Hidden Web websites

Here I am going to give some links to darknet websites, since it’s kinda hard to navigate. Mostly are onions and eepsites (i2p sites) and freesites (freenet sites)

The websites or their contents are not endorsed in any way. I am just linking them.

By [CONTENT WARNING] I mean there’s NSFW content. Or stuff like that

I am (for now) only linking websites you can access in port 80 (in tor browser). I’ll probably add more onions for services such as Jabber, Gopher…

I take no ownership of this list, so feel free to copy it and make your own list.

my [DOWN] i mean that the website is down, the date is the approximate date of when it got down.

If you feel like helping, please report dead links.

Steal this list!

If you wish to help me, you can donate to these addresses:

BTC: bc1q59t6z2lqdve7tfu3nc56dkh9djvpzpxllwyek6

XMR: 47QTumjtqJabbo1s9pLDdXeJarLVLfs1AaEcbi1xrEiV852mqcbe5AHLNXTk7tH9MscxcxQDfJQnvH5LpxvfgwSJQZ3zbS6

How to identify a Honeypot?

It is easy, if they use a v2 address (and no v3 available) when they’re getting deprecated, 90% it’s a honeypot DON’T trust v2 addresses.

Why is this a honeypot behaviour? 2 reasons:

  • Lack of interest from the owners to update their site.
  • v2 addreses are way less secure than v3 addresses, they use RSA1024 (insecure nowadays) instead of ed25519 (secure nowadays)

Also, protonfail (pr*tonmail), in their .onion, if you click “create an account) it will redirect you to the clearnet. This is some obvious honeypot behaviour.

And, Br*ve browser gave their users a .onion for their website. It is a v2 address, Obviously, I don’t think Brave is a honeypot since it was made by the same guy who invented JavaScript (lol). What brave is, though, is a terrible browser with terrible privacy. And they giving us a v2 address for “privacy” just shows the interest they have for giving their users privacy.

But what’s a v2 address? Tor has 2 types of .onion address, one have 16 characters (http://expyuzz4wqqyqhjn.onion) and other has 56 characters (these are the v3). The one with 16 characters are the v2 addresses.

Yggdrasil addresses shouldn’t be domain names

At least for my paranoia. As yggdrasil addresses are IPv6 address, you could put them as an AAAA record and fuck it1. However i don’t think that yggdrasil addresses should be sent this way because to get the yggdrasil IPv6 address you’d have to send the traditionally unencrypted “WHERES THIS THING!!” DNS packet. This way the ISP (and your DNS server) would know what you’re using yggdrasil.

Personal websites/blogs/wikis








In Spanish i would have say “Le pones esa IPv6 como AAAA y a tomar por culo” but i don’t know how to translate that “A tomar por culo”

Last updated: 2022-03-03