104.244.78.233
As of: May 16, 2025 8:23am UTC |
Latest
{
"ip": "104.244.78.233",
"services": [
{
"_decoded": "banner_grab",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX"
},
"banner": "",
"banner_hashes": [
"sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
],
"certificate": "2819faa01a5a83b12b8fc1978d905c32444d1ac7bbbee285585f992ff85fc1c5",
"extended_service_name": "UNKNOWN",
"jarm": {
"_encoding": {
"fingerprint": "DISPLAY_HEX",
"cipher_and_version_fingerprint": "DISPLAY_HEX",
"tls_extensions_sha256": "DISPLAY_HEX"
},
"fingerprint": "2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa",
"cipher_and_version_fingerprint": "2ad2ad16d2ad2ad00042d42d000000",
"tls_extensions_sha256": "332dc9cd7d90589195193c8bb05d84fa",
"observed_at": "2025-05-15T05:10:40.988298670Z"
},
"observed_at": "2025-05-15T04:59:22.021394890Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 9000,
"service_name": "UNKNOWN",
"source_ip": "206.168.34.40",
"tls": {
"version_selected": "TLSv1_3",
"cipher_selected": "TLS_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "2819faa01a5a83b12b8fc1978d905c32444d1ac7bbbee285585f992ff85fc1c5",
"leaf_data": {
"names": [
"www.rcdcyynrjczhzez.net"
],
"subject_dn": "CN=www.rcdcyynrjczhzez.net",
"issuer_dn": "CN=www.ohuuobzks7aieb3h.com",
"pubkey_bit_size": 2048,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "ad56a0507d24fe4fffb519393ab5318a7bc0786210ff79f80cc648780a7f2316",
"fingerprint": "2819faa01a5a83b12b8fc1978d905c32444d1ac7bbbee285585f992ff85fc1c5",
"issuer": {
"common_name": [
"www.ohuuobzks7aieb3h.com"
]
},
"subject": {
"common_name": [
"www.rcdcyynrjczhzez.net"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "zdHWeAAsZ6zuVnpIFSafpTCIl5hR2j5f4Y/2gd20McFOMIxsX3sGdmzNJkwCZTFDlff8xUlBSrX0uYHgWq2u4iLQiQE07FyZf0g0pKPd2jYjHOO9vJTOdZs5QHaIgc/TneIOr+ebWvjKlRBlBOsr115iayH499FduhrpNlKSvhD+z2VE7PajScEKTOOghh5ADnyy5fjLR1T0DCYbgV10fIHCDe6iFPDZYY1M18Vb/nBxDnMwma0OCsJ9WyFSo29KbQMw550z7nFP5bA60mHt1NSo5gsYWYeRjNH4+bY0LYy2k9Soom5udESqXQbh6vw5qJKFGTqrwDRo06NlJaEPNQ==",
"exponent": "AAEAAQ==",
"length": 256
},
"fingerprint": "caefa5e424427f7343d87c8cd9ad4324b8527bf1a53ca12c100e647aa08fd499"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
}
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "15af977ce25de452b96affa2addb1036",
"ja4s": "t130200_1302_a56c5b993250",
"versions": [
{
"tls_version": "TLSv1_3",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "15af977ce25de452b96affa2addb1036",
"ja4s": "t130200_1302_a56c5b993250"
},
{
"tls_version": "TLSv1_2",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "0debd3853f330c574b05e0b6d882dc27",
"ja4s": "t120200_c030_344b4dce5a52"
}
]
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.0 200 OK\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nX-Your-Address-Is: 162.142.125.200\r\nContent-Encoding: identity\r\nContent-Length: 6546\r\nExpires: Fri, 16 May 2025 04:29:47 GMT\r\n",
"banner_hashes": [
"sha256:ea0b6994adfb1d45f9db753165a37e2aad89cbe73b8366cfcb8c5f39b0a549b0"
],
"banner_hex": "485454502f312e3020323030204f4b0d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a582d596f75722d416464726573732d49733a203136322e3134322e3132352e3230300d0a436f6e74656e742d456e636f64696e673a206964656e746974790d0a436f6e74656e742d4c656e6774683a20363534360d0a457870697265733a204672692c203136204d617920323032352030343a32393a343720474d540d0a",
"discovery_method": "PREDICTIVE_METHOD_7",
"extended_service_name": "HTTP",
"http": {
"request": {
"method": "GET",
"uri": "http://104.244.78.233:9001/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.0",
"status_code": 200,
"status_reason": "OK",
"headers": {
"Date": [
"<REDACTED>"
],
"_encoding": {
"Date": "DISPLAY_UTF8",
"Content_Encoding": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8",
"Expires": "DISPLAY_UTF8",
"Content_Type": "DISPLAY_UTF8",
"X_Your_Address_Is": "DISPLAY_UTF8"
},
"Content_Encoding": [
"identity"
],
"Content_Length": [
"6546"
],
"Expires": [
"Fri, 16 May 2025 04:29:47 GMT"
],
"Content_Type": [
"text/html"
],
"X_Your_Address_Is": [
"162.142.125.200"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8",
"html_title": "DISPLAY_UTF8"
},
"html_tags": [
"<title>This is a Tor Exit Router</title>",
"<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\" />"
],
"body_size": 6546,
"body": "<?xml version=\"1.0\"?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\n \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\" />\n<title>This is a Tor Exit Router</title>\n\n<!--\n\nThis notice is intended to be placed on a virtual host for a domain that\nyour Tor exit node IP reverse resolves to so that people who may be about\nto file an abuse complaint would check it first before bothering you or\nyour ISP. Ex:\nhttp://tor-exit.yourdomain.org or http://tor-readme.yourdomain.org.\n\nThis type of setup has proven very effective at reducing abuse complaints\nfor exit node operators.\n\nThere are a few places in this document that you may want to customize.\nThey are marked with FIXME.\n\n-->\n\n</head>\n<body>\n\n<p style=\"text-align:center; font-size:xx-large; font-weight:bold\">This is a\nTor Exit Router</p>\n\n<p>\nMost likely you are accessing this website because you had some issue with\nthe traffic coming from this IP. This router is part of the <a\nhref=\"https://www.torproject.org/\">Tor Anonymity Network</a>, which is\ndedicated to <a href=\"https://2019.www.torproject.org/about/overview\">providing\nprivacy</a> to people who need it most: average computer users. This\nrouter IP should be generating no other traffic, unless it has been\ncompromised.</p>\n\n\n<!-- FIXME: you should probably grab your own copy of how_tor_works_thumb.png\n and serve it locally -->\n\n<p style=\"text-align:center\">\n<a href=\"https://2019.www.torproject.org/about/overview\">\n<img src=\"https://2019.www.torproject.org/images/how_tor_works_thumb.png\" alt=\"How Tor works\" style=\"border-style:none\"/>\n</a></p>\n\n<p>\nTor sees use by <a href=\"https://2019.www.torproject.org/about/torusers\">many\nimportant segments of the population</a>, including whistle blowers,\njournalists, Chinese dissidents skirting the Great Firewall and oppressive\ncensorship, abuse victims, stalker targets, the US military, and law\nenforcement, just to name a few. While Tor is not designed for malicious\ncomputer users, it is true that they can use the network for malicious ends.\nIn reality however, the actual amount of <a\nhref=\"https://2019.www.torproject.org/docs/faq-abuse\">abuse</a> is quite low. This\nis largely because criminals and hackers have significantly better access to\nprivacy and anonymity than do the regular users whom they prey upon. Criminals\ncan and do <a\nhref=\"http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_tools.html\">build,\nsell, and trade</a> far larger and <a\nhref=\"http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_distributing_your.html\">more\npowerful networks</a> than Tor on a daily basis. Thus, in the mind of this\noperator, the social need for easily accessible censorship-resistant private,\nanonymous communication trumps the risk of unskilled bad actors, who are\nalmost always more easily uncovered by traditional police work than by\nextensive monitoring and surveillance anyway.</p>\n\n<p>\nIn terms of applicable law, the best way to understand Tor is to consider it a\nnetwork of routers operating as common carriers, much like the Internet\nbackbone. However, unlike the Internet backbone routers, Tor routers\nexplicitly do not contain identifiable routing information about the source of\na packet, and no single Tor node can determine both the origin and destination\nof a given transmission.</p>\n\n<p>\nAs such, there is little the operator of this router can do to help you track\nthe connection further. This router maintains no logs of any of the Tor\ntraffic, so there is little that can be done to trace either legitimate or\nillegitimate traffic (or to filter one from the other). Attempts to\nseize this router will accomplish nothing.</p>\n\n<!-- FIXME: US-Only section. Remove if you are a non-US operator -->\n\n<p>\nFurthermore, this machine also serves as a carrier of email, which means that\nits contents are further protected under the ECPA. <a\nhref=\"http://www.law.cornell.edu/uscode/text/18/2707\">18\nUSC 2707</a> explicitly allows for civil remedies ($1000/account\n<i><b>plus</b></i> legal fees)\nin the event of a seizure executed without good faith or probable cause (it\nshould be clear at this point that traffic originating from this IP address\nshould not constitute probable cause to seize the\nmachine). Similar considerations exist for 1st amendment content on this\nmachine.</p>\n\n<!-- FIXME: May or may not be US-only. Some non-US tor nodes have in\n fact reported DMCA harassment... -->\n\n<p>\nIf you are a representative of a company who feels that this router is being\nused to violate the DMCA, please be aware that this machine does not host or\ncontain any illegal content. Also be aware that network infrastructure\nmaintainers are not liable for the type of content that passes over their\nequipment, in accordance with <a\nhref=\"http://www.law.cornell.edu/uscode/text/17/512\">DMCA\n\"safe harbor\" provisions</a>. In other words, you will have just as much luck\nsending a takedown notice to the Internet backbone providers. Please consult\n<a href=\"https://2019.www.torproject.org/eff/tor-dmca-response\">EFF's prepared\nresponse</a> for more information on this matter.</p>\n\n<p>For more information, please consult the following documentation:</p>\n\n<ol>\n<li><a href=\"https://2019.www.torproject.org/about/overview\">Tor Overview</a></li>\n<li><a href=\"https://2019.www.torproject.org/docs/faq-abuse\">Tor Abuse FAQ</a></li>\n<li><a href=\"https://2019.www.torproject.org/eff/tor-legal-faq\">Tor Legal FAQ</a></li>\n</ol>\n\n<p>\nThat being said, if you still have a complaint about the router, you may\nemail the <a href=\"mailto:[email protected]\">maintainer</a>. If\ncomplaints are related to a particular service that is being abused, I will\nconsider removing that service from my exit policy, which would prevent my\nrouter from allowing that traffic to exit through it. I can only do this on an\nIP+destination port basis, however. Common P2P ports are\nalready blocked.</p>\n\n<p>\nYou also have the option of blocking this IP address and others on\nthe Tor network if you so desire. The Tor project provides a <a\nhref=\"https://check.torproject.org/cgi-bin/TorBulkExitList.py\">web service</a>\nto fetch a list of all IP addresses of Tor exit nodes that allow exiting to a\nspecified IP:port combination.\nPlease be considerate when using this option. It would be unfortunate to deny all Tor users access\nto your site indefinitely simply because of a few bad apples.</p>\n\n</body>\n</html>\n",
"body_hashes": [
"sha256:0da7890d92bdc04c0b1a41cb731bc4209311aaa732f7bf0c9d82fcbb20709c7c",
"sha1:e8d1546f8df69587cccce754a6aaa2595afbaca4",
"tlsh:1cd1b7bba3c0a33a03509250271177cceb578079a7c069e6307ec115a24eea883395ef"
],
"body_hash": "sha1:e8d1546f8df69587cccce754a6aaa2595afbaca4",
"html_title": "This is a Tor Exit Router"
},
"supports_http2": false
},
"observed_at": "2025-05-16T04:09:16.904236077Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 9001,
"service_name": "HTTP",
"source_ip": "162.142.125.200",
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "banner_grab",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX"
},
"banner": "",
"banner_hashes": [
"sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
],
"certificate": "2a3ef6d625480238a20073f887ca37803153b9dab55a7d78f32de75f81893332",
"discovery_method": "PREDICTIVE_METHOD_7",
"extended_service_name": "UNKNOWN",
"observed_at": "2025-05-16T08:22:46.462001955Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 9100,
"service_name": "UNKNOWN",
"source_ip": "162.142.125.220",
"tls": {
"version_selected": "TLSv1_3",
"cipher_selected": "TLS_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "2a3ef6d625480238a20073f887ca37803153b9dab55a7d78f32de75f81893332",
"leaf_data": {
"names": [
"www.5ztkm723phc.net"
],
"subject_dn": "CN=www.5ztkm723phc.net",
"issuer_dn": "CN=www.jyguxurbysiv2hw.com",
"pubkey_bit_size": 2048,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "3d6f35b321f9342b8f93353ffb729c0c25670d5323744053562f49fb897774b6",
"fingerprint": "2a3ef6d625480238a20073f887ca37803153b9dab55a7d78f32de75f81893332",
"issuer": {
"common_name": [
"www.jyguxurbysiv2hw.com"
]
},
"subject": {
"common_name": [
"www.5ztkm723phc.net"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "n2nNka3P9E0oYa3pI6XeyqLkcU3aNLChdVHehiMB8ERJkehIOsbC0hma24Fq1zwGgwRxrQ/u++4w4lgJ1ywt+6ta9fKpjuueiOt9nIFXsHPqDIUb5GjxAuz+31jHcbrrJrJqIOJ0CzdaSp9V9OxwqQEer6SdH8bfHPHNfC8JQFs3HfN558zUF4sDpQfDS/kzcT40jZxoI+bpGboFJJa3bDbwIxLjP9e0XS4DvncpmPkBKM3MWXhyz5hl4hz4mc7KrUrAZFECg+3cR7OS1eP1qtzxsw6Hy57aJm4wWOBFbZzX1/AboCUu0TNo53iuYeN9inJJrCmja64om4CKWTCGmw==",
"exponent": "AAEAAQ==",
"length": 256
},
"fingerprint": "68b145925bc71426f3db6a2040c64398b93992b433eb2e2e2f9e0db5cfb02eb5"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
}
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "15af977ce25de452b96affa2addb1036",
"ja4s": "t130200_1302_a56c5b993250",
"versions": [
{
"tls_version": "TLSv1_3",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "15af977ce25de452b96affa2addb1036",
"ja4s": "t130200_1302_a56c5b993250"
},
{
"tls_version": "TLSv1_2",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "0debd3853f330c574b05e0b6d882dc27",
"ja4s": "t120200_c030_344b4dce5a52"
}
]
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.0 200 OK\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nX-Your-Address-Is: 167.94.138.199\r\nContent-Encoding: identity\r\nContent-Length: 6546\r\nExpires: Fri, 16 May 2025 04:30:44 GMT\r\n",
"banner_hashes": [
"sha256:3f02ac4bdd2fc4fff3f95e5178c34f1fea6020379e7039c7dd978f40deef9081"
],
"banner_hex": "485454502f312e3020323030204f4b0d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a582d596f75722d416464726573732d49733a203136372e39342e3133382e3139390d0a436f6e74656e742d456e636f64696e673a206964656e746974790d0a436f6e74656e742d4c656e6774683a20363534360d0a457870697265733a204672692c203136204d617920323032352030343a33303a343420474d540d0a",
"discovery_method": "PREDICTIVE_METHOD_2",
"extended_service_name": "HTTP",
"http": {
"request": {
"method": "GET",
"uri": "http://104.244.78.233:9101/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.0",
"status_code": 200,
"status_reason": "OK",
"headers": {
"Date": [
"<REDACTED>"
],
"_encoding": {
"Date": "DISPLAY_UTF8",
"Content_Encoding": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8",
"Expires": "DISPLAY_UTF8",
"Content_Type": "DISPLAY_UTF8",
"X_Your_Address_Is": "DISPLAY_UTF8"
},
"Content_Encoding": [
"identity"
],
"Content_Length": [
"6546"
],
"Expires": [
"Fri, 16 May 2025 04:30:44 GMT"
],
"Content_Type": [
"text/html"
],
"X_Your_Address_Is": [
"167.94.138.199"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8",
"html_title": "DISPLAY_UTF8"
},
"html_tags": [
"<title>This is a Tor Exit Router</title>",
"<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\" />"
],
"body_size": 6546,
"body": "<?xml version=\"1.0\"?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\n \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\" />\n<title>This is a Tor Exit Router</title>\n\n<!--\n\nThis notice is intended to be placed on a virtual host for a domain that\nyour Tor exit node IP reverse resolves to so that people who may be about\nto file an abuse complaint would check it first before bothering you or\nyour ISP. Ex:\nhttp://tor-exit.yourdomain.org or http://tor-readme.yourdomain.org.\n\nThis type of setup has proven very effective at reducing abuse complaints\nfor exit node operators.\n\nThere are a few places in this document that you may want to customize.\nThey are marked with FIXME.\n\n-->\n\n</head>\n<body>\n\n<p style=\"text-align:center; font-size:xx-large; font-weight:bold\">This is a\nTor Exit Router</p>\n\n<p>\nMost likely you are accessing this website because you had some issue with\nthe traffic coming from this IP. This router is part of the <a\nhref=\"https://www.torproject.org/\">Tor Anonymity Network</a>, which is\ndedicated to <a href=\"https://2019.www.torproject.org/about/overview\">providing\nprivacy</a> to people who need it most: average computer users. This\nrouter IP should be generating no other traffic, unless it has been\ncompromised.</p>\n\n\n<!-- FIXME: you should probably grab your own copy of how_tor_works_thumb.png\n and serve it locally -->\n\n<p style=\"text-align:center\">\n<a href=\"https://2019.www.torproject.org/about/overview\">\n<img src=\"https://2019.www.torproject.org/images/how_tor_works_thumb.png\" alt=\"How Tor works\" style=\"border-style:none\"/>\n</a></p>\n\n<p>\nTor sees use by <a href=\"https://2019.www.torproject.org/about/torusers\">many\nimportant segments of the population</a>, including whistle blowers,\njournalists, Chinese dissidents skirting the Great Firewall and oppressive\ncensorship, abuse victims, stalker targets, the US military, and law\nenforcement, just to name a few. While Tor is not designed for malicious\ncomputer users, it is true that they can use the network for malicious ends.\nIn reality however, the actual amount of <a\nhref=\"https://2019.www.torproject.org/docs/faq-abuse\">abuse</a> is quite low. This\nis largely because criminals and hackers have significantly better access to\nprivacy and anonymity than do the regular users whom they prey upon. Criminals\ncan and do <a\nhref=\"http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_tools.html\">build,\nsell, and trade</a> far larger and <a\nhref=\"http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_distributing_your.html\">more\npowerful networks</a> than Tor on a daily basis. Thus, in the mind of this\noperator, the social need for easily accessible censorship-resistant private,\nanonymous communication trumps the risk of unskilled bad actors, who are\nalmost always more easily uncovered by traditional police work than by\nextensive monitoring and surveillance anyway.</p>\n\n<p>\nIn terms of applicable law, the best way to understand Tor is to consider it a\nnetwork of routers operating as common carriers, much like the Internet\nbackbone. However, unlike the Internet backbone routers, Tor routers\nexplicitly do not contain identifiable routing information about the source of\na packet, and no single Tor node can determine both the origin and destination\nof a given transmission.</p>\n\n<p>\nAs such, there is little the operator of this router can do to help you track\nthe connection further. This router maintains no logs of any of the Tor\ntraffic, so there is little that can be done to trace either legitimate or\nillegitimate traffic (or to filter one from the other). Attempts to\nseize this router will accomplish nothing.</p>\n\n<!-- FIXME: US-Only section. Remove if you are a non-US operator -->\n\n<p>\nFurthermore, this machine also serves as a carrier of email, which means that\nits contents are further protected under the ECPA. <a\nhref=\"http://www.law.cornell.edu/uscode/text/18/2707\">18\nUSC 2707</a> explicitly allows for civil remedies ($1000/account\n<i><b>plus</b></i> legal fees)\nin the event of a seizure executed without good faith or probable cause (it\nshould be clear at this point that traffic originating from this IP address\nshould not constitute probable cause to seize the\nmachine). Similar considerations exist for 1st amendment content on this\nmachine.</p>\n\n<!-- FIXME: May or may not be US-only. Some non-US tor nodes have in\n fact reported DMCA harassment... -->\n\n<p>\nIf you are a representative of a company who feels that this router is being\nused to violate the DMCA, please be aware that this machine does not host or\ncontain any illegal content. Also be aware that network infrastructure\nmaintainers are not liable for the type of content that passes over their\nequipment, in accordance with <a\nhref=\"http://www.law.cornell.edu/uscode/text/17/512\">DMCA\n\"safe harbor\" provisions</a>. In other words, you will have just as much luck\nsending a takedown notice to the Internet backbone providers. Please consult\n<a href=\"https://2019.www.torproject.org/eff/tor-dmca-response\">EFF's prepared\nresponse</a> for more information on this matter.</p>\n\n<p>For more information, please consult the following documentation:</p>\n\n<ol>\n<li><a href=\"https://2019.www.torproject.org/about/overview\">Tor Overview</a></li>\n<li><a href=\"https://2019.www.torproject.org/docs/faq-abuse\">Tor Abuse FAQ</a></li>\n<li><a href=\"https://2019.www.torproject.org/eff/tor-legal-faq\">Tor Legal FAQ</a></li>\n</ol>\n\n<p>\nThat being said, if you still have a complaint about the router, you may\nemail the <a href=\"mailto:[email protected]\">maintainer</a>. If\ncomplaints are related to a particular service that is being abused, I will\nconsider removing that service from my exit policy, which would prevent my\nrouter from allowing that traffic to exit through it. I can only do this on an\nIP+destination port basis, however. Common P2P ports are\nalready blocked.</p>\n\n<p>\nYou also have the option of blocking this IP address and others on\nthe Tor network if you so desire. The Tor project provides a <a\nhref=\"https://check.torproject.org/cgi-bin/TorBulkExitList.py\">web service</a>\nto fetch a list of all IP addresses of Tor exit nodes that allow exiting to a\nspecified IP:port combination.\nPlease be considerate when using this option. It would be unfortunate to deny all Tor users access\nto your site indefinitely simply because of a few bad apples.</p>\n\n</body>\n</html>\n",
"body_hashes": [
"sha256:0da7890d92bdc04c0b1a41cb731bc4209311aaa732f7bf0c9d82fcbb20709c7c",
"sha1:e8d1546f8df69587cccce754a6aaa2595afbaca4",
"tlsh:1cd1b7bba3c0a33a03509250271177cceb578079a7c069e6307ec115a24eea883395ef"
],
"body_hash": "sha1:e8d1546f8df69587cccce754a6aaa2595afbaca4",
"html_title": "This is a Tor Exit Router"
},
"supports_http2": false
},
"observed_at": "2025-05-16T04:10:13.711240175Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 9101,
"service_name": "HTTP",
"source_ip": "167.94.138.199",
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "ssh",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u4",
"banner_hashes": [
"sha256:553d331a69ce46be74a741d42fe85b00e375d9c349c3144ebdfb619f1059f6cc"
],
"banner_hex": "5353482d322e302d4f70656e5353485f382e3470312044656269616e2d352b64656231317534",
"extended_service_name": "SSH",
"labels": [
"remote-access"
],
"observed_at": "2025-05-15T15:36:47.424745674Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 22022,
"service_name": "SSH",
"source_ip": "206.168.34.197",
"ssh": {
"endpoint_id": {
"_encoding": {
"raw": "DISPLAY_UTF8"
},
"raw": "SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u4",
"protocol_version": "2.0",
"software_version": "OpenSSH_8.4p1",
"comment": "Debian-5+deb11u4"
},
"kex_init_message": {
"kex_algorithms": [
"curve25519-sha256",
"[email protected]",
"ecdh-sha2-nistp256",
"ecdh-sha2-nistp384",
"ecdh-sha2-nistp521",
"diffie-hellman-group-exchange-sha256",
"diffie-hellman-group16-sha512",
"diffie-hellman-group18-sha512",
"diffie-hellman-group14-sha256",
"[email protected]"
],
"host_key_algorithms": [
"rsa-sha2-512",
"rsa-sha2-256",
"ssh-rsa",
"ecdsa-sha2-nistp256",
"ssh-ed25519"
],
"client_to_server_ciphers": [
"[email protected]",
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"[email protected]",
"[email protected]"
],
"server_to_client_ciphers": [
"[email protected]",
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"[email protected]",
"[email protected]"
],
"client_to_server_macs": [
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-sha1"
],
"server_to_client_macs": [
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-sha1"
],
"client_to_server_compression": [
"none",
"[email protected]"
],
"server_to_client_compression": [
"none",
"[email protected]"
],
"first_kex_follows": false
},
"algorithm_selection": {
"kex_algorithm": "[email protected]",
"host_key_algorithm": "ecdsa-sha2-nistp256",
"client_to_server_alg_group": {
"cipher": "aes128-ctr",
"mac": "hmac-sha2-256",
"compression": "none"
},
"server_to_client_alg_group": {
"cipher": "aes128-ctr",
"mac": "hmac-sha2-256",
"compression": "none"
}
},
"server_host_key": {
"fingerprint_sha256": "e61941ec71b1cdfe15b50a95a6e3ac2b65d84ab8b94b51d96b3e562aebc3f864",
"ecdsa_public_key": {
"_encoding": {
"b": "DISPLAY_BASE64",
"gx": "DISPLAY_BASE64",
"gy": "DISPLAY_BASE64",
"n": "DISPLAY_BASE64",
"p": "DISPLAY_BASE64",
"x": "DISPLAY_BASE64",
"y": "DISPLAY_BASE64"
},
"b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=",
"curve": "P-256",
"gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=",
"gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=",
"length": 256,
"n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE=",
"p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=",
"x": "xWHIu8MhonFxCw2KD0J+toD/tKsqKM2GdqQHtZVyX2s=",
"y": "Uk4CseC/7olS/UFbDxYjtGLRKQDDdqDtc8YwISokR7Y="
}
},
"hassh_fingerprint": "779664e66160bf75999f091fce5edb5a"
},
"transport_protocol": "TCP",
"truncated": false
}
],
"location": {
"continent": "Europe",
"country": "Luxembourg",
"country_code": "LU",
"city": "Luxembourg",
"postal_code": "L-1114",
"timezone": "Europe/Luxembourg",
"province": "Luxembourg",
"coordinates": {
"latitude": 49.61167,
"longitude": 6.13
}
},
"location_updated_at": "2025-05-06T13:56:22.884434663Z",
"autonomous_system": {
"asn": 53667,
"description": "PONYNET",
"bgp_prefix": "104.244.78.0/24",
"name": "PONYNET",
"country_code": "US"
},
"autonomous_system_updated_at": "2025-05-06T13:56:22.884482274Z",
"whois": {
"network": {
"handle": "BUYVM-LUXEMBOURG-01",
"name": "BuyVM",
"cidrs": [
"104.244.72.0/21"
],
"created": "2017-10-01T00:00:00Z",
"updated": "2017-10-01T00:00:00Z",
"allocation_type": "REALLOCATION"
},
"organization": {
"handle": "BUYVM",
"name": "BuyVM",
"street": "3, op der Poukewiss",
"city": "Roost",
"postal_code": "7795",
"country": "LU",
"abuse_contacts": [
{
"handle": "FDI19-ARIN",
"name": "Francisco Dias",
"email": "[email protected]"
}
],
"admin_contacts": [
{
"handle": "FDI19-ARIN",
"name": "Francisco Dias",
"email": "[email protected]"
}
],
"tech_contacts": [
{
"handle": "FDI19-ARIN",
"name": "Francisco Dias",
"email": "[email protected]"
}
]
}
},
"dns": {
"reverse_dns": {
"names": [
"LuxembourgTorNew22.Quetzalcoatl-relays.org"
],
"resolved_at": "2025-04-27T19:10:56.930420712Z"
}
},
"last_updated_at": "2025-05-16T08:23:41.408Z",
"labels": [
"remote-access"
]
}