Kerberos Market Linked to Notorious Phisher DarknetOne
Your correspondent discovered that the official PGP-signed mirror list includes eight onion links. In which, links Alpha~Delta are on major darknet indexes including Darknetlive. The list of links is displayed in the screenshot below, with the original signed PGP message here, with a backup of the site's pgp key here.
Kerberos mirrors
What we came to discover concerns links Echo~Hotel, the exact four links are found on darknetone (snapshot). Darknetone is a known phishing site targeting darknet users, they profit by conducting man-in-the-middle attacks with the links distributed through their website, swapping out deposit addresses and stealing user credentials. We have taken a snapshot of their entire onion link section, with all of the markets with phishing links, to name a few: Tor2Door, ASAP, Abacus, Bohemia, Archetyp, Incognito, Vice City and many others. The interesting finding here is that not only is Kerberos the only market that does not have its links swapped out, but also the only market that has four links dedicated to be listed on darknetone.
In addition to colluding with a known phisher, Kerberos threatened the security of it's users by setting up a clearnet proxy (note: not rotational mirror distributor) that is protected and proxied by Cloudflare. Which also means, in layman terms, Cloudflare (a company under U.S. jurisdiction) can monitor and log every single thing you do on the market with the link. This is a major opsec breach, and is definitely a dangerous move that might result in arrests of buyers and vendors.
Taking into account all of the above findings, DarknetLive has decided to remove Kerberos from our index.
Edit: According to market admin Lucifer, Kerberos has removed all darknetone links, though not the exclusive mirrors. However, they have also removed the clearnet proxy, which is the main reason of the delisting. We've resumed listing of the market accordingly and will be closely monitoring the situation.
I'd like to make a point here that TLS encryption is not encrypted end-to-end from the client directly to the server itself if you are proxying through cloudflare. For those who do not use cloudflare, data is decrypted and then re-encrypted at cloudflare servers. It is fine if you use it as link generators or announcement posts. However, in the case of directly proxying market traffic, you are exposing user information at risk. Even if you do not use cloudflare, the seizure of clearnet proxies by law enforcement or a malicious third party will post a threat to LE honeypots and MITM attacks. Any onion service found using such proxying mechanism will be automatically delisted.
Comments (36)
DarknetLive2023-03-0221e60523
We're only pointing out the fact that they are colluding with darknetone in the article, the context never mentioned that they are absolutely the same group or whatsoever. The delisting is also a result from the security implications of their clearnet proxy. Collusion with darknetone is a factor, but it is not the sole reason.
Yannick2023-03-02863dfccb
It should be pointed out that yes most links on DarkNetOne are phishing sites, but Tor Market, Ares, Black Pyramid and TorZon do have genuine links. It may be that they make some exceptions for sites that pay them?
Noah2023-03-14a3f28df0
Hard to see those 4 sites as having a lot of extra cash to pay off darknetone when they barely get any traffic.
Lucifer2023-03-02fa755bcb
First of all, the links on DarkNetOne are not phishing links, they are the regular market links, so where is the problem? It's not our fault if someone refers our marketplace as a backproxy to a phishing link. dnstats.net does this for every marketplace and there are now countless more for all marketplaces. It is not for nothing that there is a huge anti-phishing message on the landing page. If someone doesn't take a few seconds to make sure they're on the right URL, we can't help them either. L
DarknetLive2023-03-031683bdbe
You're trying to divert the issue and context. They phish everyone else, but not yours. And while as pointed out by some others, there are a few smaller markets that they do not phish, Kerberos is the only one providing exclusive links dedicated for darknetone. Even if you're not behind darknetone, you still placed advertisements on a phishing site to finance the phishers. Furthermore, there is also the issue with your clearnet proxy server, which is a security risk.
mankampf2023-03-04d795f857
"we argue with ourselves everyday, i just finished an argument with a door handle and boy, does that door handle know whos boss now.. huh.. yea.. dat right.. me =1 doorhandle =0 avabuitovdatbr00000000
Philo2023-03-02b198bd41
not confirming that kerberos is colluding with darknetone, but it is suspicious.
bitch2023-03-1464d1587f
It absolutely is confirmation that kerberos is at the very least colluding with darknetone if they're not out and out the same person. How else can you explain exclusive links on kerberos to the notorious phishing site known as darknetone.
Archangel Michael2023-03-03359ce4d1
Kerberos is World and Nightmare market. Guys suck people's money for years and they're still doing well.
nigger2023-03-031a1a8ffe
kerberos "clearnet" backend ip's(normally behind cloudflare, also includes their shitty "secured clearnet access"); 185.130.45.200, 185.130.47.221
nigger2023-03-035dfdb686
https://archive.is/GWSmt https://archive.is/krwZc https://search.censys.io/hosts/185.130.47.221 https://search.censys.io/hosts/185.130.45.200 either feds, or absolute fucking retards. stay the fuck away.
yesbutno2023-03-099676e9f0
> Also this one of their onion mirrors kerberos iqgd .. is a phishing clone
randomnoise2023-03-0337c48be5
just use darknetlive and dark.fail and cross reference the links you are checking its very simple lol
Im Bitch UP232023-07-112e2b1f3c
Simple is subjective my friend and we don't know for sure how people think lol
DaddyCool2023-03-03677214e3
Reading through all these comments here it's proven once again to me: If everyone would only talk about things they understand and they're qualified to talk about, earth would be a very quiet planet :)
JannyPunisher2023-03-042718c421
holy shit its been a while since ive been on tor. How are you DNL and my fellow torniggercels. Also fuck trannies and jannies
sumboooodddeeeee2023-03-0974382b03
Yep, some will say otherwise. I rarely need to purchase a link since using other networks. The link purchasing is a bit discouraging considering all the lying and manipulation in this scene, but it will keep away particular crowds of people so not to draw unnecessary attention to the market. As with any market, hide your address, turn off scripts, use pgp, don't trade directly from exchange, enjoy.
yourmum2023-03-05d759c4c2
I remember that 1,5ish years ago the correct onion urls of asap market were on darknetone. Now the asap url is a phishing one. Darknetone team is probably still working on the kerberos proxy :p url will soon be changed to a phishing onion prolly xD
john 2023-03-06aaf46087
pretty sure I just got ripped off $250 dollars from darknetones tor2door link. I used it before with no issues. Never fell a victim of phishing before but let my guard down. Really fucking sucks
HexxAnonymous2023-03-139fad8754
Yup this exact thing happened to me I lost $60.. shitty lesson reminder!
Fxxk the phishing bi2023-03-203792bf17
I got ripped off of $450 on vice city an $410 on another site I forgot this some bull crap ant been to the web in a minute now its like every site taking your money how do you find all the proper site wtf man
WideSpreadPanic1012023-03-071190b2f5
It is virtually impossible to get phished these days. Just verify the fucking links you twats!
justme2023-03-09afdc095b
Trying to verify using dark.fail's PGP tool. It's saying the public key is invalid. Also, when decrypting the 2FA message when logging into Kerberos, I get a message that the fingerprint is incorrect - signature not verified. Anyone else have issues? I haven't entered the verification code to log in since I'm not sure it's safe.
Lies2023-03-121d0397b4
You should verify your own sigs not use dark.fail if you really used Kerberos you would of use dark train to get the links good try on scam review.
askurmomshenamedme2023-04-1323defc53
I was recently scammed by vendor C4RD1NGC0D3 on Kerberos. Based on the recent feedbacks he has received, many others were too. This user had a reputation of 8 and had the "finalized early" feature enabled for him, which according to Kerberos only very reliable and extensively checked vendors get. It's some sort of a "trust" mark awarded to select vendors, but there are no guarantees if a vendor does turn out to be a nasty scammer. C4RD1NGC0D3 turned out to be a nasty scammer, took tens of thousands of dollars, and left the scene. Sad shit.
Tidbitz2023-03-02a0b12ea1
This is strange and suspicious, but it is not proof that Kerberos Market is working with or are the same people as DarkNetOne. Maybe Kerberos paid to be listed on DarkNetOne? It will be interesting to see Kerberos respond to this. Disclaimer: I am not an advocate for Kerberos and the whole "welcome-to-hell" vibe is off-putting and nutty.