After initializing the tor network service I have seen that there was a connection established to the IP 131.188.40.188 to port 11180. I did a scan with nmap and the result was as follows:
There was an openssh service on that port, and I was connected to it.
After seeing that I proceeded to format the computer
After formatting the computer and reinstalling the tor services, I had the following connections open:
open tor ports after formatting computer
If I stop the tor service, all connections are closed.
The question is: Is ssh connection to IP 131.188.40.188 normal in tor or should I be worried about possible infection?
Thank you very much to all !
EDIT: I just checked that nmap currently shows that the current port status is unknown. The state at the time I had an established connection was an Ubuntu openssh. I can't upload a screenshot of that since, after suspecting a possible infection, I formatted the computer.
131.188.40.188 is a Tor relay and port 11180 is their chosen "OR port" (the port Tor listens on for incoming connections).
There isn't an openssh service listening this port. Nmap shows it open as an unknown service.
This appears to have been a "normal" Tor connection from your machine to this relay for using the Tor network.
