this is a self post, upvote for visibility
Yesterday there was a topic posted regarding a fake Grams Flow URL which linked to a phishing clone of Agora, I and /u/gramsadmin played this down as an attempt to dirt the name of Grams, however it may have been that they got the URL from Deepdot as 2 other posts have been added regarding similar things happening.
There seems to be malicious exit nodes redirecting to phishing sites from the links placed on Deepdot or it may be that there is even a clone of Deepdot filled with these links.
Make sure you cross examine all onion URLs if you don't wish to have your accounts hacked or coins stolen. You shouldn't really trust the sub even as the list could be edited maliciously. You're best keeping a list stored of correct links to prevent this from happening.
Not trying to be THAT GUY, but does anybody know who owns deepdot? How do we know 100% for-sure they are not serving up malicious links on random page requests? Also, another idea for deepdot, why don't they force-HTTPS / SSL connection? SSL data is encrypted and tor exit nodes can not alter it as far as I know.