Jump to content

Wikipedia:Open proxies noticeboard/Requests

Add links
From Wikipedia, the free encyclopedia
< Wikipedia:Open proxies noticeboard
This is an old revision of this page, as edited by 184.152.65.118 (talk) at 02:48, 17 May 2025 (IP: new section). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.


Shortcut

59.187.201.43

– This proxy check request is closed and will soon be archived by a bot.

Reason: Vandalizing USSR anti-religious campaign (1958–1964). jlwoodwa (talk) 20:22, 28 April 2025 (UTC)[reply]

Open proxy blocked as part of VPN Gate. Naomi Amethyst 07:25, 30 April 2025 (UTC)[reply]

42.114.80.68

– This proxy check request is closed and will soon be archived by a bot.

Reason: Vandalizing KGB. jlwoodwa (talk) 23:03, 28 April 2025 (UTC)[reply]

Open proxy blocked as part of VPN Gate. Naomi Amethyst 07:26, 30 April 2025 (UTC)[reply]

38.158.220.26

– This proxy check request is closed and will soon be archived by a bot.

Reason: Block evasion, see SPI. Tule-hog (talk) 17:06, 7 May 2025 (UTC)[reply]

Open proxy blocked Naomi Amethyst 22:56, 7 May 2025 (UTC)[reply]

195.82.104.0/23

– This proxy check request is closed and will soon be archived by a bot.

195.82.104.0/23 · contribs · block · log · stalk · Robtex · whois · Google

This is a rangeblock for a datacentre, AS43160, but it doesn't look like that's accurate anymore. Got here via an unblock request for 195.82.104.57, which is currently showing as AS200845. Would appreciate if someone could double-check this and unblock as appropriate. asilvering (talk) 21:41, 7 May 2025 (UTC)[reply]

You are correct that the ASN has changed and it looks like the range is now owned by a different company, but there's definitely some hosting still going on there, even on the individual IP address. It's the webhost for iberofurs, for example:
Nmap scan report for 57.104.82.195-avatel.es (195.82.104.57)
Host is up, received user-set (0.12s latency).
Scanned at 2025-05-07 23:03:17 UTC for 174s
Not shown: 65534 filtered tcp ports (no-response)
PORT    STATE SERVICE  REASON         VERSION
80/tcp  open  http     syn-ack ttl 49 Apache httpd 2.4.62
| http-robots.txt: 1 disallowed entry
|_/wp-admin/
|_http-title: iberofurs
|_http-generator: WordPress 6.8.1
|_http-server-header: Apache/2.4.62 (Debian)
| http-methods:
|_  Supported Methods: GET HEAD POST OPTIONS
443/tcp open  ssl/http syn-ack ttl 49 Apache httpd 2.4.62 ((Debian))
|_http-server-header: Apache/2.4.62 (Debian)
|_ssl-date: TLS randomness does not represent time
|_http-generator: WordPress 6.8.1
| ssl-cert: Subject: commonName=iberofurs.org
| Subject Alternative Name: DNS:iberofurs.org, DNS:www.iberofurs.org
| Issuer: commonName=E6/organizationName=Let's Encrypt/countryName=US
| Public Key type: ec
| Public Key bits: 256
| Signature Algorithm: ecdsa-with-SHA384
| Not valid before: 2025-04-03T18:14:39
| Not valid after:  2025-07-02T18:14:38
| MD5:   5b1e:fe2b:92bf:6a26:101f:0675:ca7b:7bc5
| SHA-1: 1d3a:f34d:6436:797c:1fd6:eed9:0078:6430:7fc3:4d12
| -----BEGIN CERTIFICATE-----
| MIIDvjCCA0OgAwIBAgISBZV+b1B69qEFgiNr7zvjsOAbMAoGCCqGSM49BAMDMDIx
| CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
| NjAeFw0yNTA0MDMxODE0MzlaFw0yNTA3MDIxODE0MzhaMBgxFjAUBgNVBAMTDWli
| ZXJvZnVycy5vcmcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARI7C+HnTaP/srV
| tbdnAjPeJ95IsSbKlZayq7pSFy1o5tua/+Je8Kmson/pMVvNafl/yVaC4mo8+JW3
| AtyfAtMQo4ICUTCCAk0wDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUF
| BwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSXgd83GxuSTYlA
| SFmuASnHpaLNCTAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU0jBVBggr
| BgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNyLm9yZzAi
| BggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzArBgNVHREEJDAigg1p
| YmVyb2Z1cnMub3JnghF3d3cuaWJlcm9mdXJzLm9yZzATBgNVHSAEDDAKMAgGBmeB
| DAECATAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8vZTYuYy5sZW5jci5vcmcvMjgu
| Y3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAEvFONL1TckyEBhnDjz96E/jn
| tWKHiJxtMAWE6+WGJjoAAAGV/RJKcAAABAMARzBFAiBC+RoBgVWxiS2fHGyHMek1
| U4+VW8aJGw1KGZ1xCEt7NgIhAMomMLKrsQJ0i9d+EYebooaS+J28MbVuULYaAgw6
| 2Y2uAHYA7TxL1ugGwqSiAFfbyyTiOAHfUS/txIbFcA8g3bc+P+AAAAGV/RJSQwAA
| BAMARzBFAiAoJqmO9ShA9Oa8ZTGgGOApnwhz4tjzhycBEqFgNHY7MwIhAIh7aKEl
| /aW5nIlgDMD0FkhIegj2C4xcmKi8BArRkpaJMAoGCCqGSM49BAMDA2kAMGYCMQDU
| VL5MFVIveATU1xB31mYGVs5GYSlldHCQGrDpZ6g+U3GX6rxpnQrJXJ9CpWeQy2cC
| MQDTwxX6tWoeFtRNsFmMguEwLJYfTgBraNU0JASzGkn32LLDfhkQ6aw+oe09hr60
| q8I=
|_-----END CERTIFICATE-----
|_http-title: iberofurs
| http-methods:
|_  Supported Methods: GET HEAD POST OPTIONS
| http-robots.txt: 1 disallowed entry
|_/wp-admin/
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
TCP/IP fingerprint:
SCAN(V=7.94SVN%E=4%D=5/7%OT=80%CT=%CU=%PV=N%DS=14%DC=T%G=N%TM=681BE763%P=x86_64-pc-linux-gnu)
SEQ(SP=107%GCD=1%ISR=10B%TI=Z%II=I%TS=A)
OPS(O1=M584ST11NW7%O2=M584ST11NW7%O3=M584NNT11NW7%O4=M584ST11NW7%O5=M584ST11NW7%O6=M584ST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M584NNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)

Uptime guess: 2.371 days (since Mon May  5 14:11:29 2025)
Network Distance: 14 hops
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Host: iberofurs.org

TRACEROUTE (using port 443/tcp)
HOP RTT       ADDRESS
1   0.96 ms   _gateway (10.199.22.3)
2   0.46 ms   rtr-ge-dmarc.tblflp.net (10.199.1.1)
3   ...
4   3.94 ms   rcmt-agw1.inet.qwest.net (71.32.31.17)
5   19.69 ms  4.68.144.73
6   11.95 ms  1299-3356-wdc.sp.lumen.tech (4.68.111.150)
7   11.98 ms  ash-bb2-link.ip.twelve99.net (62.115.123.124)
8   ...
9   110.19 ms mad-b3-link.ip.twelve99.net (62.115.123.219)
10  108.39 ms avateltelecom-ic-374237.ip.twelve99-cust.net (62.115.172.69)
11  ... 13
14  124.00 ms 57.104.82.195-avatel.es (195.82.104.57)
Also 195.82.104.28 has a Watchguard device, 195.82.104.2 has a webcam, and the list goes on and on. The range is too big to do an in-depth test of each, but it is very  Likely IP is an open proxy Naomi Amethyst 23:14, 7 May 2025 (UTC)[reply]
Alas for this blocked editor. Thanks for the double-check. -- asilvering (talk) 23:24, 7 May 2025 (UTC)[reply]
Wait, I think that website is them, actually. UTRS appeal #102938 is the relevant appeal. -- asilvering (talk) 23:33, 7 May 2025 (UTC)[reply]
Ahh, good point, that ticket adds some context. The range still seems suspicious, and I'll do some more digging later today — especially as I didn't find anything conclusive, just likely in the range. I've marked this request recycle Reopened for now. Naomi Amethyst 12:09, 8 May 2025 (UTC)[reply]
@Asilvering: I went ahead and dug deeper into this range, and didn't find any obvious open proxies. While it has a ton of open ports and hosting things, on deeper investigation, it appears like it is a business/residential ISP range (as the WHOIS says) that the ISP uses for people who request static IPs, and so has a bunch of IP cameras, NASs, and self-hosted things. As such, I've unblocked the range. I would caution the appellant that even though the block has been removed, editing or creating pages about their own ventures needs to follow the WP:COI policies. Naomi Amethyst 21:03, 11 May 2025 (UTC)[reply]

 Completed Naomi Amethyst 21:03, 11 May 2025 (UTC)[reply]

115.167.65.218

– This proxy check request is closed and will soon be archived by a bot.

Flagged as an open-proxy by whatsmyip, abused by an LTA that mostly uses open proxies (he won't use it again, but others might), and already blocked as an open proxy an zh-wiki. Seems pretty straightforward to me. 184.152.65.118 (talk) 00:20, 16 May 2025 (UTC)[reply]

 Likely IP is an open proxy
Nmap scan report for 115.167.65.218
Host is up, received user-set (0.089s latency).
Scanned at 2025-05-16 02:25:01 UTC for 1009s
Not shown: 65521 filtered tcp ports (no-response)
PORT      STATE SERVICE    REASON         VERSION
1001/tcp  open  rtsp       syn-ack ttl 52
|_rtsp-methods: ERROR: Script execution failed (use -d to debug)
| fingerprint-strings:
|   FourOhFourRequest, GetRequest, HTTPOptions:
|     HTTP/1.0 200 OK
|     content-length: 0
|   RTSPRequest:
|     RTSP/1.0 501 Not Implemented
|     content-length: 0
|   SIPOptions:
|     SIP/2.0 501 Not Implemented
|_    content-length: 0
7880/tcp  open  ssl/rtsp   syn-ack ttl 52
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: commonName=84.247.51.138
| Issuer: commonName=84.247.51.138
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2024-04-11T08:20:35
| Not valid after:  9999-12-31T23:59:59
| MD5:   b3d9:1086:2a11:9a02:81f8:09da:c31e:f465
| SHA-1: 7436:4612:5ca8:8f4e:49b7:a83b:59a6:9627:076c:67db
| -----BEGIN CERTIFICATE-----
| MIICsjCCAZqgAwIBAgIIUIA+J2M+wqEwDQYJKoZIhvcNAQELBQAwGDEWMBQGA1UE
| AwwNODQuMjQ3LjUxLjEzODAgFw0yNDA0MTEwODIwMzVaGA85OTk5MTIzMTIzNTk1
| OVowGDEWMBQGA1UEAwwNODQuMjQ3LjUxLjEzODCCASIwDQYJKoZIhvcNAQEBBQAD
| ggEPADCCAQoCggEBAOW/KJ+WF3vAktiwWg83TPl7JRW9+bcWaiP3I2Kyan5nM2S6
| XwrSWPOjerYm0rRx/g+DchyjyiLnobzpzttCM68ewD2Ql+kJX2l9ttJKmsWBcelS
| LFj2yNPnsnVqn4MudXBU5mHsj15ZURLB0es847oi/x2gV0OP08vtmXmenUuIE2Lp
| 4cGcckLjPFaZJb415Ok5QGANC3JzzXNG7sfE14WavLfwr7iIo4kCDV3WBA1FTA8l
| sU4BASV1G0np/NQZ9ON39RiGuyviBDrDNrLhW/SCBmxJhKFETzxiat+7Zc2s05c8
| BZ9kLWGqRK3AEE7zw3WbJsCoALWIOnJAFBuV6WECAwEAATANBgkqhkiG9w0BAQsF
| AAOCAQEALfQaYMrBAfDnTc8wiKBA9U1EB8hdDC4wcqTyYq7Mbt7zmYw0cEEV2gC+
| ryYr8LMpmJOc5A7vsERKz3PwoosDkwDmLEij3mMePQ9lEEANBFxoeOxb+M7GJpQg
| oHIjvW4e7CEwm0UtAOvW9iQIb06o4Dcnt0HHQfwkuJMjzhTPdNOGFZPE4Xebe6BU
| 40JYPvYJ27k0Bj2wb0IF1b/f3fqYpZ1wrS5vUYJZrYIWojLvuNhu74xdICSk/3WI
| jqCOdftwJRwW7o0rrC1xbhI3Gpl8k64CDOGJEISmJFiyj41CU68UG+b3xouUt1q2
| v28PlXHQJiHcxEPzdLQBqPuvcztplA==
|_-----END CERTIFICATE-----
| fingerprint-strings:
|   FourOhFourRequest, GetRequest, HTTPOptions:
|     HTTP/1.0 400 Bad Request
|     content-length: 0
|   RTSPRequest:
|     RTSP/1.0 400 Bad Request
|     content-length: 0
|   SIPOptions:
|     SIP/2.0 400 Bad Request
|_    content-length: 0
9143/tcp  open  unknown    syn-ack ttl 52
| fingerprint-strings:
|   FourOhFourRequest:
|     HTTP/1.0 200 OK
|     Date: Fri, 16 May 2025 02:40:36 GMT
|     Content-Length: 150
|     Content-Type: text/html; charset=utf-8
|     <html>
|     <head><title>Node Exporter</title></head>
|     <body>
|     <h1>Node Exporter</h1>
|     <p><a href="/metrics">Metrics</a></p>
|     </body>
|     </html>
|   GenericLines, Help, Kerberos, RTSPRequest, SSLSessionReq, TLSSessionReq, TerminalServerCookie:
|     HTTP/1.1 400 Bad Request
|     Content-Type: text/plain; charset=utf-8
|     Connection: close
|     Request
|   GetRequest, HTTPOptions:
|     HTTP/1.0 200 OK
|     Date: Fri, 16 May 2025 02:40:09 GMT
|     Content-Length: 150
|     Content-Type: text/html; charset=utf-8
|     <html>
|     <head><title>Node Exporter</title></head>
|     <body>
|     <h1>Node Exporter</h1>
|     <p><a href="/metrics">Metrics</a></p>
|     </body>
|_    </html>
44445/tcp open  http-proxy syn-ack ttl 52 (proxy authentication required)
|_http-title: Site doesn't have a title.
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
44446/tcp open  http-proxy syn-ack ttl 51 (proxy authentication required)
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
|_http-title: Site doesn't have a title.
44464/tcp open  http-proxy syn-ack ttl 52 (proxy authentication required)
|_http-title: Site doesn't have a title.
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
44465/tcp open  http-proxy syn-ack ttl 51 (proxy authentication required)
|_http-title: Site doesn't have a title.
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
49155/tcp open  http-proxy syn-ack ttl 52 (proxy authentication required)
|_http-title: Site doesn't have a title.
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
49156/tcp open  http-proxy syn-ack ttl 51 (proxy authentication required)
|_http-title: Site doesn't have a title.
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
50100/tcp open  http-proxy syn-ack ttl 51 (proxy authentication required)
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
|_http-title: Site doesn't have a title.
50101/tcp open  http-proxy syn-ack ttl 51 (proxy authentication required)
|_http-title: Site doesn't have a title.
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
51523/tcp open  http-proxy syn-ack ttl 52 (proxy authentication required)
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
|_http-title: Site doesn't have a title.
51524/tcp open  http-proxy syn-ack ttl 51 (proxy authentication required)
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
|_http-title: Site doesn't have a title.
59100/tcp open  http-proxy syn-ack ttl 51 (proxy authentication required)
|_http-title: Site doesn't have a title.
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
59101/tcp open  http-proxy syn-ack ttl 51 (proxy authentication required)
|_http-title: Site doesn't have a title.
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
9 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port1001-TCP:V=7.94SVN%I=7%D=5/16%Time=6826A58E%P=x86_64-pc-linux-gnu%r
SF:(GetRequest,26,"HTTP/1\.0\x20200\x20OK\r\ncontent-length:\x200\r\n\r\n"
SF:)%r(HTTPOptions,26,"HTTP/1\.0\x20200\x20OK\r\ncontent-length:\x200\r\n\
SF:r\n")%r(RTSPRequest,33,"RTSP/1\.0\x20501\x20Not\x20Implemented\r\nconte
SF:nt-length:\x200\r\n\r\n")%r(FourOhFourRequest,26,"HTTP/1\.0\x20200\x20O
SF:K\r\ncontent-length:\x200\r\n\r\n")%r(SIPOptions,32,"SIP/2\.0\x20501\x2
SF:0Not\x20Implemented\r\ncontent-length:\x200\r\n\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port7880-TCP:V=7.94SVN%T=SSL%I=7%D=5/16%Time=6826A59A%P=x86_64-pc-linux
SF:-gnu%r(GetRequest,2F,"HTTP/1\.0\x20400\x20Bad\x20Request\r\ncontent-len
SF:gth:\x200\r\n\r\n")%r(HTTPOptions,2F,"HTTP/1\.0\x20400\x20Bad\x20Reques
SF:t\r\ncontent-length:\x200\r\n\r\n")%r(RTSPRequest,2F,"RTSP/1\.0\x20400\
SF:x20Bad\x20Request\r\ncontent-length:\x200\r\n\r\n")%r(FourOhFourRequest
SF:,2F,"HTTP/1\.0\x20400\x20Bad\x20Request\r\ncontent-length:\x200\r\n\r\n
SF:")%r(SIPOptions,2E,"SIP/2\.0\x20400\x20Bad\x20Request\r\ncontent-length
SF::\x200\r\n\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port9143-TCP:V=7.94SVN%I=7%D=5/16%Time=6826A589%P=x86_64-pc-linux-gnu%r
SF:(GenericLines,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x
SF:20text/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Ba
SF:d\x20Request")%r(GetRequest,10B,"HTTP/1\.0\x20200\x20OK\r\nDate:\x20Fri
SF:,\x2016\x20May\x202025\x2002:40:09\x20GMT\r\nContent-Length:\x20150\r\n
SF:Content-Type:\x20text/html;\x20charset=utf-8\r\n\r\n<html>\n\t\t\t<head
SF:><title>Node\x20Exporter</title></head>\n\t\t\t<body>\n\t\t\t<h1>Node\x
SF:20Exporter</h1>\n\t\t\t<p><a\x20href=\"/metrics\">Metrics</a></p>\n\t\t
SF:\t</body>\n\t\t\t</html>")%r(HTTPOptions,10B,"HTTP/1\.0\x20200\x20OK\r\
SF:nDate:\x20Fri,\x2016\x20May\x202025\x2002:40:09\x20GMT\r\nContent-Lengt
SF:h:\x20150\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\n\r\n<html>
SF:\n\t\t\t<head><title>Node\x20Exporter</title></head>\n\t\t\t<body>\n\t\
SF:t\t<h1>Node\x20Exporter</h1>\n\t\t\t<p><a\x20href=\"/metrics\">Metrics<
SF:/a></p>\n\t\t\t</body>\n\t\t\t</html>")%r(RTSPRequest,67,"HTTP/1\.1\x20
SF:400\x20Bad\x20Request\r\nContent-Type:\x20text/plain;\x20charset=utf-8\
SF:r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request")%r(Help,67,"HTTP/
SF:1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/plain;\x20charse
SF:t=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request")%r(SSLSes
SF:sionReq,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text
SF:/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20R
SF:equest")%r(TerminalServerCookie,67,"HTTP/1\.1\x20400\x20Bad\x20Request\
SF:r\nContent-Type:\x20text/plain;\x20charset=utf-8\r\nConnection:\x20clos
SF:e\r\n\r\n400\x20Bad\x20Request")%r(TLSSessionReq,67,"HTTP/1\.1\x20400\x
SF:20Bad\x20Request\r\nContent-Type:\x20text/plain;\x20charset=utf-8\r\nCo
SF:nnection:\x20close\r\n\r\n400\x20Bad\x20Request")%r(Kerberos,67,"HTTP/1
SF:\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/plain;\x20charset
SF:=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request")%r(FourOhF
SF:ourRequest,10B,"HTTP/1\.0\x20200\x20OK\r\nDate:\x20Fri,\x2016\x20May\x2
SF:02025\x2002:40:36\x20GMT\r\nContent-Length:\x20150\r\nContent-Type:\x20
SF:text/html;\x20charset=utf-8\r\n\r\n<html>\n\t\t\t<head><title>Node\x20E
SF:xporter</title></head>\n\t\t\t<body>\n\t\t\t<h1>Node\x20Exporter</h1>\n
SF:\t\t\t<p><a\x20href=\"/metrics\">Metrics</a></p>\n\t\t\t</body>\n\t\t\t
SF:</html>");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port44445-TCP:V=7.94SVN%I=7%D=5/16%Time=6826A58C%P=x86_64-pc-linux-gnu%
SF:r(SIPOptions,A2,"HTTP/1\.1\x20407\x20Proxy\x20Authentication\x20Require
SF:d\r\nDate:\x20Fri,\x2016\x20May\x202025\x2002:40:12\x20GMT\r\nProxy-Aut
SF:henticate:\x20Basic\x20realm=\"proxy\"\r\nConnection:\x20close\r\nConte
SF:nt-Length:\x200\r\n\r\n")%r(Socks5,A,"\x05\x04\0\x01\0\0\0\0\0\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port44446-TCP:V=7.94SVN%I=7%D=5/16%Time=6826A58C%P=x86_64-pc-linux-gnu%
SF:r(SIPOptions,A2,"HTTP/1\.1\x20407\x20Proxy\x20Authentication\x20Require
SF:d\r\nDate:\x20Fri,\x2016\x20May\x202025\x2002:40:12\x20GMT\r\nProxy-Aut
SF:henticate:\x20Basic\x20realm=\"proxy\"\r\nConnection:\x20close\r\nConte
SF:nt-Length:\x200\r\n\r\n")%r(Socks5,A,"\x05\x04\0\x01\0\0\0\0\0\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port44464-TCP:V=7.94SVN%I=7%D=5/16%Time=6826A58C%P=x86_64-pc-linux-gnu%
SF:r(SIPOptions,A2,"HTTP/1\.1\x20407\x20Proxy\x20Authentication\x20Require
SF:d\r\nDate:\x20Fri,\x2016\x20May\x202025\x2002:40:12\x20GMT\r\nProxy-Aut
SF:henticate:\x20Basic\x20realm=\"proxy\"\r\nConnection:\x20close\r\nConte
SF:nt-Length:\x200\r\n\r\n")%r(Socks5,A,"\x05\x04\0\x01\0\0\0\0\0\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port44465-TCP:V=7.94SVN%I=7%D=5/16%Time=6826A58C%P=x86_64-pc-linux-gnu%
SF:r(SIPOptions,A2,"HTTP/1\.1\x20407\x20Proxy\x20Authentication\x20Require
SF:d\r\nDate:\x20Fri,\x2016\x20May\x202025\x2002:40:12\x20GMT\r\nProxy-Aut
SF:henticate:\x20Basic\x20realm=\"proxy\"\r\nConnection:\x20close\r\nConte
SF:nt-Length:\x200\r\n\r\n")%r(Socks5,A,"\x05\x04\0\x01\0\0\0\0\0\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port49155-TCP:V=7.94SVN%I=7%D=5/16%Time=6826A58C%P=x86_64-pc-linux-gnu%
SF:r(SIPOptions,A2,"HTTP/1\.1\x20407\x20Proxy\x20Authentication\x20Require
SF:d\r\nDate:\x20Fri,\x2016\x20May\x202025\x2002:40:12\x20GMT\r\nProxy-Aut
SF:henticate:\x20Basic\x20realm=\"proxy\"\r\nConnection:\x20close\r\nConte
SF:nt-Length:\x200\r\n\r\n")%r(Socks5,A,"\x05\x04\0\x01\0\0\0\0\0\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port49156-TCP:V=7.94SVN%I=7%D=5/16%Time=6826A58C%P=x86_64-pc-linux-gnu%
SF:r(SIPOptions,A2,"HTTP/1\.1\x20407\x20Proxy\x20Authentication\x20Require
SF:d\r\nDate:\x20Fri,\x2016\x20May\x202025\x2002:40:12\x20GMT\r\nProxy-Aut
SF:henticate:\x20Basic\x20realm=\"proxy\"\r\nConnection:\x20close\r\nConte
SF:nt-Length:\x200\r\n\r\n")%r(Socks5,A,"\x05\x04\0\x01\0\0\0\0\0\0");
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Linux 4.X|5.X|2.6.X|3.X (91%)
OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
Aggressive OS guesses: Linux 4.15 - 5.8 (91%), Linux 5.0 - 5.4 (91%), Linux 2.6.32 (90%), Linux 4.4 (90%), Linux 5.0 - 5.5 (89%), Linux 2.6.32 or 3.10 (89%), Linux 2.6.32 - 2.6.35 (87%), Linux 2.6.32 - 2.6.39 (87%), Linux 4.0 (85%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.94SVN%E=4%D=5/16%OT=1001%CT=%CU=%PV=N%DS=12%DC=T%G=N%TM=6826A5EE%P=x86_64-pc-linux-gnu)
SEQ(SP=106%GCD=1%ISR=109%TI=Z%II=I%TS=A)
OPS(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST11NW7%O6=M5B4ST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M5B4NNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)

Uptime guess: 21.831 days (since Thu Apr 24 06:45:28 2025)
Network Distance: 12 hops
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE (using port 44446/tcp)
HOP RTT      ADDRESS
1   1.03 ms  _gateway (10.199.22.3)
2   0.44 ms  rtr-ge-dmarc.tblflp.net (10.199.1.1)
3   ...
4   5.24 ms  71-32-31-17.rcmt.qwest.net (71.32.31.17)
5   12.06 ms 4.68.144.73
6   11.88 ms ae2.3612.edge6.Washington12.net.lumen.tech (4.69.226.70)
7   11.98 ms ae-19.a04.asbnva02.us.bb.gin.ntt.net (129.250.8.157)
8   12.01 ms ae-2.r26.asbnva02.us.bb.gin.ntt.net (129.250.3.250)
9   87.94 ms ae-3.r23.parsfr04.fr.bb.gin.ntt.net (129.250.6.5)
10  87.74 ms ae-2.a00.parsfr04.fr.bb.gin.ntt.net (129.250.5.133)
11  ...
12  91.29 ms 115.167.65.218
Open proxy blocked Naomi Amethyst 06:05, 16 May 2025 (UTC)[reply]

46.112.98.31

A user has requested a proxy check. A proxy checker will shortly look into the case.

While monitoring recent changes, I noticed that there are several IPs that frequently make the same edit patterns, as can be seen from the edit summaries and added links. I suspect that the IPs are using an open proxy. Spamhaus ZEN DNSBL says "127.0.0.11 - PBL Listed (Should not be sending email)". Alfarizi M (talk) 15:32, 16 May 2025 (UTC)[reply]

IP

A user has requested a proxy check. A proxy checker will shortly look into the case.

Another IP abused by WP:LTA/BMN123 who mostly uses proxies, flagged as a VPN by whatsmyip, and already blocked as a proxy on zh-wiki. 184.152.65.118 (talk) 02:48, 17 May 2025 (UTC)[reply]

Retrieved from "https://en.wikipedia.org/w/index.php?title=Wikipedia:Open_proxies_noticeboard/Requests&oldid=1290791338"