Jump to content

Wikipedia:WikiProject on open proxies/Archives/Open/2011/March

From Wikipedia, the free encyclopedia


74.115.214.158

74.115.214.158 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Suspicious edits. On The Fugitive: Plan B the IP user added the same (possible copyrighted) content as an IP blocked as proxy. TbhotchTalk C. 04:52, 4 November 2010 (UTC)

This has WP:DUCK written all over it. I'll award a barnstar to anyone who can find how to edit from 74.115.214.152/29. -- zzuuzz (talk) 09:02, 4 November 2010 (UTC)
In fact, I am already working on it, see User:Petri Krohn/Pink proxy. I know four people who can give you the answer. I have posed the question to one of them. Another is a nice lady in California, who gives away puppies. (Ever wonder how Snoopy lost contact with his siblings?) I do not know If I want to write to her, but will you give me half a barnstar if I give you her email address? In fact most of the information can be reached from the now deleted sock puppet investigation. If you have a look at it, could you please retrieve the IP address of the proxy server in Ghana? -- Petri Krohn (talk) 22:29, 4 November 2010 (UTC)
Try this: http://www.easy-hide-ip.com/
In fact I was thinking this might be http://www.hide-ip-soft.com , but this is the information I received from the blocked user. -- Petri Krohn (talk) 03:50, 5 November 2010 (UTC)

The company web site has an image of the user interface. The user gets to choose his IP address from a list. From the small print I can make out these.

UK
81.94.201.83 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
81.94.201.87 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
81.94.201.90 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
93.174.138.36 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
93.174.138.245 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
77.245.75.53 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
77.245.75.50 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
USA
67.219.51.110 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
67.219.51.112 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
67.219.51.116 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
67.219.51.124 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
67.219.51.123 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

I do not remember how and from which of the 50 pages I have open I got this from, but it says that 93.174.81.194 is a proxy on port 3128

93.174.81.194 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

This may also be related. Note the interest in Talk:Jessica_(entertainer)‎:

-- Petri Krohn (talk) 04:36, 5 November 2010 (UTC)

93.174.81.194 is already blocked as an open proxy on 3128. Sailsbystars (talk contribs  email) 04:41, 5 November 2010 (UTC)
Yeah, It seems to be unrelated. I guess it showed up on the Singapore evidence and looked suspicious. -- Petri Krohn (talk) 05:18, 5 November 2010 (UTC)
{{opblocked}}, several rangeblocks in place. -- zzuuzz (talk) 10:57, 5 March 2011 (UTC)

78.107.237.16

78.107.237.16 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Off-wiki evidence indicates that these proxies have been used to anonymously procure the same or similar services that is being offered for sale through the proxy network i am investigating. I collected the IP addresses in the 70 first Google search results and checked if they had already been blocked, most were blocked as proxies or Tor nodes. These are however unblocked, most seem to be Tor nodes. I will post the Goolgle search string here, unless someone objects. -- Petri Krohn (talk) 23:52, 4 November 2010 (UTC)

As no one objected I will post the Google search string here: "to Earn SG$200/Hour" "IP:" site:sgadsonline.com -- Petri Krohn (talk) 05:33, 5 November 2010 (UTC)

69.91.223.154
66.215.42.157
79.88.47.195
80.79.126.30
81.17.91.122
87.89.74.135
88.86.122.153
95.27.150.240
173.193.219.190
173.255.213.207
212.227.101.236
213.112.111.205
{{opblocked}}, several Tor nodes, some too dynamic, all relevant blocks are in place. -- zzuuzz (talk) 12:43, 5 March 2011 (UTC)

66.197.250.197

66.197.250.197 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: open proxy. area-53.co.cc/ --Gordonrox24 | Talk 05:48, 2 February 2011 (UTC)

66.197.250.197 (talk · contribs · WHOIS) and 97.74.215.130 (talk · contribs · WHOIS) are caught up in indef rangeblocks on their hosting providers from 2008. 85.17.239.31 (talk · contribs · WHOIS) was blocked for five years a few days ago. All are, of course, confirmed. Sailsbystars (talk) 13:05, 2 February 2011 (UTC)
The above IPs have all been blocked. The site at 85.17.239.31, hidegator.com, actually offers to do proxying for you. A Google search for hidegator.com brings up http://www.robtex.com/ip/85.17.222.10.html, which is incriminating for that IP as well. 85.17.222.10 is currently blocked by Zzuuzz. Since the ISP is a /16 range, and a number from that range are now individually blocked, how about blocking all of 85.17.0.0/16? EdJohnston (talk) 17:04, 2 February 2011 (UTC)
You will get one seriously pissed off sysadmin from their security department on your case[3][4], but it's something I'd love to do again. :) -- zzuuzz (talk) 17:31, 2 February 2011 (UTC)
Point taken. EdJohnston (talk) 18:18, 2 February 2011 (UTC)
{{opblocked}}, all done here. -- zzuuzz (talk) 10:33, 5 March 2011 (UTC)

82.199.137.20 vs 85.140.130.136

Notice is hereby given that a separate application:

is posted upon a subject of confirmation that the originating IP for proxy 82.199.137.20 (already blocked) was a Moscow-based IP 85.140.130.136, which revealed itself at one of the steps of the same procedure (setting article for deletion, AfD). Cherurbino (talk) 03:26, 13 January 2011 (UTC)

{{opblocked}} 82.199.137.20 blocked for 3 months; 85.140.130.136 probably was open but too dynamic for a block at this time. -- zzuuzz (talk) 10:45, 5 March 2011 (UTC)

88.190.223.227

88.190.223.227 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Looks like Wikinger (talk · contribs · deleted contribs · nuke contribs · logs · filter log · block user · block log), a known lover of proxies, plus this edit summary rather gives a hint. Favonian (talk) 14:08, 15 March 2011 (UTC)

And it's not like he is being bashful. Favonian (talk) 14:13, 15 March 2011 (UTC)
(edit conflict) For more information, please see this. Reaper Eternal (talk) 14:14, 15 March 2011 (UTC)
(e/c x2)  Confirmed web proxy (link). Block for at least a year, I would say given the relatively static nature of the website. Sailsbystars (talk) 14:14, 15 March 2011 (UTC)
{{opblocked}} -- zzuuzz (talk) 14:29, 15 March 2011 (UTC)

88.255.36.50

88.255.36.50 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
92.255.171.173 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Two proxies that came up in OPD that both edited on Talk:Miley Cyrus with similar edits within a few minutes of each other. I haven't been able to confirm myself (I get timeouts or connection refused), but hash.es lists both of them as active and available [5] [6]. Sailsbystars (talk) 14:28, 5 March 2011 (UTC)

Based on Googling for these IPs, showing them in proxy lists, I have anon-blocked both of them for one month. I recommend further effort to establish that they are proxies before closing out this report. If such evidence were found it would justify a longer block. EdJohnston (talk) 18:23, 5 March 2011 (UTC)
The first one is now expecting authentication on port 80, which is new. I've extended the block on the second one after confirming port 3128. -- zzuuzz (talk) 08:11, 7 March 2011 (UTC)
And now port 80 exits at 88.255.36.37 (now blocked). It'll probably shift around some more. -- zzuuzz (talk) 11:18, 11 March 2011 (UTC)
{{opblocked}}, both confirmed. -- zzuuzz (talk) 14:51, 16 March 2011 (UTC)