Console

Initial Access: Successful API call made from a TOR proxy IP

This document describes a threat finding type in Security Command Center. Threat findings are generated by threat detectors when they detect a potential threat in your cloud resources. For a full list of available threat findings, see Threat findings index.

Finding description

A successful API call was made to your GKE cluster from an IP address associated with the Tor network. Tor provides anonymity, which attackers often exploit to hide their identity.

Investigate the nature of the API call and the accessed resources.
Review your network policies and firewall rules to block access from Tor proxy IP addresses.

What's next

Learn how to work with threat findings in Security Command Center.
Refer to the Threat findings index.
Learn how to review a finding through the Google Cloud console.
Learn about the services that generate threat findings.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-08-21 UTC.

Initial Access: Successful API call made from a TOR proxy IP Stay organized with collections Save and categorize content based on your preferences.

Finding description

What's next

Initial Access: Successful API call made from a TOR proxy IP