Jump to content

Wikipedia:Open proxies noticeboard/Requests/Archives/51

Add links
From Wikipedia, the free encyclopedia


2602:FFE4:C0D:801E:0:0:0:D101

{{proxycheckstatus}}

Reason: Another IP possibly using open proxies, continuing an edit-war started by two recently blocked IPs (for three years each one) for the same reason in Jüri Lina. PedroAcero76 (talk) 22:32, 12 December 2024 (UTC)

no Declined to run a check. 2602:ffe4:c0d::/48 is globally blocked until 20 December 2026. — Malcolmxl5 (talk) 13:09, 21 December 2024 (UTC)

94.156.149.0/24

{{proxycheckstatus}}

Reason: Packethub VPN range in active use. Klinetalkcontribs 14:10, 16 December 2024 (UTC)

Open proxy blocked. /24 blocked as a web host provider with multiple Nord VPN nodes. Malcolmxl5 (talk) 14:35, 20 December 2024 (UTC)

103.73.166.137

{{proxycheckstatus}}

Reason: I suspect block evasion from 202.84.62.34 (talk · contribs · WHOIS) who was blocked as a Vpngate proxy. This IP is probably also one. Nobody (talk) 06:35, 20 December 2024 (UTC)

Open proxy blocked. Spur identifies this as part of the VPN Gate anonymization network. Malcolmxl5 (talk) 11:35, 20 December 2024 (UTC)

195.216.176.19

{{proxycheckstatus}}

Recently abused, by WP:LTA/BMN123; they do tend to use a lot of p2p and short term residential stuff, but this one is showing up as a VPN server. So while they are unlikely to reuse it, someone else might; zh-wiki has actually blocked the entire /23 so its probably worth looking into. 184.152.68.190 (talk) 00:51, 21 December 2024 (UTC)

no Declined to run a check. 195.216.176.0/23 is globally blocked until 21 December 2026. Malcolmxl5 (talk) 11:43, 21 December 2024 (UTC)

81.168.120.217

{{proxycheckstatus}}

As with my report immediately above recently abused by WP:LTA/BMN123, reads as a datacenter and nlwiki has blocked the entire /24 184.152.68.190 (talk) 00:56, 21 December 2024 (UTC)

Open proxy blocked. Wikimedia IP information tool identifies this IP address as associated with a Proxy Seller proxy. Malcolmxl5 (talk) 12:00, 21 December 2024 (UTC)

23.88.240.21

{{proxycheckstatus}}

Same user as my previous report for 140.233.143.222. Also reported as a VPN proxy. Meters (talk) 02:29, 14 December 2024 (UTC)

Open proxy blocked. 23.88.224.0/19 has been blocked as a web host provider. Malcolmxl5 (talk) 16:53, 21 December 2024 (UTC)

23.88.248.210

{{proxycheckstatus}}

Yet another proxy being used by the same user as previously reported 23.88.240.21 and 140.233.143.222 Meters (talk) 04:42, 14 December 2024 (UTC)

Open proxy blocked. 23.88.224.0/19 has been blocked as a web host provider. Malcolmxl5 (talk) 16:52, 21 December 2024 (UTC)

2A0B:E40:1:0:0:0:0:0/48

{{proxycheckstatus}}

Reason: VPN by MEGA Cloud Services. Used by block-evading user. wizzito | say hello! 20:41, 21 December 2024 (UTC)

no Declined to run a check. 2a0b:e40:1::/48 is globally blocked until 21 December 2026. Malcolmxl5 (talk) 21:04, 21 December 2024 (UTC)
Yup, people at Metawiki are pretty quick wizzito | say hello! 21:47, 21 December 2024 (UTC)
Very quick! — Malcolmxl5 (talk) 01:00, 22 December 2024 (UTC)

190.90.160.164

{{proxycheckstatus}}

Reason: I highly suspect this is yet another proxy IP used by User:TyMega to evade their block. Looking at the page history of Tom Morello discography, the previous IPs used by this person such as 94.198.96.96, 5.42.206.146 and 179.27.200.45 are all blocked as "Urban VPN" proxies. — AP 499D25 (talk) 01:53, 24 December 2024 (UTC)

Open proxy blocked. Yes, this is very typical TyMega behaviour and another Urban VPN proxy. — Malcolmxl5 (talk) 02:05, 24 December 2024 (UTC)

140.233.143.222

{{proxycheckstatus}}

School page vandal. https://ipcheck.toolforge.org/index.php?ip=140.233.143.222 reports it as a VPN proxy. Meters (talk) 02:25, 14 December 2024 (UTC)

This IP address is owned by Middlebury College according to Robtex. — Malcolmxl5 (talk) 12:38, 21 December 2024 (UTC)
I'd imagine it's pretty similar to the situation at my school, where they use a provider that is marked as a proxy (which happens to be blocked, thanks Netskope!). Klinetalkcontribs 21:55, 21 December 2024 (UTC)
The user subsequently moved on to two other web hosts, now range blocked as 23.88.224.0/19 Meters (talk) 22:30, 22 December 2024 (UTC)
Open proxy blocked. /21 webhost blocked. IP 140.233.143.222 falls into the range 140.233.136.0/21, a net block owned by Internet Utilities Europe and Asia Limited[1], identified as a hosting provider[2][3]; spot checks in that range shows multiple IPs flagged as potential VPNs. --Malcolmxl5 (talk) 17:47, 31 December 2024 (UTC)

212.222.197.114

{{proxycheckstatus}}

Reason: Reported as a proxy via ProxyChecker and as a datacenter via whatismyipaddress. Klinetalkcontribs 13:54, 16 December 2024 (UTC)

 Unlikely IP is an open proxy. This IP is owned by GTT Communications Inc. and is hosted in Cork, IE. It is assigned to Stryker, a medical technology company with a manufacturing hub in Cork[4]. There are two edits to a Cork related article. This looks like someone editing from their workplace. --Malcolmxl5 (talk) 11:41, 1 January 2025 (UTC)

8.4.120.239

{{proxycheckstatus}}

Reason: Reported as a proxy/vpn via IPCheck and as a datacenter via whatismyipaddress.com Klinetalkcontribs 01:32, 21 December 2024 (UTC)

 Unlikely IP is an open proxy. This IP is owned by San Diego Broadband (8.4.120.0/22), a Wireless Internet Service Provider serving rural areas of San Diego County. IPQS flags the IP as a VPN connection but is known to also flag up datacenter ranges. There is no corroboration from other proxy/VPN detection services. Contributions seem unproblematic. --Malcolmxl5 (talk) 13:03, 1 January 2025 (UTC)

38.146.56.0/23

{{proxycheckstatus}}

Reason: VPN; cf. Spur. Eryk Kij (talk) 03:53, 21 December 2024 (UTC)

Open proxy blocked. 38.146.57.192/26 blocked. Multiple Hide My Ass VPNs in this range. No contributions in the rest of the /23 and spot checks with Spur revealed nothing. --Malcolmxl5 (talk) 15:05, 1 January 2025 (UTC)

8.227.213.58

{{proxycheckstatus}}

Reason: Reported as proxy/vpn via IPCheck and datacenter via whatismyipaddress Klinetalkcontribs 18:58, 22 December 2024 (UTC)

 Unlikely IP is an open proxy. Flagged by IPQS only; no corroboration by other proxy/VPN detection services. No indication of abuse. --Malcolmxl5 (talk) 15:32, 1 January 2025 (UTC)

2409:4089:a180:5ec::25c:78ad

{{proxycheckstatus}} 

https://en.wikipedia.org/w/index.php?title=Maharaja_Kam_Dev_Misir&action=history

Reason: (vandalizing and edit warring and putting unauthorized and wrong data on the page) Shaurya Singh Sikarwar (talk) 16:09, 30 December 2024 (UTC)

no Declined to run a check. Not on the basis of vandalism and edit warring. It’s caught up in a rangeblock 2409:4089:a000::/35 for one month anyway. --Malcolmxl5 (talk) 15:40, 1 January 2025 (UTC)

86.62.29.101

{{proxycheckstatus}}

Reason: Have seen a bunch of socking from this /24. The geolocate link shows it as a VPN. I don't know what the exact range is, but it looks like at least that much. 35.139.154.158 (talk) 16:45, 6 January 2025 (UTC)

Your instincts are good. Spur identifies the IP as belonging to the Nord VPN anonymization network. I’ll have a look at the range as there seems to be a web host provider in the mix. Thanks, — Malcolmxl5 (talk) 17:02, 6 January 2025 (UTC)
Open proxy blocked 86.62.29.0/24 is blocked as a web host provider with multiple Nord VPNs in this range also blocked. — Malcolmxl5 (talk) 17:47, 6 January 2025 (UTC)
Also blocked 86.62.30.0/24 for the same reason. — Malcolmxl5 (talk) 18:06, 6 January 2025 (UTC)

91.239.6.150

{{proxycheckstatus}}

Reason: Showed up at the same AFD that's been getting hit with these, and the geolocate link reports it as a VPN server. 35.139.154.158 (talk) 16:48, 8 January 2025 (UTC)

Open proxy blocked. Another Nord VPN. 91.239.6.0/24 is blocked as a web host provider with multiple Nord VPNs in this range also blocked. Malcolmxl5 (talk) 22:28, 8 January 2025 (UTC)

2001:550:9801:4C82:2229:C327:2800:7834

{{proxycheckstatus}}

2001:550:9801:4C82:2229:C327:2800:7834 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · geo · rangeblocks · spur · shodan

Reason: Appears to be a rangeblock. A registered user says this is their IP and it is not an open proxy. I used the proxy checker feature but I'm not very experienced in this sort of thing and to my eye the result was "mixed" in that one part of the report said this was not a proxy and another segment appeared to indicate that it is. Lil' help? (noting for the record that the block was by ST47, who has not edited in five months.) Beeblebrox Beebletalks 19:59, 16 January 2025 (UTC)

@Beeblebrox: Cogent Communications does offer colocation services, but I don't see evidence that the specific IP is an issue. We can probably knock the block back to anon only as opposed to a hard block unless there is evidence that the range is being used for socking or disruption. Just my 2c.-- Ponyobons mots 17:05, 17 January 2025 (UTC)
@Ponyo: Sounds good to me. I think I've got it for this specific address, but rangeblocks are another area I pretty much don't mess with. Beeblebrox Beebletalks 18:14, 17 January 2025 (UTC)
What I did apparently did not work, the user is saying they still can't edit. Beeblebrox Beebletalks 20:20, 18 January 2025 (UTC)
They will still be getting caught up in the rangeblock, I think. You should change the block settings for 2001:550:0:0:0:0:0:0/32 to a soft block. The range was not busy - 150+ edits between August 2012 and April 2021 - and I don’t see any disruption so it ought to be OK. My 2c. — Malcolmxl5 (talk) 22:53, 18 January 2025 (UTC)
That was my suggestion, sorry if I wasn't clear. The entire range block would need to be reduced to a soft block as soft blocking the single IP won't release it from the hardblocked /32 range.-- Ponyobons mots 23:15, 20 January 2025 (UTC)
@Beeblebrox. I have reduced the range block to a soft block and removed the block on the individual IP as that serves no purpose. Can you check that the user can now edit? — Malcolmxl5 (talk) 15:40, 21 January 2025 (UTC)
Thanks, I've dropped them a note. Beeblebrox Beebletalks 18:58, 21 January 2025 (UTC)
 Completed. Rangeblock reduced to a soft block.Malcolmxl5 (talk) 03:10, 25 January 2025 (UTC)

103.23.206.0/23

{{proxycheckstatus}}

103.23.206.0/23 · contribs · block · log · stalk · Robtex · whois · Google

Reason: Requested unblock or softening. Non-proxy collateral on this range. - RichT|C|E-Mail 01:23, 15 November 2024 (UTC)

@Rich Smith. Have you discussed this with the blocking admin ST47? Malcolmxl5 (talk) 22:07, 19 November 2024 (UTC)
@Malcolmxl5: I have not, my last attempt at asking ST47 about a block, albeit by their bot, was left unanswered - RichT|C|E-Mail 15:43, 21 November 2024 (UTC)
@Rich Smith. I understand. ST47 hasn’t edited for a while so let’s have a look at this. Malcolmxl5 (talk) 12:34, 29 November 2024 (UTC)
@Malcolmxl5: Anything? - RichT|C|E-Mail 23:20, 7 January 2025 (UTC)
 Completed @Rich Smith: I've left the range blocked but removed the hard block as the blocking admin hasn't been around in several months.-- Ponyobons mots 17:10, 17 January 2025 (UTC)

113.203.237.84

{{proxycheckstatus}}

Reason: I've blocked this IP for vandalism, and I noticed that it's tagged by a third parts as a VPN server. It would be useful for a CU to check if this is a proxy, so as to both hardblock and extend the length. — Red-tailed hawk (nest) 05:09, 4 December 2024 (UTC)

whatismyipaddress is known to be unreliable. With little or no other indication of this being a proxy or VPN, I’ll close this with no further action. PS Not a CU. — Malcolmxl5 (talk) 16:46, 12 February 2025 (UTC)
 Completed Malcolmxl5 (talk) 16:46, 12 February 2025 (UTC)

62.216.233.206

{{proxycheckstatus}}

Reason: Reported as a proxy/vpn via IPCheck and datacenter via whatismyipaddress. May be worth checking the whole range as the ISP (Equinix) provides datacenters. Klinetalkcontribs 19:36, 22 December 2024 (UTC)

@Kline. I am doubtful that this is a proxy/VPN. Typically, a proxy/VPN hides the location of the user and this is a U.K. IP editing U.K. topics but this appears to be a former Telecity range (Telecity were acquired by Equinix in 2016) and they were a colocation/web host provider. Whois gives a range of 62.216.233.0/24, I will block that on this basis. — Malcolmxl5 (talk) 14:15, 19 January 2025 (UTC)
 Completed. 62.216.233.0/24 blocked as colocation/web host. --Malcolmxl5 (talk) 14:25, 19 January 2025 (UTC)

27.254.113.0/24

{{proxycheckstatus}}

Reason: Appears to be a datacenter range that also would appear to have a Spur-identified VPNgate proxy exit node at 27.254.113.70. — Red-tailed hawk (nest) 03:56, 9 January 2025 (UTC)

 Completed. @Red-tailed hawk. A feature of VPN Gate proxies is that volunteers use their computers as 'servers' and the proxies are characteristically randomly located rather than grouped in a net block. The IP has been blocked by Rsjaffe and some spot checking shows no others in the /24. --Malcolmxl5 (talk) 14:29, 9 January 2025 (UTC)

138.43.121.0/24

{{proxycheckstatus}}

[[User:|]] · contribs · block · log · stalk · Robtex · whois · Google

Reason: Requested unblock. Hvehireihghwit (talk) 19:12, 10 February 2025 (UTC) Please change the way ip blocks work so legitimate accounts are not blocked. Maybe make accounts required to edit Wikipedia. --Hvehireihghwit (talk) 19:12, 10 February 2025 (UTC)

@Hvehireihghwit: 138.43.121.0/24 is not blocked. — Malcolmxl5 (talk) 04:01, 11 February 2025 (UTC)
 Completed. Nothing to do here, the range given is not blocked. Malcolmxl5 (talk) 01:28, 1 March 2025 (UTC)

185.28.91.56

{{proxycheckstatus}}

Reason: Vandalism, SPUR says Possible Proxy. Nobody (talk) 12:10, 12 February 2025 (UTC)

It’s probably a school as the ISP (Oakford Internet Services) specialises in the education sector and it’s likely a mix of anonymous activity and normal activity as Spur says. That said, I think we can give this one a 'likely a school' block. — Malcolmxl5 (talk) 13:20, 12 February 2025 (UTC)
 Completed Malcolmxl5 (talk) 16:35, 12 February 2025 (UTC)

120.29.76.0/23

{{proxycheckstatus}}

120.29.76.0/23 · contribs · block · log · stalk · Robtex · whois · Google

Reason: Requested unblock/softening. Another ST47 block which looks to be excessive. Converge ICT Solutions DO offer co-location, but they also offer residential fibre internet connections. This seems to be the latter. Outside of just this request I want to make 2 others

  1. Any hardblock that ST47 (or their bot) has place is reviewed
  2. Any Converge ICT Solutions block is reduced to a softblock (or unblocked), to be re-instated if issues occur. - RichT|C|E-Mail 15:22, 1 February 2025 (UTC)

182.189.94.0/24

{{proxycheckstatus}}

182.189.94.0/24 · contribs · block · log · stalk · Robtex · whois · Google

Requesting an unblock for this range (which came up in an ACC request): although this ISP offers residential, business, and data center services, I don't see anything indicating this range is for webhosting. Please ping me if this is unblocked. — Mdaniels5757 (talk • contribs) 18:50, 17 February 2025 (UTC)

Not currently an open proxy at least from my scan over the whole range on common proxy ports. Needs unblocking. Naomi Amethyst 01:03, 12 March 2025 (UTC)
 Completed. Unblocked. @Mdaniels5757:. --Malcolmxl5 (talk) 01:14, 12 March 2025 (UTC)

203.175.0.0/17

{{proxycheckstatus}}

203.175.0.0/17 · contribs · block · log · stalk · Robtex · whois · Google

This block is overbroad: only 203.175.0.0/24 seems to belong to Amazon Web Services' AES (AS14618). Other subnets do not seem to be webhosts. Please ping if unblocking. Thanks, — Mdaniels5757 (talk • contribs) 19:10, 17 February 2025 (UTC)

 Unlikely IP is an open proxy (at least the whole range). This is an overly broad range and should be narrowed to 203.175.0.0/22 (allocation here). Naomi Amethyst 01:17, 12 March 2025 (UTC)
 Completed, I've narrowed the block to the /22. Elli (talk | contribs) 02:04, 12 March 2025 (UTC)

169.197.80.0/20

{{proxycheckstatus}}

Reason: Per WHOIS, PureVoltage VPN IP range. IP user avoiding recent block - see previous evasion. Tule-hog (talk) 17:18, 28 February 2025 (UTC)

(I have suggested wider protections at AN as recommended at linked SPI. Filing here in meantime.) Tule-hog (talk) 17:22, 28 February 2025 (UTC)
The ISP is PureVoltage Hosting, which, as you might expect, offers colocation/webhost services, apparently including anonymizing VPNs and public proxies. The /20 is not a busy range though I do see a NetFree VPN on it. Anyway, blocked as a colocation/webhost service. — Malcolmxl5 (talk) 01:21, 1 March 2025 (UTC)
 Completed. /20 blocked as a colocation/webhost service. Malcolmxl5 (talk) 01:24, 1 March 2025 (UTC)

35.39.113.240

{{proxycheckstatus}}

Reason: geolocates as Amazon data center; editing looks like a malformed spam attempt. ☆ Bri (talk) 21:27, 6 March 2025 (UTC)

 Unlikely IP is an open proxy This looks like a typical mobile client on a mobile ISP (Boost Mobile) Naomi Amethyst 04:36, 9 March 2025 (UTC)
 Completed No further action required Naomi Amethyst 21:41, 11 March 2025 (UTC)

113.22.0.0/16

{{proxycheckstatus}}

113.22.0.0/16 · contribs · block · log · stalk · Robtex · whois · Google

Reason: Requested unblock/softening. FPT Telecom is a large ISP in Vietnam providing residential, commercial, and datacenter services. This block likely has significant collateral and should at least be softened to an anonblock. It is also likely unnecessary to block the entire range to target MidAtlanticBaby. Please ping me or another ACCer if this is unblocked. AntiCompositeNumber (talk) 23:47, 10 March 2025 (UTC)

85.115.33.0/24

{{proxycheckstatus}}

85.115.33.0/24 · contribs · block · log · stalk · Robtex · whois · Google

The range belongs to the Forcepoint proxy service, which is not an open proxy service (it's a commercial proxy service for enterprises).

Reason: Requested unblock. 85.115.33.180 (talk) 12:50, 12 March 2025 (UTC)

no Declined to run a check This range is not currently blocked. Naomi Amethyst 14:36, 12 March 2025 (UTC)

85.115.58.0/24

{{proxycheckstatus}}

85.115.58.0/24 · contribs · block · log · stalk · Robtex · whois · Google

The range belongs to the Forcepoint proxy service, which is not an open proxy service (it's a commercial proxy service for enterprises).

Reason: Requested unblock. 85.115.33.180 (talk) 12:59, 12 March 2025 (UTC)

Not currently an open proxy. No evidence of an open proxy currently. As these are likely egress IPs from corporate devices, some scrutiny around WP:COI editing from this range might be warranted, but a preemptive block seems excessive to me. Forcepoint maintains an abuse contact, as well, which I've reached out to to see how they handle abuse reports for traffic coming from their IP space. For now, I recommend unblocking this range. Naomi Amethyst 22:53, 12 March 2025 (UTC)
 Completed Unblocked. Naomi Amethyst 23:01, 12 March 2025 (UTC)

85.115.60.0/22

{{proxycheckstatus}}

85.115.60.0/22 · contribs · block · log · stalk · Robtex · whois · Google

The range belongs to the Forcepoint proxy service, which is not an open proxy service (it's a commercial proxy service for enterprises).

Reason: Requested unblock. 85.115.33.180 (talk) 13:00, 12 March 2025 (UTC)

information Note: The actual blocked range here is 85.115.60.0/22 instead of 85.114.61.0/24, updated request to reflect that. Naomi Amethyst 14:34, 12 March 2025 (UTC)
Not currently an open proxy. No evidence of an open proxy currently. As these are likely egress IPs from corporate devices, some scrutiny around WP:COI editing from this range might be warranted, but a preemptive block seems excessive to me. Forcepoint maintains an abuse contact, as well, which I've reached out to to see how they handle abuse reports for traffic coming from their IP space. For now, I recommend unblocking this range. Naomi Amethyst 22:53, 12 March 2025 (UTC)
 Completed Unblocked. Naomi Amethyst 23:01, 12 March 2025 (UTC)

152.117.97.32

{{proxycheckstatus}}

Reason: Attempted to vandalize. Spur says Sonicwall VPN. Nobody (talk) 14:49, 12 March 2025 (UTC)

 Unlikely IP is an open proxy Looking at this, it seems like it is a Sonicwall device, but Sonicwall produces many firewalls, routers, and other networking components. I see no evidence that there is an open proxy running on this device. It appears to be an egress IP for St. Peter Catholic School in Greenville, NC, and so it should be monitored for abuse, but it does not appear to be an open proxy. Naomi Amethyst 18:24, 12 March 2025 (UTC)
Thanks for running a check @NaomiAmethyst, I've tagged the talk page with {{Shared IP edu}} based on your finding. Nobody (talk) 06:36, 13 March 2025 (UTC)

212.52.23.80

{{proxycheckstatus}}

Per Spur, "Vpn Super Free VPN". C F A 01:29, 24 March 2025 (UTC)

Example nmap (other IPs similar):
Nmap scan report for 212.52.23.79
Host is up, received user-set (0.020s latency).
Scanned at 2025-03-24 02:01:53 UTC for 258s
Not shown: 65527 filtered tcp ports (no-response)
PORT      STATE SERVICE     REASON         VERSION
102/tcp   open  iso-tsap?   syn-ack ttl 53
443/tcp   open  https?      syn-ack ttl 53
4000/tcp  open  tcpwrapped  syn-ack ttl 53
7680/tcp  open  pando-pub?  syn-ack ttl 53
8080/tcp  open  http-proxy? syn-ack ttl 53
9080/tcp  open  glrpc?      syn-ack ttl 53
9095/tcp  open  unknown     syn-ack ttl 53
9150/tcp  open  unknown     syn-ack ttl 53
12345/tcp open  http        syn-ack ttl 53 Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
|_http-title: Site doesn't have a title (text/plain; charset=utf-8).
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port9095-TCP:V=7.94SVN%I=7%D=3/24%Time=67E0BD81%P=x86_64-pc-linux-gnu%r
SF:(NULL,15,"\0\0\x0c\x04\0\0\0\0\0\0\x05\0\0@\0\0\x03\0\0\0d")%r(GenericL
SF:ines,15,"\0\0\x0c\x04\0\0\0\0\0\0\x05\0\0@\0\0\x03\0\0\0d")%r(GetReques
SF:t,15,"\0\0\x0c\x04\0\0\0\0\0\0\x05\0\0@\0\0\x03\0\0\0d")%r(HTTPOptions,
SF:15,"\0\0\x0c\x04\0\0\0\0\0\0\x05\0\0@\0\0\x03\0\0\0d")%r(RTSPRequest,15
SF:,"\0\0\x0c\x04\0\0\0\0\0\0\x05\0\0@\0\0\x03\0\0\0d")%r(DNSStatusRequest
SF:TCP,15,"\0\0\x0c\x04\0\0\0\0\0\0\x05\0\0@\0\0\x03\0\0\0d")%r(Help,15,"\
SF:0\0\x0c\x04\0\0\0\0\0\0\x05\0\0@\0\0\x03\0\0\0d")%r(X11Probe,15,"\0\0\x
SF:0c\x04\0\0\0\0\0\0\x05\0\0@\0\0\x03\0\0\0d")%r(LPDString,15,"\0\0\x0c\x
SF:04\0\0\0\0\0\0\x05\0\0@\0\0\x03\0\0\0d")%r(LDAPBindReq,15,"\0\0\x0c\x04
SF:\0\0\0\0\0\0\x05\0\0@\0\0\x03\0\0\0d")%r(LANDesk-RC,15,"\0\0\x0c\x04\0\
SF:0\0\0\0\0\x05\0\0@\0\0\x03\0\0\0d")%r(TerminalServer,15,"\0\0\x0c\x04\0
SF:\0\0\0\0\0\x05\0\0@\0\0\x03\0\0\0d")%r(NCP,15,"\0\0\x0c\x04\0\0\0\0\0\0
SF:\x05\0\0@\0\0\x03\0\0\0d")%r(JavaRMI,15,"\0\0\x0c\x04\0\0\0\0\0\0\x05\0
SF:\0@\0\0\x03\0\0\0d")%r(afp,15,"\0\0\x0c\x04\0\0\0\0\0\0\x05\0\0@\0\0\x0
SF:3\0\0\0d");
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
Aggressive OS guesses: Linux 2.6.32 (95%), Linux 2.6.32 or 3.10 (95%), Linux 4.4 (94%), Linux 2.6.32 - 2.6.35 (93%), Linux 2.6.32 - 2.6.39 (93%), Linux 4.0 (92%), Linux 3.10 - 4.11 (91%), Linux 3.11 - 4.1 (91%), Linux 3.2 - 3.8 (91%), Linux 3.2 - 4.9 (91%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.94SVN%E=4%D=3/24%OT=102%CT=%CU=40113%PV=N%DS=11%DC=T%G=N%TM=67E0BE13%P=x86_64-pc-linux-gnu)
SEQ(SP=FF%GCD=1%ISR=104%TI=Z%TS=A)
OPS(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST11NW7%O6=M5B4ST11)
WIN(W1=7C70%W2=7C70%W3=7C70%W4=7C70%W5=7C70%W6=7C70)
ECN(R=Y%DF=Y%T=3F%W=7D78%O=M5B4NNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%T=3F%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
U1(R=Y%DF=N%T=3F%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(R=Y%DFI=N%T=3F%CD=S)

Uptime guess: 16.813 days (since Fri Mar  7 06:34:49 2025)
Network Distance: 11 hops
TCP Sequence Prediction: Difficulty=255 (Good luck!)
IP ID Sequence Generation: All zeros
 Likely IP is an open proxy I wasn't able to get it to load an arbitrary page for me via a variety of protocols, but given the services running and the spur results, these seem very likely. Naomi Amethyst 02:13, 24 March 2025 (UTC)
Open proxy blocked Naomi Amethyst 02:18, 24 March 2025 (UTC)
Retrieved from "https://en.wikipedia.org/w/index.php?title=Wikipedia:Open_proxies_noticeboard/Requests/Archives/51&oldid=1286656618"