The most well-known method of accessing the dark web is through Tor browser. The dark web sites on Tor have .onion attached right at the end of the web address, and can only be accessed by said web browser. However, there are methods used to access dark web sites without using Tor. In this article, we will cover how we can access dark web sites with a regular browser, as well as the methods used to identify and research actual dark web sites belonging to hacker groups.

How to Access the Dark Web With a Regular Browser

Can we access a website with the .onion domain through Chrome, a regular web browser?

We can access a dark web site through a regular browser if it has a .ly attached right after the domain. (While accessing the website is a possibility, we don’t recommend it.)

The onion.ly domain is a proxy server domain address provided by Tor2Web. Tor2Web is a service that allows users access to Onion services from a regular browser.

다크웹 접속 방법 중 하나인 Tor2Web의 Onion.ly 프록시 서버 안내 페이지
Tor2Web’s guide page to Onion.ly Proxy Servers, one of the ways used to access the dark web

Dark web sites that end in onion.ly are in a similar format as this one (hxxp://abcdxxx1234[.]onion.ly), and users can access it with their standard browser as if it were accessed with Tor.

Onion.ly Domains Used by Hackers

Notorious ransomware groups are the ones that use onion.ly links most often. This is because when a victim’s computer is infected by ransomware, attackers demand ransom through dark websites. Therefore, they provide onion.ly links so victims can access dark websites with regular browsers. Please refer to our article on LockBit 3.0 ransomware case study, where we determine how ransomware is distributed and what must be done to prevent it.

As we can see in the list below, plenty of actual ransomware websites use onion.ly links. Provided below are actual ransomware links found in ransomware distribution files and a how-to guide to paying the ransom they demand.

  • Maxey Moverley
    hxxp://omegalock5zxwbhswbiscxxxxvdulyvtqqbudqousisjgc7j7yd[.]onion[.]ly
  • Blackbyte Group
    hxxp://jbeg2dct2zhku6c2vwnpxtmxxxxxnqvvpoiiwr5hxnc6wrp3uhnad[.]onion[.]ly
  • DAIXIN Team
    hxxp://7ukmkdtyxdkdivtjad57klqnd3kdsmq6tpxxxxu76zzv3jvitlqd[.]onion[.]ly
  • Everest Ransom Team
    hxxp://ransomocmou6mnbquqzxxxxjk3o5qjsl3orawojexfook2j7esad[.]onion[.]ly/about

Detect the Onion.ly Domain With an OSINT Search Engine

As stated, onion.ly links are but one method utilized in accessing the dark web, where clicking the link will automatically redirect you to a dark web site. Accessing the link alone can become a legal problem depending on the country you reside. Furthermore, accessing websites hosted by ransomware group hackers can make users a target, as domain providers can easily access IP addresses.

Search results for the onion.ly domain analyzed by the Security OSINT search engine, Criminal IP

The results show that the domain has an abuse record and is detected as phishing URL.

In addition, real-time website screenshots can be checked without direct access, as shown below.

Search results for the onion.ly domain analyzed by Criminal IP. Live webpage screenshot available
Screenshot of dark web website belonging to 0mega hacker group, found with Domain Search

Use these methods to analyze dark web sites when necessary, all without installing the Tor web browser.
We recommend using Security OSINT search engines when analyzing and obtaining specific information regarding the dark web, as described in this article.

Source : Criminal IP (https://www.criminalip.io)

Related Article(s) : 

LockBit 3.0 Ransomware Case Study: A Huge Cybersecurity Risk