GEOIP of exit node returns country different from the one detected by a website. May be a MiTM
It may be a MiTM attempt: browser <-> Tor <-> malicious exit node <-> Tor <-> exit node <-> website
This way a malicious exit node can analyze traffic or inject malware offloading most of legal risks to another exit node.
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information