Dark Web
What is Dark Web?
Dark WebA subset of the internet that requires special software such as Tor or I2P to access and that intentionally hides both client and server identities.
The Dark Web is the portion of the internet hosted on overlay networks (most prominently Tor's onion services and I2P's eepsites) that cannot be reached with a normal browser and standard DNS. Routing through layered, encrypted relays anonymises both visitors and operators, which is why it is used legitimately by journalists, dissidents, and whistleblowers, but also for cybercriminal marketplaces, ransomware leak sites, stolen-data brokers, and abuse-of-children material. Threat-intelligence teams monitor it to discover stolen credentials, exploit sales, and adversary infrastructure. Defences include continuous dark-web monitoring services, credential leak detection, takedown coordination, and blocking known Tor exit nodes from sensitive perimeters when appropriate.
● Examples
- 01
Ransomware groups publishing victim data on .onion leak sites to pressure payment.
- 02
Initial-access brokers selling RDP and VPN access on hidden-service forums.
● Frequently asked questions
What is Dark Web?
A subset of the internet that requires special software such as Tor or I2P to access and that intentionally hides both client and server identities. It belongs to the Attacks & Threats category of cybersecurity.
What does Dark Web mean?
A subset of the internet that requires special software such as Tor or I2P to access and that intentionally hides both client and server identities.
How does Dark Web work?
The Dark Web is the portion of the internet hosted on overlay networks (most prominently Tor's onion services and I2P's eepsites) that cannot be reached with a normal browser and standard DNS. Routing through layered, encrypted relays anonymises both visitors and operators, which is why it is used legitimately by journalists, dissidents, and whistleblowers, but also for cybercriminal marketplaces, ransomware leak sites, stolen-data brokers, and abuse-of-children material. Threat-intelligence teams monitor it to discover stolen credentials, exploit sales, and adversary infrastructure. Defences include continuous dark-web monitoring services, credential leak detection, takedown coordination, and blocking known Tor exit nodes from sensitive perimeters when appropriate.
How do you defend against Dark Web?
Defences for Dark Web typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Dark Web?
Common alternative names include: Darknet.
● Related terms
- attacks№ 296
Deep Web
All web content that is not indexed by public search engines, including private databases, intranets, and authenticated portals; distinct from the dark web.
- attacks№ 1165
Tor / Tor Browser
An anonymity network and hardened Firefox-based browser that routes traffic through three relays using onion routing to conceal user identity and destination.
- attacks№ 755
Onion Routing
An anonymous communication technique that wraps a message in nested layers of encryption, with each relay removing one layer until the payload reaches its destination.
- attacks№ 503
I2P
The Invisible Internet Project: a peer-to-peer anonymity network where every node also acts as a router, using unidirectional tunnels and garlic routing.
- defense-ops№ 901
Ransomware Gang
A financially motivated cybercriminal group that develops, operates, or distributes ransomware to extort organisations through file encryption and data leak threats.
- defense-ops№ 536
Initial Access Broker (IAB)
A cybercrime specialist who obtains unauthorised access to corporate networks and sells that access to other criminals, especially ransomware affiliates.