Kerberos Market Linked to Notorious Phisher DarknetOne

~2 min read | Published on 2023-03-02, tagged Darkweb-MarketDelistedPhishing using 446 words.

Kerberos, a young darknet marketplace, was discovered to be linked to a notorious phishing site. And hence has been delisted from our index.

Your correspondent discovered that the official PGP-signed mirror list includes eight onion links. In which, links Alpha~Delta are on major darknet indexes including Darknetlive. The list of links is displayed in the screenshot below, with the original signed PGP message here, with a backup of the site's pgp key here.

Kerberos mirrors


What we came to discover concerns links Echo~Hotel, the exact four links are found on darknetone (snapshot). Darknetone is a known phishing site targeting darknet users, they profit by conducting man-in-the-middle attacks with the links distributed through their website, swapping out deposit addresses and stealing user credentials. We have taken a snapshot of their entire onion link section, with all of the markets with phishing links, to name a few: Tor2Door, ASAP, Abacus, Bohemia, Archetyp, Incognito, Vice City and many others. The interesting finding here is that not only is Kerberos the only market that does not have its links swapped out, but also the only market that has four links dedicated to be listed on darknetone.
In addition to colluding with a known phisher, Kerberos threatened the security of it's users by setting up a clearnet proxy (note: not rotational mirror distributor) that is protected and proxied by Cloudflare. Which also means, in layman terms, Cloudflare (a company under U.S. jurisdiction) can monitor and log every single thing you do on the market with the link. This is a major opsec breach, and is definitely a dangerous move that might result in arrests of buyers and vendors.
Taking into account all of the above findings, DarknetLive has decided to remove Kerberos from our index.
Edit: According to market admin Lucifer, Kerberos has removed all darknetone links, though not the exclusive mirrors. However, they have also removed the clearnet proxy, which is the main reason of the delisting. We've resumed listing of the market accordingly and will be closely monitoring the situation.
I'd like to make a point here that TLS encryption is not encrypted end-to-end from the client directly to the server itself if you are proxying through cloudflare. For those who do not use cloudflare, data is decrypted and then re-encrypted at cloudflare servers. It is fine if you use it as link generators or announcement posts. However, in the case of directly proxying market traffic, you are exposing user information at risk. Even if you do not use cloudflare, the seizure of clearnet proxies by law enforcement or a malicious third party will post a threat to LE honeypots and MITM attacks. Any onion service found using such proxying mechanism will be automatically delisted.

Comments (36)


Tidbitz2023-03-02
a0b12ea1

This is strange and suspicious, but it is not proof that Kerberos Market is working with or are the same people as DarkNetOne. Maybe Kerberos paid to be listed on DarkNetOne? It will be interesting to see Kerberos respond to this. Disclaimer: I am not an advocate for Kerberos and the whole "welcome-to-hell" vibe is off-putting and nutty.

DarknetLive2023-03-02
21e60523

We're only pointing out the fact that they are colluding with darknetone in the article, the context never mentioned that they are absolutely the same group or whatsoever. The delisting is also a result from the security implications of their clearnet proxy. Collusion with darknetone is a factor, but it is not the sole reason.

Yannick2023-03-02
863dfccb

It should be pointed out that yes most links on DarkNetOne are phishing sites, but Tor Market, Ares, Black Pyramid and TorZon do have genuine links. It may be that they make some exceptions for sites that pay them?

Noah2023-03-14
a3f28df0

Hard to see those 4 sites as having a lot of extra cash to pay off darknetone when they barely get any traffic.

Lucifer2023-03-02
fa755bcb

First of all, the links on DarkNetOne are not phishing links, they are the regular market links, so where is the problem? It's not our fault if someone refers our marketplace as a backproxy to a phishing link. dnstats.net does this for every marketplace and there are now countless more for all marketplaces. It is not for nothing that there is a huge anti-phishing message on the landing page. If someone doesn't take a few seconds to make sure they're on the right URL, we can't help them either. L

DarknetLive2023-03-03
1683bdbe

You're trying to divert the issue and context. They phish everyone else, but not yours. And while as pointed out by some others, there are a few smaller markets that they do not phish, Kerberos is the only one providing exclusive links dedicated for darknetone. Even if you're not behind darknetone, you still placed advertisements on a phishing site to finance the phishers. Furthermore, there is also the issue with your clearnet proxy server, which is a security risk.

mankampf2023-03-04
d795f857

"we argue with ourselves everyday, i just finished an argument with a door handle and boy, does that door handle know whos boss now.. huh.. yea.. dat right.. me =1 doorhandle =0 avabuitovdatbr00000000

Louis Cypher2023-03-14
3c9f7b25

It is your fault you lying sack of shit.

Philo2023-03-02
b198bd41

not confirming that kerberos is colluding with darknetone, but it is suspicious.

bitch2023-03-14
64d1587f

It absolutely is confirmation that kerberos is at the very least colluding with darknetone if they're not out and out the same person. How else can you explain exclusive links on kerberos to the notorious phishing site known as darknetone.

camden2023-03-03
727079c9

ayo wheres my bb?

andrew2023-03-03
9e34066e

SIMPLE AND CONCRETE

mrbean2023-03-04
fed6e5b0

6:1:1 ftw + feb + meatparcel a.k.a bucket stir

Archangel Michael2023-03-03
359ce4d1

Kerberos is World and Nightmare market. Guys suck people's money for years and they're still doing well.

therapist2023-03-04
615056ed

GIVE ME THE ACCESS CODES TO YOUR KNICKER DRAW.

nigger2023-03-03
1a1a8ffe

kerberos "clearnet" backend ip's(normally behind cloudflare, also includes their shitty "secured clearnet access"); 185.130.45.200, 185.130.47.221

nigger2023-03-03
5dfdb686

https://archive.is/GWSmt https://archive.is/krwZc https://search.censys.io/hosts/185.130.47.221 https://search.censys.io/hosts/185.130.45.200 either feds, or absolute fucking retards. stay the fuck away.

bleed2023-03-04
8c468eff

Also this one of their onion mirrors http://37.148.213.118:81

yesbutno2023-03-09
9676e9f0

> Also this one of their onion mirrors kerberos iqgd .. is a phishing clone

adwasdasdasd2023-03-03
de99784b

We've known this for ages... DNL has really gone too shit man.

randomnoise2023-03-03
37c48be5

just use darknetlive and dark.fail and cross reference the links you are checking its very simple lol

Im Bitch UP232023-07-11
2e2b1f3c

Simple is subjective my friend and we don't know for sure how people think lol

DaddyCool2023-03-03
677214e3

Reading through all these comments here it's proven once again to me: If everyone would only talk about things they understand and they're qualified to talk about, earth would be a very quiet planet :)

JannyPunisher2023-03-04
2718c421

holy shit its been a while since ive been on tor. How are you DNL and my fellow torniggercels. Also fuck trannies and jannies

VAVA2023-03-04
6d6c081e

tor2door still cool to buy from ?

sumboooodddeeeee2023-03-09
74382b03

Yep, some will say otherwise. I rarely need to purchase a link since using other networks. The link purchasing is a bit discouraging considering all the lying and manipulation in this scene, but it will keep away particular crowds of people so not to draw unnecessary attention to the market. As with any market, hide your address, turn off scripts, use pgp, don't trade directly from exchange, enjoy.

aliminador 2023-03-04
2d443f69

Ola family

SNTA2023-03-08
09342a46

Your is latin?

yourmum2023-03-05
d759c4c2

I remember that 1,5ish years ago the correct onion urls of asap market were on darknetone. Now the asap url is a phishing one. Darknetone team is probably still working on the kerberos proxy :p url will soon be changed to a phishing onion prolly xD

john 2023-03-06
aaf46087

pretty sure I just got ripped off $250 dollars from darknetones tor2door link. I used it before with no issues. Never fell a victim of phishing before but let my guard down. Really fucking sucks

HexxAnonymous2023-03-13
9fad8754

Yup this exact thing happened to me I lost $60.. shitty lesson reminder!

Fxxk the phishing bi2023-03-20
3792bf17

I got ripped off of $450 on vice city an $410 on another site I forgot this some bull crap ant been to the web in a minute now its like every site taking your money how do you find all the proper site wtf man

WideSpreadPanic1012023-03-07
1190b2f5

It is virtually impossible to get phished these days. Just verify the fucking links you twats!

justme2023-03-09
afdc095b

Trying to verify using dark.fail's PGP tool. It's saying the public key is invalid. Also, when decrypting the 2FA message when logging into Kerberos, I get a message that the fingerprint is incorrect - signature not verified. Anyone else have issues? I haven't entered the verification code to log in since I'm not sure it's safe.

Lies2023-03-12
1d0397b4

You should verify your own sigs not use dark.fail if you really used Kerberos you would of use dark train to get the links good try on scam review.

askurmomshenamedme2023-04-13
23defc53

I was recently scammed by vendor C4RD1NGC0D3 on Kerberos. Based on the recent feedbacks he has received, many others were too. This user had a reputation of 8 and had the "finalized early" feature enabled for him, which according to Kerberos only very reliable and extensively checked vendors get. It's some sort of a "trust" mark awarded to select vendors, but there are no guarantees if a vendor does turn out to be a nasty scammer. C4RD1NGC0D3 turned out to be a nasty scammer, took tens of thousands of dollars, and left the scene. Sad shit.