Reputation API: Tor exit nodes

makes you able to block anonymous traffic from Tor by getting a fresh list of Tor exit nodes IPs. Tor is rising in popularity as an infrastructure for malicious activity. This free API makes you able to detect all traffic coming from anonymous Tor exit nodes.

   

Status

2,484

Exit nodes IPs

68

countries

316

IPs by SECTHEMALL

API



$ curl -s 'https://secthemall.com/public-list/tor-exit-nodes/json?size=1'
{
    "results": [
        {
            "ip": "178.20.55.18",
            "ptr": "marcuse-2.nos-oignons.net.",
            "expire": 1498914903,
            "geo": {
                "isocode": "FR",
                "countryname": "France",
                "subdivision": "Paris",
                "city": "Paris",
                "lat": 48.8628,
                "lng": 2.3292000000000002
            },
            "urlscan": {
                "server": "Apache",
                "domain": "178.20.55.18",
                "ip": "178.20.55.18",
                "asnname": "LIAZO, FR",
                "asn": "AS50618",
                "url": "http:\/\/178.20.55.18\/",
                "ptr": "marcuse-2.nos-oignons.net"
            },
            "source": "https:\/\/check.torproject.org\/exit-addresses",
            "created": 1498310103,
            "geopoint": "48.8628,2.3292"
        }
    ],
    "lastid": "AVzV_UzSoy8zi76Jo4lT9b727444706ff9e40f59adbf962d3e0c",
    "total_count": 1075,
    "result_count": 1,
    "secthemall_count": 71
}




Authentication



$ curl -s -u [email protected]:my_api_key \
      'https://secthemall.com/public-list/tor-exit-nodes/json?size=900'






Import to Elasticsearch



$ curl -s -u [email protected]:my_api_key \
    'https://secthemall.com/public-list/tor-exit-nodes/elasticsearch?size=5000' > \
    torexitnodes.json

$ curl -s -H "Content-Type: application/x-ndjson" \
    -XPOST http://elastic:9200/_bulk \
    --data-binary "@torexitnodes.json"

$ curl -s 'http://elastic:9200/secthemall_reputation_tor/_search?pretty'
{
  "took" : 1,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "failed" : 0
  },
  "hits" : {
    "total" : 2,
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "secthemall_reputation_tor",
        "_type" : "reputation",
        "_id" : "c0c5493148d31f3f0d2e9c26a8b0e9c1",
        "_score" : 1.0,
        "_source" : {
          "ip" : "158.255.211.9",
          "ptr" : "9.211.255.158.in-addr.arpa.",
          "expire" : 1499153031,
          "geo" : {
            "isocode" : "AT",
            "countryname" : "Austria",
            "subdivision" : null,
            "city" : null,
            "lat" : 48.2,
            "lng" : 16.3667
          },
          "source" : "https://secthemall.com",
          "created" : 1498548231,
          "geopoint" : "48.2,16.3667"
        }
      },
      {
        "_index" : "secthemall_reputation_tor",
        "_type" : "reputation",
        "_id" : "dcdc1730eae01b2d655ab413a7c1bdc3",
        "_score" : 1.0,
        "_source" : {
          "ip" : "77.250.227.12",
          "ptr" : "dhcp-077-250-227-012.chello.nl.",
          "expire" : 1499153031,
          "geo" : {
            "isocode" : "NL",
            "countryname" : "Netherlands",
            "subdivision" : "South Holland",
            "city" : "Rotterdam",
            "lat" : 51.895,
            "lng" : 4.5111
          },
          "source" : "https://secthemall.com",
          "created" : 1498548231,
          "geopoint" : "51.895,4.5111"
        }
      }
    ]
  }
}


Using with ModSecurity



$ vi rules.conf

01 SecRule REMOTE_ADDR "@ipMatchFromFile /opt/tor-exit-nodes/listip.txt" "id:6000,\
02     phase:request,log,\
03     msg:'Tor exit node',\
04     tag:'bad-reputation/Tor',\
05     severity:'CRITICAL',\
06     maturity:'9',\
07     accuracy:'9',\
08     rev:'1',\
09     ver:'SECTHEMALL_1.0',\
10     capture,\
11     drop"

$ mkdir -p opt/tor-exit-nodes/
$ curl -s -u [email protected]:my_api_key \
    https://secthemall.com/public-list/tor-exit-nodes/iplist/?size=5000 > \
    opt/tor-exit-nodes/listip.txt


Sign Up, it's free!


Free sign up