The paper deals with the issues of ensuring the security of communications on the Internet, anonymous access to network resources. The problem situation is revealed, which consists in increasing the probability of deanonymization of users of the TOR network when using servers under a single administrative management in the same chain. An approach to identifying «hidden groups» of TOR anonymous network servers is proposed by analyzing the frequency of server characteristics and clustering them based on the similarity measure. The conducted research allowed us to identify ways to improve the software of the TOR anonymous network and improve the security of users