The most well-known method of accessing the dark web is through Tor browser. The dark web sites on Tor have .onion attached right at the end of the web address, and can only be accessed by said web browser. However, there are methods used to access dark web sites without using Tor. In this article, we will cover how we can access dark web sites with a regular browser, as well as the methods used to identify and research actual dark web sites belonging to hacker groups.
How to Access the Dark Web with a Regular Browser
Can we access a website with the .onion domain through Chrome, a regular web browser?
We can access a dark web site through a regular browser if it has a .ly attached right after the domain. (While accessing the website is a possibility, we don’t recommend it.)
Dark web sites that end in onion.ly and are in a similar format as this one (hxxp://abcdxxx1234[.]onion.ly) and users can access it with their standard browser, exactly as if it were accessed with Tor.
Onion.ly Domains used by Hackers
Notorious ransomware groups are the ones that use onion.ly links most often. This is because when a victim’s computer is infected by ransomware, attackers demand ransom through dark websites. They provide onion.ly links so that victims can access the dark websites with their regular browser. Read more about this in our LockBit 3.0 ransomware case study, where we determine how ransomwares are distributed and what must be done to prevent them.
As we can see in the list below, plenty of actual ransomware websites use onion.ly links. Provided below are actual ransomware links found in ransomware distribution files, as well as a how to guide to paying the ransom they demand.
- Maxey Moverley
- Blackbyte Group
- DAIXIN Team
- Everest Ransom Team
Inspecting the Onion.ly domain with a Security OSINT Search Engine
As stated, onion.ly links are but one method utilized in accessing the dark web, where clicking the link will automatically redirect you to a dark web site. Accessing the link alone can become a legal problem depending on the country you reside. Furthermore, accessing web sites hosted by ransomware group hackers can lead users to becoming a target as domain providers can easily accessing IP addresses.
The results show that the Abuse Record deems this link as a Phishing URL.
In addition, real-time website screenshots can be checked without direct access, as shown below.
Use these methods to analyze dark web sites when necessary, all without installing the Tor web browser.
We recommend users to use Security OSINT search engines when trying to obtain certain information regarding dark web as described in this article.
Related Article(s) :