I have been scammed by grams7xfvv7kbyc3 onion how is this even possible to make a scam page that can login just like original helix page but only the address to be changed?? is this even technically possible?
[17 Points] Big_Daddy_Trucknutz:
[9 Points] None:
So you're asking if something is possible even though it has already happened to you?
[2 Points] shoelace120:
Always use the sidebar. Or, I copied and pasted all the links into WordPad, no more phishing links.
[3 Points] deepdot:
Yes, its a known script called "onion cloner"
[2 Points] None:
As a web and software dev - yeah, totally possible.
[1 Points] ziz1:
is this even technically possible?
Yes.
They've done it before with various darknet markets.
They take any input you send to them and forward it to the actual site. Any data coming from the actual site is forwarded to you. It looks just like the real site, because it is the real site, being sent through a man in the middle. When a bitcoin address is sent from the real site, they change it to one of their bitcoin addresses, so that when you think you are sending money to your helix account (or a market account), you are actually sending it to them.
Where did you get the fake grams address from?
[1 Points] ShulginsCat:
Guys, be careful when using http clearnet sites over tor. They can be hijacked and all your communications eavesdropped and/or modified !
Over Tor http is ONLY safe for onion sites. For www ALWAYS USE https!
As an additional PSA once you have the valid onion address of the market/service - just save it in a text file or bookmark so you don't have to look it up every time.
Stay safe
[1 Points] Magicpurpleponyrider:
Hahaha that's like the exact definition of dark net phishing
[1 Points] IsThatPurple:
save the links locally. Use it daily. End of story. Encrypt the file if you're sick with OPSec.
[1 Points] TheRealDealMarket:
Its just a php-proxy .. we have seen many of these scams pretending to be our market as well, helix could just block .onion referrers who are not them, or at least present the real address on their site .. while mixing in some random html tags, just to mess with the lame auto-replace attempts done by these proxies...
[1 Points] epotn:
you would have been able to log in with any username / pass combo
[1 Points] disposable_UK:
Hope you didn't lose much :(
[0 Points] esk1m0_:
there is a way to prevent this method , but why helix admins do not implement this i wonder.
Of course it's technically possible. It's called phishing.