Hello Tor community, In June I warned Tor users about the presence of hundreds of fake and booby trapped .onion websites [1].
Someone runs a fake site on a similar address to the original one and tries to fool people with that. The sites look like the original ones. These sites are actually working as a transparent proxy to real sites. In addition, the attacker works as MITM and rewrites some content. It is possible that the attacker is gathering information, including user names and passwords. My search engine Ahmia.fi filtered these fake sites. As a response, eventually, the attacker deleted old fake sites and started to generate new ones. See, for instance, my own search engine Ahmia and a fake new version of it: https://ahmia.fi/static/fake_ahmia.png I filtered them again. This way I am protecting the Tor users. Be careful, it's hard to distinguish between the real and the fake site. Make sure you are using the real ones! So far I have found 37 new domains of the attacker. See the list below. Peace, Juha [1] https://lists.torproject.org/pipermail/tor-talk/2015-June/038295.html REAL: http://25cs4ammearqrw4e.onion/ FAKE: http://pythonmkwmxhozin.onion/ REAL: http://2kka4f23pcxgqkpv.onion/ FAKE: http://euroguns4c7rswkh.onion/ REAL: http://54ogum7gwxhtgiya.onion/ FAKE: http://technodowmx53kwg.onion/ REAL: http://abbujjh5vqtq77wg.onion/ FAKE: http://identityw72gv5j6.onion/ REAL: http://acropol4ti6ytzeh.onion/ FAKE: http://acropolzxeerrvsp.onion/ REAL: http://answerstedhctbek.onion/ FAKE: http://answershuhpdxtab.onion/ REAL: http://auutwvpt2zktxwng.onion/ FAKE: http://oniondirw6dno3tb.onion/ REAL: http://bm26rwk32m7u7rec.onion/ FAKE: http://majesticdbvbzbv5.onion/ REAL: http://cryptomktgxdn2zd.onion/ FAKE: http://cryptonwmifsy3ws.onion/ REAL: http://deepdot35wvmeyd5.onion/ FAKE: http://deepdot53faojvzi.onion/ REAL: http://directdal7bourmy.onion/ FAKE: http://linkdirzabianoxp.onion/ REAL: http://dirnxxdraygbifgc.onion/ FAKE: http://dirnxxdemauthipe.onion/ REAL: http://easycoinsayj7p5l.onion/ FAKE: http://easycoincdttveyq.onion/ REAL: http://en35tuzqmn4lofbk.onion/ FAKE: http://fakeidsannnxrk3h.onion/ REAL: http://escobarkz55dlmo3.onion/ FAKE: http://escobarsxo7w6huz.onion/ REAL: http://gerpla4igmngtpgw.onion/ FAKE: http://gerpla4raarp2jwe.onion/ REAL: http://grams7enufi7jmdl.onion/ FAKE: http://grams7qs7lnmmidl.onion/ REAL: http://gunsjf3dxsaf6mwg.onion/ REAL: http://gunsnbmobn7evasc.onion/ FAKE: http://gunsj3xe6iaugsgg.onion/ FAKE: http://gunsnsdlbts2jhdu.onion/ REAL: http://gunsp2oe4irjxwog.onion/ FAKE: http://guns2pqyxlcd7ge5.onion/ REAL: http://hansamkt2rr6nfg3.onion/ FAKE: http://hansamktso6yaelv.onion/ REAL: http://hwikis25cffertqe.onion/ FAKE: http://hwikis27hjxsfpho.onion/ REAL: http://lchudifyeqm4ldjj.onion/ FAKE: http://lchudispi47ay5jj.onion/ REAL: http://mobil7rab6nuf7vx.onion/ FAKE: http://mobileshpc3xcw2u.onion/ REAL: http://msydqstlz2kzerdg.onion/ FAKE: http://ahmiafibdbbagojp.onion/ REAL: http://nucleuspf3izq7o6.onion/ FAKE: http://nucleuseeiya3532.onion/ REAL: http://outfor6jwcztwbpd.onion/ FAKE: http://outfor6nwtntdgpj.onion/ REAL: http://ow24et3tetp6tvmk.onion/ FAKE: http://onionwltue7vuznr.onion/ REAL: http://pfoxkj3p65uyc5pe.onion/ FAKE: http://pfoxkj2sjkqvxgpe.onion/ REAL: http://pwoah7foa6au2pul.onion/ FAKE: http://alphabayy72eux2w.onion/ REAL: http://reloadedudjtjvxr.onion/ FAKE: http://reloadedflayygcf.onion/ REAL: http://shopsat2dotfotbs.onion/ FAKE: http://shopsat4otwvudzl.onion/ REAL: http://tfwdi3izigxllure.onion/ FAKE: http://applestr7kcsyvuf.onion/ REAL: http://tochka3evlj3sxdv.onion/ FAKE: http://tochka3doxdirurf.onion/ REAL: http://torlinkbgs6aabns.onion/ FAKE: http://torlinksb7apugxr.onion/ REAL: http://valhallaxmn3fydu.onion/ FAKE: http://valhalla4qb6qccm.onion/ REAL: http://vendor7zqdpty4oo.onion/ FAKE: http://vendor7eewu66mcc.onion/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk