tornull.org - The Grey Area

tornulst2rbxvbpd.onion

Quote: "... watching the watchers sometimes requires watching the watchers!?" - 'FivePoint'.


Herewith, a list of Tor Relays that are manipulating exit node traffic and/or that can be directly associated with said nodes. We also list Tor nodes which tornull.org believes are not part of the Tor network to defend and uphold a users individual right to privacy. These nodes often act only as entry or middle nodes and are potentially performing some kind of Deep Packet Inspection / traffic analysis, or are running on an IP address which within the last 30 days has been independently detected as performing other malicious activities; including (although not limited to) mass SSH Brute Force attacks etc.,


Known 'Bad' Exits (flagged by the Tor networks Directory Authority servers);

kasperskytor04 and Tor - IP address : 37.221.171.234

Nodes directly associated with known 'Bad' Exits;

  • kasperskytor01 and kasperskytor02 - IP address : 37.221.162.226
  • kasperskytor05 and kasperskytor06 - IP address : 37.221.171.236

    • Nodes potentially performing some kind of DPI or traffic analysis;

  • AlleKochenKaffee - IP address : 129.13.131.140 - AS Name : Karlsruhe Institute of Technology
  • sputnik - IP address : 188.40.128.246 - AS Name : HETZNER-AS, DE

    • AS Name : CNNIC-ALIBABA-CN-NET-AP Alibaba (China) Technology Co., Ltd., CN 45102;

  • definesum - IP address : 47.89.185.247
  • ididydd - IP address : 47.90.204.154
  • maximum - IP address : 47.89.178.105
  • start123 - IP address : 47.89.191.36
  • thathib - IP address : 47.90.204.139
  • Unnamed - IP address : 47.89.179.48

    • Nodes known to be performing (or that have previously participated in) 'ethical' metrics or research studies;

    arg - https://atlas.torproject.org/#search/arg

  • Exposing Snooping in Tor by HSDir Relays: http://www.ccis.northeastern.edu/wp-content/uploads/2016/10/Poster-Sanatinia.pdf
  • Honey Onions: Exposing Snooping Tor HSDir Relays: http://www.ccs.neu.edu/home/amirali/publications/Noubir_Sanatinia_HOnion_DEFCON24.pdf
  • Honey Onions: a Framework for Characterizing and Identifying Misbehaving Tor HSDirs: https://arxiv.org/pdf/1610.06140.pdf

    • onionpop : https://onionpop.github.io/

    Quote: "... our popularity measurement is less intrusive and only requires running middle relays." and

    "Our popularity measurement involves: 1. running a middle relay and observing circuits; ...

  • $09FA8B4F665AD65D2C2A49870F1AA3BA8811E449 <<<<< Exit!
  • $068308AD070849A71B8C1DB06C2509E82C40B908 <<<<< Exit!
  • $335746A6DEB684FABDF3FC5835C3898F05C5A5A8
  • $363F42695F2DD825DA5A4E6ABF3FBDFCFD1E9AE2
  • $B6718125C43ECA2E5011B3C681BB6638617A9686 <<<<< Exit!
  • $C6B3546CC6BCCB649FEC82D348D464554BC6323D
  • $12B80ABF019354A9D25EE8BE85EB3C0AD8F7DFC1 <<<<< Exit!
  • $DE684E6C6B7773B8BE74B4D941E4178988E15E26
  • $4B1E3276137AD12DCCEBE354EA11C1E47F804F67 <<<<< Exit!
  • $C170AE5A886C5A09D6D1CF5CF284653632EEF25D
  • $A5945077E0D35729F8E2920A54BE12A0058B403E
  • $0DA9BD201766EDB19F57F49F1A013A8A5432C008 <<<<< Exit!
  • $D53793315E290D250E9AFC431A4C9068A1E53C98
  • $11EAB5C9137906EF7E6A32365C4B37613698E647
  • $91516595837183D9ECD1318D00723A8676F4731C
  • $1A4488A367D89D0EFDA88116059FEBCACF0F508A
  • $98D10461F6EDF13780D20D7E402E67F40C5ADBD9

    • Nodes directly associated with onionpop operators;

  • $7272A578FD463764A95862B871878CA045F177A3
  • $DA3C123BD1A51743D4CF813C620504982B399C4F
  • $68CECB9ECDF5EFE8FF23C25B926D756FB346FD92
  • $C6DC18B9700A2B8A11071A0050BB21BF751C379D
  • $4B084AD6A0BA70761A333829F52042BB6EA009AF
  • $95880E08A375C62D570B885554CCCFBCCB362660
  • $A746186E3C0F5301CDD7F4B3EE29F36DFED66C82

    • We strongly advise all Tor users; including relay, exit node and bridge operators to consider adding the following ExcludeNodes list to their torrc and to check back here for updates at least once per month. I'm supposed to "edit my torrc". What does that mean? : https://www.torproject.org/docs/faq.html.en#torrc

    Also see our advisory GeoIP torrc settings for ExcludeNodes; default,Unnamed


    ---- EXCLUDE NODES LIST START ----

    ExcludeNodes arg,37.221.162.226/32,37.221.171.234/32,37.221.171.236/32,47.89.178.105/32,47.89.179.48/32,47.89.185.247/32,47.89.191.36/32,47.90.204.139/32,47.90.204.154/32,65.19.167.130/31,65.19.167.132/31,65.19.167.134/32,87.118.122.50/32,91.121.230.208/32,91.121.230.210/32,91.121.230.212/32,91.121.230.214/32,91.121.230.216/32,91.121.230.218/32,129.13.131.140/32,149.56.223.240/32,149.56.223.242/32,149.56.223.244/32,185.21.216.157/32,185.21.216.198/32,188.40.128.246/32,216.218.222.10/31,216.218.222.12/31

    ---- EXCLUDE NODES LIST END ----


    Donate Bitcoin :

    Donate Zcash : taddress :

    Donate Zcash : zaddress :


    tornull.org - All information is provided 'as-is'. We do not guarantee the accuracy of the information provided.

    Some rights reserved - We disclaim all copyright interest.

    tornull.org - is an Independent Research Project.

    "Tor” and the "Onion Logo” are registered trademarks of The Tor Project, Inc.


    "We are autonomous. We don't seek forgiveness (for we've done nothing wrong!)

    We do forget things? So don't expect us." - Unknown.