From getpeerinfo:
...
"addr_relay_enabled": true,
"addr_processed": 24650,
"addr_rate_limited": 14316,
"permissions": [
],
"minfeefilter": 0.00000000,
"bytessent_per_msg": {
"addr": 294645,
"alert": 192,
"getheaders": 1053,
"inv": 54973514,
"ping": 66176,
"pong": 238336,
"verack": 24,
"version": 126
},
"bytesrecv_per_msg": {
"addr": 1272375,
"inv": 122183,
"ping": 238368,
"pong": 66176,
"verack": 24,
"version": 136
},
...
Could investigate a bit more by looking at the addresses they are sending.
At 2026-04-13T13:47:00Z I received a addr message with exactly 10 entries. All timestamps were recent (not older than 10min). The IPs seemed reasonable from locations where real nodes could be hosted / run from, the ports were mostly 8333, and the services seemed to be reasonable ones too.
I also noticed that they always send a ping with value zero and we do announce transactions to them, but they don’t seem to request any (spy-node behavior).