There's is a new wave of bad exit nodes collecting as much information as it can. These nodes are mainly in Sweden territory and named CIA Triad. I use qubes And whonix with proxy-chains so each TCP packet is individually going through Tor so if my exit is compromised my tor control has a proxy. but I map my exit nodes for extra protection. These exit nodes have already come across my system about 4 times. Upon analysis of these exits nodes these servers are trying to download a certificate onto my machine. Meaning if a select IP has authorization to that certificate the attacker can download, or spy on my currently activity. Always verify your exit node watch out for CIA Triad.