The Limited-Time Beta Program for the all-new Censys Platform is closing soon.

107.189.14.4

As of: Feb 11, 2025 1:13am UTC | Latest

Basic Information

Reverse DNS
LuxembourgTorNew31.Quetzalcoatl-relays.org
Routing
107.189.14.0/24  via PONYNET, US (AS53667)
Services (5)
9000/UNKNOWN, 9001/HTTP, 9100/UNKNOWN, 9101/HTTP, 22022/SSH
Labels
Remote Access

UNKNOWN 9000/TCP
02/10/2025 18:54 UTC


Details

TLS

Handshake
Version Selected
TLSv1_3
Cipher Selected
TLS_AES_256_GCM_SHA384
Certificate
Fingerprint
1e54902178d650ad5f6606f10e980f876253f3dfc6e5d2160a5bcaefd869f9d0
Subject
CN=www.6id75jbd4bvquga7ad.net
Issuer
CN=www.ejz4qmz7.com
Names
www.6id75jbd4bvquga7ad.net
Fingerprint
JARM
2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa
JA3S
15af977ce25de452b96affa2addb1036
JA4S
t130200_1302_a56c5b993250

HTTP 9001/TCP
02/10/2025 20:23 UTC


Details

http://107.189.14.4:9001/
Status
200  OK
Body Hash
sha1:e8d1546f8df69587cccce754a6aaa2595afbaca4
HTML Title
This is a Tor Exit Router
Response Body
      This is a Tor Exit Router

Most likely you are accessing this website because you had some issue with the
traffic coming from this IP. This router is part of the [Tor Anonymity
Network](https://www.torproject.org/), which is dedicated to [providing
privacy](https://2019.www.torproject.org/about/overview) to people who need it
most: average computer users. This router IP should be generating no other
traffic, unless it has been compromised.

[ ![How Tor
works](https://2019.www.torproject.org/images/how_tor_works_thumb.png)
](https://2019.www.torproject.org/about/overview)

Tor sees use by [many important segments of the
population](https://2019.www.torproject.org/about/torusers), including whistle
blowers, journalists, Chinese dissidents skirting the Great Firewall and
oppressive censorship, abuse victims, stalker targets, the US military, and
law enforcement, just to name a few. While Tor is not designed for malicious
computer users, it is true that they can use the network for malicious ends.
In reality however, the actual amount of
[abuse](https://2019.www.torproject.org/docs/faq-abuse) is quite low. This is
largely because criminals and hackers have significantly better access to
privacy and anonymity than do the regular users whom they prey upon. Criminals
can and do [build, sell, and
trade](http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_tools.html)
far larger and [more powerful
networks](http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_distributing_your.html)
than Tor on a daily basis. Thus, in the mind of this operator, the social need
for easily accessible censorship-resistant private, anonymous communication
trumps the risk of unskilled bad actors, who are almost always more easily
uncovered by traditional police work than by extensive monitoring and
surveillance anyway.

In terms of applicable law, the best way to understand Tor is to consider it a
network of routers operating as common carriers, much like the Internet
backbone. However, unlike the Internet backbone routers, Tor routers
explicitly do not contain identifiable routing information about the source of
a packet, and no single Tor node can determine both the origin and destination
of a given transmission.

As such, there is little the operator of this router can do to help you track
the connection further. This router maintains no logs of any of the Tor
traffic, so there is little that can be done to trace either legitimate or
illegitimate traffic (or to filter one from the other). Attempts to seize this
router will accomplish nothing.

Furthermore, this machine also serves as a carrier of email, which means that
its contents are further protected under the ECPA. [18 USC
2707](http://www.law.cornell.edu/uscode/text/18/2707) explicitly allows for
civil remedies ($1000/account _**plus**_ legal fees) in the event of a seizure
executed without good faith or probable cause (it should be clear at this
point that traffic originating from this IP address should not constitute
probable cause to seize the machine). Similar considerations exist for 1st
amendment content on this machine.

If you are a representative of a company who feels that this router is being
used to violate the DMCA, please be aware that this machine does not host or
contain any illegal content. Also be aware that network infrastructure
maintainers are not liable for the type of content that passes over their
equipment, in accordance with [DMCA "safe harbor"
provisions](http://www.law.cornell.edu/uscode/text/17/512). In other words,
you will have just as much luck sending a takedown notice to the Internet
backbone providers. Please consult [EFF's prepared
response](https://2019.www.torproject.org/eff/tor-dmca-response) for more
information on this matter.

For more information, please consult the following documentation:

  1. [Tor Overview](https://2019.www.torproject.org/about/overview)
  2. [Tor Abuse FAQ](https://2019.www.torproject.org/docs/faq-abuse)
  3. [Tor Legal FAQ](https://2019.www.torproject.org/eff/tor-legal-faq)

That being said, if you still have a complaint about the router, you may email
the [maintainer](mailto:[email protected]). If
complaints are related to a particular service that is being abused, I will
consider removing that service from my exit policy, which would prevent my
router from allowing that traffic to exit through it. I can only do this on an
IP+destination port basis, however. Common P2P ports are already blocked.

You also have the option of blocking this IP address and others on the Tor
network if you so desire. The Tor project provides a [web
service](https://check.torproject.org/cgi-bin/TorBulkExitList.py) to fetch a
list of all IP addresses of Tor exit nodes that allow exiting to a specified
IP:port combination. Please be considerate when using this option. It would be
unfortunate to deny all Tor users access to your site indefinitely simply
because of a few bad apples.
    

UNKNOWN 9100/TCP
02/11/2025 00:20 UTC


Details

TLS

Handshake
Version Selected
TLSv1_3
Cipher Selected
TLS_AES_256_GCM_SHA384
Certificate
Fingerprint
d482883b85b90b025795b658c6c00866231c790976b8884956c59095f3779f1b
Subject
CN=www.xcftowzsr5cb.net
Issuer
CN=www.ueakjxksrg6qyhussu3.com
Names
www.xcftowzsr5cb.net
Fingerprint
JARM
2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa
JA3S
15af977ce25de452b96affa2addb1036
JA4S
t130200_1302_a56c5b993250

HTTP 9101/TCP
02/10/2025 20:25 UTC


Details

http://107.189.14.4:9101/
Status
200  OK
Body Hash
sha1:e8d1546f8df69587cccce754a6aaa2595afbaca4
HTML Title
This is a Tor Exit Router
Response Body
      This is a Tor Exit Router

Most likely you are accessing this website because you had some issue with the
traffic coming from this IP. This router is part of the [Tor Anonymity
Network](https://www.torproject.org/), which is dedicated to [providing
privacy](https://2019.www.torproject.org/about/overview) to people who need it
most: average computer users. This router IP should be generating no other
traffic, unless it has been compromised.

[ ![How Tor
works](https://2019.www.torproject.org/images/how_tor_works_thumb.png)
](https://2019.www.torproject.org/about/overview)

Tor sees use by [many important segments of the
population](https://2019.www.torproject.org/about/torusers), including whistle
blowers, journalists, Chinese dissidents skirting the Great Firewall and
oppressive censorship, abuse victims, stalker targets, the US military, and
law enforcement, just to name a few. While Tor is not designed for malicious
computer users, it is true that they can use the network for malicious ends.
In reality however, the actual amount of
[abuse](https://2019.www.torproject.org/docs/faq-abuse) is quite low. This is
largely because criminals and hackers have significantly better access to
privacy and anonymity than do the regular users whom they prey upon. Criminals
can and do [build, sell, and
trade](http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_tools.html)
far larger and [more powerful
networks](http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_distributing_your.html)
than Tor on a daily basis. Thus, in the mind of this operator, the social need
for easily accessible censorship-resistant private, anonymous communication
trumps the risk of unskilled bad actors, who are almost always more easily
uncovered by traditional police work than by extensive monitoring and
surveillance anyway.

In terms of applicable law, the best way to understand Tor is to consider it a
network of routers operating as common carriers, much like the Internet
backbone. However, unlike the Internet backbone routers, Tor routers
explicitly do not contain identifiable routing information about the source of
a packet, and no single Tor node can determine both the origin and destination
of a given transmission.

As such, there is little the operator of this router can do to help you track
the connection further. This router maintains no logs of any of the Tor
traffic, so there is little that can be done to trace either legitimate or
illegitimate traffic (or to filter one from the other). Attempts to seize this
router will accomplish nothing.

Furthermore, this machine also serves as a carrier of email, which means that
its contents are further protected under the ECPA. [18 USC
2707](http://www.law.cornell.edu/uscode/text/18/2707) explicitly allows for
civil remedies ($1000/account _**plus**_ legal fees) in the event of a seizure
executed without good faith or probable cause (it should be clear at this
point that traffic originating from this IP address should not constitute
probable cause to seize the machine). Similar considerations exist for 1st
amendment content on this machine.

If you are a representative of a company who feels that this router is being
used to violate the DMCA, please be aware that this machine does not host or
contain any illegal content. Also be aware that network infrastructure
maintainers are not liable for the type of content that passes over their
equipment, in accordance with [DMCA "safe harbor"
provisions](http://www.law.cornell.edu/uscode/text/17/512). In other words,
you will have just as much luck sending a takedown notice to the Internet
backbone providers. Please consult [EFF's prepared
response](https://2019.www.torproject.org/eff/tor-dmca-response) for more
information on this matter.

For more information, please consult the following documentation:

  1. [Tor Overview](https://2019.www.torproject.org/about/overview)
  2. [Tor Abuse FAQ](https://2019.www.torproject.org/docs/faq-abuse)
  3. [Tor Legal FAQ](https://2019.www.torproject.org/eff/tor-legal-faq)

That being said, if you still have a complaint about the router, you may email
the [maintainer](mailto:[email protected]). If
complaints are related to a particular service that is being abused, I will
consider removing that service from my exit policy, which would prevent my
router from allowing that traffic to exit through it. I can only do this on an
IP+destination port basis, however. Common P2P ports are already blocked.

You also have the option of blocking this IP address and others on the Tor
network if you so desire. The Tor project provides a [web
service](https://check.torproject.org/cgi-bin/TorBulkExitList.py) to fetch a
list of all IP addresses of Tor exit nodes that allow exiting to a specified
IP:port combination. Please be considerate when using this option. It would be
unfortunate to deny all Tor users access to your site indefinitely simply
because of a few bad apples.
    

SSH 22022/TCP
02/10/2025 20:24 UTC

Remote Access

Details

Host Key
Algorithm
ecdsa-sha2-nistp256
Fingerprint
5081a66a49ea3e4ceac91d1aed0d7a0c82700bbdb07307123525968e43112871
Negotiated
Key Exchange
[email protected]
Symmetric Cipher
aes128-ctr [] aes128-ctr []
MAC
hmac-sha2-256 [] hmac-sha2-256 []

Geographic Location

City
Luxembourg
Province
Luxembourg
Country
Luxembourg (LU)
Coordinates
49.61167, 6.13
Timezone
Europe/Luxembourg