Delivery-Date: Sat, 27 Jun 2015 11:42:50 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 574791E03B0;
	Sat, 27 Jun 2015 11:42:48 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 223AF360E8;
	Sat, 27 Jun 2015 15:42:43 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 7C9F1360DE
 for <tor-talk@lists.torproject.org>; Sat, 27 Jun 2015 15:42:39 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id U9gL44OV9F_s for <tor-talk@lists.torproject.org>;
 Sat, 27 Jun 2015 15:42:39 +0000 (UTC)
Received: from db1.countermail.com (db1.countermail.com [46.253.205.114])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.countermail.com",
 Issuer "GlobalSign Domain Validation CA - SHA256 - G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 1F5AA35CFA
 for <tor-talk@lists.torproject.org>; Sat, 27 Jun 2015 15:42:39 +0000 (UTC)
Received: from 192.168.0.1 [46.253.205.116])
 (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 by db1.countermail.com (Postfix) with ESMTPSA id DD2EB82A07FE
 for <tor-talk@lists.torproject.org>; Sat, 27 Jun 2015 15:42:35 +0000 (UTC)
Message-ID: <558EC46B.2000107@countermail.com>
Date: Sat, 27 Jun 2015 17:42:35 +0200
From: chloe <chloe@countermail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64;
 rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <558EB972.6040101@countermail.com>
In-Reply-To: <558EB972.6040101@countermail.com>
X-Forwarded-Message-Id: <558EB972.6040101@countermail.com>
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: [tor-talk] Question regarding some strange behavior on some
	exitnodes
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


Hello,

I have a question regarding some strange behavior on some nodes(11 of 
them).


See this access-log:

81.89.0.201 - - [25/Jun/2015 12:25:30] "GET /db/backups/965110218-2015 
HTTP/1.1" 200 5057
37.187.202.46 - - [25/Jun/2015 14:00:10] "GET /db/backups/965110218-2015 
HTTP/1.1" 200 5057
37.187.202.46 - - [25/Jun/2015 14:00:35] "GET 
/db/backups/965110218-2015?C=N;O=D HTTP/1.1" 200 5057
37.187.202.46 - - [25/Jun/2015 14:00:40] "GET 
/db/backups/965110218-2015?C=N;O=D HTTP/1.1" 200 5057
37.187.202.46 - - [25/Jun/2015 14:00:46] "GET 
/db/backups/965110218-2015?C=N;O=D HTTP/1.1" 200 5057
37.187.202.46 - - [25/Jun/2015 14:00:51] "GET 
/db/backups/965110218-2015?C=N;O=D HTTP/1.1" 200 5057
37.187.202.46 - - [25/Jun/2015 14:00:57] "GET 
/db/backups/965110218-2015?C=N;O=D HTTP/1.1" 200 5057
37.187.202.46 - - [25/Jun/2015 14:01:02] "GET 
/db/backups/965110218-2015?C=N;O=D HTTP/1.1" 200 5057
37.187.202.46 - - [25/Jun/2015 14:01:08] "GET 
/db/backups/965110218-2015?C=N;O=D HTTP/1.1" 200 5057
AE4E83B0BFDF679989D746C3B3DEF2EBCA35FA68 was using URL 965110218-2015


Here we can see that node (AE4E83B0BFDF679989D746C3B3DEF2EBCA35FA68) 
with IP 81.89.0.201 first visit the unique URL 
"/db/backups/965110218-2015"  and then around 1.5 hours later another IP 
visits the same URL and does some indexing?

The other 10 nodes are doing the exact same thing. I'm using Bottlepy as 
"web server" so no User Agent grabbed, but still, this is a unique URL, 
why do I have more than 2 visits on them? The IP 37.187.202.46 is not 
part of Tor.

Could you please look into this problem? The affected exitnodes are:

1B6D6CCF428AF68619B0B8D9D17324D5FAD6304D
8AF4E4D2A13DED432208D3B3889D43256D56FC72
252A55672B450929374CBB7279404B22E0D69259
F94BCE1B6E3899FA4E4CBCC3B19C4FD8CC2B33BB
B3DA80FF09813020886578D84DD594A32EE280B1
AA5D47D5A96AE3084379663056C321A0812154D5
42F752C0919357CD19B1B36865657072376960CB
ACA45CB6D5DF151DB88AEF666D8FECC6DDED17FA
5C2B2A7AA55C60C56B4DC0BBF7EA3919731ABA1C
9FB2DCBE32859CD510EA325FA64237F5AAE78E17
AE4E83B0BFDF679989D746C3B3DEF2EBCA35FA68

Kind regards,
Chloe
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

