Why does my router IP (192.168.2.1) say "www.onion-router.net" in GlassWire?

I looked up onion-router.net and apparently it’s related to Tor. And I’ve never used Tor.

Thank you for your post. Where exactly in GlassWire does it say this?

It said it in the Firewall tab and in the Usage tab under Hosts.

If it’s under Firewall and usage may I ask what application is accessing the host? I don’t know why GlassWire would say that but maybe by knowing the application name/type I can help some or someone else can.

Thank you.

? if the device has a virus, and the virus is calling home via the TOR network, then glasswire MIGHT display this.?

Timothy, Are you running a TOR client?

If a normal web browser on the device in question was visiting a legitimate website, and the legitamate website pointed the browser to an image hosted in TOR, then Glasswire might show this?

Thanks for the response. I’ve never used TOR and I’ve never intentionally downloaded a client. The part about there possibly being some virus is what I’m worried about. What’s weird is that if I visit www.onion-router.net, it shows my router’s page as if it’s 192.168.2.1 exactly. I’ve even checked the headers and everything via Chrome’s inspector and it operates exactly like my Belkin router would. There also isn’t any iframe pointing towards 192.168.2.1. It goes directly there.

I don’t have any experience using TOR so I don’t understand how it’s possible. All I can say is that GlassWire has nothing to do with TOR.

You should check you host file located at %SystemRoot%\system32\drivers\etc\hosts and see if there is any entry containing www.onion-router.net ?

1 Like

I just checked the hosts file and everything appears to be default. I also visited the URL on another machine on the network and it also takes me to my router’s page. I’m not the only one who uses the router, so the only logical conclusion is that the router has been set to work this way, possibly via firmware or some obscure setting I couldn’t find. It’s an older Belkin router: http://cache-www.belkin.com/support/dl/man_f7d2301_v1_8820-00372_surf_router.pdf

I entered the default IP address 192.168.254.254 in my router. My router IP also said that it is onion-router. What should I do?

I’m not sure what you are saying or asking:

  1. Do you mean that GlassWire is showing your router IP address of 192.168.254.254 as an “onion-router”?

  2. Are you concerned about “onion-router” being bad and that you might get into trouble of some sort?

  • onion-router.net is a website that is not a security issue because that site is only a historical record of the original project by the US Navy up until 2005. So any link that site does not make you a user of TOR (The Onion Router).

  • The use of a TOR browser is not illegal in most jurisdictions and it does not mean that you are using TOR for illegal purposes.

  • Maybe your ISP prohibits use of TOR which is why you are concerned?

@alice10 Please try this:

Press Windows Key + R, a prompt should open, in the text field enter “cmd”, then a window with white text on black background should open, there enter “nslookup onion-router.net” in the output check for “non-authoritative answer:” and see the address which is in the output, does it match your router’s IP address?

Edit: Something must’ve told GlassWire that your Router’s IP address is related to tor, my suspicious are: Your ISP is blocking tor using a DNS restriction which resolves the address to your own Router (thus preventing you from accessing the real site) or for some reason it is entered as the reverse DNS for your router’s IP.

If your router was used somehow via tor to extract data from your PC I don’t see why it would show up like that, it would just show the router’s IP (as it does normally).

1 Like

i will myself be using Tor in the future for non illegal stuff, just to keep me safe. will that affect glasswares ability to track the data packets i produce and receive?

@Ultrasnoop

No, Tor should not cause any issues with GlassWire.

1 Like