The IP logged is a Tor network exit node. This is expected.
The problem is when I paste exactly the same URL in Tor Browser,
https://navalny.com/blog/post.rss
it always returns the correct page, there is no challenge no matter what the exit node could be.
It is possible to copy all the headers Tor Browser sends with this request. Adding a parameter
to route this request through Tor we get the following
curl 'https://navalny.com/blog/post.rss' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1' -H 'Sec-Fetch-Dest: document' -H 'Sec-Fetch-Mode: navigate' -H 'Sec-Fetch-Site: none' -H 'Sec-Fetch-User: ?1' -H 'TE: trailers' --socks5-hostname 127.0.0.1:9150 -v -O
But it still returns 403 (Cloudflare challenge) although it is exactly the same request that Tor Browser sends.
It seems to me that Tor Browser has some Cloudflare integration that allows its users to avoid the challenge. To confirm this I tried to search Tor Browser code to find any references to Cloudflare. Although some were found it seems to be there is no integration.
That leaves me puzzled.