The Tor Project provides a full list of IPs that are currently exit nodes in the Tor network. Exit nodes are basically the public "exit doors" from the Tor network to the public internet, so if a user is browsing with Tor and access a website in the public internet the IP of the exit node will be the IP of that user.

In this way, we can detect if a user is browsing with Tor. Using Tor is not illegal and a user that uses Tor is not malicious per se. I think it makes no sense to block all exit Tor IPs, because the most users can make a good use of Tor.

Nevertheless, you can identify it for other purposes.

There are other ways to identify if an IP is an IP of a Tor exit node:

• Check it directly in ExoneraTor, which is a frontend to request this kind of data (also accepts a date).

• Perform a DNS lookup to the public TorDNSEL service the way to do this is reversing an IP, prepend it to .dnsel.torproject.org and perform a lookup. If the result starts with 127.0.0. and it is not 127.0.0.1, then the IP is the IP of an exit node. For example with the IP 200.99.10.10 we can do it with:

dig 200.99.10.10.dnsel.torproject.org

Or:

nslookup 200.99.10.10.dnsel.torproject.org

• There is also a NPM package that you can use (named "IsTorExit"):

npm install -g istorexit

And that's all! Hope its helpful...

🙏🙏🙏

Since you've made it this far, sharing this article on your favorite social media network would be highly appreciated 😀! For feedback, please ping me on Twitter.