[tor-talk] Warning: 255 fake and booby trapped onion sites

Nurmi, Juha juha.nurmi at ahmia.fi
Tue Jun 30 22:32:38 UTC 2015

On Tue, Jun 30, 2015 at 5:59 AM, Roger Dingledine <arma at mit.edu> wrote:

> If somebody could investigate how the fake onion services differ from
> the real ones, that would be neat.

I made a comparison and noticed that the attacker is replacing all the
Bitcoin addresses. Obviously the attacker is replacing links with the fake
links too. I don't see any other difference in any level than this: The
transparent proxy is just slightly slower but hard to detect from the real
service and the HTTP server headers looks fine.


More information about the tor-talk mailing list