Delivery-Date: Mon, 22 Jun 2015 18:36:56 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 5869B1E04C4;
	Mon, 22 Jun 2015 18:36:54 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 75A4B35C99;
	Mon, 22 Jun 2015 22:36:49 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 67BD035C70
 for <tor-talk@lists.torproject.org>; Mon, 22 Jun 2015 22:36:45 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id xaYrkUN240WK for <tor-talk@lists.torproject.org>;
 Mon, 22 Jun 2015 22:36:45 +0000 (UTC)
Received: from ruggedinbox.com (ruggedinbox.com [94.156.77.238])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 336F135308
 for <tor-talk@lists.torproject.org>; Mon, 22 Jun 2015 22:36:42 +0000 (UTC)
Message-ID: <ab223f4061153c88e9e956c65c4b7f0d.squirrel@s4bysmmsnraf7eut.onion>
Date: Tue, 23 Jun 2015 00:36:36 +0200
From: bidet@ruggedinbox.com
To: tor-talk@lists.torproject.org
Mime-Version: 1.0
X-Priority: 3 (Normal)
Importance: Normal
Subject: [tor-talk] Hidden service honeypot
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

This link is a hidden service honeypot. http://zkym3uprkoddlxpq.onion/
The landing page includes some javascript that looks shady.
I couldn't understand the javascript or what it is trying to do exactly.

I'm interested in knowing how this affects the tor browser and tails, and
could this technique be used in other scenarios by different adversaries.

P.S. I don't think it's a LEA page, just a scare page, but it is trying to
do something and then failing at it.



-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

