__  __  ___   ___  ____     __                     _   _
|  \/  |/ _ \ / _ \|  _ \   / _|    ___ __  _(_) |_
| |\/| | | | | | | | |_) | |  _|   / _ \ \/ / |  _|
| |  | | |_| | |_| |  _ <  |  _|  |  __/>  <| | |_
|_|  |_|\___/ \___/|_| \_\ |_|     \___/_/\_\_|\__|

[!] CONNECTION FLAGGED _

you reached port 80 on a node of the MOOR network. this is not a web server. this is a packet plumbing device for an anonymous overlay. outbound traffic you saw from this IP was generated by somebody else — routed through three layers of encryption, bounced through two other countries, and emitted here. the operator of this box cannot see who they are. neither can you. neither can your lawyer.
$ whois this-host role :: exit relay callsign :: AWS-EXIT-AU build :: unknown contact :: [REDACTED] epoch :: 1776406269
$ cat /var/log/who-sent-that cat: /var/log/who-sent-that: No such file or directory # MOOR does not keep traffic logs. not a policy choice. # the data isn't available to log. see the spec for why.
$ man abuse-complaint if packets from this IP landed in your SIEM, grep, or inbox, the operator CAN confirm this is a MOOR exit. the operator WILL NOT remove the exit flag. not for you. not for your lawyer. not for your ISP. that is the threat model, not a bug. the operator CANNOT identify the origin — nobody can. # filter our /24 if it bothers you. we won't take it personally.
[ nothing else is served on port 80. move along. ]