The most well-known method of accessing the dark web is through Tor browser. The dark web sites on Tor have .onion attached right at the end of the web address, and can only be accessed by said web browser. However, there are methods used to access dark web sites without using Tor. In this article, we will cover how we can access dark web sites with a regular browser, as well as the methods used to identify and research actual dark web sites belonging to hacker groups.

How to Access the Dark Web with a Regular Browser

Can we access a website with the .onion domain through Chrome, a regular web browser?

We can access a dark web site through a regular browser if it has a .ly attached right after the domain. (While accessing the website is a possibility, we don’t recommend it.)

The onion.ly domain is a proxy server domain address provided by Tor2Web. Tor2Web is a service dedicated to allow users access to Onion services from a regular browser.

다크웹 접속 방법 중 하나인 Tor2Web의 Onion.ly 프록시 서버 안내 페이지
Tor2Web’s guide page to Onion.ly Proxy Servers, one of the ways used to access the dark web

Dark web sites that end in onion.ly and are in a similar format as this one (hxxp://abcdxxx1234[.]onion.ly) and users can access it with their standard browser, exactly as if it were accessed with Tor.

Onion.ly Domains used by Hackers

Notorious ransomware groups are the ones that use onion.ly links most often. This is because when a victim’s computer is infected by ransomware, attackers demand ransom through dark websites. They provide onion.ly links so that victims can access the dark websites with their regular browser. Read more about this in our LockBit 3.0 ransomware case study, where we determine how ransomwares are distributed and what must be done to prevent them.

As we can see in the list below, plenty of actual ransomware websites use onion.ly links.  Provided below are actual ransomware links found in ransomware distribution files, as well as a how to guide to paying the ransom they demand.

  • Maxey Moverley
    hxxp://omegalock5zxwbhswbiscxxxxvdulyvtqqbudqousisjgc7j7yd[.]onion[.]ly
  • Blackbyte Group
    hxxp://jbeg2dct2zhku6c2vwnpxtmxxxxxnqvvpoiiwr5hxnc6wrp3uhnad[.]onion[.]ly
  • DAIXIN Team
    hxxp://7ukmkdtyxdkdivtjad57klqnd3kdsmq6tpxxxxu76zzv3jvitlqd[.]onion[.]ly
  • Everest Ransom Team
    hxxp://ransomocmou6mnbquqzxxxxjk3o5qjsl3orawojexfook2j7esad[.]onion[.]ly/about

Inspecting the Onion.ly domain with a Security OSINT Search Engine

As stated, onion.ly links are but one method utilized in accessing the dark web, where clicking the link will automatically redirect you to a dark web site. Accessing the link alone can become a legal problem depending on the country you reside. Furthermore, accessing web sites hosted by ransomware group hackers can lead users to becoming a target as domain providers can easily accessing IP addresses.

Search results for the onion.ly domain analyzed by Security OSINT search engine, Criminal IP

The results show that the Abuse Record deems this link as a Phishing URL.

In addition, real-time website screenshots can be checked without direct access, as shown below.

Search results for the onion.ly domain analyzed by Criminal IP. Live webpage screenshot available
Screenshot of dark web website belonging to 0mega hacker group, found with Domain Search

Use these methods to analyze dark web sites when necessary, all without installing the Tor web browser.
We recommend users to use Security OSINT search engines when trying to obtain certain information regarding dark web as described in this article.


Source : Criminal IP (https://www.criminalip.io)

Related Article(s) :