The most well-known method of accessing the dark web is through Tor browser. The dark web sites on Tor have .onion attached right at the end of the web address, and can only be accessed by said web browser. However, there are methods used to access dark web sites without using Tor. In this article, we will cover how we can access dark web sites with a regular browser, as well as the methods used to identify and research actual dark web sites belonging to hacker groups.
How to Access the Dark Web With a Regular Browser
Can we access a website with the .onion domain through Chrome, a regular web browser?
We can access a dark web site through a regular browser if it has a .ly attached right after the domain. (While accessing the website is a possibility, we don’t recommend it.)
The onion.ly domain is a proxy server domain address provided by Tor2Web. Tor2Web is a service that allows users access to Onion services from a regular browser.
Dark web sites that end in onion.ly are in a similar format as this one (hxxp://abcdxxx1234[.]onion.ly), and users can access it with their standard browser as if it were accessed with Tor.
Onion.ly Domains Used by Hackers
Notorious ransomware groups are the ones that use onion.ly links most often. This is because when a victim’s computer is infected by ransomware, attackers demand ransom through dark websites. Therefore, they provide onion.ly links so victims can access dark websites with regular browsers. Please refer to our article on LockBit 3.0 ransomware case study, where we determine how ransomware is distributed and what must be done to prevent it.
As we can see in the list below, plenty of actual ransomware websites use onion.ly links. Provided below are actual ransomware links found in ransomware distribution files and a how-to guide to paying the ransom they demand.
- Maxey Moverley
hxxp://omegalock5zxwbhswbiscxxxxvdulyvtqqbudqousisjgc7j7yd[.]onion[.]ly - Blackbyte Group
hxxp://jbeg2dct2zhku6c2vwnpxtmxxxxxnqvvpoiiwr5hxnc6wrp3uhnad[.]onion[.]ly - DAIXIN Team
hxxp://7ukmkdtyxdkdivtjad57klqnd3kdsmq6tpxxxxu76zzv3jvitlqd[.]onion[.]ly - Everest Ransom Team
hxxp://ransomocmou6mnbquqzxxxxjk3o5qjsl3orawojexfook2j7esad[.]onion[.]ly/about
Detect the Onion.ly Domain With an OSINT Search Engine
As stated, onion.ly links are but one method utilized in accessing the dark web, where clicking the link will automatically redirect you to a dark web site. Accessing the link alone can become a legal problem depending on the country you reside. Furthermore, accessing websites hosted by ransomware group hackers can make users a target, as domain providers can easily access IP addresses.
The results show that the domain has an abuse record and is detected as phishing URL.
In addition, real-time website screenshots can be checked without direct access, as shown below.
Use these methods to analyze dark web sites when necessary, all without installing the Tor web browser.
We recommend using Security OSINT search engines when analyzing and obtaining specific information regarding the dark web, as described in this article.
Source : Criminal IP (https://www.criminalip.io)
Related Article(s) :
Leave a Reply