Home » Featured » Warning: More Onion Cloner Phishing Scams
Click Here To Hide Tor

Warning: More Onion Cloner Phishing Scams

No, its not new, but another round of “onion cloner” phishing scam is going around that will not only log your user and password but you cookies as well when you are logged into markets, this is the recent info as it was provided to us by Alphabay admin “DS”:

Original warning link on the forum: http://pwoah7foa6au2pul.onion/forum/index.php?threads/warning-phishing-links.4414/

Thanks to DS for taking the time and contacting us on Jabber so we could issue this warning / reminder.

I want to make a warning that there are phishing links posted (or attempts to post) on our forums, marketplace, personal messages (pms) & other places like reddit. The user responsible for the phishing links is the banned few days ago was ex-vendor “Logs” aka “TinKode” (user registered with this name on our forums) aka dev.null (with whom I talked on jabber). The user will surely be using this to create clone of other dark net marketplaces (as he has said in our conversation).

After visiting his phished link, I put a message to him (telling him to fuck off) in the password field. When he saw it in his logs, he found from the forums here one of my contacts and started talking me into buying his onion cloner script* – which I knew was free. The scammer asked 10 BTC and since I wanted more information (if it is something modified version of onion cloner etc.), I agreed. No deal took place of course. But we now know how he script works (we injected specific URLs which we now see in server logs) & we are working on blocking phishing links on both marketplace and forum. You can read the details of the conversation with the scammer in the Screenshots below:









The solution is dead simple – Please make sure to memorize the real market links or keep them locally in some text file, if you can’t do that than make sure that you are using links only from legit sources – such as our list , /r/darknetmarkets list or dnstats.net sidebar – No other source should be trusted and anyway, a manual check should be made to make sure you are not using a malicious exit node who might replace the links with phishing links.

* The onion cloner script enables to mirror any .onion website on the fly and only catching specified fields like username and password ones. The user browsing the phished website sees no difference between that one and the real website – except the URL. Be very careful when visiting links because it SNIFF your COOKIES if you are logged into the real marketplace.


  1. thanks for notify!! i was victim of one phishing link long time ago not good, plz get rid of scammers like this guy “Logs”


  2. dev.null what a faggot

  3. I can’t log in to my account. Won’t take my username or password. After many attempts. Have some orders to finalize. And just made a deposit, not fun. Need help please if you can notify Alphabays admin would sure be greatful.

  4. I was trying to find a .onion search engine and clicked the first link (it was a .onion). It took me to a blank page that just had a line at the top saying something like “this is a phishing link”.

    Was that a warning from tor saying that it stopped me from going to a malicious site or was that the phisher bragging, damage done?

Leave a Reply

Your email address will not be published. Required fields are marked *


Captcha: *