Wikipedia:WikiProject on open proxies/Requests/Archives/8

202.156.11.12


Reason: Suspicious edits. Geolocate says it is a proxy.--Metallurgist (talk) 19:58, 5 April 2012 (UTC)
 * According to hash.es, this was an entry point (202.156.11.12:80) of a tunnel proxy (exiting elsewhere), which is worrying; and proxy bot blocked this IP in 2010 and 2011, meaning it surely was a proxy. However, I can't connect through this IP now. In my experience, Singapore users/addresses are very volatile. I don't think this is an open proxy at this time. DeltaQuad unblocked it as a proxy in 2011 here. Materialscientist (talk) 22:46, 5 April 2012 (UTC)
 * – Port 80 is open but connections are reset immediately. Please note that hash.es shows that any proxy was last active more than a year ago. &mdash; madman 04:00, 13 May 2012 (UTC)

206.253.165.78


Located on a blocked range. They claim it's a VPN. Daniel Case (talk) 16:01, 9 April 2012 (UTC)
 * VPN or not, it's still a webhost, which means the user can ask for an account, and provide a valid reason for needing a proxy (confidentially if needed), and get a CU done for an IPBE if the reason is legit. I understand that it might just be one IP and one user on this range, but we have no single IP whitelist. -- DQ  (ʞlɐʇ)  01:46, 11 April 2012 (UTC)

202.171.168.146


Now blocked for edit warring at English Defence League per this 3RR complaint. The same IP was blocked earlier by Procseebot, and a Google search for the IP suggests it has operated as an open proxy on port 8080. If it's confirmed as a proxy, this would justify a longer block. EdJohnston (talk) 21:36, 11 April 2012 (UTC)
 * Can't connect to its stated port 8080 right now. Wireless provider, not necessarily a proxy - might have been an infected zombie computer. Materialscientist (talk) 13:16, 12 April 2012 (UTC)
 * The IP was included in an open proxy list here, published on 26 November 2011. http://202.171.168.146/ opens up a login page for a MicroTik router. I tried logging in at the MicroTik prompt with no password but it doesn't work. EdJohnston (talk) 16:11, 12 April 2012 (UTC)
 * This is an RMIT student IP. There is indeed an HTTP proxy open on port 8080, but it returns access denied for all requests, so I'd consider it closed. &mdash; madman 02:30, 12 May 2012 (UTC)

202.75.53.200


I thought this had already been blocked as an open proxy? Is still allowed to clear the talk page? And it no longer says blocked when I look at contributions According to this it is a confirmed proxy server. 18:01, 12 April 2012 (UTC) Darkness Shines (talk) 18:01, 12 April 2012 (UTC)
 * It's the same network as the IP just above. We should probably try and round up the rest and see what's occurring. -- zzuuzz (talk) 18:49, 12 April 2012 (UTC)
 * This is what is going on A well known sockpuppeter. Darkness Shines (talk) 18:52, 12 April 2012 (UTC)
 * – Proprietary protocol from what I can tell. 76 users currently using this IP . Blocked for 1 year for disruptive editing by Magog the Ogre. &mdash; madman 16:36, 9 May 2012 (UTC)

109.73.64.0/20


Reason: Suspicious edits lol. Needs checking out and/or some range blocking methinks. -- zzuuzz (talk) 18:12, 13 April 2012 (UTC)
 * Could you expand on what you mean by suspicious edits? In contributions from the first range, I see the following:
 * Linkspam: 109.73.65.50 (5), 109.73.65.64 (1), 109.73.65.87 (1), 109.73.65.109 (1), 109.73.66.41 (1)
 * Unsourced information: 109.73.66.47 (1)
 * Vandalism: 109.73.65.187 (1), 109.73.66.172 (1), 109.73.71.3 (1), 109.73.74.100 (1)
 * It looks like two-thirds of contributions from that range are probably fine. &mdash; madman 17:18, 10 May 2012 (UTC)
 * In contributions from the second range, I see the following:
 * Block evasion: 31.193.133.161
 * Blocked proxy: 31.193.133.144
 * Linkspam: 31.193.133.160
 * Definitely not anything to merit range-blocking a class D network, in my opinion. &mdash; madman 17:28, 10 May 2012 (UTC)
 * – The first range is a hosting range; there are a number of Web hosts in the second range, but the range belongs to an ISP and not a hosting provider. I don't see any evidence that there have been any open proxies at the addresses above (there may have been an open proxy at 31.193.133.144 when it was blocked; it's a static IP assigned by the ISP). &mdash; madman 17:38, 10 May 2012 (UTC)

50.22.206.179


Port 8080. Hipocrite (talk) 14:48, 23 April 2012 (UTC)

Reason: Suspicious edits
 * – already blocked (locally and globally). &mdash; madman 15:36, 9 May 2012 (UTC)

210.55.215.173


Unblock requested via UTRS by IP 122.61.132.202. --Jezebel's Ponyo bons mots 03:30, 1 May 2012 (UTC)
 * – see WikiProject on open proxies/Requests/Archives/3. &mdash; madman 15:22, 9 May 2012 (UTC)

46.185.160.11


Reason: Suspicious edits perisitent vandalism. The user Historyfeelings has bee blocked. Now his using the an ip address to do the same vandalism. Soufray (talk) 00:22, 7 May 2012 (UTC)
 * Historyfeelings has never been blocked. I don't see evidence this IP is an open proxy - looks like an editing disagreement. Materialscientist (talk) 00:33, 7 May 2012 (UTC)
 * &mdash; madman 15:13, 9 May 2012 (UTC)

81.169.139.196


Confirmed proxy server according to this Darkness Shines (talk) 21:32, 7 May 2012 (UTC)
 * Confirmed, reblocked per long history of open proxy at the same port. Materialscientist (talk) 00:54, 8 May 2012 (UTC)

155.198.0.0/16


Reason: Requested unblock.

These IP numbers are assigned to Imperial College in London where I am a member of staff. Prior to the recent block by User:AGK, users who had logged in were allowed to edit – but now although they can log in, they cannot edit. The IT department of the college attempts to tightly control access to the internet and would not deliberate allow an "open proxy". Would it be useful for me to approach the IT department of the college or perhaps to provide contact details to an admin? The college allows students and staff to log into the college system using the VPN protocol. Could this appear as an open proxy? Is it possible to be more restrictive in the block? Is it possible to let users who have logged in to edit? The block covers many thousand computers – and I would hope that some of the staff and students contribute constructively to Wikipedia.Aa77zz (talk) 20:31, 9 May 2012 (UTC)
 * VPN access would not be considered an open proxy, but it is a proxying method. Let me do a cursory check for any potentially problematic IPs in that range and consult with AGK; I imagine we can change the block to a school block (i.e., anon. only). &mdash; madman 20:49, 9 May 2012 (UTC)
 * Many thanks to AGK; he has already (!!) changed the block to a school block. There's information as to how users may create an account in the block message. Please note that the block will not be modified further as it's been indicated that confidential checkuser data was involved in the decision to block. For the record (I whipped up some scripts I'll find useful later), about 20% of contributors from this range (458/2259 by my count) have had some or all of their edits reverted; obviously I can't do a thorough check of even that many IPs, but none of those 2000+ contributors are listed in any of the botnet and proxy blacklists I consider reliable. &mdash; madman 03:43, 10 May 2012 (UTC)
 * Many thanks for fixing this. Aa77zz (talk) 07:34, 10 May 2012 (UTC)

188.72.73.52


Reason: Suspicious edits; WhatIsMyIPAddress says is proxy (although might not be open one)
 * , despite this. However, it may be a closed proxy and it definitely is a shared IP address. If vandalism or other abuse continues, it may be soft blocked for a few years; it belongs to a hosting provider and not an ISP. &mdash; madman 17:00, 10 May 2012 (UTC)
 * I've blocked it as open proxy - the entrance is at anonymizer.ru or Harrachov.ru (+ it is a vast hosting server with a range of dubious "communication" services). Materialscientist (talk) 10:56, 22 May 2012 (UTC)

112.198.64.17


Reason: Vandalism (insertion of link to vandalism image to Virginia Woolf, see . Listed on opm.tornevall.org JoeSperrazza (talk) 00:03, 12 May 2012 (UTC)
 * . This IP address is a shared IP address, as indicated by its editing pattern and that it lies within a WiMAX range; those addresses turn over pretty quickly. I don't find the Tornevall DNSbl very reliable for shared IP addresses; its presence therein indicates that it was scanned and working at one time (it's also marked as an abusive host, which it has clearly been for longer), but the host using the address at the moment does not appear to be an open proxy. &mdash; madman 00:52, 12 May 2012 (UTC)

37.157.193.23


Reason: Disruptive edits. The IP leads to and Robtex shows it also leads to  (a mirror of the same site)  RA  talkcontribs 20:27, 12 May 2012 (UTC)
 * for one year. &mdash; <span style="font-family:monospace, monospace;">madman 04:04, 13 May 2012 (UTC)

24.114.255.3


Reason: Suspicious edits, personal attacks, vandalism. Keristrasza (talk) 22:26, 14 May 2012 (UTC)


 * No sign of a proxy I can find, looks like a normal residential or business IP (albeit a fairly active one). Consider reporting to AIV if vandalism persists.  Sailsbystars (talk) 03:23, 15 May 2012 (UTC)

194.251.142.28


Reason: Suspicious edits
 * – There's no evidence that supports the IP being an open proxy; it does belong to Wartsila and should be treated as such. &mdash; <span style="font-family:monospace, monospace;">madman 14:29, 15 May 2012 (UTC)

62.212.85.107


Reason: Claims to be premium VPN and not a proxy. Daniel Case (talk) 13:36, 16 May 2012 (UTC)
 * – The range is blocked both because it is a web hosting range and because DeltaQuad has identified multiple open proxies in that range. The contributor has not answered reviewing administrator as to why he needs to contribute from a web host and the unblock has been declined. &mdash; <span style="font-family:monospace, monospace;">madman 08:30, 21 May 2012 (UTC)

88.198.55.109


Reason: Suspicious edits
 * Already blocked as 88.198.0.0/16 by zzuuzz, too many proxies on this range. Materialscientist (talk) 22:19, 17 May 2012 (UTC)

80.80.171.27


Reason: Requested unblock.--<b style="color:Navy;">Jezebel's</b> Ponyo <sup style="color:Navy;">bons mots 02:32, 18 May 2012 (UTC)
 * – Looks like an ISP's Squid proxy; it does not appear to be open but may have been open as late as 28 April 2012. &mdash; <span style="font-family:monospace, monospace;">madman 08:40, 21 May 2012 (UTC)

80.88.241.94


IP address blocked by ProcseeBot, stating "".

An unblock request at User talk:Lithorien refers to this block.

http://whatismyipaddress.com/ip/80.88.241.94 says that this IP address is a confirmed proxy server, but I have been unable to determine whether it is an open proxy. I have tried to use the proxy myself, and failed. JamesBWatson (talk) 19:26, 19 May 2012 (UTC)

Reason: Requested unblock.
 * Nmap says no open ports, hash.es has data from early March. It's probably okay to unblock. --Closedmouth (talk) 13:55, 20 May 2012 (UTC)
 * – Closed ISP proxy; should be anonblocked in the future if there are any disruptive edits. &mdash; <span style="font-family:monospace, monospace;">madman 19:56, 5 June 2012 (UTC)

80.89.188.60


Unblock requested from UTRS, which I diverted to ACC. This is a strange thing. I'm not seeing the proxy, and I don't understand why an open proxy would be AO ABC. The block reason listed doesn't coincide with the open proxy notice on the talk page, and I can't see any evidence of it being a spambot, the listed reason for the block in the contributions either. Martijn Hoekstra (talk) 10:27, 20 May 2012 (UTC)
 * I don't see a proxy at this moment (it was an exit of a tunnel proxy at some point in the past; unfortunately robtex is down this weekend). I see a shared IP with lots of unconstructive edits and would keep it under standard anonblock. The "spambot" note perhaps originate from the tag in the edit filter contribs from this IP. Materialscientist (talk) 10:50, 20 May 2012 (UTC)
 * – Looks like an ISP proxy; it may have been open in the past but it doesn't appear to be open anymore. I agree with keeping it on anonblock; there's certainly evidence of at least one compromised machine/spammer behind the proxy. &mdash; <span style="font-family:monospace, monospace;">madman 19:44, 5 June 2012 (UTC)

98.207.64.21


Requested by ; claims it is a closed proxy and access is limited to family. — Jeremy  v^_^v  Bori! 20:13, 20 May 2012 (UTC)

Reason: Requested unblock.
 * &mdash; <span style="font-family:monospace, monospace;">madman 09:00, 21 May 2012 (UTC)

50.56.0.0/16


Request came in via UTRS (#1477). Claims that it belongs to Rackspace for internal use and is NOT an open proxy. The block message is "Please disable your proxy to edit (Rackspace Hosting)" User:Zzuuzz blocked, User talk:Zzuuzz has some details. Secretlondon (talk) 20:41, 20 May 2012 (UTC)


 * I've recently had email correspondence with perhaps the same person, and I'm waiting for him to tell me which part of the range is used by the office, and which part by the open proxies and spambots. If you are privy to this information (for I am not as yet) feel free to adjust the block by softblocking the IP in question. It will only be a single IP or small range. I am not into lifting the whole range block for the sake of one IP which can be softblocked with a/c enabled. This range (these ranges 50.57.0.0/16) are not otherwise being used constructively, and I stand by the blocks and my comments on my talk page about them. You are welcome to decide otherwise and adjust them as you see fit, but you really don't need to unblock the whole /16. I guarantee it will be nothing but further trouble. -- zzuuzz (talk) 22:02, 20 May 2012 (UTC)
 * until zzuzz receives the above information. &mdash; <span style="font-family:monospace, monospace;">madman 08:43, 21 May 2012 (UTC)
 * What above information? Secretlondon (talk) 09:11, 21 May 2012 (UTC)
 * I can't speak for others, but I am specifically waiting to know the IP address or addresses affected by the block. -- zzuuzz (talk) 10:46, 21 May 2012 (UTC)
 * This. &mdash; <span style="font-family:monospace, monospace;">madman 18:26, 21 May 2012 (UTC)
 * They say none of the range is an open proxy. Secretlondon (talk) 19:52, 21 May 2012 (UTC)
 * I'm afraid the contributions from both ranges disagree with that assessment. Their IP address, or office range, is probably not an open proxy, so that's probably what's being referred to. If only we could narrow down that range - one IP address which is not an open proxy, is all I ask. -- zzuuzz (talk) 20:02, 21 May 2012 (UTC)
 * They are saying: "The 50.56.0.0/16 block is assigned to Rackspace hosting for its internal users and servers. This is NOT an open proxy." Secretlondon (talk) 20:14, 21 May 2012 (UTC)
 * Still not convinced. Special:Contributions/50.56.104.238. -- zzuuzz (talk) 20:28, 21 May 2012 (UTC)
 * That one certainly looks like a spam bot. Secretlondon (talk) 21:05, 21 May 2012 (UTC)
 * But all its dodgy edits were in a short period of time - compromised server? I've emailed them back - any more dodgy IPs in that range? Secretlondon (talk) 21:36, 21 May 2012 (UTC)

This one was a proxy for over two months, ending in January. Sailsbystars (talk) 21:42, 21 May 2012 (UTC)
 * As far as my research has shown me, every single edit from both ranges is from an open proxy, and there has been zero evidence to the contrary. We could debate over the precise meaning of open proxy, but I believe most of this range is used by Slicehost, VPNs, and other 'cloud' services which are not internal. 50.56.104.238 and 50.57.55.27 show it is not a localised range, unless you take them both together. One IP - a block message - notify me of it and I'll deal with it personally. -- zzuuzz (talk) 22:21, 21 May 2012 (UTC)
 * I've had a response from jsalbre at Rackspace. He says that cloud services are using the 50.56.64.0/18 range. He's requested that we email abuse@rackspace.com if we get any problems. He's checked and 50.56.104.238 was released (server deleted) in April of this year. I've asked him for an affected non-customer IP range which I've said we'll unblock as long as it's strictly internal. Secretlondon (talk) 22:33, 21 May 2012 (UTC)
 * In my capacity as a UTRS Developer, I can say that the IP that the user is appealing from has zero edits globally, no sites appearing on the reverse DNS, no signs of proxies, not listed on a single blacklist, not on hash.es, no proxy info on google, not connecting on the ip directly in my web browser, no signs of anything even with nmap. Specifically, it comes (according to robtex) from a /17, and a subnetwork of a /24. Not all the IP space on the /17 is used according to robtex. I hope this helps, but I don't think it will much. IPBE might be the better way to go here if they can't edit from home or another location. Let me know if I can help you more. -- DQ  (ʞlɐʇ)  01:48, 22 May 2012 (UTC)
 * I have unblocked the /16 because, and only because, I am trying to take a wikibreak. I can't hang around waiting for someone to tell me the block message. The next big chunk of this 'internal' network to sport an open proxy will see a re-block, unless I hear otherwise. I appreciate the offer to email the abuse address, but while it may be useful for them to know, it does not really address the general problem being tackled from these networks. -- zzuuzz (talk) 11:06, 23 May 2012 (UTC)

192.71.245.174


Reason: Quacking like Escapeeyes in her favourite stomping grounds. --GenericBob (talk) 10:32, 23 May 2012 (UTC)
 * Confirmed, blocked. Materialscientist (talk) 10:40, 23 May 2012 (UTC)

118.96.146.90


Reason: Made vandalism edits today on Text editor, see,. Information shows that it's an Indonesian IP. Minima ©  ( talk ) 09:22, 4 June 2012 (UTC)
 * I can't connect through this proxy since the start of this thread. I think this was a proxy, but currently is just a regular (vandal) IP. Materialscientist (talk) 08:27, 5 June 2012 (UTC)
 * – It's a dynamic IP, so there may have once been an open proxy at this address (as late as March 2011) but there isn't anymore. If there were serious ban evasion or other evidence of an open proxy going on, I'd say that there'd be a slight possibility of there being a compromised router (see port 81), but two vandal edits isn't evidence of anything but a vandal. &mdash; <span style="font-family:monospace, monospace;">madman 19:26, 5 June 2012 (UTC)

85.237.212.223


Reason: Believed to be same user as 212.118.232.237 (see previous section), or acting on his behalf. If I put that address in a browser, I'm offered a VPN service called "Hotspot." -- Gyrofrog (talk) 15:19, 5 June 2012 (UTC)
 * for six months. &mdash; <span style="font-family:monospace, monospace;">madman 18:59, 5 June 2012 (UTC)

58.163.175.128/25


There is an unblock request at User talk:Ck786 for a proxy block on this range, which I imposed. It is certainly used by proxy servers, see for example here. It is also certain that addresses in this range have been the source of some disruptive editing on Wikipedia, and also spam and other problems off Wikipedia, as I found recorded on various internet sites, but I don't have time to go back and find the evidence again now. Whether it is an open proxy, however, I cannot be sure. Perhaps someone with more knowledge of proxies can check. JamesBWatson (talk) 22:35, 18 May 2012 (UTC)

Reason: Requested unblock.
 * A usual busy Australian Telstra Internet range. A proxy, but not an open proxy. I've reblocked it as leaving to others decide the range and duration (/25 is a bit odd). Materialscientist (talk) 01:51, 19 May 2012 (UTC)
 * Just confirming for the record that this is ; I examined all contributions from the range, isolated the ranges with problematic contributions (131-134, 170-188, and 191-193) and checked them. &mdash; <span style="font-family:monospace, monospace;">madman 16:17, 15 June 2012 (UTC)

168.133.0.0/16


Reason: Suspicious edits I am recieving notifications based on rejected anon updates made from my IP address, which is a shared DHCP address in a corporate network. I recommend placing an AnonBlock on the shared IP range 168.133.0.0/16.
 * No sign of a proxy anywhere on the range, looks like Hershey corporate addresses. Sailsbystars (talk) 13:58, 9 June 2012 (UTC)

212.118.232.237


Reason: I received after blocking User:Mohikan allebbey. (I have already blocked this IP for 24 hours.) WHOIS says the IP belongs to Internap, or INAP Anchorfree, in Atlanta GA. However, aruljohn.com says "United Kingdom" while the Google map says "anonymous proxy." -- Gyrofrog (talk) 20:23, 4 June 2012 (UTC)
 * &mdash; <span style="font-family:monospace, monospace;">madman 19:05, 5 June 2012 (UTC)

117.241.40.224


Reason: Requested account at WP:ACC. Rechecking proxy and unblock if not. - <span style="font-family:monospace, monospace;">Rich (MTCD) T&#124;C&#124;E-Mail 11:38, 9 June 2012 (UTC)
 * Errr, that proxy looks like it was ancient history (last active two years ago). Nor do I see any evidence that it is still a proxy.  It looks like malware on someone's home PC that either got removed or got a new IP. I don't see any active blocks so I'm not sure why this came up?  Sailsbystars (talk) 12:21, 9 June 2012 (UTC)

2401:F500:0:0:0:0:0:152


Reason: (I'm still struggling with verifying IPv6 proxies). Materialscientist (talk) 22:20, 10 June 2012 (UTC)
 * Well, it belongs to a hosting company, but I can't find the proxy mechanism. The host is up, and open on ssh, but not any of the standard proxy ports. Could possibly be the exit of a tunnel proxy?  Sailsbystars (talk) 19:16, 11 June 2012 (UTC)
 * – Actually, I don't even see SSH up; it looks like all ports are filtered. But the URL encoding in the text of that edit and the fact that the address lies within a Web hosting range certainly pass the duck test. I have blocked the /64 as a Web hosting range. &mdash; <span style="font-family:monospace, monospace;">madman 21:08, 11 June 2012 (UTC)

2605:8900:5000:1001:6:0:12C:2


Reason: looks like Escapeeyes has discovered IPv6. --GenericBob (talk) 02:08, 12 June 2012 (UTC)
 * Indeed. from what I can tell; it looks to me like an 6in4 tunnel from Hurricane Electric. (They filter ports 6666-7000, among others, to prevent access to IRC until the tunnel's user has passed all IPv6 certification tests.) I have indefinitely blocked the IP address and tagged it as a suspected sockpuppet of Escapeeyes but personally, I'm not going to open an SPI case as I very much doubt there's any IPv6 data yet on Escapeeyes and friends. Please note that it's possible this address is within such a tunnel's routed /64 or /48 prefix (though that takes a bit more technical skill than just using the tunnel), so if more ducks are seen within such a range, the entire range should be blocked. &mdash; <span style="font-family:monospace, monospace;">madman 02:51, 12 June 2012 (UTC)

199.96.82.92


Reason: Escapeeyes again. --GenericBob (talk) 03:13, 12 June 2012 (UTC)
 * An aside, such trimming of urls is commons for proxies. Any comment on why are they trimmed (usually they are substituted)? Materialscientist (talk) 03:21, 12 June 2012 (UTC)
 * I'm speculating here, but: I know some people edit by grabbing the entire page source, C&Ping it into their word processor, making their desired changes there, and then pasting the whole thing back over the existing article. I recently got involved with an editor who was breaking foreign-alphabet wiki links because their WP software wasn't returning the same characters that they'd pasted in. If EE is using a word-processor that automatically replaces a raw URL with a hyperlink that only displays the bit after the domain, maybe that would account for it? e.g. "http://example.com/stuff" becomes "stuff" and then gets pasted back as just "stuff". --GenericBob (talk) 03:59, 12 June 2012 (UTC)
 * It's a web proxy, on a webhost. I'll block it in a few minutes. -- DQ  (ʞlɐʇ)  03:35, 19 June 2012 (UTC)

65.255.37.197


Reason: Geolocate characterises as 'Confirmed proxy server' and 'Anonymous Proxy'. TerriersFan (talk) 16:01, 12 June 2012 (UTC)
 * . I'd change the block back to an anonblock. &mdash; <span style="font-family:monospace, monospace;">madman 19:59, 12 June 2012 (UTC)
 * Thanks; actioned. TerriersFan (talk) 19:41, 13 June 2012 (UTC)

49.200.123.209


Reason: The IP address has been posting some kind of (Nigerian?) spam to Wikipedia talk:Vandalism. - Mike Rosoft (talk) 16:11, 17 June 2012 (UTC)
 * – Likely a compromised computer. &mdash; <span style="font-family:monospace, monospace;">madman 15:39, 18 June 2012 (UTC)

69.85.92.170


Reason: Spammer, possibly editing through a broken proxy. - Mike Rosoft (talk) 16:38, 17 June 2012 (UTC)
 * Yes, this is a proxy, and I've blocked its IP range a few weeks ago ("current blocks"). Materialscientist (talk) 23:02, 17 June 2012 (UTC)

213.251.184.70


Range 213.251.128.0/18 was blocked on 27 May 2009 by Luk for five years, reason given as " : OVH web hosting"

There has been an unblock request at User talk:Hahahafr. The user claims that 213.251.184.70 is not an open proxy, but an OVH server used as an encrypted VPN to circumvent censorship in Bahrain. For now I have given IP block exemption, but I would be grateful if someone with more knowledge of proxies than me would look into it and see whether unblocking would be a better solution to the problem. JamesBWatson (talk) 20:23, 28 June 2012 (UTC)

Reason: Requested unblock.
 * Its still a webhost, and that honeslty looks more like a CU thing with an email block. I'm personally not willing to unblock webhosts much, but I will change it to the new template. Also please remember IPBEs need to be CU certified. I'm not going to run the whole /18, but on that specific IP. 5050 is a little odd. --  DQ  (ʞlɐʇ)  01:15, 1 July 2012 (UTC)
 * Just a note: I don't remember this case in particular, but my MO when I find someone abusing a hosting service is to block the whole range and issue exemptions. Considering the block is 3 years old, any CU considerations are probably moot. -- Luk  talk 12:50, 3 July 2012 (UTC)

222.166.181.218


Reason: Requested unblock via UTRS (note this IP is globally blocked).--<b style="color:Navy;">Jezebel's</b> Ponyo <sup style="color:Navy;">bons mots 23:43, 30 June 2012 (UTC)
 * I don't see much to indicate anything right now, so i'm going to say, I only scanned the /16, none of the hosts are up, I didn't run the silent scan on the range though as it would take quite a bit of time. -- DQ  (ʞlɐʇ)  01:42, 1 July 2012 (UTC)
 * Hmmmm, in that case should I contact a Steward to remove the global block?<b style="color:Navy;">Jezebel's</b> Ponyo <sup style="color:Navy;">bons mots 14:40, 2 July 2012 (UTC)
 * I would say contact the steward who made the block and enquire. It is on the /24 so there could be other reasons that aren't immediately obvious on why this range was blocked. -- DQ  (ʞlɐʇ)  16:20, 2 July 2012 (UTC)
 * To confirm, I have requested additional input from the blocking steward. Please do not close this request until they can review it. Thank you, --<b style="color:Navy;">Jezebel's</b> Ponyo <sup style="color:Navy;">bons mots 21:47, 4 July 2012 (UTC)
 * see --Shizhao (talk) 00:44, 11 July 2012 (UTC)
 * Just saw the Enwiki block log. I'd say this proxy has moved on, and it looks like the global block is gone. -- DQ  (ʞlɐʇ)  01:29, 12 July 2012 (UTC)
 * A global block still appears in current blocks. &mdash; <span style="font-family:monospace, monospace;">madman 04:22, 13 July 2012 (UTC)


 * This IP continues to be blocked globally. As there are differing opinions as to whether it remains an open proxy, should it be unblocked locally? The unblock request has been open since July 30 and needs to be closed off. <b style="color:Navy;">Jezebel's</b> Ponyo <sup style="color:Navy;">bons mots 16:04, 27 July 2012 (UTC)
 * I'm going to unblock for now per DeltaQuad's results and my own. a.) proxybase.org is unreliable, b.) it fails to differentiate in this case between a "proxy" and a "spamming IP", and c.) the last "report" was on July 15th, 2012. &mdash; <span style="font-family:monospace, monospace;">madman 04:35, 4 August 2012 (UTC)