Open proxies noticeboard

The Open proxies noticeboard seeks to identify, verify and block open proxies and anonymity network exit nodes. To prevent abuse or vandalism, only proxy checks by verified users will be accepted. All users are welcome to discuss on the talk page, report possible proxies, or request that a blocked IP be rechecked.

If you've been blocked as an open proxy, please see: Help:blocked.
To report a proxy check or an incorrect block, see the #Reporting section.

Pre-2012 Archives

Old archives

New archives

Open proxies may be blocked from editing

Reporting

Please report IP addresses you suspect are open proxies below. A project member will scan or attempt to connect to the proxy, and if confirmed will block the address.

File a new report here
I.	For block requests: Verify that the following criterion has been met: The IP has made abusive contributions within the past week For unblock requests: Verify that the following criteria has been met: No current criteria
II.	For block requests Replace "IP" below with the IP address you are reporting. For unblock requests Replace "IP" below with the IP address you are reporting.
III.	Fill out the resulting page and fill-in the requested information.
IV.	Save the page.

Verified Users/Sysops Templates

IP is an open proxy {{Proxycheck|confirmed}} for confirmed open proxies and Tor exit nodes.
Likely IP is an open proxy {{Proxycheck|likely}} for likely open proxies and Tor exit nodes.
Possible IP is an open proxy {{Proxycheck|possible}} for possible open proxies and Tor exit nodes.
Unlikely IP is an open proxy {{Proxycheck|unlikely}} for unlikely open proxies and Tor exit nodes.
Not currently an open proxy {{Proxycheck|unrelated}} for IP's confirmed not to be an open proxy or Tor exit node.
Inconclusive {{Proxycheck|inconclusive}} for IP's that are inconclusive.
Declined to run a check {{Proxycheck|decline}} to decline a check.
Open proxy blocked {{Proxycheck|blocked}} for open proxies and Tor nodes that have been blocked. Please add this if you block the IP.

Requests

2012-present Archives

6, 7, 8, 9, 10, 11, 12, 13, 14, 15
16, 17, 18, 19, 20, 21, 22, 23, 24, 25
26, 27, 28, 29, 30, 31, 32, 33, 34, 35
36, 37, 38, 39, 40, 41, 42, 43, 44, 45
46, 47, 48, 49, 50, 51, 52

195.82.104.0/23

– This proxy check request is closed and will soon be archived by a bot.

195.82.104.0/23 · contribs · block · log · stalk · Robtex · whois · Google

This is a rangeblock for a datacentre, AS43160, but it doesn't look like that's accurate anymore. Got here via an unblock request for 195.82.104.57, which is currently showing as AS200845. Would appreciate if someone could double-check this and unblock as appropriate. asilvering (talk) 21:41, 7 May 2025 (UTC)[reply]

You are correct that the ASN has changed and it looks like the range is now owned by a different company, but there's definitely some hosting still going on there, even on the individual IP address. It's the webhost for iberofurs, for example:

Nmap scan report for 57.104.82.195-avatel.es (195.82.104.57)
Host is up, received user-set (0.12s latency).
Scanned at 2025-05-07 23:03:17 UTC for 174s
Not shown: 65534 filtered tcp ports (no-response)
PORT    STATE SERVICE  REASON         VERSION
80/tcp  open  http     syn-ack ttl 49 Apache httpd 2.4.62
| http-robots.txt: 1 disallowed entry
|_/wp-admin/
|_http-title: iberofurs
|_http-generator: WordPress 6.8.1
|_http-server-header: Apache/2.4.62 (Debian)
| http-methods:
|_  Supported Methods: GET HEAD POST OPTIONS
443/tcp open  ssl/http syn-ack ttl 49 Apache httpd 2.4.62 ((Debian))
|_http-server-header: Apache/2.4.62 (Debian)
|_ssl-date: TLS randomness does not represent time
|_http-generator: WordPress 6.8.1
| ssl-cert: Subject: commonName=iberofurs.org
| Subject Alternative Name: DNS:iberofurs.org, DNS:www.iberofurs.org
| Issuer: commonName=E6/organizationName=Let's Encrypt/countryName=US
| Public Key type: ec
| Public Key bits: 256
| Signature Algorithm: ecdsa-with-SHA384
| Not valid before: 2025-04-03T18:14:39
| Not valid after:  2025-07-02T18:14:38
| MD5:   5b1e:fe2b:92bf:6a26:101f:0675:ca7b:7bc5
| SHA-1: 1d3a:f34d:6436:797c:1fd6:eed9:0078:6430:7fc3:4d12
| -----BEGIN CERTIFICATE-----
| MIIDvjCCA0OgAwIBAgISBZV+b1B69qEFgiNr7zvjsOAbMAoGCCqGSM49BAMDMDIx
| CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
| NjAeFw0yNTA0MDMxODE0MzlaFw0yNTA3MDIxODE0MzhaMBgxFjAUBgNVBAMTDWli
| ZXJvZnVycy5vcmcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARI7C+HnTaP/srV
| tbdnAjPeJ95IsSbKlZayq7pSFy1o5tua/+Je8Kmson/pMVvNafl/yVaC4mo8+JW3
| AtyfAtMQo4ICUTCCAk0wDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUF
| BwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSXgd83GxuSTYlA
| SFmuASnHpaLNCTAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU0jBVBggr
| BgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNyLm9yZzAi
| BggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzArBgNVHREEJDAigg1p
| YmVyb2Z1cnMub3JnghF3d3cuaWJlcm9mdXJzLm9yZzATBgNVHSAEDDAKMAgGBmeB
| DAECATAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8vZTYuYy5sZW5jci5vcmcvMjgu
| Y3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAEvFONL1TckyEBhnDjz96E/jn
| tWKHiJxtMAWE6+WGJjoAAAGV/RJKcAAABAMARzBFAiBC+RoBgVWxiS2fHGyHMek1
| U4+VW8aJGw1KGZ1xCEt7NgIhAMomMLKrsQJ0i9d+EYebooaS+J28MbVuULYaAgw6
| 2Y2uAHYA7TxL1ugGwqSiAFfbyyTiOAHfUS/txIbFcA8g3bc+P+AAAAGV/RJSQwAA
| BAMARzBFAiAoJqmO9ShA9Oa8ZTGgGOApnwhz4tjzhycBEqFgNHY7MwIhAIh7aKEl
| /aW5nIlgDMD0FkhIegj2C4xcmKi8BArRkpaJMAoGCCqGSM49BAMDA2kAMGYCMQDU
| VL5MFVIveATU1xB31mYGVs5GYSlldHCQGrDpZ6g+U3GX6rxpnQrJXJ9CpWeQy2cC
| MQDTwxX6tWoeFtRNsFmMguEwLJYfTgBraNU0JASzGkn32LLDfhkQ6aw+oe09hr60
| q8I=
|_-----END CERTIFICATE-----
|_http-title: iberofurs
| http-methods:
|_  Supported Methods: GET HEAD POST OPTIONS
| http-robots.txt: 1 disallowed entry
|_/wp-admin/
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
TCP/IP fingerprint:
SCAN(V=7.94SVN%E=4%D=5/7%OT=80%CT=%CU=%PV=N%DS=14%DC=T%G=N%TM=681BE763%P=x86_64-pc-linux-gnu)
SEQ(SP=107%GCD=1%ISR=10B%TI=Z%II=I%TS=A)
OPS(O1=M584ST11NW7%O2=M584ST11NW7%O3=M584NNT11NW7%O4=M584ST11NW7%O5=M584ST11NW7%O6=M584ST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M584NNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)

Uptime guess: 2.371 days (since Mon May  5 14:11:29 2025)
Network Distance: 14 hops
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Host: iberofurs.org

TRACEROUTE (using port 443/tcp)
HOP RTT       ADDRESS
1   0.96 ms   _gateway (10.199.22.3)
2   0.46 ms   rtr-ge-dmarc.tblflp.net (10.199.1.1)
3   ...
4   3.94 ms   rcmt-agw1.inet.qwest.net (71.32.31.17)
5   19.69 ms  4.68.144.73
6   11.95 ms  1299-3356-wdc.sp.lumen.tech (4.68.111.150)
7   11.98 ms  ash-bb2-link.ip.twelve99.net (62.115.123.124)
8   ...
9   110.19 ms mad-b3-link.ip.twelve99.net (62.115.123.219)
10  108.39 ms avateltelecom-ic-374237.ip.twelve99-cust.net (62.115.172.69)
11  ... 13
14  124.00 ms 57.104.82.195-avatel.es (195.82.104.57)

Also 195.82.104.28 has a Watchguard device, 195.82.104.2 has a webcam, and the list goes on and on. The range is too big to do an in-depth test of each, but it is very

Likely IP is an open proxy — Naomi Amethyst 23:14, 7 May 2025 (UTC)[reply]

Alas for this blocked editor. Thanks for the double-check. -- asilvering (talk) 23:24, 7 May 2025 (UTC)[reply]

Wait, I think that website is them, actually. UTRS appeal #102938 is the relevant appeal. -- asilvering (talk) 23:33, 7 May 2025 (UTC)[reply]

Ahh, good point, that ticket adds some context. The range still seems suspicious, and I'll do some more digging later today — especially as I didn't find anything conclusive, just likely in the range. I've marked this request

Reopened for now. — Naomi Amethyst 12:09, 8 May 2025 (UTC)[reply]

@Asilvering: I went ahead and dug deeper into this range, and didn't find any obvious open proxies. While it has a ton of open ports and hosting things, on deeper investigation, it appears like it is a business/residential ISP range (as the WHOIS says) that the ISP uses for people who request static IPs, and so has a bunch of IP cameras, NASs, and self-hosted things. As such, I've unblocked the range. I would caution the appellant that even though the block has been removed, editing or creating pages about their own ventures needs to follow the WP:COI policies. — Naomi Amethyst 21:03, 11 May 2025 (UTC)[reply]

Completed — Naomi Amethyst 21:03, 11 May 2025 (UTC)[reply]

115.167.65.218

– This proxy check request is closed and will soon be archived by a bot.

115.167.65.218 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Flagged as an open-proxy by whatsmyip, abused by an LTA that mostly uses open proxies (he won't use it again, but others might), and already blocked as an open proxy an zh-wiki. Seems pretty straightforward to me. 184.152.65.118 (talk) 00:20, 16 May 2025 (UTC)[reply]

Likely IP is an open proxy

Nmap scan report for 115.167.65.218
Host is up, received user-set (0.089s latency).
Scanned at 2025-05-16 02:25:01 UTC for 1009s
Not shown: 65521 filtered tcp ports (no-response)
PORT      STATE SERVICE    REASON         VERSION
1001/tcp  open  rtsp       syn-ack ttl 52
|_rtsp-methods: ERROR: Script execution failed (use -d to debug)
| fingerprint-strings:
|   FourOhFourRequest, GetRequest, HTTPOptions:
|     HTTP/1.0 200 OK
|     content-length: 0
|   RTSPRequest:
|     RTSP/1.0 501 Not Implemented
|     content-length: 0
|   SIPOptions:
|     SIP/2.0 501 Not Implemented
|_    content-length: 0
7880/tcp  open  ssl/rtsp   syn-ack ttl 52
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: commonName=84.247.51.138
| Issuer: commonName=84.247.51.138
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2024-04-11T08:20:35
| Not valid after:  9999-12-31T23:59:59
| MD5:   b3d9:1086:2a11:9a02:81f8:09da:c31e:f465
| SHA-1: 7436:4612:5ca8:8f4e:49b7:a83b:59a6:9627:076c:67db
| -----BEGIN CERTIFICATE-----
| MIICsjCCAZqgAwIBAgIIUIA+J2M+wqEwDQYJKoZIhvcNAQELBQAwGDEWMBQGA1UE
| AwwNODQuMjQ3LjUxLjEzODAgFw0yNDA0MTEwODIwMzVaGA85OTk5MTIzMTIzNTk1
| OVowGDEWMBQGA1UEAwwNODQuMjQ3LjUxLjEzODCCASIwDQYJKoZIhvcNAQEBBQAD
| ggEPADCCAQoCggEBAOW/KJ+WF3vAktiwWg83TPl7JRW9+bcWaiP3I2Kyan5nM2S6
| XwrSWPOjerYm0rRx/g+DchyjyiLnobzpzttCM68ewD2Ql+kJX2l9ttJKmsWBcelS
| LFj2yNPnsnVqn4MudXBU5mHsj15ZURLB0es847oi/x2gV0OP08vtmXmenUuIE2Lp
| 4cGcckLjPFaZJb415Ok5QGANC3JzzXNG7sfE14WavLfwr7iIo4kCDV3WBA1FTA8l
| sU4BASV1G0np/NQZ9ON39RiGuyviBDrDNrLhW/SCBmxJhKFETzxiat+7Zc2s05c8
| BZ9kLWGqRK3AEE7zw3WbJsCoALWIOnJAFBuV6WECAwEAATANBgkqhkiG9w0BAQsF
| AAOCAQEALfQaYMrBAfDnTc8wiKBA9U1EB8hdDC4wcqTyYq7Mbt7zmYw0cEEV2gC+
| ryYr8LMpmJOc5A7vsERKz3PwoosDkwDmLEij3mMePQ9lEEANBFxoeOxb+M7GJpQg
| oHIjvW4e7CEwm0UtAOvW9iQIb06o4Dcnt0HHQfwkuJMjzhTPdNOGFZPE4Xebe6BU
| 40JYPvYJ27k0Bj2wb0IF1b/f3fqYpZ1wrS5vUYJZrYIWojLvuNhu74xdICSk/3WI
| jqCOdftwJRwW7o0rrC1xbhI3Gpl8k64CDOGJEISmJFiyj41CU68UG+b3xouUt1q2
| v28PlXHQJiHcxEPzdLQBqPuvcztplA==
|_-----END CERTIFICATE-----
| fingerprint-strings:
|   FourOhFourRequest, GetRequest, HTTPOptions:
|     HTTP/1.0 400 Bad Request
|     content-length: 0
|   RTSPRequest:
|     RTSP/1.0 400 Bad Request
|     content-length: 0
|   SIPOptions:
|     SIP/2.0 400 Bad Request
|_    content-length: 0
9143/tcp  open  unknown    syn-ack ttl 52
| fingerprint-strings:
|   FourOhFourRequest:
|     HTTP/1.0 200 OK
|     Date: Fri, 16 May 2025 02:40:36 GMT
|     Content-Length: 150
|     Content-Type: text/html; charset=utf-8
|     <html>
|     <head><title>Node Exporter</title></head>
|     <body>
|     <h1>Node Exporter</h1>
|     <p><a href="/metrics">Metrics</a></p>
|     </body>
|     </html>
|   GenericLines, Help, Kerberos, RTSPRequest, SSLSessionReq, TLSSessionReq, TerminalServerCookie:
|     HTTP/1.1 400 Bad Request
|     Content-Type: text/plain; charset=utf-8
|     Connection: close
|     Request
|   GetRequest, HTTPOptions:
|     HTTP/1.0 200 OK
|     Date: Fri, 16 May 2025 02:40:09 GMT
|     Content-Length: 150
|     Content-Type: text/html; charset=utf-8
|     <html>
|     <head><title>Node Exporter</title></head>
|     <body>
|     <h1>Node Exporter</h1>
|     <p><a href="/metrics">Metrics</a></p>
|     </body>
|_    </html>
44445/tcp open  http-proxy syn-ack ttl 52 (proxy authentication required)
|_http-title: Site doesn't have a title.
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
44446/tcp open  http-proxy syn-ack ttl 51 (proxy authentication required)
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
|_http-title: Site doesn't have a title.
44464/tcp open  http-proxy syn-ack ttl 52 (proxy authentication required)
|_http-title: Site doesn't have a title.
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
44465/tcp open  http-proxy syn-ack ttl 51 (proxy authentication required)
|_http-title: Site doesn't have a title.
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
49155/tcp open  http-proxy syn-ack ttl 52 (proxy authentication required)
|_http-title: Site doesn't have a title.
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
49156/tcp open  http-proxy syn-ack ttl 51 (proxy authentication required)
|_http-title: Site doesn't have a title.
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
50100/tcp open  http-proxy syn-ack ttl 51 (proxy authentication required)
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
|_http-title: Site doesn't have a title.
50101/tcp open  http-proxy syn-ack ttl 51 (proxy authentication required)
|_http-title: Site doesn't have a title.
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
51523/tcp open  http-proxy syn-ack ttl 52 (proxy authentication required)
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
|_http-title: Site doesn't have a title.
51524/tcp open  http-proxy syn-ack ttl 51 (proxy authentication required)
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
|_http-title: Site doesn't have a title.
59100/tcp open  http-proxy syn-ack ttl 51 (proxy authentication required)
|_http-title: Site doesn't have a title.
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
59101/tcp open  http-proxy syn-ack ttl 51 (proxy authentication required)
|_http-title: Site doesn't have a title.
| fingerprint-strings:
|   SIPOptions:
|     HTTP/1.1 407 Proxy Authentication Required
|     Date: Fri, 16 May 2025 02:40:12 GMT
|     Proxy-Authenticate: Basic realm="proxy"
|     Connection: close
|_    Content-Length: 0
9 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port1001-TCP:V=7.94SVN%I=7%D=5/16%Time=6826A58E%P=x86_64-pc-linux-gnu%r
SF:(GetRequest,26,"HTTP/1\.0\x20200\x20OK\r\ncontent-length:\x200\r\n\r\n"
SF:)%r(HTTPOptions,26,"HTTP/1\.0\x20200\x20OK\r\ncontent-length:\x200\r\n\
SF:r\n")%r(RTSPRequest,33,"RTSP/1\.0\x20501\x20Not\x20Implemented\r\nconte
SF:nt-length:\x200\r\n\r\n")%r(FourOhFourRequest,26,"HTTP/1\.0\x20200\x20O
SF:K\r\ncontent-length:\x200\r\n\r\n")%r(SIPOptions,32,"SIP/2\.0\x20501\x2
SF:0Not\x20Implemented\r\ncontent-length:\x200\r\n\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port7880-TCP:V=7.94SVN%T=SSL%I=7%D=5/16%Time=6826A59A%P=x86_64-pc-linux
SF:-gnu%r(GetRequest,2F,"HTTP/1\.0\x20400\x20Bad\x20Request\r\ncontent-len
SF:gth:\x200\r\n\r\n")%r(HTTPOptions,2F,"HTTP/1\.0\x20400\x20Bad\x20Reques
SF:t\r\ncontent-length:\x200\r\n\r\n")%r(RTSPRequest,2F,"RTSP/1\.0\x20400\
SF:x20Bad\x20Request\r\ncontent-length:\x200\r\n\r\n")%r(FourOhFourRequest
SF:,2F,"HTTP/1\.0\x20400\x20Bad\x20Request\r\ncontent-length:\x200\r\n\r\n
SF:")%r(SIPOptions,2E,"SIP/2\.0\x20400\x20Bad\x20Request\r\ncontent-length
SF::\x200\r\n\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port9143-TCP:V=7.94SVN%I=7%D=5/16%Time=6826A589%P=x86_64-pc-linux-gnu%r
SF:(GenericLines,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x
SF:20text/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Ba
SF:d\x20Request")%r(GetRequest,10B,"HTTP/1\.0\x20200\x20OK\r\nDate:\x20Fri
SF:,\x2016\x20May\x202025\x2002:40:09\x20GMT\r\nContent-Length:\x20150\r\n
SF:Content-Type:\x20text/html;\x20charset=utf-8\r\n\r\n<html>\n\t\t\t<head
SF:><title>Node\x20Exporter</title></head>\n\t\t\t<body>\n\t\t\t<h1>Node\x
SF:20Exporter</h1>\n\t\t\t<p><a\x20href=\"/metrics\">Metrics</a></p>\n\t\t
SF:\t</body>\n\t\t\t</html>")%r(HTTPOptions,10B,"HTTP/1\.0\x20200\x20OK\r\
SF:nDate:\x20Fri,\x2016\x20May\x202025\x2002:40:09\x20GMT\r\nContent-Lengt
SF:h:\x20150\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\n\r\n<html>
SF:\n\t\t\t<head><title>Node\x20Exporter</title></head>\n\t\t\t<body>\n\t\
SF:t\t<h1>Node\x20Exporter</h1>\n\t\t\t<p><a\x20href=\"/metrics\">Metrics<
SF:/a></p>\n\t\t\t</body>\n\t\t\t</html>")%r(RTSPRequest,67,"HTTP/1\.1\x20
SF:400\x20Bad\x20Request\r\nContent-Type:\x20text/plain;\x20charset=utf-8\
SF:r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request")%r(Help,67,"HTTP/
SF:1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/plain;\x20charse
SF:t=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request")%r(SSLSes
SF:sionReq,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text
SF:/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20R
SF:equest")%r(TerminalServerCookie,67,"HTTP/1\.1\x20400\x20Bad\x20Request\
SF:r\nContent-Type:\x20text/plain;\x20charset=utf-8\r\nConnection:\x20clos
SF:e\r\n\r\n400\x20Bad\x20Request")%r(TLSSessionReq,67,"HTTP/1\.1\x20400\x
SF:20Bad\x20Request\r\nContent-Type:\x20text/plain;\x20charset=utf-8\r\nCo
SF:nnection:\x20close\r\n\r\n400\x20Bad\x20Request")%r(Kerberos,67,"HTTP/1
SF:\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/plain;\x20charset
SF:=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request")%r(FourOhF
SF:ourRequest,10B,"HTTP/1\.0\x20200\x20OK\r\nDate:\x20Fri,\x2016\x20May\x2
SF:02025\x2002:40:36\x20GMT\r\nContent-Length:\x20150\r\nContent-Type:\x20
SF:text/html;\x20charset=utf-8\r\n\r\n<html>\n\t\t\t<head><title>Node\x20E
SF:xporter</title></head>\n\t\t\t<body>\n\t\t\t<h1>Node\x20Exporter</h1>\n
SF:\t\t\t<p><a\x20href=\"/metrics\">Metrics</a></p>\n\t\t\t</body>\n\t\t\t
SF:</html>");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port44445-TCP:V=7.94SVN%I=7%D=5/16%Time=6826A58C%P=x86_64-pc-linux-gnu%
SF:r(SIPOptions,A2,"HTTP/1\.1\x20407\x20Proxy\x20Authentication\x20Require
SF:d\r\nDate:\x20Fri,\x2016\x20May\x202025\x2002:40:12\x20GMT\r\nProxy-Aut
SF:henticate:\x20Basic\x20realm=\"proxy\"\r\nConnection:\x20close\r\nConte
SF:nt-Length:\x200\r\n\r\n")%r(Socks5,A,"\x05\x04\0\x01\0\0\0\0\0\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port44446-TCP:V=7.94SVN%I=7%D=5/16%Time=6826A58C%P=x86_64-pc-linux-gnu%
SF:r(SIPOptions,A2,"HTTP/1\.1\x20407\x20Proxy\x20Authentication\x20Require
SF:d\r\nDate:\x20Fri,\x2016\x20May\x202025\x2002:40:12\x20GMT\r\nProxy-Aut
SF:henticate:\x20Basic\x20realm=\"proxy\"\r\nConnection:\x20close\r\nConte
SF:nt-Length:\x200\r\n\r\n")%r(Socks5,A,"\x05\x04\0\x01\0\0\0\0\0\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port44464-TCP:V=7.94SVN%I=7%D=5/16%Time=6826A58C%P=x86_64-pc-linux-gnu%
SF:r(SIPOptions,A2,"HTTP/1\.1\x20407\x20Proxy\x20Authentication\x20Require
SF:d\r\nDate:\x20Fri,\x2016\x20May\x202025\x2002:40:12\x20GMT\r\nProxy-Aut
SF:henticate:\x20Basic\x20realm=\"proxy\"\r\nConnection:\x20close\r\nConte
SF:nt-Length:\x200\r\n\r\n")%r(Socks5,A,"\x05\x04\0\x01\0\0\0\0\0\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port44465-TCP:V=7.94SVN%I=7%D=5/16%Time=6826A58C%P=x86_64-pc-linux-gnu%
SF:r(SIPOptions,A2,"HTTP/1\.1\x20407\x20Proxy\x20Authentication\x20Require
SF:d\r\nDate:\x20Fri,\x2016\x20May\x202025\x2002:40:12\x20GMT\r\nProxy-Aut
SF:henticate:\x20Basic\x20realm=\"proxy\"\r\nConnection:\x20close\r\nConte
SF:nt-Length:\x200\r\n\r\n")%r(Socks5,A,"\x05\x04\0\x01\0\0\0\0\0\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port49155-TCP:V=7.94SVN%I=7%D=5/16%Time=6826A58C%P=x86_64-pc-linux-gnu%
SF:r(SIPOptions,A2,"HTTP/1\.1\x20407\x20Proxy\x20Authentication\x20Require
SF:d\r\nDate:\x20Fri,\x2016\x20May\x202025\x2002:40:12\x20GMT\r\nProxy-Aut
SF:henticate:\x20Basic\x20realm=\"proxy\"\r\nConnection:\x20close\r\nConte
SF:nt-Length:\x200\r\n\r\n")%r(Socks5,A,"\x05\x04\0\x01\0\0\0\0\0\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port49156-TCP:V=7.94SVN%I=7%D=5/16%Time=6826A58C%P=x86_64-pc-linux-gnu%
SF:r(SIPOptions,A2,"HTTP/1\.1\x20407\x20Proxy\x20Authentication\x20Require
SF:d\r\nDate:\x20Fri,\x2016\x20May\x202025\x2002:40:12\x20GMT\r\nProxy-Aut
SF:henticate:\x20Basic\x20realm=\"proxy\"\r\nConnection:\x20close\r\nConte
SF:nt-Length:\x200\r\n\r\n")%r(Socks5,A,"\x05\x04\0\x01\0\0\0\0\0\0");
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Linux 4.X|5.X|2.6.X|3.X (91%)
OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
Aggressive OS guesses: Linux 4.15 - 5.8 (91%), Linux 5.0 - 5.4 (91%), Linux 2.6.32 (90%), Linux 4.4 (90%), Linux 5.0 - 5.5 (89%), Linux 2.6.32 or 3.10 (89%), Linux 2.6.32 - 2.6.35 (87%), Linux 2.6.32 - 2.6.39 (87%), Linux 4.0 (85%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.94SVN%E=4%D=5/16%OT=1001%CT=%CU=%PV=N%DS=12%DC=T%G=N%TM=6826A5EE%P=x86_64-pc-linux-gnu)
SEQ(SP=106%GCD=1%ISR=109%TI=Z%II=I%TS=A)
OPS(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST11NW7%O6=M5B4ST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M5B4NNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)

Uptime guess: 21.831 days (since Thu Apr 24 06:45:28 2025)
Network Distance: 12 hops
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE (using port 44446/tcp)
HOP RTT      ADDRESS
1   1.03 ms  _gateway (10.199.22.3)
2   0.44 ms  rtr-ge-dmarc.tblflp.net (10.199.1.1)
3   ...
4   5.24 ms  71-32-31-17.rcmt.qwest.net (71.32.31.17)
5   12.06 ms 4.68.144.73
6   11.88 ms ae2.3612.edge6.Washington12.net.lumen.tech (4.69.226.70)
7   11.98 ms ae-19.a04.asbnva02.us.bb.gin.ntt.net (129.250.8.157)
8   12.01 ms ae-2.r26.asbnva02.us.bb.gin.ntt.net (129.250.3.250)
9   87.94 ms ae-3.r23.parsfr04.fr.bb.gin.ntt.net (129.250.6.5)
10  87.74 ms ae-2.a00.parsfr04.fr.bb.gin.ntt.net (129.250.5.133)
11  ...
12  91.29 ms 115.167.65.218

Open proxy blocked — Naomi Amethyst 06:05, 16 May 2025 (UTC)[reply]

46.112.98.31

A user has requested a proxy check. A proxy checker will shortly look into the case.

46.112.98.31 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

While monitoring recent changes, I noticed that there are several IPs that frequently make the same edit patterns, as can be seen from the edit summaries and added links. I suspect that the IPs are using an open proxy. Spamhaus ZEN DNSBL says "127.0.0.11 - PBL Listed (Should not be sending email)". Alfarizi M (talk) 15:32, 16 May 2025 (UTC)[reply]

Prove: [1] [2] [3] [4] [5], etc. they seem to change their IPs so fast. Alfarizi M (talk) 04:17, 17 May 2025 (UTC)[reply]

IP

A user has requested a proxy check. A proxy checker will shortly look into the case.

31.59.239.76 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Another IP abused by WP:LTA/BMN123 who mostly uses proxies, flagged as a VPN by whatsmyip, and already blocked as a proxy on zh-wiki. 184.152.65.118 (talk) 02:48, 17 May 2025 (UTC)[reply]

154.205.154.254

A user has requested a proxy check. A proxy checker will shortly look into the case.

154.205.154.254 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: I suspect that 154.205.154.254 is the same editor as the already‑blocked 109.245.79.11, continuing disruptive editing on Kosovo‑War‑related pages in violation of the existing block. The new IP’s contributions mirror the old IP’s in content focus, rhetorical style, and POV‑pushing. Check User talk:109.245.79.11

It is also worth noting that this IP made a burst of similarly disruptive edits about a month ago, went quiet, and has resumed after the apparent blocking of its possible other address—behaviour consistent with swapping to a fresh proxy to evade the block. Check User talk:154.205.154.254

An IP‑check on ip.teoh.io lists 154.205.154.254 as a VPN exit node (Kaopu Cloud HK Limited, ASN 138915; geolocated to Buenos Aires, Argentina), with the “VPN = True” flag set.

185.121.94.157

A user has requested a proxy check. A proxy checker will shortly look into the case.

185.121.94.157 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Block evasion. Editing previous entires. Tule-hog (talk) 15:42, 18 May 2025 (UTC)[reply]

Automated lists and tools

User:AntiCompositeBot/ASNBlock maintained by User:AntiCompositeBot is a list of hosting provider ranges that need assessment for blocks that is updated daily. Admins are encouraged to review the list and assess for blocks as needed. All administrators are individually responsible for any blocks they make based on that list.
ISP Rangefinder is a tool that allows administrators to easily identify and hard block all ranges for an entire ISP. It should be used with extreme caution, but is useful for blocking known open proxy providers. All administrators are individually responsible for any blocks they make based on the results from this tool.
IPCheck is a tool that can help provide clues about potential open proxies.
Bullseye provides information about IPS, including clues about potential open proxies.
whois-referral is a generic WHOIS tool.
Range block finder finds present and past range blocks.

v t e Noticeboards
Wikipedia's centralized discussion, request, and help venues. For a listing of ongoing discussions and current requests, see the dashboard. For a related set of forums which do not function as noticeboards see formal review processes.
General	Administrators Main Incidents Bots Bureaucrats Centralized discussion Closure requests Education Interface admins Main Page errors Open proxies VRT Oversight User permissions
Articles, content	Biographies of living persons Copyrights Questions on media Problems Dispute resolution External links Fringe theories Neutral point of view Original research Pending changes Reliable sources Resource requests Scalable vector graphics Spam Blacklist Whitelist Style Titleblacklist Translation
Page handling	History merges Mergers Splits Moves Protection Importation XfD Articles Redirects Categories Templates Files Miscellany Undeletion
User conduct	Conflict of interest Contributor copyright Edit warring and 3RR Sanctions Personal restrictions General sanctions Contentious topics Sockpuppets Usernames (Requests for comment) Vandalism
Other	Arbitration Committee noticeboard Requests Enforcement Edit filters Requested False positives Questions Help desk Teahouse Reference desk New articles Requests for comment Village pump Policy Technical Proposals Idea lab WMF Miscellaneous WikiProject proposals Discussions for discussion
Category:Wikipedia noticeboards

v t e WikiProject Council
WikiProject guides	WikiProject Council Talk Guidelines/Intro WikiProjects Task forces Technical notes Assessment FAQ Dealing with inactive WikiProjects Work via WikiProjects
Directories and summaries	Directory Proposals Deletion Signpost Shortcuts Popular pages Database reports Watchers
Culture and the arts	Arts Music Performing Plastic Visual Broadcasting Crafts and hobbies Entertainment Games and toys Food and drink Internet culture Language and literature Biography Linguistics Media Philosophy and religion Sports
Geographical	Bodies of water Cities Countries Africa Americas Asia Europe Oceania Landforms Maps Parks, conservation areas and historical sites
History and society	History and society Business and economics Education Military and warfare Politics and government Transportation
Science, technology and engineering	Science Biology Chemistry Economics Geosciences Information science Mathematics Medicine Meteorology Physics Space Technology Time
Wikipedia assistance and tasks	Contents systems Maintenance Files Article improvement and grading Classroom projects WikiProjects

Wikipedia:Open proxies noticeboard

Reporting

Requests

195.82.104.0/23

115.167.65.218

46.112.98.31

IP

154.205.154.254

185.121.94.157

Automated lists and tools

See also