🧅

Complete Tor Exit Node List 2026

Real-time database of 2000+ Tor exit nodes. Detect anonymized traffic, prevent fraud, and protect your platform from abuse.

2000+ Active NodesUpdated Daily

What Are Tor Exit Nodes?

Tor (The Onion Router) is an anonymity network that routes internet traffic through multiple encrypted layers. A Tor exit node is the final relay in this chain—where encrypted traffic exits the Tor network and reaches the regular internet.

From your application's perspective, requests appear to originate from the exit node's IP address, not the user's real IP. This creates both legitimate privacy use cases and fraud risks.

Why Flag Tor Traffic?

⚠️ Risk Indicators

• Account creation fraud (bulk fake accounts)
• Credential stuffing attacks
• Scraping and data harvesting
• Payment fraud and chargebacks
• Review and rating manipulation

✅ Legitimate Uses

• Privacy-conscious users
• Journalists and activists
• Users in censored regions
• Security researchers
• Whistleblowers

Best practice: Don't block Tor outright. Instead, apply risk-based restrictions: require email verification, rate-limit actions, or flag for manual review.

Tor Exit Nodes by ASN

Tor exit nodes are hosted across various providers. Some ASNs are specifically created for Tor infrastructure, while others (like VPS and cloud providers) host exit nodes among regular traffic.

AS600684 nodes

Datacamp Limited

185.220.100.252 185.220.101.1 185.220.101.44+1 more

AS607293 nodes

Aeza International LTD

193.189.100.195 178.17.170.156 91.219.236.197

AS511673 nodes

Contabo GmbH

195.176.3.19 195.176.3.24 167.86.94.107

AS3963563 nodes

Tor Exit Node

199.249.230.79 199.249.230.85 171.25.193.77

AS2051002 nodes

Privex Inc

104.244.76.13 185.100.85.101

AS162762 nodes

OVH SAS

51.68.175.8 51.77.39.24

AS204731 node

Vultr Holdings

107.189.31.195

AS128761 node

Scaleway

163.172.149.155

AS536671 node

FranTech Solutions

45.61.185.90

Known Tor Exit Node IP Addresses

20 IPs (sample)

Click any IP to view detailed threat intelligence and detection results.

How to Detect Tor Traffic with IPASIS

IPASIS detects Tor exit nodes in real-time (<20ms latency) through multiple detection methods:

•Live Tor directory consensus parsing (updated hourly)
•ASN analysis for known Tor infrastructure providers
•Traffic pattern analysis and fingerprinting
•Historical abuse data and threat intelligence feeds

curl -X POST https://api.ipasis.com/v1/detect \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "ip": "185.220.101.44"
  }'

# Response:
{
  "ip": "185.220.101.44",
  "tor": true,
  "tor_exit_node": true,
  "vpn": false,
  "proxy": false,
  "trust_score": 85,
  "asn": {
    "number": 60068,
    "name": "Datacamp Limited",
    "risk_level": "high"
  },
  "threats": ["tor", "anonymizer"],
  "recommendation": "require_verification"
}

View API Docs Free Tier: 1,000 req/day

Blocking Tor Traffic (Code Examples)

Express.js Middleware

const ipasis = require('@ipasis/node');

app.use(async (req, res, next) => {
  const ip = req.ip;
  const result = await ipasis.detect(ip);
  
  if (result.tor_exit_node) {
    return res.status(403).json({
      error: 'Tor traffic not allowed'
    });
  }
  
  next();
});

Next.js Middleware

import { NextResponse } from 'next/server';
import { detect } from '@ipasis/node';

export async function middleware(req) {
  const ip = req.ip || req.headers.get('x-forwarded-for');
  const result = await detect(ip);
  
  if (result.tor) {
    return NextResponse.json(
      { error: 'Tor not allowed' },
      { status: 403 }
    );
  }
}

Related Resources

🔒

Start Detecting Tor Traffic Today

Free tier includes 1,000 requests per day. No credit card required. Integrate in minutes with our REST API or SDK.

Get API Key Read Docs

← Back to Threat Categories