Best deep web .onion links, updated 2016

Here is a collection of the best .onion links.
Download Tor Browser to enter this websites!
List is updated May 2016, so if any link is not working, please contact admin!
Enjoy it 😉

Hidden Wiki

HDWiki, the new Hidden Wiki 2016 version

http://hdwikicorldcisiy.onion/

Search on the deep web

Ahima.fi (clearnet) – https://ahmia.fi/
Onion Spider – http://skunkrdunsylcfqd.onion/
TorSearch – http://hss3uro2hsxfogfq.onion/
Not Evil – http://hss3b72fnzguoiwm.onion/
TORCH – http://xmh57jrzrnw6insl.onion/
Grams – http://grams7enufi7jmdl.onion/
TOR SEARCHENGINE – http://anon4jmy3f3ozlv6.onion/

Premium financial services

BlockChain – https://blockchainbdgpzk.onion/
NetAuth – http://netauth3qialu2ha.onion/
7yearsInTibet – http://ppccpzam4nurujzv.onion/
LocalBitcoins (clearnet) – https://www.localbitcoins.com/
Bitmixer.IO – http://bitmixe4b3xi6pgc.onion

Darknet markets

Alphabay – http://pwoah7foa6au2pul.onion/
GUNS DARK MARKET – http://gunsjmzh2btr7lpy.onion
Nucleus – http://nucleuspf3izq7o6.onion/
MIDDLE EARTH MARKETPLACE – http://mango7u3rivtwxy7.onion/
Hong Kong Market – http://hongkongh7pk6346.onion/
Abraxas – http://abraxasdegupusel.onion/
DHL – http://darkheroesq46awl.onion/
Hansa – http://hansamkt2rr6nfg3.onion/affiliate/768
Pharma Drugs – http://drugsfl4lgmxfetn.onion/
Dream Market – http://lchudifyeqm4ldjj.onion/
Black Market – http://dgoetx3q2c5etsne.onion/
Outlaw Market – http://outfor6jwcztwbpd.onion/
Alphabay (registration) – http://pwoah7foa6au2pul.onion/affiliate.php?aff=42157
Amazon Dark – http://amazon435hm6h3ye.onion/
Silkkitien – http://silkkitiehdg5mug.onion/
German Plaza – http://gerpla4igmngtpgw.onion/
The Majestic Garden – http://bm26rwk32m7u7rec.onion/
Bloomsfield – http://spr3udtjiegxevzt.onion/
Torepublic Market – http://nco5ranerted3nkt.onion/
Red dark net – http://r3yuljaqrzc7nurq.onion/index.php
Tochka – http://tochka3evlj3sxdv.onion/
East India Company – http://g4c35ipwiutqccly.onion/
RuTor – http://xuytcbrwbxbxwnbu.onion/
Hacking Service – http://khainky5i44s6mio.onion
Ramp (Russian Anonymous Marketplace) – http://ramp2bombkadwvgz.onion/
Crypto Market – http://cryptomktgxdn2zd.onion/
Russian SR – http://rusilkusru6f57uw.onion/
Dr. D’s Multilingual Market – http://drddrddzylzoq7nj.onion
TorPharm – http://torpharmzxholobn.onion
French Dark Net – http://s35ws7u7sj2g3uxm.onion/

Other financial services

ThePaypalCenter – http://76hrjuanhamaxqob.onion/
Counterfeiting Center – http://money2mxtcfcauot.onion/
Hidden Wallet – http://vp5rhkntohnccxea.onion
Encryptor RaaS – http://encryptor3awk6px.onion
Apples4Bitcoin – http://tfwdi3izigxllure.onion/
The Backyard Page – http://iqrev4baophyraoa.onion/
EasyCoin – http://spvxwgi4e73dfcs4.onion
Lester Services – http://fixerwex7oobu4ki.onion/
RanSumBin – http://ransumpdfrypfnmj.onion/index.html
Quantik – http://quantikdeaht2igq.onion/
FAKBEN cryptolocker – http://24fkxhnr3cdtvwmy.onion
Bitcoin Fog – http://foggedd3mc4dr2o2.onion
ATM Hack – http://2xgrpw6ksordl7e3.onion/
European CardShop – http://cixbl5q37nhty6kv.onion
CC Shop – http://ccshoph4k3r3pons.onion
Choose Better – http://agjo6d3l4ca4pmfb.onion/
OnionWallet – http://ow24et3tetp6tvmk.onion/
HQER – http://y3fpieiezy2sin4a.onion/
USJUD Counterfeits – http://usjudr3c6ez6tesi.onion/
Onion Identity Services – http://abbujjh5vqtq77wg.onion/
Fake Passport ID sale – http://fakeidskhfik46ux.onion
Fake Bills – https://dbqn3sqrmqyfy3xb.onion/
USA Citizenship – http://xfnwyig7olypdq5r.onion/
BitCloak Bitcoin Mixer – http://bitcloak43blmhmn.onion
Bitiply! – http://fwx2oxihh3yi5eyu.onion
Double your Bitcoins – http://4r23alxe7mwyqa4s.onion

Safe email providers

Sigaint – https://sigaintevyh2rzvw.onion
Tokumei – http://tokumeiobg3bqngg.onion/
TorBox – http://torbox3uiot6wchz.onion/
werchan – http://werchan24h52wjqi.onion/
MisteryInternet – http://cll2ovzjgcy6cwih.onion
MailTor – http://mailtoralnhyol5v.onion/
Mail2Tor – https://mail2tor2zyjdctd.onion
Safe-mail.net (clearnet) – http://www.safe-mail.net

Hosting

BitIt – http://ejz7kqoryhqwosbk.onion/
Imgbi – http://imgbifwwqoixh7te.onion/
TorVPS – http://torvps7kzis5ujfz.onion/index.php/TorVPS
File uploads on daniels hidden service – http://tt3j2x4k5ycaa5zt.onion/upload.php
TorShops – http://shopsat2dotfotbs.onion/
Real Hosting – http://hosting6iar5zo7c.onion/
CYRUSERV – http://cyruservvvklto2l.onion/

Blogs, Forums and IRC

UnderDir – http://underdj5ziov3ic7.onion
FreeFor – http://tns7i5gucaaussz4.onion/
Hacking Enzines – http://kr5hou2zh4qtebqk.onion
Jiskopedia – http://zqktlwi4fecvo6ri.onion/wiki/Jiskopedia
Torbook 2.0 – http://torbookcv77hwiwb.onion
The Intel Exchange – http://rrcc5uuudhh4oz3c.onion/
Deepweb Radio – http://76qugh5bey5gum7l.onion/status.xsl
ParaZite1 – http://qx7j2selmom4ioxf.onion/
Beneath VT – http://74ypjqjwf6oejmax.onion/
Anonymous confessions – http://confessx3gx46lwg.onion/
Sinbad – http://sinbad66644fr5lq.onion/
Cat Facts – http://2v7ibxmgunxlbk7m.onion/
Royal Brasil – http://royalbrikcrpjve2.onion/
Dark & Extreme Boy Stories – http://dembtxtlnu2cospb.onion/
Strategic Intelligence Network – http://4iahqcjrtmxwofr6.onion/
Facebook – https://www.facebookcorewwwi.onion
Daniels Chat – http://tt3j2x4k5ycaa5zt.onion/chat.php
Torduckin – http://3mrdrr2gas45q6hp.onion:2000/
Keys open doors – http://wdnqg3ehh3hvalpe.onion/
Hacker challenge – http://ejtoyouvauu2asaq.onion
Cebolla Chan 3.0 – http://s6cco2jylmxqcdeh.onion/w/
The Stock Insiders – http://b34xhb2kjf3nbuyk.onion
French Freedom Zone – FFZ – http://ffzone4ry6efpqj3.onion/
Polish Tor Wiki – http://7ghaqovnx3qo6l2l.onion
Hell forum – http://legionhiden4dqh4.onion
3D Boys – http://3dboysnh6cia5uul.onion/index.php
Thunders Place – http://thundersplv36ecb.onion/
Madrid Train – http://kpynyvym6xqi7wz2.onion/madrid/index.html
Torbook – http://zqktlwi4fecvo6ri.onion/wiki/Torbook
TorChan – http://zw3crggtadila2sg.onion/imageboard/
ParaZite2 – http://kpynyvym6xqi7wz2.onion/
Freedom Community – http://freeknmhe5miijej.onion
Tinybb4 – https://qm3monarchzifkwa.onion/
Code:Green – http://pyl7a4ccwgpxm6rd.onion/

94% of Tor Traffic is Malicious, According To CloudFlare

A recent report from CloudFlare says that over 94 percent of all the requests that come from across the Tor browsing network are of a malicious nature.

That is, they use Tor to scam or phish or cause digital chaos.

However, this does not seem to represent the whole story.

CloudFlare Analysis

After analyzing network traffic that reaches its customers’ websites for about a week in the month of March, CloudFlare, a website security company, found that over 94% of the content/communications was of malicious nature.

The Tor network can be accessed for online anonymity and this is made possible through peer-to-per connection of many servers.

Most people go online using the Tor anonymous network only to avoid surveillance.

It, therefore, encourages criminals to act without fear of getting caught.

On the positive side, it enables activists, journalists, and repressed members of the society to speak up freely.

CEO and co-founder of CloudFlare, Matthew Prince, observed that most of the malicious content belonged to the category of advertisement click-frauds, content scraping, scanning for vulnerabilities and spamming, among others.

These activities, in general, generate a large number of requests that causes an attacker to leave a large digital footprint, he observed.

According to the data obtained from Project Honey Pot, which is an open source project that helps administrators track spam emails, it has been found out that about 18 percent of the spam that is generated globally use an automated bot that harvests email addresses using the Tor network.

However, the Tor project had a few points to note about CloudFlare’s approach to web security.

They opined that some users that access the network are often confronted with “captchas” that sometimes deny them access to websites therein.

Tor developer Mike Perry observed that the procedure used by CloudFlare in labeling traffic as spam from IP addresses that have once sent malicious content is basically flawed.

This results in millions of genuine people getting blocked from accessing websites of their choice.

CloudFlare defended the claims and said that their research uses a variety of techniques to back their findings.

The methods determine if the source of the request is automated, create content that is made visible exclusively to bots and also turn protection off on specific internet servers that are used for the purpose of control.

Though Tor was initially started off in the 90s (by a group of researchers) for the use of the US Department of Defense to hide identities and addresses of agents gathering intelligence, it has become popular as users can hide their addresses and surf the net anonymously.

This factor has made the browser a favorite with cybercriminals, child porn rings, online darknet markets, malware and the like and has up to a million daily users today.

The benefits and drawbacks of the browser are still raging topics of everyday debate.

A recent survey by CIGI had more than 70 percent of 24,000 respondents wanting the darknet shut down.

cigi.width-380Eric Jardine, a research fellow at CIGI, opined that a majority of people did not know fully the functions of Tor and how the technology can be put to use more effectively.

Their reaction was simply spontaneous, he added.

He also argued that a name change to “Freedom Network”(proposedby one online user) from “Tor” and a focus on network privacy would do a lot of good.

CloudFlare’s research data does not ultimately show which of the actors show up in more numbers: the baddies or the oppressed ones that want to speak up on anonymity.

Though CloudFlare’s research shows that the cybercriminals in small numbers can create a large digital footprint, many other companies have come up with differing results.

As an example, a study by Akamai (of Tor traffic) found out that only 0.3% of requests from Tor exit nodes were harmful and they produced very little bandwidth as compared to the ones researched by CloudFlare.

Akamai also intercepted a good number of legitimate business transactions from the Tor exit nodes.

According to yet another study by Distil Networks, around 48% of Tor traffic was from illegitimate users.

Rami Essaid, Distil CEO, was fully in agreement with the CloudFlare results that a small number of users can create a large amount of traffic that is malicious.

In the light of these findings, CloudFlare CEO Matthew Prince also agrees that the research has primarily been conducted on the Tor traffic that reaches the company’s customers.
They are completely unaware of the rest of the traffic which is not visible to them, he admitted.

Man Sentenced for Buying Firearms on Dark Net

Justin Moreira,22, was sentenced by Federal Court Judge F. Dennis Saylor, to 42 months in prison and three years of supervised release. In November 2015, Moreira plead guilty to three counts of being a felon in possession of ammunition and firearms. Moreira had a conviction in 2013 for possession of a controlled substance with the intent to distribute; which is a felony.

more

Beginning in January 2015, Moreira engaged a federal undercover agent in a series of online messages during which Moreira inquired about the potential purchase of several different firearms. Ultimately, Moreira ordered a Walther PPK/S .380 caliber pistol and silencer from the agent for $2,500 worth of bitcoin. Moreira instructed the agent to ship the package to a post office box in Hyannis. Federal agents monitoring the post office box immediately arrested Moreira after he retrieved the package.

United States Attorney Carmen M. Ortiz, Daniel J. Kumor, Special Agent in Charge of the Bureau of Alcohol, Tobacco, Firearms, and Explosives, Boston Field Division Shelly Binkowski, Inspector in Charge of the U.S. Postal inspection Service Matthew Etre, Special Agent in Charge of Homeland Security Investigations in Boston Colonel Richard D. McKeon, Superintendent of the Massachusetts State Police, and Barnstable Police Chief Paul MacDonald, made the announcement today. The case was prosecuted by Assistant U.S. Attorney Mary B. Murane of Ortiz’s Criminal Division.

In 2014, the Agora guns and weapons seller “weaponsguy” began receiving complaints of packages not arriving and being a scammer. In November 2014 he returned from vacation, got the complaining buy to vouch for him, and resumed selling guns and related items. Weaponsguy was identified as an ATF controlled account which did undercover sales to Moreira in March-April of 2015. In which case it seems likely that weaponsguy followed the same life cycle as Dark_Mart and other FBI controlled accounts on Evolution and was busted sometime around or after the complaints began, cooperated and his account bean to be operated by ATF.

How We Talk to Hidden Services?

It’s true that networking protocols and technologies have changed drastically through the years; from Arpanet, Hubs, BBS and even serial cable WAN connections spanning states and even countries. It is also true that the popular and standard communication protocols have changed quite a bit as well: ATM, Frame Relay, X.25 and eventually TCP/IP. All of these changes have been the result of some problem needing solved or some process needing improved. With the exception of IPv6, IP addressing hasn’t evolved as quickly as other technological paradigms; and the same could be said about domain names. Up until recently there has been very little change to the foundations of the domain since its introduction in the 80s. Recently ICANN (The International Corporation for Assigned Names and Numbers) released a slew of new top level domain extensions bringing some major variety to the internet destinations we visit.

We are no longer limited to the traditional .com, .ca, .uk, .org, .edu, .gov and .net domains (to name a few). You will now see all sorts of wild domain names like .eat, .game, .mom and .space – in fact there reportedly at least 1000 out there. The decision has moved a mostly unchanged part of the tech world into the 21st century. Though this is big news for many it’s certainly not the most noteworthy development in online names. As we all know, Hidden Services have changed the way we used the internet in a drastic way. Although, this is not technically a change to the traditional domain name system, it certainly runs parallel to it.

There may be many out there wondering how Hidden Services work and how they differ from the normal Domain Name System. Well, if you are one of those people, you’re in luck; I am going to quickly explain how DNS (Domain Name System) works and then explore how Hidden Services compare.  In reality, domain names are meaningless and largely exist to make our lives easier. When you browse to CNN.com, you’re not going to “CNN.com”, you’re going to 157.166.226.26. Similarly, when you make your way to Google.com, you’re not actually going to “Google.com”, you’re going to 172.217.1.110 or one of their many other public IP addresses. You see, we communicate with network destinations (whether public or private) on a number made up of 4 octets – this is only a half truth as ipv6 addresses are hexadecimal and made up of 8 hextets, but we’re going to leave that alone today and stick with IPv4. We use 4 octets because of the role binary plays in computing. You could really say that IPv4 is a more memorable way to remember and understand binary numbers, just as DNS is a memorable way to remember IPv4 addresses. Remember CNN.com at 157.166.226.26? Well, you’re really going to 10011101.10100110.11100010.00011010. Google.com is much easier to remember than 172.217.1.110, which in turn is much easier to remember than 10101100.11011001.00000001.01101110. But, this is not a lesson in subnetting or binary – we want to talk about DNS and more importantly Hidden Services.

The Domain Name System exists for a few reasons: it provides us with common domains that can be used to group together or “workgroup” computers. Domains are also useful for setting up common email addresses in Exchange or non-Microsoft email equivalents. Perhaps most importantly, DNS provides us with a memorable way to reach websites, servers and other online destinations. As mentioned, every network device must have an IP address. Your private IP address is locally significant on your LAN and will be translated to a single public IP as it leaves your home or office. So when and how does the name translation occur?

Let’s say I’m sitting on my computer with IP address 192.168.2.100 and I want to visit Google.com. My network doesn’t know how to get there yet, but it does know that my way to the internet is through my gateway 192.168.2.1. My gateway has been preconfigured with DNS servers, which are likely owned and operated by my ISP. My request is routed to the primary DNS server, still using IP addresses. My ISP’s DNS server will either have a record for Google.com, or it will forward the lookup to another DNS server and possibly many more consecutive DNS servers until the record is located and an IP is sent back to my PC. My PC is now sending a session to 172.217.1.110, 142.166.12.216 or whichever Google.com IP is accepting the next connection. If you open a command prompt or terminal and execute the command nslookup reddit.com, you will notice that it returns a long list of IPs. This is common for busy sites, which will use some form or load balancing (such as round robin) to spread the load across multiple servers. This used to be the case with Google as well, but today it’s only returning one single IP 172.217.1.110. A few months ago, it was returning the IP 142.166.12.216 (as seen in FIGURE A), which perfectly illustrates why it is necessary to query external DNS servers. If all sites used one single IP that never changed, we could save them all in a local hosts file on our PCs, but with Network Address Translation and massive Server Farms, IPs are always changing. Corporations and offices quite often have their own local DNS servers, used to save time and bandwidth, but these are always pointing to at least 1 or 2 external DNS sources for unknown or outdated lookups.

FIGURE A – Typical Home DNS Lookup

hiddens1

So now that everyone has a basic understanding of DNS we can ask the question: If Hidden Services are ‘hidden’ then how do we find them? This is where things start to stray from the normal operation of DNS. First, because Hidden Services are hidden, they are not stored in massive DNS databases the same way Clearnet sites are. Originally, there was no way to even find reference to a TOR Hidden Service without actually using TOR, but lately there has been much squawking over lists and directories of TOR sites being available on the Clearnet – This is pretty irrelevant because simply knowing a Hidden Services address doesn’t make It ‘known’ although it may find its way on LEA’s radar more quickly.

Above I mentioned that the latest big change to happen to domains was the release of hundreds of new top level domain extensions. Ironically, there is only one on TOR, likely because it is virtually meaningless (yes, much more meaningless than DNS). All TOR Hidden Services sites end with the domain extension .onion. Names and extensions mean so much less on TOR – to the point that many people have to save their favorite market addresses or check them on somewhere like Deepdotweb.com. Another key difference between normal web servers using DNS and TOR Hidden Services: public IP addresses. For a Clearnet server to be reachable on the internet, it must have a public IP defined in DNS, which is then translated to the internal private IP. Because Hidden Services use circuits built through the TOR software you don’t need to use your public IP in any step of the process. That’s not to say that your public IP isn’t being used to facilitate the communication, but it does not have to be presented to the outside world as the destination for your Hidden Service. This increases security and makes it so that TOR Hidden Services can be operated behind a firewall on private IPs. I’m sure you are all wondering what I once wondered: If no DNS entry is required and no domain name is bought, then where does the .onion URL come from? TOR actually generates the URL using a shirt summary of your TOR public key.

If Hidden Services are not identifiable in DNS directories, nor public IPs used to advertise the sites then how do we know about them and next how do we find them? Unlike Clearnet sites, which have to have a manual record created to in DNS to be reachable, TOR Hidden Services will actually advertise their existence when they build circuits to completely random relays and begin using the relays as introduction points (FIGURE B).

FIGURE B – Hidden Service Intro Points

hiddens2Once the TOR user becomes aware of the Hidden Service, and makes a request to visit, a rendezvous point is initiated by the TOR User (FIGURE C):

FIGURE C – User Rendezvous Point        

hiddens3

The introduction circuits and rendezvous points only provide a means for the endpoints to meet somewhere in the middle to communicate. A one-time secret key is packaged with the rendezvous point location and is then delivered to the TOR Hidden Service, although this is not delivered directly but through the various ‘introduction points’ (FIGURE D). The idea is that when one node receives this kind of traffic from another, it only knows where to send it but does not know where it came from. Once this is received, the Hidden Service will connect to the rendezvous point and send back its own one-time secret to the user at which point an encrypted session is established between the two via the rendezvous point (FIGURE E). This will continue through the rendezvous point for the duration of the session (FIGURE F), but if they decide to make communication the next day the path will never be the same.

FIGURE D – Key & Rendezvous Delivery

hiddens4

FIGURE E – Secret Key returned to user

hiddens5

FIGURE F – Established Encrypted Session

hiddens6

I have said it before, but I will say it again: the TCP/IP model of IP addresses and domain names was never meant to be anonymous. The very foundation of our online communication is inherently public and identifiable. It’s probably for this reason (among others) that TOR Hidden Services were not built on top of the current Domain Name System but were sort of tacked on to the side finding other brilliant ways around the inevitably traceable networking systems we have ended up with. Just as TOR succeeded in bring anonymity by thinking outside the box, LEA are taking the same approach to de-anonymize TOR and its users. AT some point TOR may be broken wide open and by that time we can only hope that a whole new method of anonymous network communication has been built on top of, within or completely separate from, this tell all system we’re stuck with. In the meantime, I plan to take in the ingenuity and genius that has made TOR Hidden Services possible; if only for a short time.