Fake PushingTaboo hidden service, avoid getting scammed.

I was recently trying to access the site of a known vendor when I've stumbled upon this:

hxxp://pushikklyjb5qnb2 DOT onion

As you can see, it's a reverse proxy phishing site that cleverly replaces the original HS content (http://pushingtabu7itqj.onion) bitcoin addresses with it's own. Doing a quick analysis yielded pretty curious results:

I've contacted the vendor and what we ended up in discovering:

You can find the full address list here: http://hastebin.com/raw/orumawiwaf

I hope this helps some people in avoiding getting scammed.

If you wonder how did I encounter the scammer's hidden service - I've simply encountered and evil tor exit node that stripped SSL down to unencrypted connection and changed the real .onion address to the link this thread is about.


Comments


[9 Points] None:

[deleted]


[5 Points] aboutthednm:

Man, that takes a bit of effort to set up. At what point is it no longer scamming, and that person earned the pay due to the amount of work involved?

I mean, this is pretty elaborate, and I can respect this. Not saying I approve at all, but hats off anyways. I had a look, and this is so well made, with the addresses and all, proper good work. Certainly not an amateur. Someone stepped up their game. This is brilliant compared to the fake alphabay login scam that asks for your pin too.


[2 Points] DrPriority:

thats a whole lot of coins that those wallets received.


[1 Points] None:

[removed]


[1 Points] onionboy1:

i got a bit interested by this issue, so i tried searching for other scam-clones done by the same person or group

i found this website which somehow detects the phishing hses and mark them as such: http://j4ko5c2kacr3pu6x.onion/

on this list i found UKGanja, where there are two hs urls:

i tried ordering via the phishing link, in return i got a bitcoin address that was on @throwaway__security list