Wikipedia:WikiProject on open proxies/Requests/Archives/13

217.33.165.66


Obvious troll editing from a confirmed proxy server. GabeMc (talk&#124;contribs)  20:07, 1 July 2013 (UTC)

Reason: Suspicious edits from a confirmed proxy server.
 * Might be a confirmed proxy, but it doesn't appear to be an open proxy, so needs to be treated like any other IP. No ports open.  Dennis Brown &#124; 2¢ &#124;  WER  20:26, 1 July 2013 (UTC)
 * Looks like an unusually busy ip, but doesn't look to be a proxy. Closing with no action.  Sailsbystars (talk) 04:27, 3 July 2013 (UTC)

199.127.248.170


Reason: VPN. Triggered a filter. Possible spambot. [oakweb.com] — Ginsuloft (talk) 14:48, 2 July 2013 (UTC)
 * Suspicious activity on port 1027, the only one open. Still haven't determined if it is active or not.  Dennis Brown &#124; 2¢ &#124;  WER  15:47, 2 July 2013 (UTC)
 * I've blocked. Dennis Brown &#124; 2¢ &#124;  WER  16:06, 2 July 2013 (UTC)
 * Uh, are you're sure you only came back with 1027 open? I get a helluva a lot more ports open, including 8080 (one of the standard proxy ports) which appears to work albeit slowly.  Anyway, the end result is more or less the same (good block), but I'm puzzled as to why we're getting such different port results.  Sailsbystars (talk) 04:21, 3 July 2013 (UTC)
 * When I checked, only 1027 was open, and I did a number of tests (I was bored). Of course, that was only a single snapshot in time.  I just checked again and found zero ports open this time, using four different methods on two different platforms.  They must be actively tweaking it. Dennis Brown &#124; 2¢ &#124;  WER  10:12, 3 July 2013 (UTC)

170.20.11.14



 * Confirmed proxy according to whatismyip Can any of you technical guys point me to a "how to" for checking to see if these are proxies? It would make reporting a little easier. Darkness Shines (talk) 22:05, 3 July 2013 (UTC)
 * See User:Zzuuzz/Guide_to_checking_open_proxies. This IP is hardly an open proxy - no open ports, no obvious hints for the proxy mechanism. Materialscientist (talk) 22:26, 3 July 2013 (UTC)
 * Also checked, no open ports and not a likely source anyway. Closing it up. Dennis Brown &#124; 2¢ &#124;  WER  22:38, 3 July 2013 (UTC)

190.235.83.32


Reason: Suspicious edits. This user displays an uncanny knowledge of our policies for such a short editing career. The IP geolocates to a non-English speaking county (Peru) and is in the same block as a known honeypot-trapped spam mail server. - MrX 20:02, 10 July 2013 (UTC)
 * Host is down, but circumstantial evidence for a proxy is minimal (although not non-existent). There's an unusual amount of activity on this IP, I'll see if I can get it while it's up later.  Sailsbystars (talk) 02:39, 11 July 2013 (UTC)
 * Finally caught the host up, but all ports were closed or filtered. Sailsbystars (talk) 05:33, 16 July 2013 (UTC)
 * Hmmm. Well, thanks for looking into it. - MrX 13:25, 30 October 2013 (UTC)

67.142.183.27


Reason: Suspicious edits – — Preceding unsigned comment added by Bigpoliticsfan (talk • contribs) 00:55, 19 July 2013 This is at least the third time this ISP has been reported here. To me, this seems like a satellite internet provider that uses either caching proxies or just a highly dynamic range. It does not appear to be an open proxy, nor have any of the other similar ones I've seen. Sailsbystars (talk) 19:36, 20 July 2013 (UTC)

87.82.223.170


Reason: Port 8080 open Ginsuloft (talk) 19:04, 22 July 2013 (UTC)
 * Port 8080 is indeed open as http proxy, but I can't connect through it right now. Anonblocked until further checks. Materialscientist (talk) 22:32, 22 July 2013 (UTC)

2001:41D0:0:0:0:0:0:0/40


The range was blocked on 6 April 2013 by Elockid, the reason given being webhostblock. There is now an unblock request at User talk:Pankkake, saying "2001:41D0:0:0:0:0:0:0/40 is not an "open proxy", it's a whole hoster and ISP, OVH". I would be grateful if someone with more knowledge of these things than me would look at it. JamesBWatson (talk) 09:49, 23 July 2013 (UTC)
 * I have also consulted the blocking administrator. JamesBWatson (talk) 09:53, 23 July 2013 (UTC)
 * Well, it's explained at the blocking template about webhosts which by the description of the unblock request is already known that it is. This webhost has been abused by several blocked/banned users, some of which are very high in severity. Elockid  ( Talk ) 17:31, 23 July 2013 (UTC)
 * OVH is all servers and a lot of bad news (they're on my mental list of providers which have repeatedly hosted proxies). The user should disable their proxy to edit.  Simple as that.  Oh and hey, just for good measure they were just hacked.  Sailsbystars (talk) 01:24, 24 July 2013 (UTC)

87.239.159.223


Reason: Port 80 open + edits are spambot-like. (Several edits were speedy deleted, incase a non-admin is wondering "what edits") Ginsuloft (talk) 22:47, 23 July 2013 (UTC)
 * Blocked as webhost. Port 80 is indeed open, but I couldn't make it work as an open proxy upon a quick try. Materialscientist (talk) 23:03, 23 July 2013 (UTC)
 * web proxy, wide open. Block seems appropriate length, so closing.  Sailsbystars (talk) 02:35, 24 July 2013 (UTC)
 * Yep, I forgot to CTRL-F "proxy" and alike on the rdns page. Materialscientist (talk) 09:21, 24 July 2013 (UTC)

210.211.124.99


Reason: As above, port 80 open + spambot-style editing. Ginsuloft (talk) 07:41, 24 July 2013 (UTC)
 * Confirmed, blocked, thanks. Materialscientist (talk) 09:32, 24 July 2013 (UTC)

195.37.210.55


Reason: Requested unblock via UTRS. Note that from the unblock request this is the "Rhine-Waal University's NAT IP for all HTTP/HTTPS traffic of LAN users, transparently routed through a Web Security Gateway to secure LAN users on these kinds of traffic".--Jezebel's Ponyo bons mots 15:58, 24 July 2013 (UTC)
 * Looks like it was open as a brief glitch which has since been rectified. Confirmed proxy is no longer open.  Please unblock it.  Sailsbystars (talk) 04:23, 25 July 2013 (UTC)
 * ✅--Jezebel's Ponyo bons mots 18:52, 25 July 2013 (UTC)

123.150.182.208 and 123.150.182.220


Suspicious edits. It just occurred to me that these might be spambots and I whois'd them and they were registered to Chinanet (lots of spambots from that ISP). TCP port 80 seems to be intermittently open. Ginsuloft (talk) 21:11, 1 August 2013 (UTC)
 * Yes, port 80 is open, but I don't see an open proxy mechanism right away. I've rangeblocked those IPs though (anonblock). Materialscientist (talk) 23:25, 2 August 2013 (UTC)

186.88.10.64


Reason: User talk:Arielco is caught in a proxy block of the noted IP address.--Jezebel's Ponyo bons mots 17:54, 2 August 2013 (UTC)
 * There was an open proxy on port 8080, but it is gone. There is an open port on 6881: open bittorrent-tracker, but I don't know what to make out of it. My suggestion is unblock. Materialscientist (talk) 23:20, 2 August 2013 (UTC)
 * Agree the block should probably be dropped, although the situation appears a bit odd from my looking. The oddness isn't enough to justify keeping a productive user blocked though.  Sailsbystars (talk) 02:10, 7 August 2013 (UTC)
 * I've unblocked the IP that was effecting the editor in question.--Jezebel's Ponyo bons mots 17:33, 7 August 2013 (UTC)

89.187.216.184


Reason: Requested unblock on talk page  Ron h jones  (Talk) 19:45, 4 August 2013 (UTC)
 * ports open: 21, 22, 82, 587 (I'm not a proxy checker, just providing info) Ginsuloft (talk) 00:41, 5 August 2013 (UTC)
 * Appears to intermittently be a proxy. Not functional at the moment.  May possibly be a compromised computer.  Anyway, suffice it to say I do not believe it is safe to unblock.  Sailsbystars (talk) 02:02, 7 August 2013 (UTC)
 * Unblock declined.--Jezebel's Ponyo <sup style="color:Navy;">bons mots 17:34, 9 August 2013 (UTC)

69.73.133.54

 * Sys they're not an open proxy. Daniel Case (talk) 10:01, 9 August 2013 (UTC)


 * It's a webhost with at least one open port (21). But it's possible there are 10 others. Note: I'm not a proxy checker, just adding some info. Callanecc (talk • contribs • logs) 07:08, 13 August 2013 (UTC)
 * I have declined the unblock based on this. Daniel Case (talk) 10:59, 13 August 2013 (UTC)
 * confirmed web proxy. Sailsbystars (talk) 06:37, 5 September 2013 (UTC)

97.73.64.148


Reason: Requested unblock via UTRS.--<b style="color:Navy;">Jezebel's</b> Ponyo <sup style="color:Navy;">bons mots 16:36, 14 August 2013 (UTC)
 * There was a tunnel proxy, and it seems it's gone; all ports filtered, but, I have bad memories about the host (direcway), and thus would appreciate other opinions. Materialscientist (talk) 21:56, 14 August 2013 (UTC)
 * Hmmm, no further opinions so far. Should it be unblocked, or is it best to err on the side of caution? Note that the unblock request was made from an .edu email address.--<b style="color:Navy;">Jezebel's</b> Ponyo <sup style="color:Navy;">bons mots 18:36, 21 August 2013 (UTC)
 * Whois shows it as still being registered to DirecWay.--Bigpoliticsfan (talk) 22:05, 21 August 2013 (UTC)
 * @ Materialscientist - it appears that no other proxy checkers have voiced any opinion. As the unblock request is still open should I remove the block? --<b style="color:Navy;">Jezebel's</b> Ponyo <sup style="color:Navy;">bons mots 20:28, 4 September 2013 (UTC)
 * Direcway=hughes satellite internet. Presumably they use some kind of a caching proxy. I've seen them come up here a fair number of times recently, but usually there wasn't any proxy there when I checked...  This particular one is sort of half open, as it will let me connect (which is more than a full dead one would do), but then I wouldn't get any data back.  It's probably safe to unblock.  Sailsbystars (talk) 06:46, 5 September 2013 (UTC)
 * Unblocked; thank you.--<b style="color:Navy;">Jezebel's</b> Ponyo <sup style="color:Navy;">bons mots 16:28, 5 September 2013 (UTC)

134.134.137.71


Reason: This one has a weird editing history. Sometimes it looks like an Intel engineer, sometimes like an experienced Wikipedian, sometimes like a child, sometimes like someone in Washington State, sometimes like someone in India. Could it be an open proxy? Wifi Hotspot? Or maybe someone is using a VPN and his kids are sharing his connection? Weird edits include: Very useful edit, Spam, Intel-related technical information, Removal of a template, and Vandalism. --Guy Macon (talk) 17:46, 18 August 2013 (UTC)
 * Clicking "whois" above tells us that this is an Intel IP located at 2200 Mission College Blvd., CA. This might explain your observations, i.e. I suspect it is a shared, school IP. I see no sign of an open proxy. Ports are filtered. Materialscientist (talk) 22:03, 18 August 2013 (UTC)
 * Ah. I missed that. That address is the Intel Corporate headquarters (File:Intel_HQ_exterior_1.JPG)) and the Intel Museum, and Mission Community College is down the street at 3000 Mission College Blvd. Not a particularly strange editing pattern given that fact, and there is almost no abuse from that IP. I think we can close this. Thanks! -Guy Macon (talk)

46.163.64.0/18


Reason: At UTRS #8566, the user claims to be using a private proxy to edit. If there are indeed innocent users and/or legitimate closed proxies in the range, could it be reduced to a softblock? -- King of &hearts;   &diams;   &clubs;  &spades; 03:37, 20 August 2013 (UTC)
 * -- zzuuzz (talk) 07:13, 20 August 2013 (UTC)

41.203.89.245


Reason: Requested unblock via UTRS.--<b style="color:Navy;">Jezebel's</b> Ponyo <sup style="color:Navy;">bons mots 22:33, 4 September 2013 (UTC)
 * No longer an open proxy... however it looks like this one goes through periods of proxy (e.g. Sept-Nov of last year and July of this on) and not a proxy (possibly a dynamic IP). It's dead now to me and to various proxy checking sites so safe to unblock for now, but wouldn't be surprised if it got caught by procseebot again in a few months time.  Sailsbystars (talk)
 * Cheers - now unblocked.--<b style="color:Navy;">Jezebel's</b> Ponyo <sup style="color:Navy;">bons mots 16:19, 5 September 2013 (UTC)

88.171.0.0/16


Reason: At UTRS #8648, user claims it is his normal Free (ISP) IP address. If it is found that not all of the range can be used as an open proxy, could it be unblocked or at least reduced to softblock? -- King of &hearts;   &diams;   &clubs;  &spades; 08:32, 5 September 2013 (UTC)
 * Um, I'm sorry to say this looks like a bad block to me. None of the IPs are used for webhosting (much less a proxy) as far as I can tell, and it's a pretty active range.  I checked a few of the more active IPs and found no sign of a proxy.  Recommend immediate unblocking of the entire range.  Sailsbystars (talk) 13:27, 5 September 2013 (UTC)
 * Unblocked by blocking admin, marking closed. Sailsbystars (talk) 13:34, 5 September 2013 (UTC)

206.253.165.231


User claims OPs have been disabled. Daniel Case (talk) 22:13, 9 September 2013 (UTC)
 * Mostly checked... It's definitely a shared webhost so the user doesn't need to edit from it. Unfortunately, while it's easy to find conclusive evidence for this type of proxy, it's very hard to find conclusive evidence that it isn't a proxy.... I can't find the proxy mechanism if there is one, but I also can't rule one out.  Sailsbystars (talk) 06:25, 10 September 2013 (UTC)
 * Port 8080 is set for open proxy, and there are several other open ports, but I couldn't connect through a few hours ago. Materialscientist (talk) 07:02, 10 September 2013 (UTC)

119.30.39.1


Reason: Requested unblock. See User talk:Duke Khan. IP blocked three days ago by. JohnCD (talk) 22:11, 17 September 2013 (UTC)
 * Decline - it still works as an open proxy on port 3128. Materialscientist (talk) 22:56, 17 September 2013 (UTC)

Archive.is RFC
Part of the determination of what to do at Archive.is RFC depends on whether my suspicions of proxy abuse are well founded. Any attention that anyone cares to pay to the long list of IPs detailed at the RFC will be greatly appreciated.&mdash;Kww(talk) 01:18, 22 September 2013 (UTC)

217.172.183.219

 * Blocked as part of a range; claims it's no longer a Tor node. Daniel Case (talk) 19:00, 23 September 2013 (UTC)
 * I couldn't really figure out what to make of this, but based on WHOIS it appears to not be a Tor node anymore, but instead some type of webhost that looks like it's registered in Germany, although it could be registered in Austria. --Bigpoliticsfan (talk) 19:49, 23 September 2013 (UTC)
 * The IP is still configured as Tor; its entry port 9001 is active, but the exit port (9030) is inactive . Too sleepy to conclude. Materialscientist (talk) 12:52, 24 September 2013 (UTC)


 * Not a TOR node now. JamesBWatson (talk) 11:02, 28 January 2014 (UTC)

207.179.0.0/19


Reason: Requested unblock at User talk:3fire76.--<b style="color:Navy;">Jezebel's</b> Ponyo <sup style="color:Navy;">bons mots 18:33, 24 September 2013 (UTC)
 * Seems to be a webhost range, reduced to softblock. -- King of &hearts;   &diams;   &clubs;  &spades; 18:42, 24 September 2013 (UTC)
 * User notified, marking as closed.--<b style="color:Navy;">Jezebel's</b> Ponyo <sup style="color:Navy;">bons mots 23:49, 24 September 2013 (UTC)