[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Warning: 37 new booby trapped onion sites

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Warning: 37 new booby trapped onion sites
From: "Nurmi, Juha" <juha.nurmi@xxxxxxxx>
Date: Tue, 26 Jan 2016 14:10:09 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 26 Jan 2016 07:10:22 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ahmia-fi.20150623.gappssmtp.com; s=20150623; h=mime-version:date:message-id:subject:from:to:content-type; bh=6cAHAb0iDCLOcIbcZsmAQvUf4J3KJZxnkDyfWZ6oMWI=; b=DqtvPmdJUD8RbJ5pIhlpdg8c5lTDZON6v19TJXgAe1OD2vBvJlYHFi3/42sqJcRNyp M2Rc0MoHsjZ2EXKDv98Mk9Yh8LKqjuWFpqG7CZ6L17UcTYpgofiEnP54XOIWSxJNGxgz EZh8tmOULopisLeNW20D9c8TuIwZnWnZTuJSA5SHd9mtfXeQ5nKn65FdrUqvRbiAjhO4 kzo5AE3sCLLq1Jaa9pQa8P0k3aRIDrqkAaX+a4oZW64izAimiffZdrcRIxqAASGWZ8/J 9208VF1uTfVYeamX9lpRgw++u6Urf1JfGtFcEFW4EJY+ssrF/jSIoZX1g2st+m2NUKMc y86A==
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Hello Tor community,

In June I warned Tor users about the presence of hundreds of fake and booby
trapped .onion websites [1].

Someone runs a fake site on a similar address to the original one and tries
to fool people with that. The sites look like the original ones.

These sites are actually working as a transparent proxy to real sites. In
addition, the attacker works as MITM and rewrites some content. It is
possible that the attacker is gathering information, including user names
and passwords.

My search engine Ahmia.fi filtered these fake sites. As a response,
eventually, the attacker deleted old fake sites and started to generate new
ones.

See, for instance, my own search engine Ahmia and a fake new version of it:

https://ahmia.fi/static/fake_ahmia.png

I filtered them again. This way I am protecting the Tor users.

Be careful, it's hard to distinguish between the real and the fake site.
Make sure you are using the real ones!

So far I have found 37 new domains of the attacker. See the list below.

Peace,
Juha

[1] https://lists.torproject.org/pipermail/tor-talk/2015-June/038295.html

REAL: http://25cs4ammearqrw4e.onion/
FAKE: http://pythonmkwmxhozin.onion/
REAL: http://2kka4f23pcxgqkpv.onion/
FAKE: http://euroguns4c7rswkh.onion/
REAL: http://54ogum7gwxhtgiya.onion/
FAKE: http://technodowmx53kwg.onion/
REAL: http://abbujjh5vqtq77wg.onion/
FAKE: http://identityw72gv5j6.onion/
REAL: http://acropol4ti6ytzeh.onion/
FAKE: http://acropolzxeerrvsp.onion/
REAL: http://answerstedhctbek.onion/
FAKE: http://answershuhpdxtab.onion/
REAL: http://auutwvpt2zktxwng.onion/
FAKE: http://oniondirw6dno3tb.onion/
REAL: http://bm26rwk32m7u7rec.onion/
FAKE: http://majesticdbvbzbv5.onion/
REAL: http://cryptomktgxdn2zd.onion/
FAKE: http://cryptonwmifsy3ws.onion/
REAL: http://deepdot35wvmeyd5.onion/
FAKE: http://deepdot53faojvzi.onion/
REAL: http://directdal7bourmy.onion/
FAKE: http://linkdirzabianoxp.onion/
REAL: http://dirnxxdraygbifgc.onion/
FAKE: http://dirnxxdemauthipe.onion/
REAL: http://easycoinsayj7p5l.onion/
FAKE: http://easycoincdttveyq.onion/
REAL: http://en35tuzqmn4lofbk.onion/
FAKE: http://fakeidsannnxrk3h.onion/
REAL: http://escobarkz55dlmo3.onion/
FAKE: http://escobarsxo7w6huz.onion/
REAL: http://gerpla4igmngtpgw.onion/
FAKE: http://gerpla4raarp2jwe.onion/
REAL: http://grams7enufi7jmdl.onion/
FAKE: http://grams7qs7lnmmidl.onion/
REAL: http://gunsjf3dxsaf6mwg.onion/
REAL: http://gunsnbmobn7evasc.onion/
FAKE: http://gunsj3xe6iaugsgg.onion/
FAKE: http://gunsnsdlbts2jhdu.onion/
REAL: http://gunsp2oe4irjxwog.onion/
FAKE: http://guns2pqyxlcd7ge5.onion/
REAL: http://hansamkt2rr6nfg3.onion/
FAKE: http://hansamktso6yaelv.onion/
REAL: http://hwikis25cffertqe.onion/
FAKE: http://hwikis27hjxsfpho.onion/
REAL: http://lchudifyeqm4ldjj.onion/
FAKE: http://lchudispi47ay5jj.onion/
REAL: http://mobil7rab6nuf7vx.onion/
FAKE: http://mobileshpc3xcw2u.onion/
REAL: http://msydqstlz2kzerdg.onion/
FAKE: http://ahmiafibdbbagojp.onion/
REAL: http://nucleuspf3izq7o6.onion/
FAKE: http://nucleuseeiya3532.onion/
REAL: http://outfor6jwcztwbpd.onion/
FAKE: http://outfor6nwtntdgpj.onion/
REAL: http://ow24et3tetp6tvmk.onion/
FAKE: http://onionwltue7vuznr.onion/
REAL: http://pfoxkj3p65uyc5pe.onion/
FAKE: http://pfoxkj2sjkqvxgpe.onion/
REAL: http://pwoah7foa6au2pul.onion/
FAKE: http://alphabayy72eux2w.onion/
REAL: http://reloadedudjtjvxr.onion/
FAKE: http://reloadedflayygcf.onion/
REAL: http://shopsat2dotfotbs.onion/
FAKE: http://shopsat4otwvudzl.onion/
REAL: http://tfwdi3izigxllure.onion/
FAKE: http://applestr7kcsyvuf.onion/
REAL: http://tochka3evlj3sxdv.onion/
FAKE: http://tochka3doxdirurf.onion/
REAL: http://torlinkbgs6aabns.onion/
FAKE: http://torlinksb7apugxr.onion/
REAL: http://valhallaxmn3fydu.onion/
FAKE: http://valhalla4qb6qccm.onion/
REAL: http://vendor7zqdpty4oo.onion/
FAKE: http://vendor7eewu66mcc.onion/
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Warning: 37 new booby trapped onion sites
  - From: I

Prev by Author: [tor-talk] New Ahmia search released
Next by Author: [tor-talk] 4 relays advertising >1000 MByte/s each
Previous by thread: Re: [tor-talk] Private Internet Access VPN drops Tor connection randomly
Next by thread: Re: [tor-talk] Warning: 37 new booby trapped onion sites
Index(es):
- Author
- Thread