Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tor2Web Onion DNS Query Detection

Info

Synopsis

The remote host is accessing a Tor hidden service through Tor2Web.

Description

Tor2web is a software project that allows Tor hidden services to be accessed from a standard browser without being connected to the Tor network. In the past, various malware campaigns and botnets have utilized Tor2Web to exfiltrate data or communicate externally. Recent traffic from this host indicates it has accessed a Tor URL through a known Tor2Web proxy.

Solution

N/A