Tor2Web Access Detection

Medium Nessus Network Monitor Plugin ID 7177

Synopsis

The remote host is accessing a Tor hidden service through Tor2Web.

Description

Tor2web is a software project that allows Tor hidden services to be accessed from a standard browser without being connected to the Tor network. In the past, various malware campaigns and botnets have utilized Tor2Web to exfiltrate data or communicate externally. Recent traffic from this host indicates it has accessed a Tor URL through a known Tor2Web proxy.

Solution

N/A

See Also

https://tor2web.org

http://resources.infosecinstitute.com/hunting-malware-deep-web

http://www.nessus.org/u?a30e9296

Plugin Details

Severity: Medium

ID: 7177

Version: 1.2

Family: Policy

Published: 2015/07/24

Modified: 2018/09/16

Risk Information

Risk Factor: Medium

Vulnerability Information

CPE: cpe:/a:torproject:tor2web