entire range. Sailsbystars (talk) 13:27, 5 September 2013 (UTC)

Unblocked by blocking admin, marking closed. Sailsbystars (talk) 13:34, 5 September 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

206.253.165.231 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

User claims OPs have been disabled. Daniel Case (talk) 22:13, 9 September 2013 (UTC)

  Inconclusive Mostly checked... It's definitely a shared webhost so the user doesn't need to edit from it. Unfortunately, while it's easy to find conclusive evidence for this type of proxy, it's very hard to find conclusive evidence that it isn't a proxy.... I can't find the proxy mechanism if there is one, but I also can't rule one out. Sailsbystars (talk) 06:25, 10 September 2013 (UTC)

Port 8080 is set for open proxy, and there are several other open ports, but I couldn't connect through a few hours ago. Materialscientist (talk) 07:02, 10 September 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

119.30.39.1 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Requested unblock. See User talk:Duke Khan. IP blocked three days ago by Elockid (talk). JohnCD (talk) 22:11, 17 September 2013 (UTC)

Decline - it still works as an open proxy on port 3128. Materialscientist (talk) 22:56, 17 September 2013 (UTC)

Part of the determination of what to do at Wikipedia:Archive.is RFC depends on whether my suspicions of proxy abuse are well founded. Any attention that anyone cares to pay to the long list of IPs detailed at the RFC will be greatly appreciated.—Kww(talk) 01:18, 22 September 2013 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

217.172.183.219 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan Blocked as part of a range; claims it's no longer a Tor node. Daniel Case (talk) 19:00, 23 September 2013 (UTC)

I couldn't really figure out what to make of this, but based on WHOIS it appears to not be a Tor node anymore, but instead some type of webhost that looks like it's registered in Germany, although it could be registered in Austria. --Bigpoliticsfan (talk) 19:49, 23 September 2013 (UTC)

The IP is still configured as Tor; its entry port 9001 is active, but the exit port (9030) is inactive [6]. Too sleepy to conclude. Materialscientist (talk) 12:52, 24 September 2013 (UTC)

Not a TOR node now. JamesBWatson (talk) 11:02, 28 January 2014 (UTC)

  – This proxy check request is closed and will soon be archived by a bot.

207.179.0.0/19 · contribs · block · log · stalk · Robtex · whois · Google

Reason: Requested unblock at User talk:3fire76.--Jezebel'sPonyo^{bons mots} 18:33, 24 September 2013 (UTC)

Seems to be a webhost range, reduced to softblock. -- King of ♥ ♦ ♣ ♠ 18:42, 24 September 2013 (UTC)

User notified, marking as closed.--Jezebel'sPonyo^{bons mots} 23:49, 24 September 2013 (UTC)