[tor-relays] Dec 2018: 24 new relays with fishy fingerprint patterns in Aruba and "INTERNET CZ" ASN
nusenu
nusenu-lists at riseup.net
Wed Dec 26 11:04:00 UTC 2018
these 24 relays have a rather distinct signup and fingerprint pattern usually seen for onion attacks:
+------------------------------------------+---------------------+--------------+--------------------+-------+------+----------------+---------+-------------+---------------------------------+
| fingerprint | first_seen | nickname | as_name | hsdir | exit | IP | or_port | tor_version | contact |
+------------------------------------------+---------------------+--------------+--------------------+-------+------+----------------+---------+-------------+---------------------------------+
| 38D26817234F6B271E6A6DED306188BC09D1AA41 | 2018-12-19 13:00:00 | Escalibur | Aruba SAS | 1 | 0 | 185.8.50.23 | 9001 | 0.3.4.9 | NULL |
| 38D2A1B04D004A61D2A9599EB5EC06FE42C463F7 | 2018-12-20 10:00:00 | delecat3d | Aruba S.p.A. | 0 | 0 | 195.231.66.172 | 9001 | 0.3.4.9 | NULL |
| 38D2B873966A1C392E427CD1417BC7BB0E84B058 | 2018-12-17 08:00:00 | HGSTdisks | Aruba SAS | 1 | 0 | 94.177.226.229 | 9001 | 0.3.4.9 | coreproccores at gmail.com |
| 510FEC23762319FEEAB3B65AF4592BE21515A7C4 | 2018-12-17 10:00:00 | tM666 | ArubaCloud Limited | 1 | 0 | 185.43.209.232 | 9001 | 0.3.4.9 | NULL |
| 510FEC475B2B286A1886A22B333A1CCDEE8F0117 | 2018-12-16 15:00:00 | yeeboyd | INTERNET CZ, a.s. | 1 | 0 | 185.33.144.210 | 9001 | 0.3.4.9 | NULL |
| 510FED6000FFEE2B451782DB0E82C2CCA8DF2332 | 2018-12-18 11:00:00 | takeAsit | Aruba SAS | 1 | 0 | 94.177.226.7 | 9001 | 0.3.4.9 | NULL |
| 6688CD00E32D45DDC25FE0F4AE31EEB460DC02EF | 2018-12-20 12:00:00 | DoeRelay | Aruba SAS | 1 | 0 | 185.8.50.62 | 9001 | 0.3.4.9 | mrmrsdoehere gmaiil _ dot COM |
| 6688E3150DC2898DDBD98D8AB70C078ECA468945 | 2018-12-19 10:00:00 | reltor | Aruba S.p.A. | 1 | 0 | 195.231.66.103 | 9001 | 0.3.4.9 | tripinonuyou gmail com |
| 6688F26C215F92A0EF8B0C94B03FA160E22C4E75 | 2018-12-21 11:00:00 | Unnamed | Aruba S.p.A. | 0 | 0 | 80.211.253.155 | 9001 | 0.3.4.9 | NULL |
| 8F29FDC9C2F85E5E9CC3F56E81B2A3D9CCB031FB | 2018-12-16 15:00:00 | SedS0K | Aruba S.p.A. | 1 | 0 | 195.231.66.240 | 9001 | 0.3.4.9 | seds0kkkk(at)gmail(dot)com |
| 8F2A173B990CAE8CB61BEFDC61F9B8C047977667 | 2018-12-18 16:00:00 | FreeW | Aruba SAS | 1 | 0 | 185.8.50.73 | 9001 | 0.3.4.9 | NULL |
| 8F2AE6EBB163B9B0BC64C0EE689946CE7A36B3F1 | 2018-12-17 18:00:00 | nobobyno | Aruba S.p.A. | 1 | 0 | 80.211.253.176 | 9001 | 0.3.4.9 | smpuffy_AT_mail.pl |
| 9E9DA7C5060BEAB9860F120CCA5646ECBC92382B | 2018-12-19 09:00:00 | NextDoorBar | Aruba SAS | 1 | 0 | 94.177.226.250 | 9001 | 0.3.4.9 | NULL |
| 9E9DAED63FE72C571753C03B2DF7C956AF02897A | 2018-12-18 12:00:00 | Unnamed | INTERNET CZ, a.s. | 1 | 0 | 185.33.144.110 | 9001 | 0.3.4.9 | NULL |
| 9E9DE2E42485FBE95DAC35138EFE372A24D64D21 | 2018-12-17 22:00:00 | LiteMoka | Aruba S.p.A. | 1 | 0 | 195.231.66.108 | 9001 | 0.3.4.9 | juseppo2199()at()gmail_com |
| A380D254B25878C74087C5D74C692D0241CBD6F0 | 2018-12-20 22:00:00 | AnonHappyBox | Aruba SAS | 1 | 0 | 94.177.226.230 | 9001 | 0.3.4.9 | anonanon55a_ at _secmail_dot_net |
| A380D347759DA5CBDC5BCBC4B51318A0C8567B53 | 2018-12-21 15:00:00 | Pendium | ArubaCloud Limited | 0 | 0 | 185.43.209.100 | 9001 | 0.3.4.9 | strangzapsl AT gmail DOT com |
| A380E80F9C6405332C8113C02B566120B8099B06 | 2018-12-19 18:00:00 | volt220 | INTERNET CZ, a.s. | 1 | 0 | 185.33.144.204 | 9001 | 0.3.4.9 | spensr555oh _AT_ gmail _ dot_cm |
| BE27A8DA5463AE0B32A4BAEC4214C0CD00F70DC3 | 2018-12-18 14:00:00 | Minicana | Aruba S.p.A. | 1 | 0 | 80.211.253.249 | 9001 | 0.3.4.9 | __Valentino404()gmail_com |
| BE27E56E8D6B9D3B84120804CA1C3564DA70827D | 2018-12-19 22:00:00 | Bestrddd | ArubaCloud Limited | 1 | 0 | 185.43.209.236 | 9001 | 0.3.4.9 | no please |
| BE27F22046D89A1EAD690C9C291F7AE85B9025DA | 2018-12-20 15:00:00 | Unnamed | INTERNET CZ, a.s. | 1 | 0 | 185.33.144.196 | 9001 | 0.3.4.9 | NULL |
| E7D8A8B5FA3CA3B668F12B5D46AB0DE94B9A9C1D | 2018-12-16 22:00:00 | Unnamed | Aruba SAS | 1 | 0 | 185.8.50.188 | 9001 | 0.3.4.9 | NULL |
| E7D8B9141E5EF11526D34DC231DD32297BC3F904 | 2018-12-19 16:00:00 | FlashGordon | Aruba S.p.A. | 1 | 0 | 80.211.253.88 | 9001 | 0.3.4.9 | sinsincytyATprotrityDOTnet |
| E7D8F1E61D068E7681EE81D6AFC7862FEB29D261 | 2018-12-18 20:00:00 | Andersen | ArubaCloud Limited | 1 | 0 | 185.43.209.114 | 9001 | 0.3.4.9 | NULL |
+------------------------------------------+---------------------+--------------+--------------------+-------+------+----------------+---------+-------------+---------------------------------+
If you are an .onion operator I'd like to encourage you to switch to onion services version 3 so we can start dropping onion version 2 services eventually.
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20181226/9ecb4ce3/attachment.sig>
More information about the tor-relays
mailing list