Reverse engineering a fake Tor browser bundle

dtech · on Aug 13, 2014

> She/he told me that they are a small group (maybe from China) trying to catch pedophiles;

If they indeed are from china, I'd say it's just as likely they're trying to catch people who evade the censorship or press rules.

userbinator · on Aug 13, 2014

DNS servers for the domain are ns1.ipchina163.com and ns2.ipchina163.com, but these as well as the site itself appear to be in Malaysia.

hackerboos · on Aug 13, 2014

>silkroad6cebts64.onion

Maybe the are the hacker version of Omar from The Wire.

mistagiggles · on Aug 13, 2014

It's all in the game

neotek · on Aug 13, 2014

Link is a 404, here's the correct one:

nl · on Aug 13, 2014

http://cuckoosandbox.org/ looks interesting, as does the way of detecting it.

willvarfar · on Aug 13, 2014

> Their server is a stack of outdated crap, proudly powered by cPanel, feel free to root them for more details.

Hmm. Two wrongs make a right?

duiker101 · on Aug 13, 2014

Well, I didn't read the part where OP stated that he was doing a right...

jvoisin · on Aug 14, 2014

The server is running outdated services, and is powered by cPanel.

What is wrong?

RachelF · on Aug 13, 2014

More info on the source of this is a good thing, IMHO

m00dy · on Aug 13, 2014

yeah better than implementing tcp stack in python :D