As long as you're using TOR to connect to any regular site, your traffic will eventually exit the TOR network through an
exit node.
If that node's ISP performs packet inspection and traffic originating from it ends up hitting an URL for illegal content on a download site, the exit node could be taken down and it's owner prosecuted.
Only hidden services using the .onion alternate TLD are safe.
.onion is a pseudo-top-level domain host suffix (similar in concept to such endings as .bitnet and .uucp used in earlier times) designating an anonymous hidden service reachable via the Tor network. Such addresses are not actual DNS names, and the .onion TLD is not in the Internet DNS root
Only hidden services using the .onion alternate TLD are safe.