A Warning from DutchDrugz About Phishing Sites and Tor2Web Proxies


The active phishing campaigns impacting the users of the larger darkweb marketlaces have also been hurting the customers of darkweb vendors operating their own shops. One prolific vendor, DutchDrugz, posted a warning to customers and potential customers.

The following is via DutchDrugz as emailed to darknetlive and posted elsewhere.


Fellow Psychonauts, Customers and other Rebels,

We repost this since we are getting flooded by people claiming missing funds, only to realize they searched for our vendor shop through the clearnet, and found tor proxy links to our site, where all traffic is monitored (AND MODIFIED) by a hacker. Quite honestly, we used to feel sorry for the poor souls, yet now we are getting annoyed. With all the info just one click away, it’s avoidable for users and also quite tiresome.

It has been an ever present occurrence, in rare incidents customers reported missing deposits, only to realize they were scammed with malware that changes BTC and other Crypto addresses when you copy it. Yet there is a new form, which is a bit more sophisticated, but can only fool new users, and the volume has increased immensely since the first time we warned in March.

CHECK YOUR URLS

Since the demise of DeepDotWeb, people are scrambling for links, and scammers know this…

  • Please visit Dark.fail for current links, see links below.
  • DDW has a very good replacement site, darknetlive.com
  • Also, you still have TMG, Dread, Avengers and TheHub, please verify links at multiple sources.
  • And last but not least, read the profile of any vendor for available mirrors and to check url’s!

There seem to be clearnet proxy url’s active which users get linked to if they search for me or any other DNM/Vendor Shop on the clearnet, I know, please don’t do that :). So besides that you shouldn’t do that, the site which you get connected ends with “.pet” in the link, so not “.onion” but “.pet”. We will never create such unsafe links, yet we cannot do anything about it, it’s just a clear net proxy to tor to our vendor shop. The crafty part about this, the site link is completely the same, except “.pet” at the end, you really do register and login on my vendor shop, yet all traffic is seen and can be altered by the one hosting the link, which clearly happens… If you load your wallet, the attacker(s) will show you THEIR address… Little stealing bitches…

There exist also completely fake .onion links, so please please verify your shit :).

UPDATE

We have done more research and discovered complete fake copies of deepdotweb and many other sites. It seems if people search on the clearnet for markets or vendors, they get linked almost certainly to a phishing site, it’s quite alarming, it used to be incidental, now it seems 1000’s of scammers are preying on new-comers… Please make sure to check all your links and bookmark them.

Maybe this method is old already, but it’s the first I heard about it. Also, normally we get a report once in a while, but it seems the efforts are intesified to scam new people, since we now had multiple reports in 1 week, all new users! Please be alert, please double check your addresses after pasting it, when in doubt, don’t send, message me :). We use static addresses, so if you see a changed address, it means you are not on my website or are being monitored by a hacker!

For safety and as a reminder, these are the official links;

POIs

http://dreadditevelidot.onion/d/DutchDrugzSupport
* DutchDrugz’s Official VendorShop:

http://dutchdr5gsol4dde.onion/auth/register
* Mirrors (Save them):

psychedw74haryuk.onion

dutchdrupgghkfcn.onion

piad7flqjmclmvup.onion
* Majestic Garden Profile:

http://nzlbyrcvvqtrkxiu.onion/index.php?topic=16494.0