Jump to content

Wikipedia:WikiProject on open proxies/Archives/Closed/2011/August

From Wikipedia, the free encyclopedia


173.246.32.0/19

– This proxy check request is closed and will soon be archived by a bot.

173.246.32.0/19 · contribs · block · log · stalk · Robtex · whois · Google
  • Originally found these on James R. Fouts and had the range of 173.246.35.176/28, then looking at a whois, found that was at the very least a webhost if not containing some proxies. What does everyone else see? :P (I'd rather block a proxy range then protect this article which I am doing now) -- DQ (t) (e) 11:50, 27 May 2011 (UTC)
Hmmmm.... I did some digging on this earlier which was inconclusive, but then I found this new ipuser 173.246.49.185 (talk · contribs · WHOIS) on the /19 which is running this software which is apparently software for running something like an internet cafe. So I'm actually wondering if it might be a hotel or something, although they aren't running that same software. It would also explain the diverse editing interests of the various IPs on the /28. So I'm leaning towards not-a-proxy but am not wholly convinced given that "hosting" is in the providers name. Sailsbystars (talk) 00:46, 5 June 2011 (UTC)
Marking {{Template:Proxycheck|unlikely}} -- DQ (t) (e) 03:47, 13 August 2011 (UTC)

195.28.75.114

– This proxy check request is closed and will soon be archived by a bot.

195.28.75.114 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
213.151.218.137 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
193.87.75.82 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Socking. I have some other thoughts behind this sock. One of the IPs hosts name has proxy right in it and has 80/443 open, but I can't get a proxy myself. Also possible that OpenSSH is at work here. I would just like some general clarification from other checkers. -- DQ (t) (e) 03:35, 10 June 2011 (UTC)

The first IP, 195.28.75.114, resolves to gw0.ruskov.net. gw = gateway, normally a sign of a closed caching proxy. It looks like a municipal wireless/hotspot IP. The second IP resolves to icm218137-orange.orange.sk - a mobile/3G provider. The third IP resolves to proxy.svkk.sk - a closed proxy belonging to a library. The edits all look relevant to the geolocation. I'm not entirely sure what's running on http://193.87.75.82 ("Stranky Svk v Kosiciach"? does that mean "unavailable outside Košice"?) but it doesn't seem to be an open proxy either. -- zzuuzz (talk) 08:04, 10 June 2011 (UTC)
Thanks, I obviously made this while I was tired as I don't remember seeing the "eductation" in the whois results :P. Anyway, again thanks for the look over and these results will factor into the blocks I give out. -- DQ (t) (e) 16:24, 10 June 2011 (UTC)
Marking {{Template:Proxycheck|unlikely}} -- DQ (t) (e) 03:47, 13 August 2011 (UTC)

2.138.219.49 & 2.220.204.70

– This proxy check request is closed and will soon be archived by a bot.

2.138.219.49 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
2.220.204.70 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

The IP User:2.220.204.70 was blocked for repeatedly breaching WP:CIVIL yesterday. This IP geolocates to the UK (a BSKYB Broadband address) - today rather than filing an unblock request the preson behind the IP used 2.138.219.49 a spanish IP (Telefonica de Espana SAU) to reply to the block notice[1]. This maybe a mistake on the part of the geolocate / reverse DNS system (I've used 3 to make sure and all 3 give the same results) or if it's right looks like proxy usage--Cailil talk 12:29, 25 July 2011 (UTC)

As a further note I have blocked 2.220.204.70 for 10 days, and 2.138.219.49 is blocked for a week currently--Cailil talk

Reason: Suspicious edits

No evidence of proxies I could find in a quick check. Neither IP is currently online at all in fact, and given that both are on dynamic ranges, there's no point in dropping a proxyblock on them. I'll wait to close this for a few days though to see if they both stay down. Sailsbystars (talk) 13:48, 25 July 2011 (UTC)
  1. This IP is open on 21,23,80 running micro_httpd on 80. Only webpage it would load is [2]
  2. Host down.
-- DQ (t) (e) 03:08, 26 July 2011 (UTC)
  • Well I've done some more digging and it turns out both these IPs are listed as Spambots/Spammers/Scanners within CIDR/Zombies on APEWS.org and are listed on Spamhaus.org, but they are clean on all other lists --Cailil talk 13:09, 27 July 2011 (UTC)
Marking {{Template:Proxycheck|unlikely}} -- DQ (t) (e) 03:47, 13 August 2011 (UTC)