NEW PERSPECTIVES ABOUT THE ECOSYSTEM: INTEGRATING STRUCTURE WITH INFORMATION

A Dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy

by

MAHDIEH ZABIHIMAYVAN B.S., Ferdowsi University, 2012 M.S., International University of Imam Reza, 2014

2020 Wright State University Wright State University GRADUATE SCHOOL

April 22, 2020

I HEREBY RECOMMEND THAT THE DISSERTATION PREPARED UNDER MY SUPERVISION BY MAHDIEH ZABIHIMAYVAN ENTITLED NEW PERSPECTIVES ABOUT THE TOR ECOSYSTEM: INTEGRATING STRUCTURE WITH INFORMATION BE ACCEPTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF Doctor of Philosophy.

Derek Doran, Ph.D. Dissertation Director

Yong Pei, Ph.D. Director, Computer Science and Engineering Ph.D. Program

Barry Milligan, Ph.D. Interim Dean of the Graduate School

Committee on Final Examination

Derek Doran, Ph.D.

Michael Raymer, Ph.D.

Krishnaprasad Thirunarayan, Ph.D.

Amir Zadeh, Ph.D. ABSTRACT

Zabihimayvan, Mahdieh. Ph.D., Department of Computer Science and Engineering, Wright State University, 2020. New Perspectives About The Tor Ecosystem: Integrating Structure With Infor- mation

Tor is the most popular dark network in the world. Its noble uses, including as a plat- form for free speech and information dissemination under the guise of true , make it an important socio-technical system in society. Although activities in socio-technical systems are driven by both structure and information, past studies on evaluating Tor inves- tigate its structure or information exclusively and narrowly, which inherently limits our understanding of Tor. This dissertation bridges this gap by contributing insights into the logical structure of Tor, the types of information hosted on this network, and the interplay between its structure and information. These insights arise from three studies:

(a) We perform a comprehensive crawl of the Tor and, through topic and network analysis, characterize the types of information and services hosted across a wide swath of Tor domains and their hyperlink relational structure.

(b) We study the potential for thought-to-be isolated information on the dark Web to be leaked into the public surface Web by providing a broad evaluation on the network of referencing from Tor to surface Web.

() We investigate the structural identity of Tor domains as an indicative of their neigh- borhood structure, independent of their either service type or location in the network.

Our studies unearth previously unknown properties of Tor, including the finding that Tor domain types can be categorized into nine groups defined by the information they host. We unveil how services for releasing and searching information do emerge as the dominant type of Tor domains. Our importance evaluation identifies Dream marketplaces and direc- tory domains as Tor core services and crucial entry points for probes, respectively. Connec-

iii tivity analyses reveal some patterns of cooperation and competition among Tor domains. We also present measurements that indicate how some types of domains intentionally silo themselves from the rest of Tor. The investigation on the dark-to-surface referencing network reveals this network as a single massive connected component where over 90% of Tor hidden services have at least one link to the surface world despite their interest in being isolated from surface Web tracking. This referencing puts Tor domains closer to each other and encourages them to cluster. However, it does not raise the domains’ contribution to either communication or information dissemination through the Tor network. Analyses on the Tor structural identity indicate that Tor domains can be categorized into eight groups based on their neighborhood structure. has its own class: an almost fully connected neighborhood structure which is robust against removal. Link- ing structure of Tor domains can further make differences in their structural identities. The domains with direct to the others with high out-degree centrality form the dominant structural identity on Tor. This identity makes the 2nd-degree neighborhood of Tor domains robust against node removal or targeted attack despite their tendency towards isolation.

iv Contents

1 Introduction1

2 Preliminary Knowledge5 2.1 Tor scheme...... 5 2.2 Tor security issues...... 8 2.2.1 -side attacks...... 8 2.2.2 -side attacks...... 12

3 Literature Review 14 3.1 Tor security and ...... 14 3.2 Tor structure characterization...... 16 3.3 Tor information characterization...... 17

4 Information Ecosystem Evaluation 20 4.1 Dataset collection and processing...... 23 4.1.1 Tor content discovery and labeling...... 24 4.2 Content evaluation...... 28 4.3 Domain relationships...... 32 4.3.1 Connectivity analysis...... 34 4.3.2 Importance analysis...... 39 4.4 Chapter summary...... 40

5 Information Leakage Assessment 42 5.1 Dataset collection and processing...... 45 5.2 Evaluation of dark-to-surface referencing...... 50 5.2.1 Linking process of Tor services to dark/surface resources...... 50 5.2.2 Analyzing reference view of Tor services...... 53 5.3 Chapter summary...... 60

6 Structural Identity Characterization 62 6.1 Structural identity analysis...... 63 6.1.1 Tor structural identity representation...... 64 6.1.2 Clustering Tor structural identities...... 67

v 6.2 Chapter summary...... 75

7 Conclusion 77

Bibliography 81

vi List of Figures

1.1 Relationship among the studies in this dissertation...... 2

2.1 Tor architecture...... 6 2.2 A browser attack using the codes included in a . Executing the plugged-in program by the client’s browser opens a direct path to a mali- cious which compromises the client’s anonymity...... 9 2.3 A browser attack using a malicious exit node. The client’s browser executes a code inserted into a by the malicious exit node...... 10 2.4 Traffic manipulation to induct malicious entry into the circuit...... 11 2.5 diagram of the off-path man-in-the-middle attack...... 13

4.1 Tor data collection process...... 22 4.2 LDA topic coherence score for different number of topic and minimum lengths of document; bold trend representing scores using 9 topics..... 25 4.3 Services provided by , multimedia, forum, and shopping domains... 29 4.4 Topic distribution of Tor domains...... 31 4.5 Network of domains with degree > 0...... 33 4.6 The Tor domain network. Panels 1 through 9 each highlights the incom- ing and outgoing edges of a particular domain. The figure is best viewed digitally and in color...... 34 4.7 In/out degree distribution of each community...... 35 4.8 Intra-relations within domains...... 37 4.9 Centrality distributions...... 39

5.1 Flowchart of the data collection and processing...... 45 5.2 Network of data collected during crawling. Red nodes indicate Tor do- mains and green nodes represent surface ...... 48 5.3 Number of references to surface Vs. dark Web; both axes in logarithmic scale...... 51 5.4 Distribution of number of Dark Web neighbors for Tor domains in the first category; both axes in logarithmic scale...... 52 5.5 Frequency Distribution of Network Parameters...... 54

6.1 Average Silhouette width Vs. different number of clusters...... 69

vii 6.2 Dendrogram of the Hierarchical Clustering...... 70 6.3 Label Distributions in the resulted clusters...... 71 6.4 Examples of neighborhood structure for Dream market domains...... 71 6.5 CDF plot of out-degree centrality for Tor domains...... 72 6.6 Examples of 1st-deree neighborhood structure for domains in clusters 1 to 4 73 6.7 Examples of 2nd-degree neighborhood structure for domains in clusters 1 to 4 74 6.8 Examples of neighborhood structure for domains in clusters 7 and 8.... 75

viii List of Tables

4.1 List of 10 most probable words per topic and their label...... 28 4.2 Summary statistics of the domain network...... 32 4.3 Modularity score of each topic community...... 38

5.1 Dark/surface resources used to collect initial seeds...... 46 5.2 Basic parameters of the network...... 49 5.3 domains with more than 200 references to surface and no link to Tor 53 5.4 Summary statistics of network features...... 53 5.5 List of edges with Edge betweenness Centralities greater than 10,000.... 55 5.6 20- Tor Services with high Stress centrality...... 57 5.7 20-top Tor Services without-degree centrality greater than 400...... 58 5.8 10-top Tor Services with In-degree centrality greater than 100...... 59

6.1 Basic statistics of the out-degree centrality for Tor domains...... 72

ix Acknowledgments

I would like to express my thanks to my supervisor, Dr. Derek Doran, who has continu- ously supported me throughout this long journey. His patience, advocacy, and constructive comments helped me improve in different aspects of my academic life. His caring about my freedom to choose the projects of my research interest and devise my own research questions notably helped me be the researcher I am today. I sincerely appreciate his belief in my technical abilities and all his effort to make me a better person. My thanks also go to my great committee members, Drs. Michael Raymer, Krishnaprasad Thirunarayan, and Amir Zadeh, who significantly improved my research by their helpful advice and supported me by their encouraging feedbacks. I am also thankful to the College of Engineering and Computer Science and all its staff members who were so generous with their time in guiding me. And my biggest thanks go to my husband, Dr. Reza Sadeghi, without whom I would have stopped these studies a long time ago. He put up with my stresses and moans, and he was amazingly encouraging and patient. I cannot also forget to thank my parents for all the support they have shown me through these years. I sincerely thank my beloved brother, Mahdi, and sisters, Mahtab and Monireh, who have always heartened me with their selfless kindness. Finally, I thank my great labmates and friends for all the unconditional support especially during this very intense academic year.

x 1

Introduction

Socio-technical systems can be viewed as a linked structure of a set of entities which pro- vide and spread information through the network [26]. A set of linked Web pages, so- cial network of acquaintance or other connections between individuals, and set of linked business companies are common samples of these systems. The linked structure and in- formation propagated through such networks have significant influence on each other. In social systems, for instance, the information owned by an individual has a strong influ- ence on social structure [28]. On the other hand, predefined social structures impact the distribution of information, and hence the amount of value one obtains by participating in the network. Thus, investigating the behavior of socio-technical systems needs considering both the structure and information together. Tor is an important socio-technical system which has attracted much attention after attempts to control or suppress the by countries like China and Russia [48]. Tor is also considered as the most popular dark network which requires unique protocols and authorization schemes to access. It provides communication for both senders and receivers using an scheme similar to [22] that prevents traffic analysis and network activity monitoring by complicating any possible tracking or tracing of users’ identity. Tor is used as a tool for circumventing government

1 Structure & Structural Information Content Identity Leakage Characterization

Structure Information Interactions Figure 1.1: Relationship among the studies in this dissertation.

censorship [32], releasing information to the public [48], sensitive communication between parties [56], and as a private space to trade goods and services [50]. Although activities in socio-technical systems, and hence Tor, are driven by both struc- ture and information, present art in evaluating Tor studies its structure or information exclu- sively and narrowly. Current empirical evidence on the Tor information is limited to studies that merely investigate the type of hosted information through crawling, extracting, and an- alyzing particular content of Tor such as drug trafficking [18], homemade explosives [29], terrorist activities [15], or forums [56]. Also, although the Tor structure is only beginning to be studied, the related work focuses on how Tor is logically organized. Perhaps our best understanding of the Tor structure is from Bernaschi et al. that present a characterization study on Tor network graph and investigate the persistence of hidden services and their hyperlinks [6]. They also compare Tor with other social networks and surface Web graphs using well-known network analysis metrics. Their results indicate that in Tor network, edges are more volatile than vertices and the graph presents some similarities with other types of networks while it has particular properties such as huge number of nodes with no out-going edges. The objective of this dissertation is to perform a series of characterization studies, out- lined in Figure 1.1, that explicitly incorporates the interplay between structure and informa- tion in Tor to gain a new understanding of this network. The work collectively contributes

2 a new perspective on the broad make-up of Tor, its structure, the information it , and the potential for thought-to-be isolated information on the dark Web to be leaked into the public surface Web. The dissertation specifically examines the followings: (i) In the first step, we perform a comprehensive crawling of the Tor dark Web and, through both topic and network analysis, present a broad characterization on the types of information hosted on Tor domains and their hyperlink relational structure. The purpose is to reveal the main applications of Tor domains and to better our understanding of the connectivity and importance of the domains, conditioned on their service type. Through the lens of various analyses and among the other findings, we identify the interest of Tor domains in being isolated. () In the second step, we emphasize the information, and regarding the domains’ tendency to isolation, we broadly evaluate Tor-to-surface reference network and analyze how Tor domains are vulnerable against information leakage caused by linking to the sur- face world. To consider any interplay between the information and structure, the analyses also consider to what extent this linking can change the overall hyperlink structure of Tor domains. Moreover, they provide reports regarding the type of information and services provided by Tor domains. (iii) In the third step, by emphasizing the structure and to further investigate any inter- action between the structure and information of Tor, we study the structural identity of Tor domains. Through this evaluation, we identify extremely important patterns in the neigh- borhood structure of Tor domains, and reveal the dominant structural identity of the Tor network.

Chapter Overview

The remainder of this dissertation is organized as follows.

3 Chapter2: Preliminary Knowledge discusses the background knowledge required to effectively follow the subject and purpose of this dissertation. Specifically, it covers Tor routing scheme in Section 2.1 and Tor security issues in Section 2.2 in more details.

Chapter3: Literature Review details the related work on the main components used in this dissertation. That is, in Section 3.1, we focus on understanding the security and privacy issues on Tor. In Section 3.2, we discuss the work on characterizing the structure of Tor. Finally, Section 3.3 reviews the work on characterizing the information hosted on Tor hidden services.

Chapter4: Information Ecosystem Evaluation presents our comprehensive topic and network analysis over Tor which characterizes both the types of content hosted across Tor domains and their hyperlink relational structure.

Chapter5: Information Leakage Assessment presents our investigation on network of references from dark domains to surface websites to assess the potential for leaking information on Tor and to what extent such a referencing can change the hyperlink structure of Tor domains.

Chapter6: Structural Identity Characterization discusses our study on the structural identity of Tor domains to reveal any interaction between information and structure on Tor and whether there is any dominant structural identity on Tor.

Chapter7: Concluding Remarks and Future Directions summarizes the contributions of this dissertation and gives directions for future work.

4 2

Preliminary Knowledge

This chapter discusses the knowledge required to follow the subject and purpose of this dissertation. Specifically, it presents details on Tor routing scheme in Section 2.1, and Tor security issues in Section 2.2.

2.1 Tor routing scheme

Tor is a low-latency anonymity network of over 6500 volunteer relays/routers. It provides anonymous communication for both senders and receivers using an encryption scheme sim- ilar to onion routing [22]. Small set of Tor authorities regularly monitor all relays in the network and authorize them if they are active and at most two per single IP address. The relays can be also run and advertised by Tor users. A consensus (list) on the authorized re- lays is maintained and published by Tor authorities among users. To start a communication with a server, client needs to incrementally establish a path or circuit of three (by default) active relays and send the message encrypted in successive layers through the circuit. The first and last relays are respectively referred to as the entrance (or guard) and exit. All con- nections between client and the guard, intermediary relays in the path, and from exit to the receiver utilize transmission control protocol (TCP).

5 Unencrypted link Entry Encrypted link

Client Destination

Exit Tor routers Figure 2.1: Tor architecture

To build the circuit, client first contacts the Tor authorities to get a list of available relays and a public to communicate with the entry. Employing asymmetric key cryp- tography technique, client establishes a path and shares a private key with entry and sends it the encrypted message. Entry decrypts the message using the private key shared with the client. The encrypted link between the entry and the client is used to relay an encrypted message to the middle . In each step, the message can be decrypted only by the receiver relay not its preceding or following routers. After decrypting the message, the sec- ond router builds a path with the entry without knowing whether it is the client or a regular router. This repeats until the destination receives the whole data. While the destination sends back a message, the path is used again but in a reverse direction. In this method, entry is the only one that is able to observe the identity of the initiator of the message while the intermediaries only know their previous and next routers. Exit is also the only router which can see the completely decrypted message and hence, know the location of destina- tion. Technically, one single router cannot infer the location of both initial sender and final receiver of a message. Figure 2.1 presents the flow diagram of the Tor architecture. Tor hidden services (HS) are features added to Tor network in 2004 to provide privacy for users who run Internet services on Tor. The architecture used for Tor hidden services

6 establishes a routing between the client and the service which is comprised of the client, introduction point (IP), hidden service directory (HSDir), Rendezvous point (RP), and the hidden service. IP is a random relay that is selected by the hidden service as its contact point. To be a HSDir, a relay must be active for 25 hours to receive HSDir flag. HSDir is responsible for HS descriptor. RP is a relay randomly selected by the client to transmit all the data between the client and the server. From the hidden service view, hidden service Onion Proxy (OP) first needs to be configured on the machine hosting the HS. OP then automatically generates a RSA key pair which is sent to IP to build a private connection with it. Hence, IP only receives the HS public key instead of its Internet Protocol address. After establishing a circuit with the IP, OP builds the HS identifier that is a combination of its public and private key. This identifier is then sent to the IP through the circuit. In the next step, OP generates two HS descriptors (with different IDs), selects two HSDirs, and uploads the descriptors in their hash tables. Each descriptor is comprised of an ID, list of IPs, and the HS’s public key. Technically, configuring a new hidden service automatically generates a string of 16 or 56 characters as the hostname of the service onion address which is also considered by the client as the service pointer. The string can contain any letter or decimal digits from 2 to 7 and is base-32 encoded identifier of the hidden service. From the client perspective, using the pointer of a hidden service, the client OP computes the descriptors IDs, HS’s responsible HSDirs, and then obtains its descriptors. To establish a private path with the HS, the client OP randomly selects relays and requests them to be RP. For each attempt, OP randomly selects a 20-byte value as Rendezvous Cookie (RC) and sends it to the relay. The router which associates the RC with the connection that sent it is selected as RP. The client OP then establishes a new connection with IPs of the hidden service and sends them an introduction message containing information about rendezvous point, RC, and hash of the service public key. If the IPs recognize the public key of the service they are respon- sible for, they allow transmitting the message to the hidden service OP. In this step, the

7 hidden service OP decrypts the message using its private key and observes the information regarding the chosen RP. Then, the hidden service OP establishes a circuit with the RP. Fi- nally, RP informs the client OP that the path has been built successfully and can be used for transmitting all the other data which should be sent between client and the hidden service. Interactive applications such as , Web browsing, file , and remote termi- nal access utilize TCP network standard since it provides reliable data transferring with guarantee that all eventually arrive the destination. As previously mentioned, all circuits built in Tor employ TCP which leads this network to be ideal for interactive appli- cations. However, there are few clients who consume notably high amount of traffic on Tor using non-interactive applications such as [34]. As it is in conflict with the basic purpose of Tor project in providing low latency and high throughput besides anonymity, default policy of exit relays blocks TCP ports for file sharing protocols.

2.2 Tor security issues

Based on [14], the attacks on Tor can be categorized into three classes of client-side, server- side, and information leakage. This section presents information on the first two categories while Chapter5 details the information leakage on Tor and investigate to what extent Tor domains are vulnerable against this issue.

2.2.1 Client-side attacks

There have been several attempts to hack Tor clients and associate their identities (i.e. IP address) to the data transmitted. Related studies propose solutions to remove these vulnerabilities through updates on different versions of Tor. Browser-based attack: this attack [1] exploits code execution strategy to conduct an end-to-end traffic analysis to identify visitors of websites. Although all con-

8 Plugged-in codes

Malicious Web Server

Figure 2.2: A browser attack using the codes included in a website. Executing the plugged-in program by the client’s browser opens a direct path to a malicious Web server which compromises the client’s anonymity

nections in Tor follow an onion routing scheme to provide anonymity, programs such as Flash, Adobe, and Java that plug into the browser do not have to use this proxy. Hence, downloading and executing their codes build connections through the regular Web instead of Tor anonymous circuits. Embedding a malicious server on the surface Web, as illustrated in Figure 2.2, can reveal the identity of the website user in Tor. However, this attack does not provide third parties to deanonymize users of a Tor Web page. In another attempt denoted in Figure 2.3, employing a malicious exit relay to manipulate the traffic and conduct a man-in-the-middle attack allows parties to associate the user’s identity to the data requested. Insecure protocols: statistical analyses on protocols used in Tor communication indi- cate that a notable proportion of exit traffics use protocols such as (FTP), Internet Message Access Protocol (IMAP), Simple Mail Transfer Protocol (SMTP), and Post Office Protocol (POP). In such protocols, credential information like username and password of users is transferred as plain text message, which makes it easily identi- fiable. On the other hand, there are only small number of servers that provide SSL/TSL connection for their services to protect the transfer of data and information. However, their secure connection can be still threated as a result of using the insecure protocols. For

9 Plugged-in codes

Malicious Exit Node Web Server

Figure 2.3: A browser attack using a malicious exit node. The client’s browser executes a code inserted into a Web page by the malicious exit node.

instance, a user simultaneously initiates connections using both secure and insecure proto- cols. Since both connections belong to a same user, they are multiplexed over one circuit and thus, one exit relay. In the case of deciphering the insecure connection, the leaked confidential information of user can be simply associated with the secure connection. As a solution strategy, users can be warned about the security consequences protocols such as POP can cause. Also, a port-based strategy [3] can be simply employed and block these protocols at the client side. Both solutions have been provided in Tor 0.1.2.18 and later 1. Torben attack: this type of attack utilizes two limitations in the current Tor implemen- tation to deanonymize clients [2]. Web pages can be simply manipulated to download and render content from untrusted resources. Also, low-latency anonymization networks cannot hide some characteristics of the traffic such as size of the data transmitted. This attack tries to provide manipulated content such as advertisements on a website and deanonymize users by analyzing the indicators of the Web pages that are transmitted through an established side-channel. P2P information leakage: this attack exploits the connections a Tor user establishes to a P2P system [14]. In the case of BitTorrent network, a man-in-the-middle attack can deanonymize a Tor user by manipulating the message sent by a torrent tracker to her.

1The most current version at the time of study is Tor 0.4.2.1-alpha

10 The most probable circuit

Traffic Client manipulation Server

Figure 2.4: Traffic manipulation to induct malicious entry into the circuit

Tracker maintains and updates the information of peers that torrent users should contact in order to retrieve their requested resources. This information contains peers IP addresses and their listening ports. Since the communications with peers are not anonymous, an at- tacker can insert information of a malicious peer in the list of peers, monitor the traffic through the malicious peer, and observe the IP address of the Tor user. Malicious entry induction: since the entry is the only relay that can observe user’s identity, this attack tries to induce the user’s proxy to select a malicious entry instead of adopting other legitimate relays [31] (illustrated in Figure 2.4). To do so, attacker can block traffic to other routers by manipulating administrative policies or modifying their traffic statistics to reduce their probability to be chosen. In [34], another type of attack is discussed where user as an attacker attempts to con- duct malicious activities. Hence, operating an exit relay with default policy settings can make the router be identified as the source of several malicious activities such as allega- tions of , reported hacking attempts, IRC bot network controls, and Web page defacement. This can disappoint Tor users to voluntarily operate exit relays and makes it difficult for research groups to collect the data required for their study through monitoring the exit relay traffics. As a solution, the ports which cause most number of

11 complaints on the exit relay can be blocked. However, it significantly reduces the - width required for a functional exit router and cannot be practical.

2.2.2 Server-side attacks

As discussed before, Tor provides anonymity for both clients and owners of hidden ser- vices. Attacks in this category focus on Tor hidden services with the of either deanonymiz- ing or weakening them. Padding attack: this attempt tries to find the IP address of a hidden service using malicious RP and entry. First, attacker sends a manipulated message to the IP of the hidden service which determines the RP. Consequently, IP forwards this message to the HS to build a circuit with the RP. When RP receives the reply, it sends the HS a message that contains a specific number of padding and then, terminates the circuit. This padding that will be discarded by the HS indicates the unique signature of the traffic and helps the entry identify the message sent by the HS. In other words, by analyzing the messages received by the entry, the attacker can infer whether this node has been selected as an entry router for a connection to the HS or not. Packet manipulation: this attack identifies a hidden service using a malicious user, entry, RP, and central server. First, the malicious user sends a manipulated message (which is not in compliance with the protocol) to the HS via a malicious RP. Simultaneously, she sends the timestamp of the message to a central server controlled by the attacker. As the manipulated message is received by the HS, it sends back a reply message to the user which indicates the received data was destroyed. This message should be first passed through the RP before arriving to the user. While receiving the message, RP extracts some useful information such as timestamp of the packet and sends it to the central server. Finally, using time correlation analysis at the central server, the attacker can infer the IP address of the targeted HS.

12 HS Directory

Client Server

Figure 2.5: Flow diagram of the off-path man-in-the-middle attack

Off-path man-in-the-middle: in this type of attack, the attacker owns the private key of a hidden service and mounts a man-in-the-middle attack with no need to be in the path between the user and the hidden service [44] (shown in Figure 2.5). To do so, the attacking method utilizes two relays: one as a ‘malicious’ hidden service and the other to modify the user to build a circuit with the ‘real’ hidden service and maintain the connection. The attacker first retrieves the descriptors of the real hidden service uploaded on the HSDirs and builds and maintains a circuit to it. Then, the attacker etablishes a malicious hidden service using the compromised private key and uploads its descriptor on the HSDirs. Please note that in this step, the same HSDirs are selected because the public key did not change. This consequently replaces the new descriptor with the previous real one. Now, the user’s requests to visit the real hidden service lead to retreiving the descriptor of the malicious hidden service. It is worth mentioning that Tor routing scheme dose not encrypt the con- nections to the hidden services. As a result, since the attcker still has the connections with the real hidden service, she can relay and monitor the traffic.

13 3

Literature Review

Previous research on Tor can be categorized into three classes: (1) work which has focused on understanding the security and privacy on Tor; (2) studies which focus on characterizing the Tor structure; and (3) studies on characterizing the information hosted on Tor.

3.1 Tor security and privacy

We consider these studies, operating at the traffic level, as studying Tor payloads that pass through the networks, rather than in understanding the content of these payloads or of the inter-connected structure of Tor domains. Towards understanding Tor security and privacy issues, Mohaisen et al. studied the possibility of observing Tor requests at global DNS infrastructure that could threaten the private location of servers hosting Tor services, and name/onion address of Tor domains [36]. Their characterization of the leakage indicated high volumes of leakage which are geographically distributed and target different types of hidden services. It also revealed various sharp increasing in onion request volumes which can be attributed to different geopolitical events around the world. Finally, various solutions were provided as remedy for each scenario. McCoy et al. tried to answer how Tor is (mis- )used and what clients and routers contribute to this usage [34]. They also proposed some

14 remedies to improve the implementation of Tor network. Results of traffic analyses over exit relays revealed that at the time of conducting the study, the major type of applications used over Tor is non-interactive. They also showed that protocols such as POP3, IMAP, and are regularly used in Tor. However, they are insecure as they transmit client credentials as plain text which helps malicious exit relays simply capture them. Hacking, and allegations of copyright infringement are some examples of malicious activities done through this network. Focusing on privacy of Tor hidden services, Biryukov et al. analyzed the traffic of services to evaluate their vulnerability against deanonymizing and take down attacks [9]. They demonstrated how current flaws in design and implementation of Tor hid- den services can help attackers find the popularity of a hidden service, harvest its descriptor in a short time, and find its guard relay. They further proposed a large-scale attacking tech- nique to disclose the IP address of notable number of Tor hidden services over one year. All the proposed techniques were evaluated over , DuckDuckGo , and a case of a that utilizes Tor hidden services as command/control channels. Biryukov and Pustogarov indicated how using over Tor can help man-in-the-middle attacks to fully observe information transmitted between Tor clients who use Bitcoin cryptocur- rency [7]. In particular, attacker can identify the Bitcoin blocks and transactions relayed to each user and delay or discard them. They also proposed a novel technique to fingerprint Bitcoin clients and identity them during different sessions by setting and keeping fresh an address cookie on their computers. Hence, the attacker can recognize the client even if she decides to use Tor hidden services to connect to the . In [14], Cam- biaso et al. presented an exhaustive investigation on different types of security concerns over Tor network. Based on purpose of the attack, various threats were categorized into client-side, server-side, and network attacks. Bauer et al. investigated how flaws in Tor routing optimization approach can cause end-to-end traffic analysis attack. They indicated how a low-resource attacker can deanonymize a fairly large number of entry and exit re- lays by exaggerating the amount of bandwidth its routers can provide in the network [4].

15 They evaluated the proposed attacks on PlanetLab and proposed solutions to mitigate the severity of the threats. Sanatinia and Noubir demonstrated a man-in-the-middle attack on Tor hidden services that is mounted by an attacker who knows the private key of a hidden service [44]. The attack is called “off-path” as the attacker does not have to be present in the circuit through witch client communicating with the hidden service. They also pro- posed some detection solutions which compare hidden service descriptors in two different levels. They finally proposed techniques to mitigate the effects of this threat. In another work, Sanatinia et al. investigated the longevity of Tor hidden services with respect to the privacy of Tor users and services [45]. They indicated how it is possible to estimate the lifetime of hidden services with fairly high accuracy using a small percent of Tor HSDir relays. Results indicated that near half of Tor hidden services at the time of doing the study have longevity less than 10 days and 80% have the maximum lifetime of a month.

3.2 Tor structure characterization

The topological properties of Tor, at physical and logical levels, are only beginning to be studied. Xu et al. quantitatively evaluated the structure of four terrorist and criminal re- lated networks, one of which is from Tor [50]. They found such networks are efficient in communication and information flow, but are vulnerable to disruption by removing weak ties that connect large connected components. Sanchez-Rola et al. conducted a broader structural analysis over 7,257 Tor domains [46]. Their experiments indicated that domains are logically organized in a sparse network, and found a surprising relation between Tor and the surface Web: there are more links from Tor domains to the surface Web than to other Tor domains. They also reported evidence that suggests a surprising amount of user tracking performed on Tor. Bernaschi et al. presented a characterization study on topology of Tor network graph and investigated the persistence of hidden services and their hyper- links [6]. All analyses were conducted over three different snapshots of Tor captured during

16 a five-month period. They also compared Tor with other social networks and surface Web graphs using well-known metrics. Results indicated that in Tor network, edges are more volatile than vertices and the graph presents some similarities with other types of networks while it has particular properties such as huge number of nodes with no out-going edges. Well-known models like ER are also unable to accurately represent the Tor network. In another similar work [5], Bernaschi et al. investigated measurements to evaluate and char- acterize Tor hidden services data and topology of their network. They provided a critical discussion on possible data collection techniques for dark Web and conducted analyses on the relationship between Tor English content and its topology. Focusing on deployment and mirroring of Tor hidden services, Burda et al. provided an extensive investigation on redundancy of Tor services across time and space [13]. They developed a new tool called MASSDEAL that automatically evaluates the appearance of mirrors and estimates the in- frastructural redundancy of Tor domains. Results demonstrated that market services have the less number of mirrors in contrast to other Tor services due to trust issues for their customers. And, regarding the time at which mirrors become accessible, mirrors of some services behave very similarly. Similarly, Griffith et al. investigated the graph theoretic properties of Tor network and compared it with previous analyses conducted on the surface Web. The study considers bow-tie structure, robustness and fragility against node removal, and importance of reciprocal connections in the comparisons. Results indicated that the Tor network has significant differences with the graph of surface Web, and ‘Web’ in “dark Web” is a misnomer.[23]

3.3 Tor information characterization

Towards understanding types of content on Tor, Dolliver et al. used geovisualizations and exploratory spatial data analyses to analyze distributions of drugs and substances adver- tised on the Tor marketplace [18]. Results demonstrated that drugs with European

17 sources are randomly distributed and six countries, with Canada and the United States at the top, have the major portion of drug dealing around the world. Geospatial analyses re- vealed that heroin and markets are exclusively retail-based. However, countries with pharmaceutical and chemical establishments significantly contribute to selling new psychoactive substances and prescription drugs. In another similar work [19], Dolliver and Kuhns conducted an investigation on type of new psychoactive substances sold on Agora during a fourth-month period. They also provided an in-depth analysis on the countries supporting trade of these substances on Agora. Experiments over the time revealed that in contrast to the number of total advertisements, increase in advertisements for new psy- choactive substances has slighter slope. Regarding the volume of trading new psychoactive substances on Agora, China and the U.S. are at the top. Also, over the time of conduct- ing the experiments, number of countries advertising these substances raised by over 40%. Chen et al. sought an understanding of terrorist activities by a method incorporating infor- mation collection, analysis, and visualization techniques from 39 Jihad Tor sites [15]. An expert evaluation on the proposed method indicated its high performance in investigating terrorist activities on the dark Web. Mörch et al. analyzed the nature and accessibility of in- formation related to suicide [37] by investigating the search results of nine popular search engines on Tor. Experiments depicted that in comparison with the surface Web, search- ing “suicide” and “suicide method” on Tor results in much less number of sites providing suicide-related content. And, over half of the search results are out-of-date, unreachable, or irrelevant to the suicide topic. Among the results, there are also several forum pages that discuss about pro-suicide activities which are blocked by most surface Web search engines. Dolliver crawled Silk Road 2 with the goal of comparing its nature in drug trafficking op- erations with that of the original site [17]. Experimental results revealed that Silk Road 2 is a much smaller dark market in contrast to the original Silk Road. Only near one fifth of all items for sale on Silk Road 2 are related to drug. However, 145 vendors contribute in drug dealing and it is approximately equal to three fourths of number of seller accounts

18 existing in this market. The geospatial distribution of dealers indicated that among nineteen countries performing drug trafficking on Silk Road 2, the United States is at the top of the list of both origin and destination countries. Biryukov et al. investigated the content and popularity of Tor hidden services by scanning their descriptors for open ports and looking at their request rate [8]. They also proposed a deanonymization method to identify clients of Tor hidden services. The results indicated that the content of over four fifths of Tor hidden services is in English and near half of them are devoted to drugs, adult, , and weapon topics. Botnet services are also among the most popular hidden services on Tor. In [16], Christin presented an extensive study over Silk Road for eight months to in- vestigate type of goods sold and the revenues made by vendors and Silk Road operators. Results revealed that Silk Road is dominantly a market for substances and narcotics and most items advertised on Silk Road are available for at most three weeks. Similarly, most vendor accounts become deactivated after approximately three months while the rest that contains a small proportion of vendors at the time of experiments remain active. Estimation indicated that the total revenue of vendors is roughly more than USD 1.2 million per month and the estimated commission for the Silk Road operators is approximately USD 92,000 per month. They finally concluded the discussion by explaining the economic and policy implications of the results. There are also some studies that proposed tools to support the collection of specific information, such as a focused crawler by Iliou et al. [29], new crawling frameworks for Tor by Zhang et al. [56], crawling extremist content using dark crawling and sentiment analysis by Scrivens et al. [47], and advanced crawling and indexing systems like LIGHTS by Ghosh et al. [21].

19 4

Information Ecosystem Evaluation

There is an open question whether the fundamental protections that Tor provides its users is worth its cost. In other words, the same features that provide the privacy of users also make Tor an effective tools for illegal activities and evading law enforcement. A wide range of positions on this question has been documented [50], but empirical evidence is limited to work that has crawled, extracted, and investigate specific portions of Tor according to the type of content, detailed in the Chapter3. Surveying this body of past research cannot give a holistic view on how Tor is used and its structure as an information ecosystem. This is because previous studies concentrate on a particular part of Tor and take measurements that attempt to answer unique collections of hypotheses. But such a holistic insight into Tor’s utilization and ecosystem is necessary to answer broader questions, such as: How diverse is the content provided on Tor? Is it valid to argue that Tor is used to buy and sell illicit goods and services and to enable criminal activities? Is the service structure of Tor ‘siloed’? Answers to such questions can present an understanding of the types of services and information provided on Tor, and reveal the most popular and important (from a structural perspective) services it provides. To this end, we provide a quantitative characterization of the types of services avail- able across a large swath of English language Tor Web pages. We perform a massive

20 crawling of Tor starting from 20,000 seed addresses and harvest only the HTML page of each visited address1. Our crawling resulted in over 1 million onion addresses, of which 150,473 are hosted on Tor and the remaining 1,085,960 returns to the surface Web. We concentrate on 40,439 dark Web pages belonging to 3,347 English services and augment LDA with a topic-labeling method that utilizes DBpedia to assign semantically meaning- ful labels to the information of Web pages. We further extract and investigate a logical network of English Tor services connected by hyperlinks. Since the vast majority of Tor content (84%) is provided in English [8], our work focuses on the portion of Tor pages with information in English. We summarize our findings to the following research questions:

• RQ1: How diverse is the information provided on Tor?

– We reveal that Tor services can be cetegorized into nine types. Over half of all discovered services are either directories that provide information about other Tor domains, or serve as dark markets to buy and sell goods and services. Only 24% of all Tor services are used to post, send, or anonymously explore infor- mation. We, however, find that various types of domains relate to each other in unique ways: dark markets that enable payment by forcing games on a gam- bling site; Tor domains which involve money transactions have a surprisingly weak tie with Tor Bitcoin services.

• RQ2: Is there any core service on Tor?

– An analysis based on importance measurements using centrality metrics reveals the Dream market as the most structurally important, “core” service, Tor pro- vides. Directory sites that are used to find and access Tor services have the max- imum betweenness centrality, which makes them important sources to browse the Tor network. 1For privacy purposes no embedded resources of any type, including pictures, scripts, videos, or other multimedia files, were collected in our crawl.

21 Initial Seeds

Multi-thread Downloaded Crawling HTML Files

.onion?

Yes Top-k Topic Yes Keywords per Modeling and English? Domain Labeling

Figure 4.1: Tor data collection process

• RQ3: How siloed are Tor services?

– Analyses on connectivity of Tor domains reveals that Tor services intend to iso- late themselves form the others and it makes them difficult to discover by simple browsing. This implies the need to have a comprehensive seed list of services to collect data on this network. We also find patterns that suggest competitive and cooperative behavior between Tor services based on their domain type.

To the best of our knowledge, the reports of this work are on the largest measurements of Tor that has been taken to date, and is the first to consider the relationship between Tor services conditioned on the kind of information they provide. This chapter is organized as follows: Section 4.1 presents the process for data col- lection and processing. Section 4.2 reports a broad evaluation on Tor content. Section 4.3 presents the logical structure of the services and provides the evaluation results. Finally, Section 6.2 summarizes the main conclusions.

22 4.1 Dataset collection and processing

We conducted a broad crawling of the Tor network to collect data for this work. Figure 4.1 shows this data collection procedure. We performed a multi-threaded crawler to collect the HTML source of any Tor Web page accessible by a depth-first search (up to depth 4) starting from a initial list of 20,000 Tor onion addresses. The seed list was made by concatenating the list used in a recent work [46] along those extracted by the author’s manual exploration of , Quora, and Ahima, and other major surface Web resources in the time of crawling. Although a manual list of seeds can have the potential risk of a crawl that misses parts of Tor, the hidden nature of Tor content makes it unlikely for there to ever be a single authoritative source for Tor services. We are confident that our seed list leads to a broad crawling of Tor. The reason is that: (1) The surface Web directories used in this procedure are well-known for providing up-to-date information about Tor services and are commonly used by Tor users to begin their own browsing for information. This suggest that these seeds as entry points into Tor are at worst practically useful, and at best ideal starting points to browse and discover Tor services associated with the most common usages of the service; (2) The list adapted from [46] is noted to be source often used to discover current Tor onion addresses. Moreover, the crawlers are assigned to cover all hyperlinks up to depth 4 from every seed address to make our data collection as broad as possible. Due to the rapidly changing content and structure of Tor [46], including temporary downtime for some domains, two crawlings were executed in June and July 2018. To con- trol for some variability in the up and down time of services, the union of the Tor sites collected during the two crawlings were archived for the analysis. It is worth mention- ing that we only request HTML files and follow hyperlinks, and avoid downloading the full content of a Web page. This prevents any access control polices, and crawler block- ers [54][25][51] from blocking our data collection. A total of 1,236,433 unique pages were collected across both crawlings. The collected data was further processed to filter English pages and to classify the pages as being from the surface Web or from the Tor

23 dark Web. We classified any Web page with suffix .onion as a Tor page, while the rest was considered to be from the surface. A language detection technique proposed by [20] was utilized to remove non-English onion content regardless of the value in their HTML lan- guage tag. This filtering resulted in 40,439 English Tor pages. We only focused on English pages to facilitate our content analysis. However, an evaluation of non-English pages will be the topic of our future study.

4.1.1 Tor content discovery and labeling

We performed an unsupervised content discovery and labeling procedure on the corpus of English Tor pages. Defining the content as any string outside of a markdown tag, the proce- dure runs the content of every Web page through the Latent Dirichlet Allocation (LDA) [10] and Graph-based Topic Labeling (GbTL) [27] methods to find a set of semantic labels as the broad topics of information on Tor. Each Tor service is then assigned a label by the dominant topic present across the set of all Web pages crawled in the domain.

Topic Modeling

Topic modeling is a method to uncover hidden structures within a collection of documents. By defining a topic as a group of words that often occur together, topic modeling creates se- mantic relationships among words within the same , and differentiates words based on their meaning. LDA [10] is a well-known unsupervised learning technique for this end.

It models a topic tj (1 ≤ j ≤ T ) as a probability distribution p(wi|tj) over words taken from a corpus, D = {d1, d2, ··· , dN }, of documents. Words are drawn from a vocabulary

W = {w1, w2, ··· , wM }. The probability of observing word wi in document d is calculated PT as p(wi|d) = j=1 p(wi|tj)p(tj|d). Gibbs sampling is utilized to estimate the word-topic distribution p(wi|tj) and the topic-document distribution p(tj|d) from data. The entire gen- erative process can be summarized as follows where α and β are hyperparameters:

24 2000

1500 Number of topics

5 1000 10 Coherence 15

500

0 100 200 300 400 500 Minimum document length Figure 4.2: LDA topic coherence score for different number of topic and minimum lengths of document; bold trend representing scores using 9 topics

1. For each topic t ∈ {1, 2, ··· ,T }, define a word distribution ωt ∼ Dir(β)

2. For each document d ∈ {1, 2, ··· ,N},

(a) Draw a topic distribution τd ∼ Dir(α)

(b) For each word wi (1 ≤ i ≤ K, while K is number of words in document d),

i. Draw a topic ti ∼ Mult(τd),(1 ≤ i ≤ T )

ii. Draw a word wi ∼ Mult(ωti ),(1 ≤ i ≤ K)

An important hyperparameter of LDA is the number of topics T that needs to be modeled. We set T by considering the coherence [35] of a set of topics inferred for some T , selecting the T with the best coherence score C. C is defined as a function of the n

(t) words of each ti that have the highest probability P (wj|ti). Let W = {w1, ··· , wn} be

25 the set of top-n most probable words from P (w|t). Therefore, C is given by:

n i−1 (t) (t) (t) X X Fd(wi , wj ) + 1 C(t; W ) = log (t) i=2 j=1 Fd(wj )

(t) (t) (t) where wi , wj ∈ W , Fd(w) denotes the number of documents where w emerges, and (t) (t) Fd(wi, wj) gives the number of documents in which both words wi and wj occur. Values which are closer to zero show higher coherence for the corresponding topic. T is thus cho-

(t) sen as the one that results in the smallest average C over all topics (arg min PT C(t;W ) ) T t=1 T where the summation is ran over a model fitted to T topics. A final parameter of LDA is the minimum length of a document (e.g. Tor page) for it to be considered in the coherence calculation. We choose this length empirically by inspection of Figure 4.2, which gives topic coherence scores for varied values of T and various minimum lengths of the documents where n = 10 is considered for each topic. The trend for T = 9 yields the closest value to zero for document minimum length of 50 words.

Graph-based Topic Labeling with DBpedia

The word-topic distributions from a fitted topic model are representative of semantically related words that appear in common contexts. A human expert may subsequently assign a label to each topic using manual evaluation on these distributions; however, the manual ap- proach results in a subjective, possibly biased interpretation of the topics in a corpus. Also, manual investigation over huge number of Web pages requires large amount of time and effort. To avoid any bias towards a prior knowledge and to expedite labeling the pages, we incorporate the unsupervised knowledge graph-based labeling method called GbTL [27]. GbTL uses the DBpedia knowledge graph (KG) that codifies articles and their relationships as an ontology. GbTL finds a concept, ζ, from DBpedia that would serve as a suitable label to be representative of t.

26 To choose ζ, GbTL first considers a suitability measure γ. Before defining γ, it is worth noting that any optimization over all DBpedia concepts is infeasible because of the massive size of the DBpedia ontology. Instead, GbTL defines a candidate set of possible

labels for the topic t. The candidate set for t contains all vertices in the subgraph Gt =

(Vt,Et) of DBpedia where Vt indicates the set of concepts with labels identical to any word

(t) in W along with their directed first- and second-degree neighborhood and Et shows the

links among all concepts in Vt. Choosing the second-degree neighbors is based on [27] that found this setting to produce a sufficiently large candidate set of labels without adding any unrelated ones. Since labels of topics can be considered as assigning categories to the topics, we limit the subgraph relations to those with types rdfs:type, dcterms:subject, skos:broader, skos:broaderOf, and rdfs:sub-ClassOf. The suitability γ of each concept

ζ in Vt is computed based on its Focused Random Walk Betweenness Centrality [27] which measures the average amount of time it takes for a random walker to arrive at some node starting from any other node in a network. It is computed as below:

1. Assume L = D − A as the Laplacian of Gt where A indicates the adjacency

matrix of Gt and D shows its diagonal degree matrix.

2. Arbitrarily remove a row and its corresponding column from L and then invert it. Define T as this inverse with a row and column vector of zeroes inserted at the same index the row and column was removed from L.

3. Define γ(ζ, t) as below:

 P xy Ii  (t)  vx,vy∈W ,x

27 Table 4.1: List of 10 most probable words per topic and their label Label top-10 words Directory Search, , Address, Tor, Browse, URL, Directories, Link, Site, Dir Bitcoin Btc, Bitcoin, , Transaction, Wallet, Deposit, Coin, Buy, Anonymity, Hidden News Information, Newspaper, News, Tor, Events, Censorship, Web, Press, Tor, Comment Email PM, Privacy, Massage, Mail, GPG, , AES, Webmail, IRC, Darkmail Multimedia Copyright, , Video, Music, Free, , , TV, FLAC, Paper Shopping Supplier, Market, Hidden, Commerce, Product, buy, Order, Price, Marketplace, Money Forum NSFW, Invite, Friend, Group, , Private, BBS, IM, Chat, Forum Gambling Online, Gambling, game, Casino, Lottery, Roulette, Table, Value, Money, Play Dream market Marketplace, Online, Buy, Register, Dream, Support, Hidden, Account, User, Tor

xy where Ii is defined as:

(xy) 1 X I = A |T − T − T + T | i 2 ij ij iy jx jy vj ∈Vt

where i is the index of A corresponding to ζ and, is the value at row a and column b of T . As DBpedia is a semantic graph, we assume vertices that play an important structural role in the graph should represent a concept which binds together the concepts in W (t). We use arg maxζ γ(ζ, t) as the label of topic t. We generated the topic models and derived their subsequent labels for the 7,782 En- glish Tor Web pages that have more than 50 words. These 7,782 pages come from 1,766 unique onion domains and indicate the data we consider in the analyses of our study.2

4.2 Content evaluation

Each domain’s label was assigned based on the dominant topic of all of its Web pages. Applying LDA to this set of documents resulted in a set of 9 topics. GbTL labeled these topics as: Forum, Shopping, Bitcoin, Dream market, Directory, Multimedia, News, Email service, and Gambling. Table 4.1 presents the 10-top words per topic (10 most probable

2In the remainder of the chapter, for sake of brevity we will refer to the set of English Tor domains as simply ‘Tor’ or ‘Tor domains’.

28 News Forum 30 40 20 20 10 0 0 Bitcoin Drug politics Drugs Hacking Weapons Tor security/Hacking MiscellaneousSexual health Dark net markets Tor services and directories Tor andTrusted its services Tor domains Multimedia Shopping

75 10

50 5 25 0 0 Articles Music Drugs Gold Miscellaneous Movies Digital device Miscellaneous Forgery services Money transfer Game/Cracked Hosting Tor services Figure 4.3: Services provided by news, multimedia, forum, and shopping domains

words). Supplementing this with a manual evaluation of the HTML source of Web pages in each domain yield a better understanding of the meaning of each topic. For services where we found a number of sub-types identified (e.g. a shopping service providing particular kinds of goods or services), we provided a count of sub-type frequencies and showed them in Figure 4.3. We elaborate on our evaluation of each kind of service below: Shopping: (359 domains [20.32%]) Shopping services allow customers to purchase goods and services, including drugs, medicine, consultancy, and investment. We found that shop- ping services are dominantly used for transfering money and buying Visa cards, cards, and Bitcoin. Drugs, pornography, hosting Tor services, and forgery services are other kinds of popular services provided on shopping domains. The rest includes Web pages for pur- chasing a various goods such as mobile phones, computers, movies, and even gold. Bitcoin: (83 domains [4.7%]) Bitcoin domains are commonly used for Bitcoin transactions and fund transfers to wallets. Tor Bitcoin services have varied differences in the registration

29 process, limitations on the transaction fees, the security platforms, and fees compared to surface Web counterparts. Dream market: (235 domains [13.3%]) One shopping service so large that it merited its own category is the Dream market. Its pages provide a varied range of information available for sale, including drugs, stolen data, and counterfeit consumer goods. Many Dream market pages collected includes login and registration forms which limited further access for our crawlers. Directory: (445 domains [25.19%]) Onion addresses are meaningless combinations of digits and characters that are hard to memorize. Moreover, most services may disappear after a while or move to new addresses [46]. It is thus no surprise to observe directory services as dominant in our analysis. Directories are a common and convenient way to find Tor services even without knowing their names or addresses. Directories include huge lists of .onion addresses of dark domains. Multimedia: (46 domains [2.6%]) Multimedia domains provide services to download or purchase multimedia sources such as e-, movies, musics, games, and academic and press articles without copyright restrictions. Among all multimedia services, we found 28% to exclusively offer articles and e-books while 22% provide free download of music or audio files, and to even obtain login information for stolen TV accounts. The rest provides resources like hacked video game accounts, cracked software, and a mixture of the above. Forum: (111 domains [6.3%]) Forum services host bulletin boards and social networks for Tor users to share ideas and topics. 72% of all forums have a range of topic discussions such as information on Tor, hacking, sexual health, dark net marketplaces, weapons, and drugs. Some forums require payment via Bitcoin to register. News: (183 domains [10.36%]) News domains host Web pages similar to personal we- , authors write essays and visitors post follow-up comments. To contact post authors, links to Tor e-mail domains are also included for the visitors. Content of current Tor ser- vices is provided by most news domains, along with politics, Bitcoin, drug, and Tor security

30 445

400 359

300

235

200 180 183

124 111 100 83 46

0

Bitcoin Email Forum News Directory Shopping GamblingMultimedia Dream market Figure 4.4: Topic distribution of Tor domains

related posts. Email service: (124 domains [7.02%]) Email services provide communication tools such as email and chat rooms. Email services differ in term of the encryption protocol, the advertisements for other services, and policies to maintain user log files. Results indicate that several email domains utilize secure protocols like SSL, AES, and PGP to secure user accounts and messages. IRC-based chat rooms are also popular and some email services need recurring subscription fees. Gambling: (180 domains [10.19%]) Gambling domains provide services to bet money on games, purchase gambling advice and consulting, and access gambling-related news. Gambling services have a number of links to payment processing options such as Ethereum, , DASH, Vertcoin, Visa, and MasterCard. Figure 4.4 presents the distribution of topics assigned to each Tor domain. It shows how directory, shopping, and the Dream market domains dominate English services on Tor (accounting for 58.83% of all domain types). This suggests that Tor’s main utility may be to browse information and shop on marketplaces that require anonymity. In contrast, domains for free exchange of ideas and information represented by Forum, Email, and News sites, account for just 23.66% of all domains. It should be noted, however, that services used in

31 Table 4.2: Summary statistics of the domain network Statistic Value Domain count (|V |) 1,766 Hyperlink count (|E|) 5,523 Mean degree (k¯) 12 Max degree (max k) 389 Density (ρ) 0.0064 W.C.C. Count (|Cw|) 25 S.C.C. Count (|Cs|) 756 w Max W.C.C. Size (max Ci ) 955 (54%) s Max S.C.C. Size (max Ci ) 13 (0.73%)

countries that most benefit from the freedom of expression on dark Web may not be well- represented in our data. Gambling domains represent a surprisingly large (10.19%) portion of domains which suggests that people may currently be turning to Tor to play online gam- bling games which are otherwise illegal in many countries around the world. Finally, and perhaps surprisingly, Bitcoin and multimedia domains respectively constitute the smallest proportion of English Tor domains. We initialy expected to find Bitcoin domains popular given the prevalence of the Dream market and shopping domains as purchases are made via . We postulate that sites having a Bitcoin domain may host wallets, search a blockchain, or be marketplaces that covert currency to Bitcoin. Such services hence may only require to be visited infrequently. Furthermore, the mainstream popularity of Bitcoin has led to reputable surface Web services which provide similar Bitcoin services.

4.3 Domain relationships

We next examine the structure of relations between different information sources on Tor. Such structural analyses focus on the inter- and intra-connectivity of domains on Tor given the kind of information they host. We build a graph where nodes are services and a directed edge represents that a page in a domain has a hyperlink to a page in another domain. Table 4.2 shows simple statistics on the connectivity and connected components of

32 Figure 4.5: Network of domains with degree > 0

the graph to make sense of the structure visualized in Figure 4.5 (note that all domains with degree 0 are excluded from the figure). The network is sparse, with only 5,523 undi- rected edges among 1,766 services and a network density of ρ = 0.006. The network has

w w |C | = 25 weakly connected components, W.C.C., with the largest one, max Ci , having 955 services (54% of all vertices). This is somewhat surprising as for many sociotechno- logical systems including the surface Web, the hyperlink graph exhibits a single massive connected component where the vast majority of all nodes participate in [12]. This sug- gests that the underlying linking process between websites is basicly different than in most sociotechnological networks. In other words, rather than encouraging connections to make information dissemination easier, the modus operandi of Tor service owners may be to discourage linking to other domains, so that information on this “hidden” Web becomes difficult to arbitrarily discover and disseminate. This hypothesis is further supported by considering the set of strongly connected components Cs. We measure |Cs| = 756 and

s max Ci = 13 which suggest that an extraordinarily small number of domains collectively

33 Figure 4.6: The Tor domain network. Panels 1 through 9 each highlights the incoming and outgoing edges of a particular domain. The figure is best viewed digitally and in color.

w w co-link with each other. It may be the case that the relatively larger |C | and max Ci are simply caused by directory websites that offer links to a variety of other domains. These interesting deviations from other kinds of Web graphs collectively suggest that services on Tor may be intentionally isolated and difficult to discover by simple search. The small maximum connected component size speaks to the need of a broad seed list of services for any comprehensive crawling of Tor.

4.3.1 Connectivity analysis

We now investigate hyperlink relationships across services, within domains, and the ten- dency of domains to link to domains with similar services.

34 1:Shopping 2:Bitcoin 3:Multimedia 50 100 40 200 30 50 20 100 10 0 0 0

Bitcoin EmailForum News Bitcoin EmailForum News Bitcoin EmailForum News Directory Shopping Directory Shopping Directory Shopping GamblingMultimedia GamblingMultimedia GamblingMultimedia Dream market Dream market Dream market 4:News 5:Gambling 6:Dream Market 100 75 75 2000 50 50 1000 25 25 0 0 0

Bitcoin EmailForum News Bitcoin EmailForum News Bitcoin EmailForum News Directory Shopping Directory Shopping Directory Shopping GamblingMultimedia GamblingMultimedia GamblingMultimedia Dream market Dream market Dream market 7:Directory 8:Forum 9:Email 100 200 75 100 50 100 50 25 0 0 0

Bitcoin EmailForum News Bitcoin EmailForum News Bitcoin EmailForum News Directory Shopping Directory Shopping Directory Shopping GamblingMultimedia GamblingMultimedia GamblingMultimedia Dream market Dream market Dream market

Distribution: In-degree Out-degree Figure 4.7: In/out degree distribution of each community

Inter-connectivity

To examine the relationship between specific domains, we redraw the network with a new layout where nodes are spatially grouped in a grid by their service kind in Figure 4.6. Figure 4.7 also lists the sum of in- and out-degree from each community to every other community. There are some notable relations observed in the two figures. For example, there is a small number of outgoing edges from shopping to gambling services (Panel 1 of Figures 4.6 and 4.7). Manual investigation of these relations reveals that some shopping services offer clinets with a method of payment by gambling, where a client and seller both play an online game to determine an amount of payment. Shopping websites are also isolated from the Dream market, perhaps to keep some distinction between their services and the largest marketplace on Tor [17]. Another interesting observation is that there is a few number of edges from shopping to Bitcoin. Manual investigation reveals that in addition to some shopping services providing in-person cash payment, markets that use

35 cryptocurrency for payment intend to link to providers on the surface, thus explaining the small number of out-going edges from marketplaces to Bitcoin domains. Directory (≈ 53%) and email (≈ 32%) services have dominant number of links to Bitcoin domains (Panel 2 of Figures 4.6 and 4.7). This defeats our intuition that marketplaces, the Dream market, and gambling domains would have been services most reliant on Bitcoin services. We also examined the email domains having edges to and found that many email services on Tor charge customers for private messaging or suggest a donation be made via Tor Bitcoin services. The sparse relation between multimedia and Bitcoin domains are due to the fact that some multimedia domains charge customers for their services, and of those, many use surface Web cryptocurrency providers. Other insights can be gleaned from the carpet and inter-domain degree distributions. For example, the outgoing edges from Dream market domains (Panel 6 of Figures 4.6 and 4.7) reveal that this marketplace has very few incoming or outgoing edges to other services. Incoming links dominantly originate from directory, email, and forum services and it could be a byproduct of forum threads and email links to the Dream marketplace. Hence, the Dream market appears to be especially siloed on Tor. The outgoing edges from directories (Panel 7 of Figures 4.6 and 4.7) show that a large set of directories may be sufficient to include domains across all major Tor domains. For more insights into the inter-domain relationships of Tor services, please refer to our related work in [53].

Intra-connectivity

Next, we examine the connectivity within each service to evaluate how tightly knit and accessible particular kinds of Tor services are among each other. This can show how often domains encourage their visitors to visit other domains having similar kinds of services. Figure 4.8 visualizes all intra-domain connections for each service type. Perhaps unsur- prisingly, the Dream market services are tightly connected compared to others: only four connected components. Shopping domains are almost entirely disconnected from each

36 1:Shopping 2:Bitcoin 3:Multimedia

4:News 5:Gambling 6:Dream Market

7:Directory 8:Forum 9:Email

Figure 4.8: Intra-relations within domains

other, revealing that dark markets may intentionally disassociate themselves with others. Gambling, multimedia, and Bitcoin domains are similarly disconnected, reflecting a com- petition for visitors within services. On the other hand, email, forum, and directory services are all exhibited as a single large connected component. This observation implies that in email and directory communities, domains have more support from each other and refer their customers to other similar providers. News domains have a larger percentage of iso- lated domains that implies most of the news services work independently from each other.

37 Table 4.3: Modularity score of each topic community Community M Dream market 0.452 Directory 0.068 Forum 0.034 Email 0.032 Gambling 0.024 News 0.019 Multimedia 0.017 Shopping 0.012 Bitcoin 0.002

Modularity

Finally, we invetigate the modularity of the network to gain an insight into the relations between the inter- and intra-domain connectivity given the service type of the domain. A domain has high modularity if it tends to link to domains of the same service type, and low modularity if it tends to link to domains with different type of services. Assuming M indi-   1 P didj cates the modularity of a vertex [55], it is defined as M = 2|E| i,j Aij − 2|E| ∆typei=typej where A is the network adjacency matrix where Aij = 1 if vi and vj are adjacent. di and dj are also the undirected degree of nodes i and j, and ∆E shows an indicator, returning 1 if statement E is true and 0 otherwise. According to Table 4.3, Dream market domains exhibit highest modularity by a wide margin. This reinforces the idea that Dream market services are largely siloed from all other domains in the Tor network. Directories have lower but non-negligible modularity which leaves the impression that directories weakly cooperate by linking to each other. The rest has substantially lower modularity; thus the majority of Tor services strongly prefer to link to other types. This suggests that Tor domains prefer to remain isolated within their community of like domains, electing not to link to domains that offer the same type of information or services.

38 4.3.2 Importance analysis

We further examine the “importance” of domains using various measures of network cen- trality. The centrality analysis is only conducted over domains with in- or out-degree ≥ 1.

Figure 4.9a indicates the CDF [52] of betweenness centralities, bc, of domains. It reveals how virtually every Tor domain has a betweenness centrality near or lower than 0.05. In fact, there are only 6 domains with betweenness centrality greater than 0.05. These do-

mains are the directory HiddenW iki (bc = 0.4), the Email domain T orBox (bc = 0.17) and V F Email (bc = 0.06), a Dream market domain (bc = 0.07), and two directories in the T orW iki domain (bc = 0.19 and 0.11, respectively). This finding implies that an at- tack, removal, or failure of such directories may directly impact the number of Tor domains which are reachable by a casual browsering of this dark Web. These directories may further be crucial entry points for crawlers seeking to map the structure of Tor. 1.0 6 8 0 50 150 250 350

0.00 0.01 0.02 0.03 0.04

0e+00 2e+06 4e+06 6e+06 2.05e-05 2.10e-05 2.15e-05 Density Density Density 0 2 4 0e+00 1e+05 2e+05 3e+05 4e+05 0.0 0.2 0.4 0.6 0.8 0.0 0.1 0.2 0.3 0.4 0.0 0.2 0.4 0.6 0.8 1.0 0.0e+00 5.0e-06 1.0e-05 1.5e-05 2.0e-05 Betweenness centrality Eigenvector Centrality Closeness centrality (a) Betweenness (b) Eigenvector (c) Closeness Figure 4.9: Centrality distributions

Figure 4.9b visualizes the distribution of eigenvector centralities across Tor. A his- togram is used rather than a CDF plot to better indicate the variability between centrality values. Eigenvector centrality [55] illustrates the structural importance of a vertex as a func-

tion of the importance of its neighbors. The eigenvector centrailty of vertex vi is defined as the ith component of the eigenvector of the adjecency matrix A whose corresponding eigenvalue is largest. The result reveals a heavily skewed distribution of eigenvector cen- tralities where a majority are close to zero. Further investigation indicates that all domains

39 with eigenvector centrality ≥ 0.2 are part of the Dream market. Dream market is placed as the most meaningful Tor domain by a wide margin due to the naturally developed organi- zation of Tor’s domain structure. This establishes the Dream market as the “core” service in Tor. Regarding the inlet of Figure 4.9b which gives a sense of the distribution for the remaining domains, the distribution exhibits the especially low eigenvector centralities of a number of modes corresponding to connected components of the network, disconnected from the Dream market. Figure 4.9c reveals the distribution of closeness centralities. Like eigenvector, there is again a division of domains: those with extremely low or high scores while here the major- ity of domains has very high closeness centrality. It is interesting to find that most domains exhibit a high closeness centrality in spite of the intra-connectivity analysis (Section 4.3.1) which suggests that the intra-connectivity of Tor domains is sparse and has a small largest W.C.C. This outcome is likely the product of the directories HiddenW iki and T orW iki with high betweenness centrality that enables many pairs of domains to be few hops away from each other via these directories. This emphasizes the central importance of directo- ries to connect Tor pages across domains, and the fact that Tor domains tend to remain undiscoverable without directories.

4.4 Chapter summary

This chapter presented a broad overview of the content of Tor domains captured in a large crawling of Tor. The chapter makes revelations about the particular domains of services hosted on Tor and the structure between and within such domains. Content analysis us- ing measures of topic coherence and label suitability revealed nine principal types of do- mains. Over half of all domains provide directories or marketplaces to purchase goods, with money transfer, drugs, and pornography servicing as the most popular types of the dark marketplaces. Less than one fourth of dark domains are used for communication or

40 releasing information to public. Our analyses identified the Dream market as perhaps the ‘core’ service of Tor since they exhibit especially high closeness and eigenvector central- ities. Directory services also play an important role as the crucial entry points for casual browsing or crawling the Tor network. The connectivity analyses of the Tor network indi- cates its structure sparse with a small size for the largest weakly connected component. It also reveals the tendency of dark domains to remain isolated, which makes them difficult to discover by simple search in this ecosystem. Patterns in the intra-connectivity structure are further indicative of levels of cooperation and competition.

41 5

Information Leakage Assessment

Tor users can directly access this network using a Tor Web browser that provides anonymity while browsing the Internet. In addition, users may use Tor proxies such as that alleviate the need to install the Tor Web browser. The main goal behind designing such proxies is to encourage more surface clients to connect to Tor by alleviating the way to connect to it. With a proxy, the user types the hostname of Tor onion address in a regular Web browser and replace ‘.onion’ with ‘.tor2web.io’. Then, tor2web, as a ‘middleman’ between the user and the hidden server, retrieves the requested data from dark Web and forwards it to the user. Hence, the knows the IP address of the user and can monitor the traffic. The user, therefore, should decide between her security and the convenience in connecting Tor. The fact that Tor proxies do not guarantee the privacy of clients as Tor browser does is warned by original website. But there is another privacy issue that arises when dark Web services import resources from the surface Web: if the content requested by the user contains any hyperlink to surface websites, their addresses will not be rewritten by the Tor proxy [46]. In this way, not only the proxy server, but also the Web browser utilized by the user can monitor the traffic and log her confidential information. In other words, this problem arises because users do not follow the recommended approach for visiting the

42 hidden services (to connect via the Tor browser). This information leakage is a privacy threat that attributes to the connections onion domains have with the surface Web [46]. There are two third-parties that can take advantage of this information leakage: (1) destination domains on the surface Web. As user’s traffic can be monitored by the Web browser, the destination domain is able to find the identity of the Tor user. A related work reports , , and can respectively monitor 13.20%, 1.03%, and 0.88% of the traffic towards Tor hidden services [46]. (2) A malicious hidden service simply links to a surface website, both controlled by the same attacker, and monitors the traffic of clients who visit this surface website using Tor proxies. The rise in the number of hyperlinks from dark domains to surface websites consequently raises the probability of information leakage in both scenarios. In spite of recent attempts to discover privacy concerns triggered by linking from dark to surface Web [46] and to investigate the reference network of domains in Tor, there has been no work on characterizing the network of references from Tor to surface Web. Studying this interface could give hints on how to improve the design of Web pages of Tor domains to avoid the information leakage. From the perspective of a hidden service owner, designing the Web pages of a hidden service in a way that it does not contain any potential of this information leakage can encourage the users to trust the provided service. This could be important especially for marketplaces on the anonymity networks where competition for attracting clients has a permanent importance. In this chapter, by emphasizing on the information, we consider the potential for this information leakage on the Tor network. To do so, we examine the relationship dark Tor domains have with surface websites using well-known network measurements. We analyze how this tie can change the structure of linking between Tor services. To investigate the interaction between the structure and information, the analyses also provide reports with regard to the type of service and information provided by the Tor domains. Our findings indicate that, in contrast to the linking structure of Tor domains, the ref-

43 erence network of Tor domains to surface websites is a small world where most resources participate in a single massive connected component with a small number of isolated Tor domains. Investigation on neighborhood diversity of Tor domains indicates only a few Tor hidden services are immune against information leakage caused by linking to surface Web while over 90% contain at least one link to the surface. Moreover, in spite of the fact that dark domains intend to remain isolated, linking to surface raises their tendency to cluster. We also evaluate the types of services Tor domains provide and find that popular Tor direc- tories have the maximum proximity to Web resources and significantly contribute to both communication and information dissemination through the dark-to-surface network. A few domains with other types of services including news, forums, pornography, and multimedia have also significant role in propagating information through the network. Analysis on the degree distribution shows popular surface websites such as GitHub, Twitter, and Facebook also receive large number of references from dark domains which indicate that they are popular even among Tor services. To the best of our knowledge, this study reports on the largest measurements of Tor reference network taken to date, and is the first to study the relationship between Tor do- mains and the surface websites. The main goal of collecting data for this work was to ensure that the set of collected dark services can represent the real behavior of Tor hidden services in referencing to the surface Web. This chapter is organized as follows: Section 5.1 presents the procedure used for data collection and provides description and basic statistics of the data. Section 5.2 investigates linking process of Tor services to dark/surface resources and analyzes the reference view of Tor services using well-known network metrics. Finally, Section 5.3 summarizes the main conclusions and discusses the future work.

44 Multi-thread Downloaded Initial HTML Files Seeds Crawling

www.luusa.org jobportal.99gi.ga www.planet-traffic.com gcardscr6zwjya2s.onion criptocoin.gymhost.com.br users.systemli.org multi-vpn.biz manitu.de hcwyio655r2m3mvytp4krn4u3ttjggrnmlpkbykxvc3nc5u3kcuhsjid.onion www.clixsense.com gcardstguk366hru.onion press.albin.gq vap65fi7vo4az4dnq6qpooikg3qkakxqw2xllfsukpe5o6g3kocfsvyd.onion oss7wrm7xvoub77o.onion serve.williamhill.com www.etoy.comwww.thejetty.com.au worketic.99gi.ga dannyayers.com linuxbierwanderung.org festore-dumps.ru jobportal.albinxxrvcqoq4cz.onion:8083 serve.joylandcasino.com rliqc2nfxfocwt6q.onion www.lugbz.org 99gi.ga microlancer.99gi.ga www.mercadobitcoin.com.br lln.udev.orgwww.karlstadunix.nu gcardsmfp2ub6bwt.onion www.waag.org10th.debian.or.jp worketic.albinxxrvcqoq4cz.onion:8083 adserving.unibet.com ccgoldchgewmd5kz.onion www.belug.de www.albin.gq xdedic.biz dfasyuoatwcchfgd.onion www.old-emerald-isle.de adlinkfly.99gi.ga 54ce5x7l4m3t2spm.onion buug.de www.favorite-casino.com h2qkxasmmqdmyiov.onion www.fede-ulg.orgwww.hhlug.dewww.ivt.com.au blue3237xytrz5rk.onion:8083 opensolution.org hdjd6wv7hjngjhkb.onion 5nwssk6i3564lxafg5sc3ccpsaenptntxjkmcnzf6y7xb6iwrqrgb5qd.onion .gabrovo.com bemusic.albin.gq 5wupyyzf4tcuicun.onion www.debian.or.jpoclug.on.ca torgle5fj664v7pf.onion www.plus500.com bad.debian.net trump-dmps.ru castorticker.de plug.phoenix.az.uswww.mexicalirose.com.auwww.bxlug.be albinxxrvcqoq4cz.onion buyccoq36hlj6etg.onion debian-sv. adlinkfly.albinxxrvcqoq4cz.onion:8083 krypto.99gi.ga creditlwkdnptwla.onion 34kazh42qxxm7c6cephtycncax34tqnooxu6t326mvgdf3yignapbaqd.onion ursine.ca www.liqpaycasino.com www.debianmexico.org tmail.albin.gq slilpp.org www.penguin.cz krypto.albinxxrvcqoq4cz.onion:8083 serve.eurogrand.com starcomproj.com ggqnzuk27367qpvjrkgvc7ywozpnvhpk7pjap6eyg6trhkohbnda6wqd.onion membres..fr woocommerce.com codebin.albin.gq gcards7xd3x5fqmy.onion www.entropia.de www.karamba.com dlnfeuawnyh5fjlc.onion www.systemli.org uas-shop.ru microlancer.albinxxrvcqoq4cz.onion:8083shortme.99gi.ga gostats.com game.albin.gq www.megamoneygames.com www.aklug.org me6juzsbhkt5244k.onion b5tearqs4v4nvbup.onion tgs5dkeqkg5hrjjk.onionshortme.albinxxrvcqoq4cz.onion:8083 7244rqnvwo6bqpvw.onion

books.albin.gq beancoin.99gi.ga 5zkfuvtrpotg2nzd.onion press.albinxxrvcqoq4cz.onion books.albinxxrvcqoq4cz.onion sipgate.de etherpad.org j7652k4sod2azfu6.onion shopopd7gjuo5kqr.onion www.irs.gov smstrade.de systemli.org

fsfe.org

kowloonqle4sb2c7.onion www.cutercounter.com

www.hostway.comwww.linuxiskolen.no www.ubuntulinux.org www.progeny.com www.intel.com tui7xt7eap3stsbb.oniondjkiri5jiruhxv7u.onion www.netapp.com www.univention.dewww.linux-ag.com ytxlukk2plqbh2mg.onion www.coss.fi www.ropecon.fi www.-magazine.com wfgtmn3anjbvyebz.onion minerlock.com www.hut.fi 6d7e7jfpgriqyj43.onionejff4qtnzhfwyahc.onion www.linux-aktivaattori.orgwww.damicon.fi

www.movial.fiwww.nokia.com www.valinux.co.jp www.bitcoinabc.org www.netcraft.com .zeit.de coinatmradar.com

the.earth.li www.ebook.de www.uk.debian.org upload.derwesten-recherche.orgdownload.derwesten-recherche.orgreservistenverband.de www.amazon.de gulfnews.com www.guardian.co.uk vpacxea7vj3dff3c.onion www.jabber.org httpd.apache.org 3m2tlhjsoxws2akz.onion www.buecher.deswp-berlin.orgwww.diw.dewww.soukmagazine.de www.carlsen.de wk6nc6liyporkjtp.onion www.opendatacity.de www.linspire.com www.virustotal.com isaf.nato.int www.otto-brenner-preis.de ahde54pibrd3ddlx.onion derwesten.de www.hp.com augengeradeaus.netsoldatenglueck.debundeswehr.de 3ug6mfk3yeumvqnv.onion vincent.bernat.ch#using-origin-validation-in-the-datacenter www.p2k2sms.nl nachtwei.de www.randomhouse.de earthqfvaeuv5bla.onion review.opendev.org newiomdqqdgtblp7.onion www.softwarelivre.org www.derwesten.de www.zeit.deaan-afghanistan.com www.lucky-lucas.com oskuro.netwww.docker.com www.oreilly.com www.spamcop.netwww.projecthoneypot.org wardocumentaryfilms.com words.bombast.net www.netsplit.com defense.gov freelotto.su www.aurumage.com scons.org www.xandros.com www.bundeswehr.de help.github.com www.linuxmall.com.br www.egopaycasino.com docs.gurock.combugzilla.opensuse.org esiweb.org twitter.github.comwww.derwesten-recherche.org www.dradio.de member.wmrcasino.com .derwesten-recherche.orgcimicweb.org www.5centcasino.com retrofilmvault.comcmake.org blog.zouish.org www.rocker-project.org www.4linux.com.br mako.yukidoke.org afghanopoly.wordpress.com books.google.de wlpinnaclesports.adsrv.eacdn.com www.smbc-comics.comenc.com.auwww.cncf.io langui.sh kmuto.jp www.dw.detcf.org www.spiegel.de www.online-shans.com debconf20.debconf.org savannah.nongnu.org docs.nucleuscms.org www.alibris.co.uk www.perfectmoney.com www.raspberrypi.orgartinvoice.husoftware.opensuse.org bora.uib.no wiki.nucleuscms.org wlpinnacle.adsrv.eacdn.com tianon.github.io pogomr6vxxpemc35.onion.link nucleuscms.org ag-afghanistan.de www.zend.com stat.ethz.ch www.lysator.liu.se www.stern.de www.opensuse.orgwww.rust-lang.org flathub.org .mozilla.org member.wmr-ruletka.comwww.wmr-ruletka.com nico.dorfbrunnen.eu groups.io cynic.cc www.debconf.org skins.nucleuscms.org vincent.bernat.ch#build dev.nucleuscms.org engineering.nyu.edubrave.com www.quaxio.com qa.debian.org 56k.bevandereecken.me www.i.ua www.freexian.com manpages.debian.org forum.nucleuscms.org member.grand-ruletka.comwww.grand-ruletka.com www.mythic-beasts.comwww.econ.uiuc.edu debdelta.debian.net larsjung.de mltplanet.livejournal.com fsf.org www.scambs.gov.uk flossexperiences.wordpress.com www.wellingtonconventioncentre.co.nz plsdrctme.comwww.casino-mustang.comwww.boca-chica-casino.com existentialcomics.com afgpap57xxbir6xd.onion by5oe7gmrt3pmn7p.onion .org www.lca2010.org.nz www.net.in.tum.de dkg.fifthhorseman.netwww.christophsax.combuildinfos.debian.nettanguy.ortolo.eu ttroxell.livejournal.com ukjlovmbuw25gddi.onion ejinouevsdwsjdbb.onion pusling.com raphaelhertzog.comdebian-administration.orgddumont.wordpress.comblog.floopily.org www.ports.debian.org art.remoteshaman.com www.hrizolit.netcasino-wmz.com blog.freesources.orgroland.entierement.nuwww.linuxfoundation.org fantana-inform.com lists.reproducible-builds.org www.credativ.dewww.curitiba-parana.netwww.owasp.orgblog.kleine-koenig.org www.zcarot.com debianjp.connpass.comissues.apache.org arnaud.quette.fr henrich-on-debian.blogspot.com distrosummit.org eozm6j6i4mmme2p5.onion koipond.org.uk blog.surgut.co.ukwww.4949.dejoeyh.namewww.jabberwocky.com www.diamond777.org www.1russianbrides.com wiki.c2.com vincent.bernat.ch#fnref-easyvincent.bernat.ch#fn-assetvincent.bernat.ch#fnref-asn dtavn4vwaaib4ebh.onion linux.bytesex.org www.hrizolit.com mateusbellomo.wordpress.com www.robster.org.uk eeblrw5eh2is36az.onion www.mysql.com sequoia-pgp.orgsrc.fedoraproject.orgteythoon.cryptobitch.de mld-olaeb.info member.ruletka-vulkan.com www.uib.no www.earth.li arthurmde.mesathieu.wordpress.com journal.wjsullivan.net www.casino-wmz.com tretkowski.de current.workingdirectory.net patreon.com albionahoti.com gsocdebian.wordpress.comdebianmed.blogspot.com vincent.bernat.chwww.joachim-breitner.dewww.advogato.org saltpack.orgjonathancarter.orgwww.hanskalabs.net 2v2kdt6x2xqcxams.onion www.web-date.co.uk www.mrlovenstein.com lintian.debian.orgdktrkranz.wordpress.combreakingmalware.com shop.lego.comlarjona.wordpress.com beets.radbox.org u76xgym22s4adf55.onion rswwpapessp3xxpw.onion subsole.org blog.ayous.orgframasoft.orgwww.sourceguru.net monopoly.mswww.host-tracker.com www.vbulletin.com www.science-community.org www.ibm.com www.esaurito.netuberspot.github.iowww.simonrichter.eu www.wumingfoundation.com ilmanifesto.info vincent.bernat.ch#fn-end k1024.orgwww.infodrom.orgblog.legoktm.comvincent.bernat.ch#configuring-junoswww.cisco.com java.debian.net 2ljaiqrixmmzbda3.onion verschwoerhaus.de www.bigmir.net vincent.bernat.ch#using-third-party-toolshub.cosmos.network people.skolelinux.org damog.net darwinsys.com err.no sky-fraud.ru commitstrip.com blog.taz.net.au vincent.bernat.ch#loggingekaia.org copyninja.infoguadec.org costela.net skyfiles.me www.ippolita.net nr1.h.apk.li member.diamond777-casino.orgwww.diamond777-casino.org bip32jp.github.io lists.opensuse.org advogato.orgbuildinfo.debian.net www.pylint.org spwhitton.name sylvestre.ledru.infomatrix-team.pages.debian.netlists.r-forge.r-project.org cavallette.noblogs.orgwww.dirittiglobali.it www.piwigo.org meccashop.net lkxwfeqbfxm3zsan.onion honk.sigxcpu.orgwww.milliways.fr mirrorlynx.livejournal.comdiziet.dreamwidth.orggsoc.sitedethib.com MrGreen.ws24ilmagazine.ilsole24ore.comwww.emiliocarnevali.it mecca.bazar xsunblog.blogspot.compiotr.galiszewski.pldebblog.philkern.deefail.de 0x1f1f.wordpress.comtracker.debian.org bestvalid.cx www.ilfoglio.it alpinelinux.org blog.tenstral.net www.donarmstrong.comeferdman.github.iowww.sorced.comwww.spectranaut.ccstringpiggy.hpd.io blog.mycre.wswww.freevec.org log.cyconet.org:443paul.luon.net jonnylamb.com blog.mister-muffin.debird.network.cz blog.snow-crash.org bbs.cybervalley.orgblog.ilmanifesto.it shackspace.deblog.apk.liwiki.freifunk.net 6zuezcgelrmq3e7i.onionsm2v5hypdns3cfvn.onion coinb.in blog.golang.org wiki.hands.com matthope.nettech.michaelaltfield.netsfconservancy.orgmbanck.livejournal.com www.infoaut.org smbhax.com nm.debian.org bzed.deeu.pool.sks-keyservers.netblog.debconf.org q-funk.blogspot.comwww.itp.tuwien.ac.atgit.kernel.org redis.io www.douglasadams.com isync.sf.net attivissimo.blogspot.comapk.li meccadumps.net www.packet.comvincent.bernat.ch#fn-extensionwww.squid-cache.org www.lupin.org.ukblog.koipond.org.ukwww.lunarbaboon.comwww.mhatta.orgwww.netfort.gr.jp fkbjngvraoici6k7.onion www.6xukrlqedfabdjrb.onion map10.freifunk-ulm.demap.freifunk-ulm.dekevinandkell.comdilbert.com ccoin.cash www.hastexo.comsam.zoy.org ean.schu.esgwolf.orgdebtags.debian.org gag.comwww.iuculano.it man7.orgnion.modprobe.dewww.internetsociety.orgblogs.igalia.comshadura.megonzo.dicp.de ilmucchio.itkeinpfusch.net warninloo4pa3lgn.onion build.opensuse.org ramblingfoo.blogspot.combisco.orgral-arturo.org blog.calhariz.comblog.shadura.me exploit.noblogs.org firenze.ninux.orgwiki.ninux.org xsblfop7lo3e3kfy.onion mones.livejournal.comwww.debianslashrules.orgsunweavers.netlocalhost:4000blog.andrew.net.auminkush.me cascadia.debian.netcobertura.github.io traf.apk.lisarahburrini.com sz2mhzudf323grkc.onion pca.st .xyzblog.pault.ag swvist.github.io theppitak.livejournal.commesutcaneng.blogspot.com www.swarmshop.ws alicegrove.com blog.cryptographyengineering.comjosephbisch.comscreenshots.debian.netsiamezzze.github.io siqueira.tech rsip22.github.io vral2uljb3ndhhxr.onion durdomawilnbtbai.onion dublinbus.ie noscamkvuy26vhn7.onion www.mailpile.is deb.freexian.com git.savannah.nongnu.orgmdzlog.alcor.netrichardhartmann.dediaspora.sceal.ie fboudra.free.frbaltazarstudios.com tpez4zz5a4civ6ew.onionwww.ilmanifesto.it GOLDENDUMPS.CC fresh 4nui7tpgyeqsdr7f.onion5fjpscvkcuohek7b.onion teejeejee.livejournal.comblog.venthur.detdi.github.io openpgp-conf.orgwww.aigarius.comschuldei.blogspot.comwww.roeckx.be buildd.debian.org uqxc5rgqum7ihsey.onion gocvv.cowww.globalist.ch ox5qegyjnakjw7qk.onionacme.com www.simplemachines.org liorkaplan.wordpress.com grml.org www.braincells.comnthykier.wordpress.com le-gall.net ynvs3km32u33agwq.onion www.linuxday.it wxvi3b47c5ir2gmh.onionovuh2lidkmfewmrn.onion4j36f3bgzweytunu.onion www.createaforum.com charles.plessy.org www.juniper.netstackoverflow.com jamessan.com techno-viking.com bcwpy5wca456u7tz.onion GOLDENDUMPS.BAZAR www.pushbullet.com ncommander.blogspot.comlenovopress.comweb.dodds.netcran.r-project.orgwww.spinics.netwww.mattb.net.nzhome-sorina.blogspot.comblog.halon.org.ukxerakko.livejournal.com vyrxto4jsgoxvilf.onion shn3x3whdm5tuut4.onionnoisey.vice.com www.frrm.de GOLDEN03.ORG opensuse.orgappaji.livejournal.comvincent.bernat.ch#tests arnaudr.ioasylum.madhouse-project.orgwww.openfoam.com blog.lordsutch.com noone.org map11.freifunk-ulm.de GOLDENSHOP.CC nora.biz 3ld7ttejt76spqxv.onion vincent.bernat.ch#fnref-nameeduardo.macan.eng.br vincent.bernat.ch#fnref-enforcemixinet.net gasuleg.github.io ubuntuhandbook.org ram.tianon.xyztiago.acaia.cablog.sergiodj.netisdebianreproducibleyet.comwww.gusnan.sejajajasalu2.github.ionp237.livejournal.com www.economist.com To authedmine.comtx5jnankdevk7a5o.onionou2ylc33khae47o7.onion ax52mmrlw2by5x6q.onion djangoproject.com www.researchut.comwww.sciencedirect.com ghostbar.cowww.bebt.de dev.mysql.com www.valigiablu.it forms.gle 3z5hecjnsec2s2e7.onionx75u3ou7uq7criva.onion vince-debian.blogspot.commeta.libera.ccwww.arthurbdiniz.com robertmh.wordpress.comblog.daniel-baumann.chsandrotosi.blogspot.comftp-master.debian.orgwww.hermann-uwe.dedocs.frrouting.org udd.debian.org 6f6ejaiiixypfqaf.onionmelamarcia.nessungrandenemico.orgwww.firenze.ninux.org www.tt-rss.orgwww.firenze.linux.it nfoe6h2jobdngfmw.onion lists.infradead.org balintreczey.hurpki-validator.ripe.netgravityboy.livejournal.com www.sommitrealweird.co.uklayer-acht.org alexandreviau.net qqvyib4j3fz66nuc.onion www.liberainformatica.it www..netkwn6i5jng6bsow5z.onion getfedora.org shieldofachilles.in sim590.github.iowww.news.software.coopcrispygoth.livejournal.comwww.cs.unb.caabhijithpa.me vincent.bernat.ch#fnref-assetmitya57.me tor.hermetix.org www.rockit.it 1DOLLARDUMPS.COM evzjqrswt66tm2yg.onion www.jpr62.comwww.smfads.com www.hopnroll.com.br dr.jones.dk shnatsel.blogspot.comblog.daionet.gr.jp foolcontrol.org www.survival.it gogs.io www.quantlib.org phls.com.brxana.scru.org www.golden-gryphon.comalerios-en.blogspot.comsandyleo26.wordpress.comdirk.eddelbuettel.compiware.de lljrzrimek6if67j.onion questionablecontent.net www.snapchat.com aef6y4766z656q6a.onionbwpufahfcgxq3abt.onion latenightlinux.com gambaru.de lobste.rswww.gag.com tests.reproducible-builds.orglog.cyconet.orgmentors.debian.netblog.azizaj.com n7jzk5wpel4tdog2.onion www.bestblog.dewww.ismalltits.commotherboard.vice.com e64qidckaxijfm6l.onionapkx44pmf7fyd63e.onion rubyeagle.com wiki.jungs.wtf rak.ac entropia.desurvex.com kyk55bof3hzdiwrm.oniongl3n4wtekbfaubye.onioncmgvqnxjoiqthvrc.onion dbei.gov.ie www.accenture.com fofzj37ck6pto3gi.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-remove-product&id=3255 tauware.blogspot.comwww.perezmeyer.blogspot.comwww.mailvelope.comtookmund.com goofying-with-debian.blogspot.comdaniel-lange.comramcq.netvincent.bernat.ch#fn-easyblog.james.rcpt.toglandium.org mrstat5e6loaqgjg.onion -team.pages.debian.netandreeleidenfrost.blogspot.com www.schmehl.info bnolet.me www.perunaltracitta.org www.ilpost.it www.femjoyhunter.comlocusmag.com tsbdyibo2dk7ahuv.onion blog.aurel32.net sjoerd.luon.net esaurito.net blog.zobel.ftbfs.de feedproxy.google.com a5jajbt66y46s7wb.onion www.alpinelinux.orgcaninosloucos.org activelow.netnotes.secretsauce.net pci-ids.ucw.cz blog.jak-linux.orgwww.jelmer.uk swvist.github.com anarc.at offlineimap.org 2dwr24vsifikiv7e.oniony3fy7vcf2yewlert.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-remove-product&id=2376 wiki.debconf.orgblog.odyx.orgblog.brlink.eumjr.towers.org.ukgrmontesino.blogspot.comcateee.blogspot.comgitlab.onelab.infowww.chiark.greenend.org.ukfreevec.org www.chg.gov.ie mq7h2mboehyekxnv.onion www.fastly.com gabriellacoleman.orgwww.die-welt.netforum.freecadweb.orgdanielstender.com blog.alteholz.eu ktqxbqrhg5ai2c7f.onion attivissimo.blogspot.it fsai.ie youngiwu62nzxna5.onion smurf-debian.livejournal.comkkremitzki.github.iowww.xkcd.com noah.meyerhans.us skitterman.wordpress.com dwgsoc09blog.blogspot.comwww.credativ.usdangel.im www.irishtimes.com international.sciencegallery.comopencall.sciencegallery.com sdcc.sourceforge.net feeding.cloud.geek.nzjeremy.bicha.net2ddjd7xsni7pefcx.onionwww.giovannimascellani.euwww.hellion.org.uk slackydeb.blogspot.com pleroma.bortzmeyer.frbcbm4y7yusdxthg3.onion www.ftvhunter.com chat.jungs.wtf frw7qhmvlthvpinz.onion thedevilspanties.comwww.miriamruiz.eswww.technovelty.orgwww.diodes.com www-public.imtbs-tsp.euwww.licquia.org ondrejcertik.blogspot.comcascardo.eti.brmatthieu.io www.openkeychain.org sgvtcaew4bxjd7ln.onion www.i3theme.com debianstuff.dittberner.infosyn.theti.ca blog.ganneff.dewww.danielstender.com roy.marples.name billblough.net aigarius.com blog.fai-project.orgmichael-prokop.atvincent.bernat.ch#fn-namegnvweaoe2xzjqldu.onionperezmeyer.blogspot.comopensource.orgzinosat.blogspot.com dublinbikes.ie parkrite.ie xdsa5xcrrrxxxolc.onion?action=yith-woocompare-remove-product&id=3269 grep.be www.meebey.net etbe.coker.com.auflosslinuxblog.blogspot.comblog.shanky.xyzmraw.org zgrimshell.github.iofoolab.org ito4xpoj3re4wctm.onion www.themarkerhoteldublin.com yeqmaf5vjpq7meyx.onionwww.russianwoman.ca hartmans.livejournal.comschnouki.net aardvarkoffnord.wordpress.comwww.corsac.net ihdhoeoovbtgutfm.onionwww.vice.com jigsaw.w3.org sexyjenysmith.com uvwovfkwqmyyrtbj.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-remove-product&id=3243 vincent.bernat.ch#short-introduction-to-the-rpkiwww.palfrader.org www.marga.com.ar blog.steve.fi twitter.bestblog.de465rf3c2oskkqc24.onionwww.alreadyhosting.comlandscape.io www.intel.ieaxhyjhpmw3dwskyi.onion udumpsx3zdy3uvdr.onion vnidbxx3zaa2ksva.onionno4oyy2c7rx3guty.onion rcppcore.github.iodavid.kalnischkies.dewww.preining.info rhonda.deb.at www..orgwww.df7cb.de morayallan.livejournal.com www.kraken.com blog.dogguy.orgwww.decadent.org.ukblog.cihar.com blog.beuc.netpstorralba.blogspot.com joinmobilizon.orgoscbw3h7wrfxqi4m.onionhd37oiauf5uoz7gg.onion iwpr.net chat.jungswtfwgjwile2.onionwww.24log.de moonkin.github.ioblog.familiekainz.atmagit.vcblog.luke.wfdput-ng.debian.netemsenn.net framapiaf.orgjackyf.livejournal.comwww.nbcphiladelphia.comblog.sesse.net blog.treyssatvincent.fr openagenda.com www.mangoorange.com6xukrlqedfabdjrb.onion lfnoajc2cqttvkgx.oniondublin.sciencegallery.com golden7djzq32zh4.onionridotnp5m5lp22gw.onion cyberchimps.com tyszecki.orgblog.bofh.it sven.stormbind.netscarlettgatelymoore.comvincentsanders.blogspot.comgenibel.org www.wgdd.deantti-juhani.kaijanaho.filoldebian.wordpress.com log.alexm.org ugw3zjsayleoamaz.onion wqlc3ny6wcbxy2r7.onionirishrail.ie bitcoinfog.site www.google.ru xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3237 dhole.github.iohashman.ca mlalic.blogspot.com ajt.iki.fi git.pleroma.social kjzhohqqslrw4bep.onionmldolaese4gj6m7p.oniongmail.com ntdik7prdzjijjdi.onion www.ionos.co.uk bonedaddy.net stratusandtheswirl.blogspot.comsfllaw.livejournal.comrperier.blogspot.com pypi.org nwvk3svshonwqfjs.onionf6syxyjdgzbeacry.onion www.24log.ruthehub7xbw4dc5r2.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2424 www.skroutz.gr fedoraproject.orgjaminyprabaharan.wordpress.comrgeissert.blogspot.comvincent.bernat.ch#using-the-rpki-in-the-datacenterwww.enricozini.org softwarelivre.org ondemand-mp3.dradio.deklub.com.pl nora.holiday www.histats.com planet.gnu.orgwww.madmode.com www.citynetwork.eublog.einval.comsatyamz.github.iokeithp.com www.wordpress.orgheavy-r.com l5oqxwdzs5m2dwro.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3259 bluemosh.comwww.codethink.co.ukwiki.gnome.org vincent.bernat.ch#fnref-extension silicone.homelinux.orgjava-team.pages.debian.net libcxx-gsoc.blogspot.com ladydu6xpzntcfzk.onion vincent.bernat.ch#documentationclearlydefined.io blogs.turmzimmer.netwww.credativ.comjohnsu01.livejournal.comleogg.wordpress.comorangesquash.org.uk books.openedition.org satforumnoo6sxgk.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3294xdsa5xcrrrxxxolc.onion?action=yith-woocompare-remove-product&id=2358 planetwatson.co.uk peter.eisentraut.org www.lucas-nussbaum.netblog.wooyd.org webchat.oftc.net xkcd.com NA xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2370 losca.blogspot.comqendresahoti.wordpress.com www.churchofgit.com utkarsh2102.tk 6nvqpgx7bih375fx.oniongit.openwrt.org www.database-search.com kbepzad33bwjfi3mqzwu6sefv3zeanwsgdqnotius6gemsjlyckq.b32. www.privateinternetaccess.com www.carbon-project.orgwww.bioconductor.orgmichael.stapelberg.chpythonclock.org blog.tincho.org www.elpauer.orgkeys.gnupg.net j73wbfpplklpixbh.onionmastodon.gougere.fr hotkinkyjo.xxx chrome.google.comcreepymhpgibsewr.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3245 www.dreamwidth.orgblog.olasd.eu blog.manty.netwww.davidpashley.comwww.dragonsreach.it www.cyrius.com zdfsyv3rubuhpql3.onion www.nongnu.org codecov.io yohoho7do5u6d35g.onion ja-jp.facebook.comw2wqyssyue7l63q2.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2418xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2442 askubuntu.com rossgammon68.wordpress.comsophiejjj.wordpress.com www.freecadweb.orgoutflux.net iain.learmonth.me algebraicthunk.netdebconf.org 6nhxqcogfcwqzgnm.onioncarml.readthedocs.orgwiki.fd.io coveralls.io en.savefrom.netmecca2tlb6dac76g.onion viagr4rub7dne4xk.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3288 www.hitachi.com seamlik.github.io www.intertwingly.netsecurity-tracker.debian.org pythonhosted.org www.ultimate-erotic.comwww.voyeurweb.comnagios.debian.orgimcs6asryqp66eiz.onion halvener5r6kdic5.onion imh3odalu2eanx5v.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3249 docs.pytest.orginfo.comodo.priv.atwww.linux-dev.orgwww.djangoproject.combootdebian.blogspot.comathoscr.me www.lenovo.com ythg247lqkx2gpgx.onion validator.w3.orgenf-cmnf.com wc2eyfmw7wrwomf4.onion rpa57xh2wfmh4y5u.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3595xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3251 vincent.bernat.ch#command--argumentsnullprogram.commuammar.me acaia.ca kaeso.wordpress.comjodal.no www.conserver.comgit.dev.opencascade.org ieeexplore.ieee.orgwww.chedong.com www.nic.fr .debian.org www.metarthunter.como7h3nitega2z43ir.onion hi-in.facebook.com torchic64idgja4l.onion www.cip-project.org blog.spang.ccnibbles.halon.org.ukwp.colliertech.orgveronneau.orgbalasankarc.inarthurmde.github.io people.debian.org fjblvrw2jrxnhtg67qpbzi45r7ofojaoo3orzykesly2j3c2m3htapid.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3286xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2374 tech.just-imho.neturvikagola.wordpress.comnotes.pault.ag blog.digital-scurf.org vecam.org www.frogans.org www.forumophilia.com lacos.hu goldenshop.cc www.wirex.com xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3239 www.savoirfairelinux.com securitytrails.com blog.sirena.org.uk chris-lamb.co.ukwww.vitavonni.de vincent.bernat.ch#fn-asnoverbenny.wordpress.comru.iiec.unam.mxwww.githubstatus.com tcpcrypt.org 5nca3wxl33tzlzj5.onionlord.re www.activism.net www.travis-ci.org blaze.blackened.czflnbsyyqh3vqet5p.onionevilgitooxspzlnc.onion5dgg7y5viysvvrxf.onion gcc..org julien.danjou.info2019.guadec.orgblogs.gnome.org apebox.orgwww.perrier.eu.orgthomas.goirand.fr carlchenet.com irtf.org www.haz.de www.cilip.de safedice2ge73n2g.onionchemradvzlfaqeqc.onion7hst7dcpypl5tjcp.onion goatsehvcopyc2ex.onionescortsgraymsjp3.onionbitcoinfog.info www.mastercard.co.uk xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2429xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3296xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2364xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2395xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3227uqc5fjmchjjtx6zi.onion www.mojatatu.info apparmor.451f.orgblog.windfluechter.neten.alessiotreglia.com pleroma.lord.re txtorcon.readthedocs.iodevel.ringlet.net 6hgchounjuuwxewa.onionar-ar.facebook.com www.americanexpress.com xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2380 mdsgirls4pwlaiql.onion www.hudson-trading.com blog.gopheracademy.com sergioalberti.gitlab.iowww.ti.com www.linux.it diffoscope.org sl4.org rubygems.orgelixir-lang.org support.kraken.comblog.soykaf.com shop.designist.ie vq664mp4rpdbvxzc.onion sbh3znmgscj3yzgm.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3265 www.ovh.comwww.fastmail.com www.thoughtcrime.org web.itu.edu.trgcolpart.evolix.netbgoglin.livejournal.comblog.alphascorpii.netmeetings-archive.debian.netze-dinosaur.livejournal.com status.framasoft.org nbybwh4atabu6xq3.onion eur-lex.europa.eu www.schoolsplay.org es-la.facebook.com xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3235xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3241xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3267xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3221 software.calhariz.com www.jwiltshire.org.ukupsilon.ccmako.cc micronews.debian.orgdebconf19.debconf.org www.zdnet.frwww.ferracci.org fcr.frogansreports.exodus-privacy.eu.org inthecrack.in pchcardahvctcgnn.onionudnkwobywxmdv27n.onionwww.weusecoins.comusa.visa.com xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3599 hdfcrogj3fayr7wl.onion debian.org adam.rosi-kessel.org www.demaziere.fr getbetpvo73zfnu5.oniontravis-ci.orgfiles.bestblog.de 7w65g63fgumvpuvd.onion www.xapo.com www.valvesoftware.com mvogt.wordpress.comwww.hezmatt.orgsourceware.org www.infomaniak.com www.iana.orgwww.ampr.org www.vimeo.comfiles.netzguerilla.net de-de.facebook.com member.winnersgoldcasino.comxdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2376xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3271 .net.nz bblank.thinkmo.dedeblanc.net weblog.christoph-egger.orgblog.josefsson.org hermann-uwe.de web2unu.ro .orgwww.opendkim.org ovdinfo.org jgzvkisiov642jlc.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-remove-product&id=allxdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3269xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3263xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2438 wallst2qs75qkzzn.onion linux.codehelp.co.uksylvain.le-gall.net pt-br.facebook.combuybestbiz.netwww.nyaa.se xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3229xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2446 www.collabora.com blog.stone-head.orgwww.8bitforce.com reproducible-builds.orgblog.lot-of-stuff.infokernel-handbook.debian.net framagit.org www.ccn-lite.net tpq5sxk5cgdf35uq.onionde.wordpress.org indigothemes.com www.hpe.com www.sipgate.de smcv.pseudorandom.co.uk wiki.softwareheritage.org1.bp.blogspot.com latacora.micro.blogwww.olivierberger.com www.charliehebdo.frwww.knot-resolver.czdl.free.fr tmt24org5aswzknt.onion l.facebook.com xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2384 cumulusnetworks.com www.eyrie.org eriberto.pro.brsonnenburgs.de vincent.bernat.ch#fnref-end lists.debian.org wiki.vorratsdatenspeicherung.de brocardy4tvfelfo.onion f6tch6hxjpazaowz.onion5b5yrc7j27i3jc3k.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3290xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3601xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2382 emilio.pozuelo.org vishalgupta.me pgp.cs.uu.nl lists.debconf.orgwww.bnf.fr labs.riseup.netmeta.wikimedia.orgwww.pornhub.com freshmeat.net irc.jungswtfwgjwile2.onion ijr246luczc74cgm.onion code4life.roche.comwww.nomadproject.io arianit2.wordpress.comblog.kanashiro.xyzfottsia.wordpress.com www.ctrlc.hu www.paymium.com www.foodborne-net.dehabaivdfcyamjhkk.onion de.creativecommons.orglsm2000.abul.org honeym4ms4nq7fdl.onionsamuelthomas.xyz .org twfhclvq2u4g7wmd.onion44con.comxdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3277xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3255 oniongirlqkjjfc6p.onion www.bfh.ch www.winbond.com r-forge.r-project.org photos.google.comstandblog.org stat.ripe.nettxtorcon.readthedocs.org eelliottfineart.co.uk galaxyaonv32reim.onionko-kr.facebook.com xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2440 jbailey.livejournal.comcs140e.sergio.bzmaintenance.livejournal.com backports.debian.orgcontributors.debian.org vwakviie2ienjx6t.onion wpfr.net xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3282xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3225xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3257 suihkulokki.blogspot.com www.campusfonderiedelimage.orgmkhppa1.esiee.fr www.opencontent.org youvjbribqk2q4dg.onionwww.mastercard.us xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3284xdsa5xcrrrxxxolc.onion wallst4qihu6lvsa.onion vendorrkw6jben43.onion www.zevenet.comwww.ffis.de www.r-project.org elchipote.wordpress.comgoogle.com neuro.debian.net archive.debian.org deb.li git.debian.org u5ydf2m3tlzznifk.onion xhfheq5i37waj6qb.oniondl.dropboxusercontent.com utvjqkyc4ejhzkwu.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2362themes4wp.com jawnsy.wordpress.comwww.vcheng.org dsa.debian.orgwww.blogger.com zope.limehouse.org matrix.heldscal.laviennaexhib.commwp14.ls.apple.com .chat fr-fr.facebook.com xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3273 www.univention.com photos.app.goo.glvincent.bernat.ch#configuring-birdgnucrash.wordpress.com 4ypuji3wwrg5zoxm.onion free-it-foundation.orgpleroma.social hemestore.spreadshirt.fi jehy.ru halimdener.blogsport.eutarot.freeshell.orgbestdgp46k5ehen3.onionxgibbpo4tpg4j7mj.onion samuelelliott.ml gc4youuhrzbp5rlm.onion prduct52yhuu6c3f.onionnjs4tmqjy64rpyji.onion isg.ee.ethz.ch datatracker.ietf.orgwww.james.rcpt.to www.freexcafe.com www.schneier.com 53nr2wn3ig7fr5ij.onion4php6mnkteaouewp.onion c3w.at www..org get.frogans www.tagesschau.de soerenkohlhuber.wordpress.com www.styleshout.com status.coinb.in merlin4nlmrwimq5.onion n4k727nqnwkvb4g6.onionxdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2358www.winnersgoldcasino.comxdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3233xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3261unteh4oc2fpl57fy.onionupv3wvf6sikfiluy.onion circle.com 3djgibyu5osi4na5.onion www.ripe.netwiki.debian.orgqa.pages.debian.net www.sexyandfunny.com fridumprbu2u4iys.onionyzi57csfqno6xgwb.onionmicrosoft.com notndu3rgltj5vbk.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3231 wallst52pxrtzwch.onionwallst6gyljfu4rk.onion www.microsoft.com bloc.eurion.net changelog.complete.org hurd.gnu.org 4nemfjztqypcyhb5.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2452www.thc.org evolix.cawww.canonical.com prefetch.validatorsearch.verisignlabs.com xmrto-api.readthedocs.orgsvn.debian.org www.kaushalsheth.infowww.ubuntu.com5qahzzgawtqnrhux.onion.cab95.213.255.106 tw.wordpress.org dc5gee72qyaayr4d.onionfmivsuu2vmubsdhx.onionndvj2ol2viuadm6l.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3253 nageru.sesse.net ai.facebook.com drive.google.com timaq4ygg2iegci7.onion www.projecthoneypot.org?rf=105637packagist.org foggedddxlunnaaa.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2393wedopornbqnifksn.onion mjg59.dreamwidth.org www.ietf.org pleroma.frwww.parisc-linux.org portal.ampr.orgbugs.debian.org www.massnudity.comwww.alshunter.combeshenov.ru pbbnzshcgemf3d5y.onion kbxv2hlsy6phxalo.onion grizzlykijswtj2x.onionparazite.net xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3243 dev.gnupg.org feeds.feedburner.com www.dashpay.io xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2372xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3275uqtinqynmibpoa2s.onion fm4.orf.at www.dg-i.net snar.spb.ru lists.gnupg.org .net planet.debian.org heme.partio.net news.debian.netdebian-party-line.branchable.comfinedumps3ml4k3u.onion foggedd3mc4dr2o2.onionforums.gentoo.org www.konkret-magazin.de unlockdehrka3cbn.onion cex.io alephobjects.com docs-develop.pleroma.social u5uewave7nxbwxob.onion.to norabizt5qqxefxy.onioneventbrite.com tfwh3y7tdfzljmat.onioncarson27rcopqmms.onionkorovka.cc wallst7xs4tepmvb.onion jmtd.net patch-tracker.debian.org thewalnutspi.ml khxmuxltrlsfodxx.onionwiki.gentoo.org shxdhomhggy3bjrn.onionfbyr455vwvkpzp5k.onionwe6p3rs2kqp3wsyr.onion raratheme.com www.digitalguardian.com wallst3gi4a5wtn4.onion feedly.com 7j3ncmar4jm2r3e7.onion4do6yq4iwstidagh.onionwww.debian.orggoo.gl docs.google.com protec-service.de u5uewave7nxbwxob.tor2web.org quematumovil.pimienta.orgproxy-https.ckkjdktn2elda5f2.onion gitlab.labs.nic.cz www.op3ft.org www.paypal.com samuelthomas2774.github.ioethereumclassic.github.io jpmgvki37zcy7o35.onion xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=2360 spi-inc.org www.debian.orghttps: www.polynum.org lsm.abul.org gmpg.org www.nsf.govu5uewave7nxbwxob.onion.cab discordapp.com mppegdk6kmrr53p7.onionbulbzddh75io4s32.onionyec6ciqir6yukwmv.onion www.sicherheitsforschung-magdeburg.dexdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3217xdsa5xcrrrxxxolc.onion?action=yith-woocompare-add-product&id=3219 n7cad27hyjaqq2hu.onion hexdocs.pm planet..comcydia.grimore.orgajsbhjxstklkq3iq.onion mastodon.fancy.org.uk www.nyaa.euc6wtpvznm4pk6q5u.onion packages.ubuntu.com ozd72l7kltcrq34m.onionxsin4xbme24aatvk.onion www.roots-conference.org nbviewer.jupyter.org www.datafilehost.comsalsa.debian.org sip5060.net tz4732fxpkehod36.onionwww.abul.org www.dokuwiki.org instagram.com oivabkctz4ajdnwa.onionblog.coinb.inuhiwoomhaddtjnse.onioncountfe766hqe4qd.onionsatoshibox.com p3lr4cdm3pv4plyj.onion golang.org opensource.facebook.com www.ndr.de onionmail.info www.bka.de gist.github.com medium.com www.isc.org freeotp.github.io jssip.netwww.freedesktop.org zh-cn.facebook.comammd7ytxcpeavif2.onionmeetbot.debian.net tghtnwsywvvhromy.onion rxyt6gfigfoberml.onion new.blog.cloudflare.com git.einval.com hangouts.google.com ramsay.i2p disqus.comyahoo.co.uk 185.174.173.92monero.org totse2.com www.infosecnews.orgwww.securitybsides.org.uk vincent.bernat.ch#fn-enforce retout.co.uksupport.google.com www.geforce.comwww.amazon.com iamevilxgzo2y5xr.onion speechmore.ml gqc3mjjp5tdbbxui.onioncrypto.catjm6miyk4tog63kqs.onion hiddentkbdm2adnz.onion2ttafocrkv7gx3op.onion msmugacbj7qycqd7.onion dhcpy6d.ifw-dresden.de oestla3j22reypzj.onion zrwxcayqc4jgggnm.onion startcoin.org forum.bytesforall.com mtn2fcv7yerki2op.onion 6onu2qrrdqo4cubp.onion www.catb.org swisslux25w4gwll.onioncode.facebook.com asteroid.ml amazon.co.uk fwb2cosocslxnvtg.onion qb6si4svhnhlw4hv.onionygumyapuudqjnbbm.onionyp1.pony.pp.ua theanarchistlibrary.org4344457357774542.onion43dckqf6x7gyuirq.onionnb5df7xeas3zl3sf.onion oldmagz3qkeqh2jb.oniondeepintel.net obrrsrw6b3rjuibx.onion bitbucket.org anonscm.debian.org myaccount.google.comblog.torservers.net i2p.rocks sidripalliance.comdebian.grimore.org tinlansblog.disqus.com k54ids7luh523dbi.onion bits.debian.org cyberstructure.fr launchpad.net2qlvvvnhqyda2ahd.onionf7bphdxlqca3sevt.onionwww.wauland.de nudes2fdd6b775zr.onion x2opbmptq7gnjsk3.onioniplists3hhmtmsgm.onion4eiruntyxxbgfv7o.onionwf4df37hrebhwzts.onion blog.deepsec.net 7efcfqiivl7fbfwm.oniondavxp63bfgazfkv7.onion cfeditions.com research.fb.comcarmlion6vt4az2q.onion bitcloak43blmhmn.combrowsehappy.com r-36.net 5a7ryk7pdjflogpx.onion gante6n6fjopy6sf.onion www.issa.org xogxzfyhwmgfvmlr.onion .com 4zhlmuhqvjkvspwb.onionpackages.debian.org readthedocs.org u5uewave7nxbwxob.onion.link bugs.gentoo.orgolfr5bg4qeliapk4.onioncyruserv5hlagzhg.onionah5dm66duazqkz6h.onion burninetliliito5.onion www.hackinthebox.org imgur.com www.rfc-editor.orgwww.marcus-brinkmann.dewww.devianzen.de swisslinux.orgweb.getmonero.org w4lky5eliueo75l5.onioncryptonote.org n3z4gobkreie6whu.onion zqhu3ynqqbqzsq2c.onionx2upvj5wcylu2kcq.onionhoneynetvg7i4lc6.onionx4tmhtkin4kumdvl.onion kcik3srgrfwbwxi2.onion keyserver.c3l.lu:11371 www.nctu.edu.tw unlicense.org monerujo.io accounts.google.com 5qahzzgawtqnrhux.onion.toratesviewer.comwww.taser.com teamviewer.com 6g2osf4l534bozmu.onionntoibame4iky6xhv.onion54flq67kqr5wvjqf.onion mqv7qz5rn3sf5dcx.onionanonix.org sb77t2k7dqe66npe.onionirvuh45m6qnkpp7o.onion carml.readthedocs.io code.fb.com digitaldefenders.orgdevelopers.facebook.com xrwveit2nw6etj4b.onion#howitworks miqzasssqdtagqdi.onionwkwjr7pn7xubtpx5.onionxhzm2tpsyh4tn37u.onionarticleak.allalla.com 3m2myjbdihroaven.onion4hk4hz35gmpa6fih.onion paypal.me 4hltmu5ywvjivcfe.onion fancy.org.uk jdcbespbl5j7v44x.onionrqc3gg6xji6jpovo.onion5xrder5zmkqkdary.onion x7yxqg5v4j6yzhti.onionwevuysiyescilvc7.onion preev.com www.openpgp.org uniccxide6hker6y.onion dcm6xhlrfyaek4si.onionnewptqvrn4qdjf4d.onion www.hegrehunter.comwww.cairographics.org dmania2naw2cprdm.onion iamevilxxoolf3ma.onion rusinfo.cc eqzxv6schfhf44xw.onionynkz7ebfkllljitiodcq52pa7fgqziomz4wa7tv4qiqldghpx4uq.b32.i2p www.cert.at anonym.to youtu.be jscommunicator.orgwww.lameter.com5j7saze5byfqccf3.onion2q4rfdec3onoepeb.onion gmi5gld3uk5ozvrv.onionbingodumps.com dokuwiki.org xrwveit2nw6etj4b.onion#keyfeaturescp2qnzn7r3iyvgj3.onion552egj2iappsjjdu.onion jbsex4wngjpo5i27.onion4v6veu7nsxklglnu.onion xpc7hl3vpc625kau.onionjtdzkgzfpvhryjv6.onionvtle6jettgqyp7o3.onionhardcore2cfthaqa.onionidcrldxrzjpljw5w.onionidcrld3uq3vedplg.oniondream6udx7w66o23.onion www.cinema5d.com people.kernel.org pimodules.com keep.google.com docs.python-guide.orgf6azlrk7pehv7zdu.onion accessnow.org vulkanh2tjj4ls4c.onion ixdgswb7ehnbqsfo.onionhot-things.net vc24blsbg5ow5slk.onion ms3pbazxs7qwb422.onionjcx3r2t55jc2ge5a.onionhffi5yzh57xceq44.onion docs.python.org jamboard.google.com news.onionsearchengine.com beam.to samuel.repo.mlgitlab.fancy.org.ukeasyppslbft37xq7.onionts4cwattzgsiitv7.onionz2gu35md7bi3ceew.onionibjfbrjwhfvxict3.onionyeeshafbtyf7aipe.onioncaltha.pllotjbov3gzzf23hc.onion62lpxb2lt3yt6vgr.onionwww.tutankemule.nety47ylcppnh3afqk4.onion vzugfdoygasghjsf.onion6bpruxeuncgwp4xv.onionga52ionjmqw3bxth.onionidcrldiqkb55tjo4.onion git.gnupg.org bltoss.ninja ftp.hk.debian.org www.accessnow.org rsf.org Sexdumps.com#content5qahzzgawtqnrhux.tor2web.orgu5uewave7nxbwxob.onion.nu shouldhaveusedmonero.xyzremailer.frell.eu.orgtalk.masked.namebj6sy3n7tbt3ot2f.onion pwjxmvlir72hep5u.onion sks-keyservers.netwww.gesetze-im-internet.deocf.tw www.gnome.org sphinx-doc.org jchlju4s5zi5i425.onion tlz3gig7k46s4r66.onionhvieybi6rb45wfpg.onion gunfire.becquerel.org mailarchive.ietf.org duo.google.com s5b7l3hzs3ea535vqc5qe2ufnutyxzd63ke5hdvnhz24ltp3pjla.b32.i2p ffi5v46ttwgx3fby.onionr2tjckbrme3yeenx.onion coinbase.com emailselfdefense.fsf.org www.archlinux.org www.pimodules.com ynr7muu3263jikep.onion5qahzzgawtqnrhux.onion.linkgabucino.huevilchat.i2p www.feathercoin.com privacybox.de www.mein-parteibuch.orgsc3njt2i2j4fvqa3.onionc2hluuzwi7tuceu6.onion d2wssrzhsfdj7x3p.onion gibberfish.org code.facebookcorewwwi.onionwww.cakewallet.io www.npmjs.com .comxrwveit2nw6etj4b.onion#subscribeoddities7n5ei4mz.oniontorbibj2v77cbt7w.oniont7xcpwokiagivyzq.onion pibn3ueheubjxv2z.onionutup22qsb6ebeejs.onions7pvraehwqmazmcy.onion7w2rtz7rgfwj5zuv.onionvg7ik2tbrkjr5ooq.onion4aftzxjgrdl45i6u.onion uoaz2bavpyplrswx.onion ij4lpzuyyng6cc4jw5mxibcyjv4rx4uk6x5jijoduglkgjh7mmya.b32.i2p 65bgvta7yos3sce5.onionxqz3u5drneuzhaeo.onionjhiwjjlqpyawmpjx.onion btccontwl5ie4yza.onionbitcoisblqdnzvqo.onion www..orgcomicbookplus.com debconf18.debconf.orgdebian-handbook.info march12.rsf.orgdb.debian.org5qahzzgawtqnrhux.onion.nu 3suaolltfj2xjksb.onionl2zukdb5b2favsfc.onionuaga3aoawaj6hohg.onionhtm3iyhkfq5pwisy.onionstlw74hqbtzoshyg.oniontorgame.crabdance.com bitcoiuyen6g3fcw.onion mashable.com smspriv6fynj23u6.onion en.necessaryandproportionate.orgxmrto2bturnore26.onion oafadq2h6kxeaahu.onion 35flmpspwpnarbos.onion bgyar6b644c33joc.onion jr4jzn5zte7nkfcw.onion mul.tiver.se pdjfyv7v3pn34w4f.onionhv2ow7li345lki5w.onionecholot.anon-proxy.devescudero.netrvomgbplxtz4e7jv.onionheidenwut.co.cchuph4yrbv4iqjevr.onionxdtfje3c46d2dnjd.onion support.lenovo.comwww.openbsd.orgwww.webrtc.org tcblogw5rgknbggf.onionselliottuzpeu4ry.onionmscharrer.net x7giprgefwfvkeep.onion js6ogt27wjnbsdux.onionwww.bl-lit1.info anessadu.6x.tol4tay4mx3vyjdn4i.onion 222222222rrm7tey.onion dwkfszqrr6ugdo2t.onion cve.mitre.org groups.google.com f-droid.org plnemlsyla6h5t3nuoz2algzmy635ceuendnjwsmhwn2os5fxahshiad.oniongit.qnetp.net u3scnj4uxdmbsbri.onion pugljpwjhbiagkrn.onion penisycpu3fixdcr.onionsbforumaz7v3v6my.onion flnxicrjaorxhthe.onionqdsuildbdofkrhe3.onion bitcoirszago3q7l.onion ic6au7wa3f6naxjq.onionwww.indiehackers.com bitpay.com psl1ght.compiemuntxxvlk6hpk.oniondrupal.org qyy2n2lqpc5l524q.onioneucokelctnifqjrt.onioncwesjxczvcvwvapz.onionw2y5hx7ffqawun2n.onion bitcoifbhdmd3fxa.onionbitcoi2t6urbe2de.onionbitcoiq23uoml6qs.onion www.linuxjournal.comwww.whencanireusethiscalendar.com flattr.comwww.kaleme.comwww.mono-project.orgex4gh7cig5ssn2xm.onioncdimage.debian.orgsearch.debian.orgcontacts.google.com onionsearchengine.com tmskhzafkndqaqyx.onioneidilcw4xc5ny73k.onion ar3ubs6cg6an4ylt.onionsquareh565qgkioq.onionont6bv4bg7rtgaos.onionldfyvw6a75rjnalp.oniontjbxptkkgx2qmeqz.onionzitanihpqsvi2lav.onionwcgk6z6zgem7gq2w.onion4kxyfardazjucssf.onion hdwikicorldcisiy.onion bitcoi2lgwbrvsuo.onionbitcoinbgpkm2s63.onion sfw.oniichanylo2tsi4.onion work.scalawilliam.com www.spi-inc.org linkedin.com drugsqfazpkaitwq.oniontivge4kp6ovi55my.onionyt6zylmoblq5pwiv.onion jv7aqstbyhd5hqki.onionn5kifwdiy5au5fgh.onionocrlwkklxt3ud64u.onionprofiles.google.comc4wcxidkfhvmzhw6.onion 2222222denogzjcg.onionbitcoimpqhbyqdwj.onion222222242zkgyc5n.onion agb3m4zrwtzi3zr6u4yj3lapddnekdvvm6p6drpoga4kqzp3ozoqlcqd.onionwww.pro-linux.de www.linux-magazin.de incoherency.co.uk store.blockstream.com www.google.md alexanderlehmann.net Sexdumps.com turkiyex6fkt46ra.oniontinyurl.com kvbu63gupbad5lyw.onionaoms2d5iejlju74i.onionv7ovl2hciwt72lqi.onionnel2xugswcy7qv7r.onion bitcoihqxtj66xvf.onion22222227qp2e2l7j.onion hub.docker.comliberapay.com kgqlxnnlqdpttel3.onion picol.org earth.google.com yayponies.eu z373bxyt6zhmxepx.onionmybb.com.tr 53otrkyvae462lhb.onionf3ew3p7s6lbftqm5.onionfilmy.panoptykon.org tag3ulp55xczs3pn.onionrusinfoik4z4rgi3.onionizriczjer42tjfup.onion7ymfzygewl4n6usp.onion idcrldul6umarqwi.onion bitcoirtzaddehn4.onion blog.backbox.orgwww.tuxedocomputers.com vturtipc7vmz6xjy.onion neusprech.org grannytnglrvaaf7.onionblog.mukispace.com razhy6sxzjacjmk7.onionljqdb5e5mssydnlc.onionutovvyhaflle76gh.onioncx4vwijytopjvedi.onion562tqunvqdece76h.oniond6mbioyge4posl7r.onionod6j46sy5zg7aqze.onion22gdwwknxr2lfyzx.onionofrmtr2fphxkqgz3.onionwf74ekmmmgg2pe3v.oniondzfbkh4w3t6uplkq.onionmetropolis.fr.crfkqt2iaclbsvn2tt.onion 7ulefmuz3jowwjb4.onioninfotombjhy7tcrg.onion bitcoiwgg4jizo6n.onion bitcoixycocg5kex.onion isc.sans.edu zyclonite.spreadshirt.net dcounter3sjplzorng2oekjmt6xdaa5qkdc3guypuqranjjeoxlgc4id.oniononionmaps.com 2f3oy4vebxqkqu52.onion noscammbh2nykt4r.onionpms5n4czsmblkcjl.onion kv77v7n5kblz5tpw.onionr33rs4kqbjvdxuk2.onionj4ddjgxetfx2ybcx.onion kwv7z64xyiva22fw.onionblossomthemes.comwww.whonix.org w6sniftabp7jl2fn.onion rbh3gpzgr4chprsd.onion forum.ethereum.orgstatus.jamieweb.net edri.org tools.ietf.org 6jzwxsoxmlefkkkl.onioneqt5g4fuenphqinx.onionsb14.orgci3hn2uzjw2wby3z.onionwww.pirateleaks.czxfq5l5p4g3eyrct7.onionahmia.fi idcrld4sqweoztcg.onion idcrldbfnsdy4je3.onion webmpwnf4p2cssrw.onion minfil.com machineperson.github.io lnm.jes.xxxwww.w3.org gooo6hmmszkqskpy.onion gabufscyjyqr5kj3.onion 73lgals6htl7akfm.onionlibrusec.ucoz.deftyffwtact6nguwi.onioncxoz72fgevhfgitm.onion www..comximqy45aat273ha5.oniontghtnwsywvvhromy.onion:2000p7d2k2xiioailnuu.onionrvomgbplxtz4e7jv.onion:8080bwdydphqzohdnmqw.onion bitcoiz7u5g35pnl.onionbitcois3q5xu72ro.onionbitcoi7ns42x5ln5.onionbitcoi2k7b3jhbfa.onion gitorious.org stormnz2z7pcwdp3.onioncd3yg6e46dcjfyxmfg5gmpa5qlhlrhkghdsecfxfgqf2vl57ek6yiqqd.onion od.lk suw74isz7qqzpmgu.onionb2psupe2rienya5n.onion 2zyakjq2hvtbg6qd.onion7o6dcmajcps4tbjb.onionuzz3h4ruguwza4fr.onion 2222222zvh2cpisk.onionbitcoid4csxoinrt.onionbitcoigmxdqjaxdv.onion www.7-zip.orgpuri.sm www.tomshardware.com renewablefreedom.org bingodon6ngajrqk.oniongoogle.co.uk .panoptykon.org tytbeta57rw2onit.onion b6kpigzhrdhibmos.oniontovfhccd4sv3kez4.onionvjelr2xdaqsgslzr.oniondppmfxaacucguzpc.onionfk5vyle5natbsy23.onion factoryhnmyvn3eg.onioncccentersemzrqne.onion signup.steemit.compaypalacfi5pv4t2.onion www.watson.chnews.slashdot.org markforged.com itunes.apple.com6zwq6bghdyviqf7r.onion ur21.at ohusanrieoxsxlmh.onion 2t4a3yeutq6ohbvs.onion v7opa5w6rlctoec7.onionk4axagym4osns25e.onion35veujgfmflg7bvf.onionen.panoptykon.orgoj3nqbmyudyl4mgn.onionnemlq3kd36frgvzp.onionkd6qr7xh42coxooq.onionie4hf3qxzoazywoi.onionfir6ddk2vo2cx54h.onion laundrymy244rcwn.onion tronic.puheenvuoro.uusisuomi.fi bitcoixzxtwqmyjf.oniont3ykqzimcziol5kj.onion www.kickstarter.com tef2eqrvzibdywyc.onion epicenter.workseqac56hh4ppxzy27.onionnetzpolitischerabend.wordpress.com xlq55tangugwaj4u.onion 23sqcujcaqomlu7d.onionbz2ybkf4srabpwbl.onionmovie2kvvihyeowv.onionay5kwknh6znfmcbb.oniontdgknw25wqm5sbhg.onion timehugxxlomlnxn.onionsilkroadvb5piz3r.onion unoppqar7cy3zvux.onion bitcoinus4vm2hnp.onion2222222bueof3k2e.onionbitcoidyvgrhvdnv.onion 22222222oss4d6al.onion web.br.deblog.rust-lang.org unenc.com openscience.alpine-geckos.at sageranjccfovtn3.onionsci-hub.cc jratiejtelswmbov.oniontuu66yxvrnn3of7l.onionviewpvsvcf5zyhcz.onion leaks.taz.dehpuuigeld2cz2fd3.onion 66m4z7ygkqghb4tc.onionu4uoz3aphqbdc754.oniondoxbinphonls5hsk.onion2qrdpvonwwqnic7j.onion bitcoij6mh46vd6d.onion 222222265oewkjsa.onionbitcoikrrorilqw6.onion hackergarten.net www.phishlabs.com www.ohanda.org alternativlos.org ia601904.us.archive.orgw2h5cvocmx3qfo53.onionb-ok.org4ecwfvbvxojjequ4.oniongexauw6b2azvohdm.onion wp5vxuulb7unmv2o.onionckkjdktn2elda5f2.onionanarchistnews.orgwjngphmzk6mr2pt5.onionnewsiiwanaduqpre.onionkenny7svk4sg2mcj.onion2dn2dmxt5uwnxz3j.onionitapxk4hwi3k5ktj.onion dumpsmayvypalee7.onionaccountlwghunkeg.onionmoneyplheq37vfyk.onion p7zip.sourceforge.net daniel.haxx.se www.opensourceecology.org www.smuxi.orgwww.libjpeg-turbo.org u5uewave7nxbwxob.onionwww.gutenberg.orgkaarvixjxfdy2wv2.onionnoscamkyvvxd7dk5.onioniidxap2xwq6arwbr.oniontradeforumzkw4bk.onionexe2gut5zya5cfqh.onion4zpinp6gdkjfplhk.onionhb4pm4eznzhd6mts.onionfreesidehsb4g5vg.onionneutering.org zgrl6sghf5jh37zz.onionjh32yv5zgayyyts3.onion7ep7acrkunzdcw3l.onion7t4oyxikntymzevy.onionnpieqpvpjhrmdchg.onions7nbvdbky4xqim7h.onioncannazondp5fciis.onion counterfxhjvtrlw.onion 3kkapqsmk3eyc6k5.onionbitcoirzgic4cqv6.onionbitcoiyxximb3wz4.onion meetup.com www.etcminer.com www.enable-javascript.com mobile.flibusta.isbitblndrmoom55lc.onion lightqcszalqpquo.onion3fyb44wdhnd2ghhl.oniontnysbtbxsf356hiy.onion2wjsnwzoeiae4iyf.onionp2uekn2yfvlvpzbu.oniondg6exbqq42btatnw.onion5xki35vc4g5ts6gc.onion justpx.com bitcoi23mhlxb3tl.onionbitcoijllnuf4ard.onionbitcoiyadnz6cgwn.onion22222223zmnmw45c.onion gravatar.com www.phoronix.com pgp.key-server.iowww.bristolcongress.co.ukjenkins.io anchorcms.com kzaeunogz6s75ptgy6ifjzwwy75xdfenenswvrczd7mewxgrad5a.b32.i2p magzdb.orgluiwr236w73lfj6z.onion exwljei3bfvchv6p.onionwirtin67ywc72pjq.onioncode.google.com252r6fywoeoq4fjx.onionzzjqdsoq7edvkwiv.onion n2qxamb4ujm53cas.onionajqaivfxtqy3fdlr.onionp43g3uyr4dhneura.onionuybu3melulmoljnd.onion platypusxchhwv6z.onion ccpalym5nu3elh5y.onion bitcoijnadw7tzd4.onion dev.to blog.greenaddress.it raw.githubusercontent.comwww.ssllabs.comwww.ethereum.org kp6yw42wb5wpsd6n.onion egxwaxpblag22ejo.onioncsxtih62vmohxptm.oniongo7obv2tf2pm2y2i.onion srf2tcjadsfbat7m.onionwi7o5wxt4ked7soq.onionpw5odgnkkhsuslol.onionclsvtzwzdgzkjda7.onion kpmp444tubeirwan.onion63gtqvgqw2lmb2j2.onion drugss5mif4vrbws.onion plasticuou2uakdu.onion bitcoiecvbz3skap.onion2222222mbobnfb3a.onionbitcoij4hzjl35cy.onionbitcoitcityqqh3w.onion amzn.to gatecoin.com www.netzkinder.at qxmwmle5fvjfippl.onion mrreph6wof6xgt43.onionlib.rus.ec nr6juudpp4as4gjg.onionybp4oezfhk24hxmb.onion ccvendorwepczh7c.onion gunsganjkiexjkew.onion bitcoigiu4y2wggl.onion 22222222b5jjiakx.onionbitcoig2zq3pgc5h.onionbtccoy3aux77icda.onion siahub.info home.cern unsernetz.at uptime.statuscake.com frankqmwuguekrbd.onion 5qahzzgawtqnrhux.onionx3v3lxoxpxu3hitk.onion l6quosmt2ffwphvf.onionprzewodniki.panoptykon.orgexmq44j5izvv4bub.onionwww.blender.orgudsmewv45lunzoo4.onionramp2bombkadwvgz.onion2vpa5gxyvswz5nka.onion k7aiztzaa35vdjwr.onion bitcoizvgd3yu5s2.onionbitcoijuzbwvj3fa.onionbitcoiz6byyajq4j.onion gu5ke7a2aguwfqhz.onionvb75uj2ap3hyyava.oniongitlab.comwww.graphene-theme.com secretsxsrvlpawm.onion thebeast6pwekhvs.onion xdagknwjc7aaytzh.onion 22222227giq565lq.onion22222222fhmxvuyy.onion2222222bnx5npxpu.onionbitcoimlztdjdz3e.onion www.brendangregg.comcarbon.now.sh politics.slashdot.org web.archive.orgwww.technologyreview.com api.greenaddress.itwww.msgsafe.iowww.transparenzgesetz.at rollurazu2aahmaw.onion5xgrs443ogbyfoh2.onionv245twftq76pls6n.oniongirlfcjbzzhenuha.onionlqdnwwwmaouokzmg.onion 5eme2auqilcux2wq.onion3m7squtbgznt4hgn.onion xmatchesfmhuzgfb.oniontorhostg5s7pa2sn.oniona5ec6f6zcxtudtch.onionbitcoinnordic.com cmarketsiuhtiix5.onionmixerrzbgcknjzk4.onion anonsteemnqvfma2.onionacteam2nmbucjnht.onion bitcoib75myfeeyr.onionbitcoihoimasigli.onion scanbot.iobb-viewer.geobasis-bb.de www.3dpreviews.co.uk pypi.python.org cryptostorm.is www.opennicproject.orgeasyvisa5i67p2hc.onion hijabhawzxipgzfp.onionvltuapsqjyacxkbb.onionomertavzkmsn6tp6.onion 7pwhaqsxbjdj27gx.oniontorlinkbgs6aabns.onionih4pgsz3aepacbwl.onionw56hjpxn45yzohqa.onionbvunqhdbizqxyuoe.onion walletbjvdecnjgp.onion adventuresinmercury.blogspot.com boingboing.net securitytxt.org tabula.technology o4h5pul4zhafndd6.onion zsionvz2kfzttpv3.onionmgibojrlzdfoajbn.onion2fqgjzbb2h7yevom.onionwikitjerrta4qgz4.onionbbxdfsru7lmmbj32.oniony4bzva6k3l2l7rla.onionqyy2n2lqpc5l524q.onion:8080 renthackyzogj4b4.onion hbetshipq5yhhrzd.onionfreefireqbzex732.onion marketcvwplqswqq.onion bitcoilw2kvojufv.onion bitcoib53lztkrdf.onionbitcoirzlkucrske.onion dsro.ru www.keka.io ca.rles-tub.io. gohugo.io stormwayszuh4juycoy4kwoww5gvcu2c4tdtpkup667pdwe4qenzwayd.oniongit-.immerda.ch redacted.pictureswww.fau.de sexdq7iwyb4u7ah4.onion outforumbpapnpqr.onionnjdl3afan66gdlr5.oniontufprj3pslo56ilh.onionmpf3i4k43xc2usxj.onion xzzpowtjlobho6kd.onionblkbook3fxhcsn3u.onion7g5bqm7htspqauum.onionirc.lcucx7bkbi2dtia36r.onion btccozsovytqnyur.onionbitcoibz264gxcue.onion laravel.com cpezh5fm2ilfkgld.onion www.m4tr1x.wsjes.xxx projects.argh.inrevenge7vg4e2f7h.onion workers.cloudflare.com 74i677egkh3zlk6r.onion l33teryfjryh5ir7.onionchaoscd6qmxifwas.onion wx3wmh767azjjl4v.oniontklxxs3rdzdjppnl.onionekwreugkil5ncyyh.onionwww.geohot.com6dyi4t72u7y6g763.onion qubsrxat5qsaw5u5.onionwyxwerboi3awzy23.onioni7hknwg4up2jhdkx.oniontamar.safe-mail.netjh2ukziqseqdysvd.onionstreetddxedw5thp.onion platypus77f3ujfw.onioncasuoutf4stjtn56.onion bitcoirmtrc2cmtf.onion bitcoi7zrj3uvslr.onionbitcoiqlogy2oamm.onion www.ats-lang.org .ch hackaday.com netzfreiheit.org ponychat.net flisland.net gadmai6ebvzji6v6.onioncripticavraowaqb.onion gpostalfauulvzhs.onionauw6fzx756f6gqcd.onion shopsat2dotfotbs.onionzgmxllflvb7oza7t.onionhmicgynugykfpn4i.onionnwycvryrozllb42g.onionhttp drugszun7tvsgsaa.onionluckp47s6xhz26rn.onionmobileay2syyw6qf.onionthebbw.biz mollyworh4524fop.onionhackeroql4l2mejs.onion Topic vboro.de twitter.rixx.de git.wsn.atbestcpsfdfdogcpb.onion www.xing.com o2jdk5mdsijm2b7l.onion jclo.co deluxedzn6h572qp.onionEndchan.pw booktracker.org forum.securedrop.org www.parazite.org3fnhfsfc2bpzdste.onionvv7pabmmyr2vnflf.onionlocalbitcoins.commixer6nyvxalc252.onionoglbv4c4kpoobkid.onionmixerabagt5d75fe.onionweed46fkpfzc3lvi.onionchbetteratd6wskq.onion piratecr44nh3nw4.onioncarddumpa36spoya.onion blockr.io blockchainbdgpzk.d33e7059146f2d3189efbd8d7e4658b3a304e4dbe2b83f636b83c25c85f3fbecbitcoitidrfj7w4v.onionblockchainbdgpz.onionbtc.combitcoi2stzn2lxmu.onionbitcoin3or2zr5s2.onionbitcoi5cpvzozpkh.onion b612-font.comwww.infoq.comrgommers.github.iocyberwar62fmmhe4.onion urlcanary.comxapo.comperldoc.perl.org identi.ca www.ubetterstayawake.org emercoin.compenisvqibeqxdo2s.onionwordpress.com ik3dw5whel25zxnj.onion3dbr5t4pygahedms.onionszmyt4v4vjbnxpg3.onion dbmv53j45pcv534x.onion 34uvre3xzku2eanr.onioncleancoikmh6uamc.onionfakeids5bps3l6qb.onion bitcoitdiec72b3p.onion 2222222fjgch7zpy.onion acm.orgnews.ycombinator.com onename.comwww.renderlab.nettt75atziadj4duff.onion daemon4jidu2oig6.oniondrugs4yxm7rfruus.onionxuytcbrwbxbxwnbu.onionrechardsp4x6tdrh.onioneqss5zckaykxqbz6.oniondm4wty25ay7jqs55.onionzktxwox376pbkp2z.onionNpdaaf3s3f2xrmlo.oniony3fpieiezy2sin4a.onionpdjcu4js2y4azvzt.onionkeepbitcoinreal.imgur.comwolfhowl.orgoukryuqqc7ffenin.onion3vnjj7h6c6vw2yh5.onion malina2ihfyawiau.onionchemspain7iw2zby.onion vendorcugc6oppvb.onionweedstor3zsuwrhx.onion 2222222gln6axpfp.onion bitcoikbv2llz63c.onion sanasol3j3xbndqa.onion www.videolan.org opencollective.commacopenweb.com smstravelmap.com synshop.org e4c4xzz3hl772fti.onionlibgen.iosgangmyei7zrlinr.onion beautyboysj2sgq3.onionacropol4ti6ytzeh.onion orsxvca7glswueo7.onioncstoreav7i44h2lr.onionq2uftrjiuegl4ped.onion:2000 idnxcnkne4qt76tg.onionjvrnuue4bvbftiby.onionytdlczouoxgwzyyu.onionbugtales.net cityzenp4d2eytjh.onionanswersdx4tm2tqr.onionweedsragjdyuimdm.onion bitcoiamkbwscbb7.onion bitcoiimqy4kuj2v.onion top.dsro.ru gis6.stuttgart.de www.nyi.net curbedambition.com 5u56fjmxu63xcmbk.onion besthqdirnimrgpj.onionxpgylzydxykgdqyg.onion qkndirty6fifcrdk.onionjpfoxfrtbirzzugb.onionlolitayx46e76fsa.onionstoregsq3o5mfxiz.oniondoylo7o5omz7jikc.onionaewfdl3tyohbcenp.onionamjol5qxtnwud7jg.onionbuggedplanet.info pja3dhxxpn4cba63.onionvkpriz2cjzymgpsp.onion 22222222kg675r2p.onion blockchainbdgpzk.onion btcco6vsft7ibg7z.onion bluishcoder.co.nz openweathermap.org rixx.de breathrzhfvcggku.onionwww.theadventurists.com .im ehicffiy2s7cbanklb4hhhkzj2hya727rf62qaty5jy3r32rufuq.b32.i2pwww1.icsi.berkeley.eduswao4ix46yb2pvgy.onion ppalyfjmuh2mmp3m.onion xrwveit2nw6etj4b.onion xsold3pvbxt4xblv.onionwdnqg3ehh3hvalpe.oniondtt6tdtgroj63iud.onionkonkretzdxpqygow.onionrso4hutlefirefqp.oniongdkez5whqhpthb4d.onionleakager742hufco.onionwww.awxcnx.de7hk64iz2vn2ewi7h.onionodduuqnxvzqftyfh.onioneris42pjppdmuguk.onion hiddenwik55b36km..onionyabtcl.com mollyworup44gri7.oniongunsdtk47tolcrre.onioncoinpigih6i444lm.onion fakebillxl6ind2f.onion bitcoia4vcjfjeqn.onionbitcoidqfvllhib7.onionbitcoikyk4qtxmwb.onion sanasol-test.ru blog.binaergewitter.de hdwikivgmzfa5eui.onion ko-fi.comdumpkingdom24.comfpqmnpsb7fjqccse.onioninvisible-island.net jamie3vkiwibfiwucd6vxijskbhpjdyajmzeor4mc4i7yopvpo4p7cyd.onionopennet.net brandonevans.caescrow43eaperqie.onionpmwdzvbyvnmwobk5.onion ketelg6bh2fdcdhl.onion wiki.gitbrew.orgbwbvcvmbpnan6xsd.onion jzn5w5pac26sqef4.onionhq3hmoa4thdplmta.onionxyjkasecb4ztzq3o.onionedramalpl7oq5npk.onionqlzkoetmfgl3vgjf.onionk4jmdeccpnsfe43c.onionpinkmethuylnenlz.onion bbrigadekmbzx53z.onionmystorea4mbkgt76.onion amazonfkuuy6g3ou.onion btcconlmkzl4c5jo.onionbitcoijwrtfmxqsb.onionbitcoi4u2ibrd7i4.onion swish.swi-prolog.org www.hanselman.com www.otto-weber.at accuspark.co.uk scamsutlniin3tb5.onion fkd2rbkdtwxld3jo.onion news..commilkroad6zwmtbu7.onionybi5yfcdw6mxqlvn.onionfilesto37i2x5dea.onion tfwdi3izigxllure.onioneasycoinsayj7p5l.onionfec33nz6mhzd54zj.onion 3mrdrr2gas45q6hp.onionejz7kqoryhqwosbk.oniono2tu5zjxjlibrary.onionqm3monarchzifkwa.onioniqlnc7cbykhhurfo.oniondumpsmarslfo4h5g.onionir5eqhlec4j6n2pz.onion spacechadxxpkf6t.onionhijabgirvc7jryea.onion btccoqepojtvue7m.onion2222222jrry67pfv.onion bitcoih5mtmcpo2i.onion222222244trjylim.onion sandbox.onlinephpfunctions.com .googleblog.com vanmanbristol.co.uklbc.cryptoguru.org openports.se www.cloudflarestatus.comasciimoo.github.iocoinmixibh45abn7.onioninfidelvi3vx2ln2.onion owriezc726nuc3fv.oniongnupg4na2oymu5ls.onionl3vv4lvjxgy5i7i2.onion kpvz7ki2v5agwt35.onion 54dgeda4ik6iypui.onion jntlesnev5o7zysa.onionassmkedzgorodn7o.onion counter5y4he3hny.onionbetcoinahk4j27yb.onionfg6vrxev3qzpyhmw.onionukpasspprmwaqrsd.onion killersp4h67dntp.onionhackerrljqhmq6jb.onion bitcoihkhjn5fg7q.onionbitcoilcczkh6djc.onionbitcoiwvy7he35ap.onion2222222xq5omj5dx.onion retardo6vlfxyzen.onionhardbin.com politik-digital.dewww.defectivebydesign.org7pd3i34noxnxolha.onion azsdjxck6kqdm7oz.onionrublacklist.netwww.rba.ru5plvrsgydwy2sgce.onionfightckxiykml2xu.onionbookssutzsay4so3.oniondeurfnquin7mvni2.onion3mrdrr2gas45q6hp.onion:2000notestjxctkwbk6z.onionxlmg6p4ueely7mhh.onionocbh4hoqs37unvv6.oniontqjhyhbso4mdcrvh.onion7ueo7ahq2xlpwx7q.onionbittit.infogolddig65dfkenb4.onionwihwaoykcdzabadd.onionzdzichtfwlcpejle.onion buybtcstbl2d3igz.onionsmartphnx7b73idn.onionsteemlohs6air4h2.onion bitcoicutyiiw7y6.onion anchor.fm www.foebud.org 4girlsxretxr64zn.onion alphabaywyjrktqn.onionlibraryxobbrbj33.onion pushingtabu7itqj.onionkbvbh4kdddiha2ht.oniondkn255hz262ypmii.onionzce2gyru25cvynqc.onionk4btcoezc5tlxyaf.onionu6lyst27lmelm6oy.oniongx72uexxlkzofk6p.onionpanoptykon.org 65px7xq64qrib2fx.onion marketdftsaewyfx.onion amazingd64el2zty.onion bitcoim5hovdraoy.onionbitcoilqjpqrsnj5.onion btccoa6hxovddqog.onion www.poker.co.uk toster.ru dl.mercurylang.org www.upwork.commegaupload.nzdigitalcomicmuseum.comwww.veracrypt.frwww.nextinpact.com tka6qnephsjeeuykrqew2s2y3upxz3dkc4zrxd33uhckv6s5ugmcbqid.onionpgp.key-server.io:113716rf4j27gnmfqf4jk.onion de.linkedin.com techcrunch.com pinboard.in hijabgawcciizc3r.onioneacwcqv4cgnln3ur.onion xxieg3mbvoh26pvs.onionfcl3t6t66uv3u4og.onionyth5q7zdmqlycbcz.onionqip7ogwceho36fhv.onion bescrowwc3nlocsb.onionr5c2ch4h5rogigqi.onion wallet6qmtkcub2e.onion bitcoih4msrugcl7.onion6aycd2mdcrynhx26.onion www.casinos.co.uk userinyerface.com trends.google.comwww.cyberarmy.at chat.anonymous-austria.comascap.comwww.wired.com jacob365f4qhg6or.onion nz544wppkixoqajp.onion qzbkwswkvlded57h.onionen35tuzqmn4lofbk.onionur5fbg7zlmo3krly.onionc3jemx2ube5v5zpg.onion3c3bdbvhb7j6yab2.oniontns7i5gucaaussz4.onion konkrelzdxpqygow.onion22222222hkqnx4ec.onion bitcoizxxzje2eld.onion2222222ep67fw3hd.onionbitcoiuj7kqljiqh.onion uncaughtreferenceerror.com hardenedbsd.org namecoin.org www.gofundme.com blog.fefe.deblog.wired.com sejnfjrq6szgca7v.onionpsgnrs5y5aew3foaeijufd3otxmfq3cl6p2b27tekmnqxrc3kgwa.b32.i2pzuzqovzpjyvrkfsa.onionendchan.i2piuektur6bicvfwcq.onion s5wjo7jakzynjlp2.onionjrx7li2ofr4vu5xv.onion 6qcll3kmt7grddeo.onion bitcointalk.orgwywg65dio2lhe76z.oniondjypjjvw532evfw3.onion6rc6dra5nli53moi.onionwww.tankesmedja.nu lq46uemafsc6il2g.oniononion.parazite.netwww.kognitionskyrkan.nu 2222222o4tmhwyow.onionmaghrebwzbkucctg.onionrussianyhluzsk53.onionpistolcqex2ecr5r.onion douppikaupp4yy7p.onion 2222222ffaklzb6g.onionbitcoidxlopkburj.onionbitcoimoxd4ja6dr.onion symfony.com wiki.haskell.org old.reddit.com dogcp3cvvdrudtv2.oniondx.doi.org greynoiselgbq2l2.onion www.nopnr.org 7ln4cubdfhs7tvtz.onionz52ncdpv3u5qc4hj.onionomega4jnlwm4yjza.oniontorc5bhzq6xorhb4.onion732z3c3s52uby6xh.onionfiles7icwdgrujzm.onion222222avkcjpcbwi.onionfreedom.presspilletubnarawosh.oniont4is3dhdc2jd4yhw.oniongionn.net 25ffhnaechrbzwf3.onionrunionv62ul3roit.onionqtt2yl5jocgrk7nu.onionlaundryf7gurm5yg.onionsafebtck4qejiero.onionpbuleijc2kwnkxsz.onionk5zq47j6wd3wdvjq.onion bitcoizue2cc4joe.onion2222222rdllmrua5.onion bitcoip55du225hb.onion tracker.geops.deblog.cloudflare.com wiki.xfce.org pycodestyle.readthedocs.orgfabienne.us rn7qg5v6t4p5gbvs.onionvaalyxbdokuwnme4.onionsqmhttjqicvlgibf.onionponieslzi3ivbynd.onionsollhs4nbdwwzka2.onionwww.cypherpunk.atwww.magusnet.comui4zevqxi26kgenc.onionfzqnrlcvhkgbdwx5.onion2ygbaoezjdmacnro.onionfkyvwpu7ccsorke2.onionzqiirytam276uogb.onionforumxrqfkgjqyy4.onionvt27twhtksyvjrky.onion bitcoiv6ilkolqhn.onion bitcoiuok7l42y3b.onion yandex.ru safe3tve47o4cpht.onionzyclonite.net dumpkibfvwvgjb7c.oniontranslate.onionsearchengine.com derpmailod2b4axq.onioncyberleninka.ru n65xqgf3qj423wfj.onionibhg35kgdvnb7jvw.onionbeehive6ratfqulk.onionll6lardicrvrljvq.onion3terbsb5mmmdyhse.onionnewpdsuslmzqazvr.onion deepsec.net2vlqpcqpjlhmd5r2.onionmmgh3rqeswrlgzdr.onionr2d2akbw3jpt4zbf.onion nt4f7fzcjoe3f5aj.onionplasticmrjhmyrxt.onioneacteamcesfsr3gt.onionsmokerhv5hlklzh2.onionbitmixergv5vvbza.onionelectronz2gpfyz5.onion bitcoimtnovhdcxm.onion2222222my67lpvpd.onion www.princexml.comwww.metalevel.at www.odeskwork.com propsummit.comxory.pmtractors.fandom.comlinux.slashdot.org matrix.to www.rrze.fau.de hansamktkykr5yt4.onionokvriyrtxopy2kfo.onionevilchatxp24s7vb.onionzgfgvob256pffy62.onionpstatpxhltgzeuwa.onion2vx63nyktk4kxbxb.onionpickfireywcq2wf2.onionwww.flickr.com mobil7rab6nuf7vx.onioncardsunwqrzhg5cw.onionsms4tor3vcr2geip.onion g7l35kk2ysi7ggon.onionfaerieuaahqvzgby.onionp3igkncehackjtib.onion6n4cuxee45ngwscx.onionfrwikif6dh4jvm6a.onion i1.someimage.com bancopanuemswrrz.onioncocahze7fqy4qwwx.onion bitcoi6u7ap3hapo.onion2ocmf35yp4brofrp.onionbitcoiiy5coqwlir.onionbitcoiyxs44eei75.onionbitcoikcxhkchejv.onionbtccoawjkf3ebvkl.onion www.libertyreservedirect.com freesocial.draketo.de ep2019.europython.eu uxjczuo3ibpibbew.onionjesblogfnk2boep4.oniongnjtzu5c2lv4zasv.oniondarkheroesq46awl.oniondeeppornx5rnxn5j.onionzgmlocci2uheaw6y.onionadblockplus.org .netjamiewebgbelqfno.onion fb2lib3argrtulnw.onioncppxwkp35scoo2bk.onionvisitorfifjwl377.onion doxbindtelxceher.onionalienxfjeu3jzyfl.onionad52wtwp2goynr3a.onion2tracks.wsxqrqbzhii6m6sdrv.onionbx7zrcsebkma7ids.oniontdkhrvozivoez5ad.onionnaot2jryja6iyrp5.onionblenderri3sud4e6.oniontaswebqlseworuhc.onion teensoncam.orgdirectdal7bourmy.onion bitcoiami6ntzkp3.onionbitcoic6pd2kehh3.onion bitcoicv57t3xond.onionbitcoihfd4mkwcwx.onion www.erlang.org time.is journals.aps.org k56fvg3kwldqyx3gv2zgumst7qimiql2fg55l7hhoshquhx5raeiibid.onionimg.jes.xxx www.gumtree.com rudo.alokal.euwww.ccbill.comjirk5u4osbsr34t5.onion2rich4b2nuenjetj.onionflibusta.i2popenid.net fuckyouhwlpp3odw.onionmatangaqaxtg22aw.onion ow24et3tetp6tvmk.onionfcnwebggxt2d3h64.onionwallstyizjhkrvmj.onionmakloox.zoohaven.comiwdmsbpxclyjhi4e.onionhbetshipq5yhhrsd.onionqc7ilonwpv77qibm.onion xteen18.net bitcoigktk3jdlvl.onion 2222222l6oxgijgz.onion sanasol.ws anonfile.com bettercrypto.orgwww.principiadiscordia.comgit.yayponies.pw [200:4d21:507a:b19e:7876:7b2b:774:1b77]ulrn6sryqaifefld.onion zmovietoropzaid3.onion www.catoutofthebag.infodts563ge5y7c2ika.onionig6ndt6anbg2dimk.onion 22222222juzrxryi.onionnekrooxwwskakacj.onion 26vcngdc3bfqkasx.onion 2222222qeou6moyt.onionbitcoiyqrrmuzolq.onionbitcoijjiz63xfes.onionbtccolxlzmzktkqr.onion www.lotto.co.uk uuid.hidekisaito.comgeekli.stsegvault.space .ionxhhwbbxc4khvvlw.onion end.chan nichank62kpkrxvg.oniontwittorxsun563wg.onionsolarmovie6rystf.onion usjudr3c6ez6tesi.onionrsclubvvwcoovivi.onionlchudikfyjafhqjj.onion pt35z73i7woajgtwokcc5wmapdlpbgzyzxcuv5lp3d3z5i4ppgc6ltid.onion2ogmrlfzdthnwkez.onion k6gsb4ibatcico35.onionwww.lilly.com germanyhusicaysx.onion deepsea2ou77c6vw.onion bcloud2suoza3ybr.onion www.pine64.orgbristoloakmirrors.co.uk www.stockfighter.io scamm55va433wt27.onions7a4rvc6425y72d2.onion cstorm5dzz7vgmvo.onionfloskelwolke.denanochanqwrwtmamtnhkfwbbcducc4i62ciss4byo6f3an5qdkhjngid.onionbitcloak43blmhmn.onion 66wvouxx4te4lqiv.onion6zwctlqtpilbkl47.onion mp74puo7cp6gsgkj.onione2qizoerj4d6ldif.onionrzb5nlpvy5oqnket.onions5q54hfww56ov2xc.onionsmoker32pk4qt3mx.oniondirnxxdraygbifgc.onionwww.moral.nuwww.citadel.orglovezspamopfiqul.onionnlmymchrmnlmbnii.onion applesf6emggp2pz.onionbtce7mfnhnpdkg5k.onion countuwelx4r7qi5.onionweapon5cd6o72mny.onion bitcoib6hxl2tn6t.onionbitcoihvwoa6xstw.onion2222222kt6vihsl6.onion www.mercurylang.org packages.gentoo.orgyllornhy7glid3ks.onion endchan.net mx7rwxcountermqh.onionnstmo7lvh4l32epo.onionduskgytldkxiuqc6.onionwordpress.org www.privacyfoundation.deirc.prooops.euhackint.eu www.nanaimogold.comhbjw7wjeoltskhol.onionwikitorcwogtsifs.onionsilkroad6ownowfk.onionfogwalletgw4g2nc.onionpassporxakpmzurx.onionfakebillkelmwaos.onionreplicasuwrsffzj.onion en.wikibooks.org lemans.maville.com www.handshake.org freenetproject.org arstechnica.comillsexpoemad3wyy.onionadminblog.foucry.netuk.linkedin.com j5lo7vgmgrz5xoi3.onionbskoid4l5redrw5m.onionshyserversmg4gfe.onionkorovka32xc3t5cg.onion viplantiicnnnski.onionsilkroad7rn2puhj.onioncastorz2lijmrc5f.onionkbyz2vu3fnv2di7l.onionbiwvi4oeyo4fflzr.onion4cnrrd7lqvfos6xm.onionwww.gnupg.org abbujjh5vqtq77wg.oniondaay7qpaxweqwaks.onionqkj4drtgvpm7eecl.onionwvk32thojln4gpp4.onionkpynyvym6xqi7wz2.onionpastebin.com wacky2yx73r2bjys.oniontorbrokerge7zxgq.onionptrackcp2noqu5fh.onion kf66ipjq43tjmonh.onion bitcoi7wkysmwiq3.onion bitcoi33owysbt3o.onion bqbsjtulimblbgvroj33rzolowimuh2evcv42n7jnsa4cm4w43n33vyd.onionwww.alta.uni-bremen.dedocs.oracle.com www.vendeeglobe.org www.unwatched.orgcaligatio.github.iostormgm7blbk7odd.onion zootopiaakx4m57x.onionfysatvc545wppw6b.onionzmw2cyw2vj7f6obx3msmdvdepdhnw2ctc4okza2zjxlukkdfckhq.b32.i2pgewaltics7teim6i.onionduckduckgo.com psyco42coib33wfl.onionvxx2tfzprjm56eka.onionteir4baj5mpvkg5n.oniondreamrvfuqrpzn4q.onion zbnnr7qzaxlk5tms.onions6cco2jylmxqcdeh.onionnpdaaf3s3f2xrmlo.onionvmpfixh5npcjofsv.onion bitcoiuh2afj5fvs.onion www.nalscheme.co.uk fr.wikipedia.org www.freebsd.org yspwdthzg3tnmpzn.onion eljwdzi4pgrrlwwq.onionzk7svwo5b2v5wocs.onionbcwd7odqqxs62afg.onion endchan.org rrcc5uu3dkhlvdwo.onionlunacycipxdcd5rp.onioni2vzg7f44bj4l3r7.onionucbcx5gjzketyjhj.onionnnmclub5toro7u65.onion6ll6pemk37fmto6j.onion lelantoss7bcnwbv.onionetrrdbuorwng2hkw.onionwd43uqrbjwe6hpre.onionzzq7gpluliw6iq7l.onion onion2.parazite.net365u4txyqfy72nul.onionatlantisrky4es5q.onionbraveb6xgkctts5l.onioneucannapggbtppdd.onionbtcwash7jmra3hgm.onion 2222222qbzrkxl7l.onionbitcoib3vr5a4yq5.onion getgold.us nameid.org 3jkjhrvkdbdkqisnwhdpe4afh2j2g3suhsfcewiemsyk5ecd6gadmxyd.onionandybauch.com i.imgur.comwww.ibtimes.co.ukwiki.namecoin.info tqhc2rjadgqj3ylq.onion zyklonoacemp2bug.onionimhhge4lijqv7jzf.onionthemeisle.combitmessage.orgwbyi72yt6gitdcqd.onionantonsen4kawlomo.onione6sid6nazlbp3ezw.onionlordzeroppbmvpjg.onion 74ypjqjwf6oejmax.onionam4wuhz3zifexz5u.onionxiwayy2kn32bo3ko.onioncardshopffielsxi.onion 5dztznnf3zldx5az.onionhound3hltdavasev.oniondrugpcylbk6cfvs2.oniondeeptechifsxtuzg.onioncocain2xkqiesuqd.onionnlgrowc3xywaj2zn.onion dumpstreedhgfndk.onion bitcoi4jvq7j5nvm.onion ats-lang.sourceforge.net www.ncbi.nlm.nih.govmh7mkfvezts5j6yu.onion bremen.freifunk.net circleci.com www.domob.eulabs.hidekisaito.com teenjbtb5l2kotad.onion top100.rambler.ru g7ielqfyazy3n6nt.onionOnionName.comwww.eff.orgvmfucmt625257zdp.onionfbverg66cgvrj55m.onion flibustahezeous3.onionanatisrfazyawxqv.oniondjn4mhmbbqwjiq2v.onionwuvdsbmbwyjzsgei.onionvfqnd6mieccqyiit.onionxfnwyig7olypdq5r.oniong7pz322wcy6jnn4r.onionqx7j2selmom4ioxf.onionhyjmkmb3lfymiprp.onion4zeottxi5qmnnjhd.onion cards5yvy44gucvo.onionartgalernkq6orab.onion22222222nh2uah4n.onion22222222ljicioww.onionhackergruemqvew6.onion fmjo3f4lscs2jv3a.onion btccod5rszso4t77.onionbitcoidps5jpndff.onion bitcoijytzriwizk.onion www.swi-prolog.org www.meetup.comwww.soldierx.comprohackv3s4nbe5e.oniondivisbyzero.com v6bebahvmzratwi7.onionwww.youtube.com chattorci7bcgygp.onion novarcbekzy3xwcq.onionbgaxaar7xx6dpptt.onionkardencdyzqdqfka.onionozawuyxtechnopol.onionbjyushvzach2v6ky.oniona4yedjgciupu7zzt.onionzj45fq6q5f7m56z2.onionop4jvhn65pjv3slt.onion eeyovrly7charuku.onion babylonxjrtoyomy.onionvlp4uw5ui22ljlg7.onionhiddenwik55b36km.oniond46irpoo6xljwysz.onionhhokbk2kujwujm3w.onionloundryslz2venqx.onion 2222222ugah2uexw.onion www.dino-casino.netxqba2sfsuvns4j7h.onion www.cambridge.org isopath.jes.xxxzoosexr3u7qi5bga.onionsigaint.org www.reddit.comhackerone.com e2wt5isng4lmqxa5rdbkoplx353mz7l66xkstsxwmb3rmzuhglo3s2yd.onion vichandcxw4gm3wy.onion www.mediawiki.org76ssfjn22svo4vyl.onion 2kka4f23pcxgqkpv.onion neoturbine.net greendrgfjz7ks5f.onion bitemail.net bitcoifkdqkpx3ah.onion lichess.org thehackernews.com www.beej.usebxqgaz3dwywcoxl.onionalttoken.online 6zc6sejeho3fwrd4.onionn4zmf6sesct27h65.onionphlow.github.io zxjfjm5iinmgezyj.onion3w7wu26euuxbcly5.onionx7bwsmcore5fmx56.onionbittexttizfec375.onion4apu65ago3nbpbaf.onion lolicore75rq3tm5.onionwtwfzc6ty2s6x4po.onionen.bitcoin.itelectrotev3tgo2p.onionarmoryohajjhou5m.onionsalted7fpnlaguiq.onione266al32vpuorbyg.onionspofoh4ucwlc7zr6.onion cannabi4ewmalq3g.oniondedopedhvmcsxylb.onion bitcoijdyaecr6sa.onion yurtlush.co.ukabout.gitlab.cominfosec.exchange fallenlights.net okaruto.spacewiki.diasporafoundation.orgikiwiki.infovekgqlibyq5ls6i7.onionbilzb2a52r4frfnu.onionpoal.meaaalink7lq6i65bb.onionEndchan.net syst3k2e5lysrei4.onion buzw55o32jgyznev.onion 6sgjmi53igmg7fm7.onion ianxz6zefk72ulzz.onion searcherc3uwk535.onion wumsxhtdt73z5trb.onion bitcoigd7dof4zz5.onion www.slideshare.net www.synology.comvid.pr0gramm.com pkg.hardenedbsd.org charlie.ht awoo.space addons.mozilla.org OnionName3jpufot.onionngz7dant7hhejxsh.oniondhosting4okcs22v.onionspicerckk3nrowry.onion 6zjktg7i2qdld3xi.onion wx3wmh767azjjl4v.onion:2000 ykrxnmvcmozu5maa.onionkryptocg6rptq3wd.onionsheep5u64fi457aw.onionbankors4d5cdq2tq.onion7haz75ietrhjds3j.onionbitphar76n5t3qag.onionbettorzztykidrx2.onion thebbwalguhfkfx3.onionruzh5shkcme2tpfk.onion gutprintbqe72yuy.onion bitcoiri2cfs3zjh.onion www.notion.so www.kalzumeus.comja.hideki.hclippr.com www.freshports.org animalirgsuecrvn.onionaaalinktbyhxngho.onion mvfjfugdwgc5uwho.onionbitcoin.orgcyfrowa-wyprawka.orgbigsexzwankdb27a.onion4yjes6zfucnh7vcj.oniongirlbmayme6evpwv.onionrrcc5uuudhh4oz3c.onion5onwnspjvuk7cwvk.onionwww.i2p2.de xodijruknc2fcsyj.onioncryptorials.io chippyits5cqbd7p.onionffi5v46ltwgx3fby.onionweaponstrxqniqrt.onionwww.independent.iea2emrmdsprmm9t7i.onion b3urzn2a357x3pxi.onion iamtheliquor.bandcamp.com lists.srct.gmu.educyl.wsn.at greynoi.se gigaom.com sportschan.org unearthjtc464zh4.onionhansamkkprr4if3z.onion drugs4ynx74xribs.onionnetauth3qialu2ha.onionj6im4v42ur6dpic3.onion vkq6wz4ozmldscii.onionfilezilla-project.orglibertygb2nyeyay.onion:5281j3capgi3drf52m3i.onionyj5rbziqttulgidy.onionsteemit.com fmp75d2wcfom3opr.onionmo4moybqbtmdex44.onion www.gambling.co.uk installer.hardenedbsd.org multiphasicapps.netunenc4agrvxopukl.onionmetamask.iojim.willingham.comdidtheyvoteforc51.ca savetheinternet.eumixtape.moe3smoooajg7qqac2y.onionfauftpffbmvh3p4h.onioncdvuvwn35uwd7r22.oniongtyeo3qebewvp4e6.oniondarkdev5ibekblct.onionendchan.xyzdc-poisk.no-ip.org tt3j2x4kzdwaaa46.onion qputrq3ejx42btla.onion cipollatnumrrahd.onionmts7hqqqeogujc5e.onionsecmailm453q7piv.onion2gxxzwnj52jutais.onion2kcreatydoneqybu.onion offshore52uakque.onion www.netgate.com www.smallshelters.com fossil-scm.org shadowtail.dev muhvbkgognea4p3l.onion glowlandpvb6q2tl.onionwivfwn64tm3uaeig.onionncikv3i4qfzwy2qy.onionnfkrkvghv75xsf26.onionreddit.comtraderouteilbgzt.oniongiantbomb.com254iloft5cheh2y2.onionallbaseza3uifcm5.onionjitjatxmemcaaadp.onion4ktz77nd2rn7gcsm.onion:9090akmb7t5w56jcfgwf.onion2r2tz6wzqh7gaji7.onion gv65yxs76cpzrygp.onionmarket77w4eaafd3.onionwallet777hk6x7ac.onion www.ecranlarge.com git.gmu.edu dxsj6ifxytlgq33k.onion wsn.at wbaidlaw6quwv7h3.onion rjzdqt4z3z3xo73h.onionnoscript.net quebecsec.ca torimgupbo33rhai.onionpoofegruzqmggbqc.onionanna4nvrvn6fgo6d.onionsx3jvhfgzhw44p3x.oniondrystagepmi5msdm.onionwiki5kauuihowqi5.onionr6v4p22fqlxflyrc.onionhackarmgq2n2erux.onion 5mvm7cg6bgklfjtp.onionzenithccalwhzy26.onionwww.rejetto.comfinanco6ytrzaoqg.onionqd73mvvc7v7zewwl.onionwww.bitcoin.org ogatl57cbva6tncg.onionfakeidjgjmadhyr6.onion nvg2fpombbs7mxfn.onion fr.m.wikipedia.orgwww.meilleursprenoms.comwww.pilulepet.com www.plutex.de www.freesnowden.isplay.google.com sensible.mn yniir5c6cmuwslfl.onionttbmov2dezfs2fln.onion4dp5s6jkxpe6fcl4.onion matangaezngvjcud.onionggg3cu7aehjbfkcn.onionbankshopiweol3mv.oniondiptszm3ti2nluxw.oniongxamjbnu7uknahng.onionzpvluacf3b3cjxm7.onion skimmerkvmpi5vyn.onion www.bfmtv.comwww.sample-videos.com www.cvvnumber.comcaconym.co.uk torproject.org jungs.wtfwww.twitter.com inifinow.net torcvvq44o7ofjuu.onion 6a3nny6zpg23dj7g.onion xfmro77i3lixucja.onion ezuwnhj5j6mtk4xr.onionyeebqjcbv7g34nu7.onionsamsgdtwz6hvjyu4.onionfogcore5n3ov3tui.onionftwwebt6e3nb3lmw.onion3vnjj7j6c6vw2yh5.onionpsyched25pydrgul.onion 2i7aalqdpiuw36nu.oniongirxsmvumbjg3hus.onion plasticsq3ltusuo.onion www.pcengines.ch risacasino.com en.wikipedia.org n3jmokwllhv7klva.onionendchan.pw2w52oe6m7uyt5lzr.onionfhny6b7b6sbslc2b.onionfantomwf4luxar7u.onionfncuwbiisyh6ak3i.onionucavviu7wl6azuw7.onionn3tnhtfvnfs4px2w.onion7faq6ixireuaiksj.onionchws5ibwliag4fyc.onionhww7dmbiddtnuxoi.onion 52wdeibt3ivmcapq.onionzw3crggtadila2sg.onion ovq7h5bwvey5pnrr.onion nifgk5szbodg7qbo.onionf3ljvgyyujmnfhvi.oniongjlng65kwikileax.onionpatroncix4xuqtu6.onionbazarilzvorlramx.onion btc-asia.com graphhopper.com www.konbini.com pentapad.c3d2.de www.theverge.com squirrelmfbf2udn.onionapps.fedoraproject.org clgs64523yi2bkhz.onion blockchain.info jokerbuzzhyhl5cl.onion secrdrop5wyphb5x.onionabyssopyps3z4xof.onionwi7qkxyrdpu5cmvr.onion emodolls.comdjmrwe2r45qf5bjj.onion h73hx2munq7q465s.oniontdupp6lmgnpex5ss.onionwww.anonet2.orgbryemnetihwcflrs.onionexposed36mq3ns23.onionpharma5jbbmwjoo3.onion www.capital.fr mobile.francetvinfo.frc3d2.de smsprivacy.orgwww.hyper6.com wiki.hidekisaito.compkgsrc.se jbtdoefw4aq4jfpu.onion guardianproject.infoahy7darkchat762o.onionwpn2yzrbu4mxrq7l.onionfunwito6ykzrupsj.onion xxvxqnbatbidn4tq.onionqbxldjyuox77fe5y.oniontorhost3p7quiikq.onion torwikignoueupfm.onionow24eogrfzo2fhbb.onionoq57taqw4finzl3i.onionhijabxq3ctj6oufk.onion b4vqxw2j36wf2bqa.onion5vppavyzjkfs45r4.onionturkxg24knjsfj6j.onion onionsvpscug6wpk.oniona2emrmdsprmm6t7i.onion o2up7gjedqdn5ulp.onion hostie65cxwr4tza.onion dlfp.moul.es mlh.io www.patreon.com wiki.ubuntu.comed25519.cr.yp.todiscord.ggpodupti.metoy355pyaq3jmxla.oniondoggyfipznipbaia.oniongarlic7ravilyupx.onion gac5e64yd3rsdk5n.oniondollzucjzqg3coec.oniondnexusckvupoziha.onionblackmartihc5de5.onion 2nnt2kshghg4ow4l.onion .netnope7beergoa64ih.onionamberoadychffmyw.onion32rfckwuorlf4dlv.onion bitstorenctdwhmo.oniondrkseidwayn6uc5x.onion hlinkhign4obv3a3.onion tinyvid.tv www.telegraph.co.uk esante.gouv.fr www.cmykat-designs.com squirreljme.cc hideki24bd6yof6s.oniontrackeryknvofs3m.onionhm3ts5s2tgymp5i3.onionipredator.secreo.blackmesa.at x36n2vixwf2yexfy.onionjgsl3bktj7m63hee.onionteranovif5tsxdb6.oniontigas3l7uusztiqu.onion legalisezzsbmrou.onionw67wo6xw5gwq2heh.onionopnju4nyz7wbypme.onionubw577imrzpcixiq.onionshadowrnzghb5zhb.onionsblibky6zuxhlwc7.onioncreditclap4h3w6b.onionnazgul3zxuzvrgg6.onion hosting6iar5zo7c.onion paypalfhnohwoy6b.onion safebtcdllz622bt.onion my.statcounter.com bitcoin-leipzig.dewiki.c3d2.de www.openstreetmap.org www.theguardian.comarchive.today 2g3r5jtvy4vrb5lq.onion idwrevavg4dgldic.onion zionshopusn6nopy.onion62yd4evhswhorx34.onionw5ifkainqlgtvg7a.onion 3meeeejaaaab7zre.onionvhgli4v7feaaz7ka.onionfhostingesps6bly.onionxmh57jrzrnw6insl.onion dangeru72zvedwtg.onion agorahbslwe4hcsv.onion thenib.com www.psychologytoday.combuiltbyelement.io www.rootbsd.net pixiv.me8ch.net github.com infinow.netsechatqpscuj2npx.oniong5k2zgvuk3ol5n37.onion internetdefenseleague.orgfamilybw6azkhjsc.oniontesemzlxmwalwqbl.onionzkh6ny4pqf7ma56d.onionx4torrentjjjjuxy.onion vezn5ce2xg4uiobb.onion 4iahqcjrtmxwofr6.onion bgkitnugq5ef2cpi.onionbitcardsqucnyfv2.oniontrollodrome2.torpress2sarn7xw.onionlibraryhvopfiqnp.onion xyt4inlajwmn3gfb.onionreplicaf6cjadwxs.onionstoress4s5xft36c.onionw6hvnslzvaxfgqsz.onion www.statcounter.com connectat.voluntariat.gencat.catopendays.cern graffenteqk3od63.onion6zdgh5a5e6zpchdz.onion wirexapp.com facebook.comwww.coinpayments.netg2a6iiu5yr7dfrgn.onioncfhfwzdago3pbpdw.onion onionbrowser.com xkpxyjk3weuzklzx.onionoffpriv2kalk6oya.onion www.oftc.net kbhpodhnfxl3clb4.onion ruforumqewhlrqvi.onion5xbpc5qu4jx4e2eo.onionoi4bvjslpt5gabjq.onion 6i3athikp6hsre2m.onion groups.yahoo.com mail.python.orgwww.pressherald.com photo.programme-tv.net pikonic.com publiclab.org www.propublica.org vp6cnu4cw7fnc4z5.onion silkkitiehdg5mug.onionnegimarxzov6ca4c.onion babylonxjrtdyomy.onionund2jtx35butozdh.oniondarkpltsywpanqrs.onion zlz4kjapg7ldly46.onion visitpitcairn.pn mandala.bandcamp.com autotopia.c3d2.defd5tzhhtqsonqnxmvk2qplz5viwedznt3y6rjctv46t5w4q5ljpmcqyd.onion diasporafoundation.org 222222zsr3ih57iw.onion geti2p.neteasyonionsantyma.onionjstashin657bcdxm.onion acropolhwczbgbkh.onionpolitiepcvh42eav.onionthezeromj2umfc42.onionmessenger.com x75csj7vzprjji5v.onionlw4ipk5choakk5ze.onion i4rx33ibpyitqayh.onionziliontkroj5prf4.onionpayshielgjp4lsmx.onioncountermltd42g4x.onionbitstorej4kn3rw3.onion ne73czizcbbhx5e5.onion www.tibicraftspitcairn.com www.arte.tv slackbuilds.org www.crunchyroll.com ooni.torproject.orghelp.ubuntu.com www.facebook.com 666b5dyigt2r2sji.onion torwalkielhk4dxp.onionpalantirbhqyufyu.onion2ppcspuyefszmqrd.onionsatforumtmmmniae.oniononionname3jpufot.onion5v4igzib6nfke74l.oniontrac.torproject.orgnbhcaocqy3o6hanixbw3hntumbs4rliggenai6cncd5duwxki3xcaryd.onionc6q2m57ts2crvtiz.onionleomarketjdridoo.oniongmfvhgkue66ejbfg.onion valhallaxmn3fydu.onion cipollaonumrrahd.onioniir4yomndw2dec7x.onionqivl4yxf7fcandoi.onionwallettof7cfadq6.onionaiehehuydsmd7rki.onion gpvtnsjcs5mardpv.onion srct.slack.com www.meteor.com en.wiki.hidekisaito.combrewformulas.orgsakuracon.orgwpscanskzvjc4s2s.onion plus.google.com archive.is darkmarabrstwfuh.onion zzzcgjit65yyn4ji.onionbitmailendavkbec.onionjlve2y45zacpbz6s.onionchinamksmy54x46x.onionsilkkit4mj3ctg7g.onionalmvdkg6vrpmkvk4.onion 2izlbbg42mgtdh2w.onion atlmlxbk2mbupwgr.onion .net londonuz4egtfz3r.onion qa36luo2kb27m37h.onion2wkwv7m4hetvqo3d.onion www.futura-sciences.com www.browsehappy.com eqnbwy4b4k4lrlq5.onion www.digitalocean.comblog.archive.today5deqglhxcoy3gbx6.onionbitmixbizymuphkc.onionhnvfnq6ezrwrkedv.onionwww.mozilla.orgkzfzhi4nsvzx4rr3.onionnanochancsvnej4vxiidu4fhpchkxffl3mgqypub63xadeetkjttavqd.onionsadozwnrz5trwjnc.onionbtcmixhnpqlpfacx.oniondragonso4dnzdshp.onion4fvfamdpoulu2nms.onionclockwise3rldkgu.onion cocaineo5z66elwy.oniondeepdot35mrdqs2u.onionlitecoin.orgnql7pv7k32nnqor2.onion leconseildelavouivre.torpress2sarn7xw.oniongreenroxwc5po3ab.onion 7k7usqpjszn7ls4k.onion anonmail.biz ccsaleisqlhww2mb.onionrg2ggkvja24a6gkq.onion www.tom.travelwww.lci.fr bombefourchette.comwww.primelocation.com archivecaslytosk.onion s6424n4x4bsmqs27.oniongirlsj4sqwsybt4y.onion darkod3eeziu3w5p.onionchloenlpvlemmmmd.onion whi7fdjqfahtmsqa.onionrelatecxjngl4qs7.onionscihub22266oqcxt.onion4sf3dqfwpcpdnj6g.onion6w6vcynl6dumn67c.onionhackcanl2o4lvmnv.onionhelixmixalgxogje.onion4zkgktc6hjdmp6kw.onionftec4org3hcpnoir.onion mailtoralnhyol5v.onionfbcy5ylyoeqzqzcr.onion2r2tz6wzqn7gaji7.onion2222222krdmx5dlv.onion w7fmbuewputvyvrq.onion www.dailymail.co.uk www.dsih.fr hackmd.c3d2.de www..com www.theregister.co.uk radio.alokal.eu nickqizhu.github.io pasta.cfcommunity.openvpn.net darkdirmpmoq3uur.oniongprr5iur2uaema4p.onionsipherl2xokvirou.onionxox644yji3y3dale.onionqx7j2seie2ffbzxy.onionrutorzzmfflzllk5.onion africagdzf2ae5aw.onionzoo6cxl4rtac3jxw.onionhea2plrgsz45uq6pihxgrudpniunu46xyboyov2sxkes7fmrrphjkqqd.oniontorvps7kzis5ujfz.onion 7ca736d4of2xe7pm.onionnare7pqnmnojs2pg.onionpapyretelis2tfcl.onion sla2tcypjz774dno.onionstu32b4sndw3cptm.onioncelebfcf5vupvcbh.onionyjhzeedl5osagmmr.onion try.github.ioxmpp.dkhidekibin.hidekisaito.com 3pxiplszipgt7pic.onion5ynkx7tsomdmpbbr.onion irc.dyne.org electrum.org trello.com pgpkeysximvxiazm.onion crm.panoptykon.orgrospravovkdvaobr.onionblackhost5xlrhev.onion rkgbxsx3tyq7s6ti.onion33cb5x4tdiab2jhe.onionmixjuia5jwfchmnd.onion sweetsexsbjiplfx.onionwww.ozirc.tk www.christian.pncd.pn www.marvel.combellsroar.bandcamp.comwww2.math.umd.edu www.zoopla.co.uk jplitzawqogp4vid.onion eu.endchan.org mjt54q6pagohhimn.onion 54ogum7gwxhtgiya.onionlibertygb2nyeyay.onionedfbn5gfuaj2bc2w.onion storagetonzlegas.onion acteamwneyw3ik2w.onion www.historiccasino.com www.pisg.net jenkins.hardenedbsd.org abcnews.go.com hopkinspsychedelic.orgtorrentzwealmisr.onionhideki.hclippr.com atlas.torproject.orgbitcoinelectrum.cometnkdf2jsvc7vi4u.onionendchan5doxvprs5.onionyqfbo7ghmwzotrml.onion slpwlkryjujyjhct.onionn2ha26oplph454e6.onionamputefruj4rzgz5.oniondarkblogkjmwcij2.onionpppierreqdmdhrfm.onionbm6hsivrmdnxmw2f.onionsitesbr4zb63apyb.onion 2oywvwmtzdelmiei.onionredrooohprd4qg7u.onionqizriixqwmeq4p5b.onionhq4etj553otlzb5m.onion www.blackhost.xyzfcoinjqbc6en3pe3.onion iqdg56kbf5v4hr4w.onion pms4jpp6noy6azmw.onion fossbytes.comwww.lequipe.fr .com cli.learncodethehardway.orgrvy6qmlqfstv6rlz.onion mikeandkey.orgmedillonthehill.netfde5ouch3clzfyns.onionescortukmoz52fmu.onionalokalaou53jmgum.onion zauberstuhl.deproxy..com c7ooac5dc5iub6jc.onionhxnibog5m2ocjeef.onion wpzvprpnhhcypnn4.oniononionlandbakyt3j.onion torbookdjwhjnju4.onion777o6suetmexlesv.onionsblib3fk2gryb46d.oniongamebombfak3pwnh.oniondarkelectronics.wix.comhcutffpecnc44vef.onion6n5zylwg2meqokx2.onion mfgslmsj4ouxfp57.onionxteenchan.com moul.es saufca42reinzasa.onion getbootstrap.com5fodcclwitris3ro.onionwiki.srct.gmu.edu .org coinpaymtstgtibr.onion sibyl.lioez45zopr4glmlcs.onionbostqmjfz64etvkf.onion hiddenwikitor.orgexoduockgfq3ikf7.oniondnma2otzzftivc3w.onionsatan6dll23napb5.onionpwoah7foa6au2pul.onionwww.kopimi.comlulzwrzcle5ks3se.onionrss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.uj3wazyk5u4hnvtk.onionavengersdutyk3xf.onion76qugh5bey5gum7l.onion efb6om7tze6aab25.onion darksdsp6iexyidx.onionxcomics5vvoiary2.onionnco5ranerted3nkt.onion 3xfsvl3rty5djnjp.onion www.visitpitcairn.pn www.amherst.edu expressobutiolem.onionmastodon.social community.mailpile.isenxx3byspwsdo446jujc52ucy2pf5urdbhqw3kbsfhlfjwmbpj5smdad.onionbtcase3buwolzhbq.onion222222b63tfqitrx.onionh6a74lx6qt3fmzvb.onionletsencrypt.org haibanej33s4gfts.onion tmskhzavkycdupbr.onion cheettyiapsyciew.onionvini4koyjgqsxcbp.onion5p6s4vkwdapnsiaw.onionq2uftrjiuegl4ped.onion tmglsdg534uilrgon7s4mzxwnqru77i6nnxrhyutfwygmzna6dbh7hyd.onionfdwocbsnity6vzwd.onion mknh2yk7ovorzjis.onion www.theprs.co.uk torrentz2.issrctwawwc5jgpxta.onion steamcommunity.comb2lqdo3v4tphyqbf.onion ii7khrpcaexnw52k.onion flugsvamp72rajmk.onionparckwartvo7fskp.onioneu.endchan.netr6phh5eyrmfldhww.onionafricae3vo64mzux.oniondestroplh4zwowdk.onion cfudbizo5i5r6lf6.onion torlinksccquz7bi.onion dutchdr5gsol4dde.onionzdps5qat2b4dusmp.onion torbookntnjusnqd.onion penisycpu3fixdcr.onionion rjaxu667nx4enlej.onion whatsopen.gmu.edu piapro.jp de.wikipedia.org qchat.rizon.net 6dvj6v5imhny3anf.onionqzbkwswfv5k2oj5d.onionpad..net dmru36nvfgtywx47.oniondogecoin.comlouhlbgyupgktsw7.onionverified2ebdpvms.onionzqktlwi4fecvo6ri.oniontmglsder3bb6jpku2isej7zm5pel7xyqfkophd33ai5c2owhn6ksu5ad.onionyoaqaryln7ncuvmz.onionfootballthj7o5w3.onionsgmfbex2j2yzthop.onionwzrtr6gpencksu3d.onion:8080bk3r3mmipmviurwx.onion hansamkt2rr6nfg3.onionbl3j73talvhwydx5.onion 2gf6inwn32pov6ro.onion onionbr5zulufnuj.onionwww.atagar.comvimeo.comwww.linkedin.comwww.instagram.comtwitter.comgitgud.io j75rot2jjuip5dpp.onionj7hackfestgaeuvv.onionhighkorea5ou4wcy.oniony6d4fs3rpqrctuv77ltfajf5m4tl4kzcu7rtwhxgiohylfxxow4q.b32.i2pdaknob.net blueboxlxc4o7mvk.onionprivacyintyqcroe.onion slwc4j5wkn3yyo5j.onionskunksworkedp2cg.onion5xxqhn7qbtug7cag.onionxfmro3e2pkpej6tw.onion n37hhelbuq3qsn22.onion escrowcoin.net gfzw3wyc5lzbro4d.onion premsa.gencat.cat social.hidekisaito.comlibraryfreedomproject.org enterccmdzerqlzs.onion answersbbddrdcwo.oniontoristinkirir4xj.onionyermrrzeg4fusqx5.onionsntfgwfami5fdbn5.onionbm26rwk32m7u7rec.oniondashorg64cjvj4s3.onion xbapmanipxicney5.oniontalismanrestz7mr.onionkhdwk3olxr3kip2p.onion counterzik7umboa.onion mijpsrtgf54l7um6.onion nadinechristian.comwww.onlinepitcairn.comwww.pewtrusts.org www.ghacks.net www.rightmove.co.uk blog.coinpayments.netllhb3u5h3q66ha62.onion v3bpt2x7iuz3gr2n.onionpsii2pdloxelodts.onionrecipeshtx3vpqjy.onionut3rclysspto2533.onionpeepicsjswxrkhuc.oniondropperibhaerr2m.onionxvideos24y74huqj.onion cyjabr4pfzupo7pg.onionkpvz7ki2lzvnwve7.onionvpdgi3lvholuuios.onionroyaltxxy2ssp3c2.onion n372r4u4rzoguzag.onionhellamz4kpl26ltr.onion wwwgpe5bfzo5krx4.onion www.lefigaro.fr repl.it www.defcon.org diasporaaqmjixh5.onionbitcoinvanitygen.comtorprowdd64ytmyk.onionkrkzagd5yo4bvypt.onionwww.google.com spit.mixtape.moe vortex3als3hlpwz.oniongodnotaba36dsabv.onion rzeczyobrazkowe.pl 2zfg3roohcxbm22l.onion www.passeportsante.net www.lesoir.be antwerpen.noparking.be www.getmdl.io bitaddress.org www.heise.de 2019.www.torproject.org modernbombayjhf3.onionsanpii6qqjdzws77.onionwis45idjhhbgemez.onionnetsec7moavvkprc.onionanatis6vfrx6nh75.onionzhtmkxfe7liw3adu.onionzk7a3t74zi5amomj.onionartsmankindxgcv5.onionqa4t6wjhl4gzl5in.onionvxxca6ydhe3acv6h.onion germanyhuoicaysx.onion 2v7ibl5u4pbemwiz.onion 6g4z2ndsze4xjjlq.onionnryyd6buc4frlrlz.onion www.young.pn www.usine-digitale.fr www.google.co.uk videos.hack2g2.frbookmarks.hidekisaito.com git-scm.com coinpayments.tumblr.comtails.boum.org www.transifex.comcbnujyutccrk267j.onionwww.apple.com realrare5prp7g37.onionh2am5w5ufhvdifrs.onion ctemplar42u6fulx.onion vu2wohoog2bytxgr.onion eahfd4bjvgklinmt.onionfrwikisfa6myvoyx.onionocun3jhbmhvqwggn.onion demo.kairaweb.com hostdanyyyf65r4b.onion www.gmu.edu usxzmlnuzt4oioe7.onionampnckidnqwtd7ry.onion disclobofldm5ikl.onion xtg6zekabihp7sol.oniongit3mre26f4myq74.onion highwayelgf7ki67.onionkpj3orlxmfs6yqah.onionmatangacepd2bx4e.oniontorum6uvof666pzw.onionubw577imruayrdmx.onion tmglsderq74ddjarlx5seo3ug6x2d2eql3zevyytiwietbnonvwk3fyd.onion2noocqn5trskt4oc.onionsoylentkxgydn6bz.onioncgmcoopwhempo6a5.onionit-it.facebook.com duskgxobans5g5jn.onionqueencdcguevwedi.onion s35ws7u7oj2g3uxm.onionroyaloaempoibdw2.onioneroseroymodzincy.onionallyour4nert9pkh.onion 3w2vh3h6mzb7pgmt.onion events.ccc.deopnsense.org helpa.hidekisaito.comapps.washingtonpost.com f7lqb5oicvsahone.onion www.newyorker.com bilzerian247.combodytomind5hql5r.onioncytu.be waomqdqks634kbgm.onionpastagdsp33j7aoq.onionalzrgrdvxct6c63z.onione5dyelosweg6432w.onioncratedvnn5z57xhl.onioniw4xcachep26muba.onionwww.bznjtqphs2lp4xdd.onionocu3errhpxppmwpr.onionpekarmarkfovqvlm.onionchaturbov7zh37sa.onionkowloon5aibdbege.onionhbooruahi4zr2h73.onion tmglsdczzl3qmjwkt2shdih5ua54ln2p2e3ebc36za4ocp6kkva63aqd.oniontmglsdiax6dhx6iasbrokghhv7553a4cqc374tcgkvgl3xmp6z5t5myd.onion2aed243etgnjkytw.onionpoverty4657tlx6h.onion china2ltxuwdntrl.onionotr..ca amazingv7hvcay7f.onion thhazdmx2kymozql.onion hw4c27ovjuft7r7u.onion pipco.pnwww.tropicsmarketing.com.auwww.paris-brest-paris.orgwww.podiumrunner.com rssbox.herokuapp.comwww.oracle.com www.hrw.org gizmodo.com discourse.diasporafoundation.orgpgp.mit.edu hg5km4y37lgir6r3.onioncleversfsg2ctqk4.onionsecurite.fmcryptorffquolzz6.onionnnksciarbrfsg3ud.onionlj.rossia.org w363zoq3ylux5rf5.onionm4hzynbjgypfdqnq.onion b34xhb2kjf3nbuyk.oniontmglsdds6usxqsghympkjfbddume3olbvpqdrpxvcxplhd4z7bxucdid.onionibi5rw4yitbhdw6k.onion vtkb66umxmwrxive.onionbjjkaebas6uywama.onion www.immigration.pn www.magdiblog.frwww.ledauphine.com www.lse.co.ukwww.programme-tv.netwww.framesdirect.commedia.c3d2.deproquest.safaribooksonline.com.mutex.gmu.edu int.tumblr.comtrchtenrf4ihktew.onionarrl.org nyx.torproject.orgvkphotofqgmmu63j.onion rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.uj3wazyk5u4hnvtk.onionefdwv45gz37gi2ib.onion cidr6kt4la4slizf.onionxnordic6virmmls3.onionmail2tor2zyjdctd.onionfoggeddriztrcar2.onion magazine.iit.edu redditor3a2spgd6.onion ilcbx6qpxupxtamk.onionzabgvgjcpjllyhho.onion:5281 d6k6d3daasx3speh.onionhs6d4wcwhltawont.onion superknova.bandcamp.com www.forbes.com ja.wiki.hidekisaito.com es.wikipedia.orgstem.torproject.orgcryptsen7fo43rr6.oniongoose.xlvtwpdl2xgnyen6.onionsupport.torproject.orgnjalladnspotetti.onionwiki.jungswtfwgjwile2.onionhttp: www.torproject.org psychonaut3z5aoz.onion matangareonmy6bg.onionanswerstedhctbek.onionblackph5fuiz72bf.oniontmglsdgex3yyvbmpon4umcnpwwj2v7ffqyibnwiqq7dpa36pjtkeifyd.onionpyl7a4ccwgpxm6rd.onionuj3wazyk5u4hnvtk.oniondeepdot35wvmeyd5.onion briansclub.atoutfor6jwcztwbpd.onion agorahooawayyfoe.onion devhints.io www.betaboston.com gr.linkedin.com vvvvvvvv766nz273.onionbrchanansdnhvvnm.onionelfq2qefxx6dv3vy.onion 32ixi6myw3things.onion nzlbyrcvvqtrkxiu.onioncrackersccqxsmdb.onioncaworldwyrxypvqm.onionanthilledowsdpbr.onion3xjowtfvv6tetjyt.onionhhhuwppvm3fbuipb.onionprimedice.com angers.maville.com sachsen.rosalux.de www.codecademy.com www.uni-bremen.desquirrelzarhffxz.onion underground.xmarket334dtd4la.onionexpyuzz4wqqyqhjn.oniont.me cwu7eglxcabwttzf.onioniww2iqhwxmnbh4qs.oniongurochanocizhuhg.onionlibraryqtlpitkix.onionyuxv6qujajqvmypv.oniontetatl6umgbmtv27.onion kerat.net 3cgcpd6bz3gbuhrn.onionr4u6jtmqzuedlgle.onion pwfgyyqbgp6pu3yv.onion fixedlwgc3burzts.onion www.scottjurek.compleac.sourceforge.net exteriors.gencat.cat chat.hack2g2.fr jenw7xbd6tf7vfhp.onionfz474h2o46o2u7xj.onion forum.decred.orgfyxifz6xwx3d67a2.onion nzxj65x32vh2fkhk.onion choicecbtavv4cax.onionredroomfing27toi.onion postits4tga4cqts.onionn7a5rsk7ktf4xc5s.onion62gs2n5ydnyffzfy.onion p6afzcaghpulzr5r.onionxstftgkuslse3vut.onionpidgin.im www.pitcairnnews.co.nzau.groups.yahoo.com rennes.maville.com www.safeagents.co.uk docs.djangoproject.comsi.gmu.edu testflight.apple.com ru.wikipedia.orgwww.openmailbox.orgjdpskjmgy6kk4urv.onionrougmnvswfsmd4dq.oniontorxmppu5u7amsed.onionrwgj62oc4dx4nxzt.onionrss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.rss.uj3wazyk5u4hnvtk.onionmatrixtxri745dfw.oniontmglsdfyluanmfqqqugzdvmuh7ndnpu4qtczw6ms5tttgacpwouiuaid.onionkznam6basvxxdcpf.onion d07riv.github.io getgrav.org www.xescorts.com www.trustpilot.com help.riseup.netrobotsandpencils.com media.torproject.org ev7fnjzjdbtu3miq.onionsecuredrop.org buttmaddci4fbgug.onionblenderiocpxfema.onion vaultjdmqoxebbav.oniondocs..org2bu5puxp6afwjgql.onion l3pzx4msjlfpwfao.onion trolololomotsyhx.onionfuacantanj2vhfpw.onionhackurxal34aznxe.onionhostingbxvjbegr7.onion library.puc.eduwww.pitcairn.pn formation.net-ng.comfibre.ffdn.org hyperphysics.phy-astr.gsu.edu daserste.ndr.dewww.gnu.org daknobxyumrq2l5f.onionvt5hknv6sblkgf22.onioncheck.torproject.org cockmailwwfvrtqj.onionczeusi2cjuey57hf.oniond5eyi24facorsljv.oniondanschatjr7qbwip.onion 3g2upl4pq6kufc4m.onionr6rfy5zlifbsiiym.oniondrugs6ayt3njhzha.onion wyzn2fvcotadictl.onionkamagraujn45ja5w.onion axeovpnht27mthqc.onionferld6idoyhaqr2a.onion www.midilibre.frtrends.google.fr brand.gmu.edu datedilarm3leg2y.onionwww.bestchange.rudiscuss.write.asaprovpnacgvqwh76.onion kkkkkkkkkk63ava6.onionprepaid3jdde64ro.onion eyeonassvhsxq4re.onioncyberjt6g3lmbrw5.onionndo2plzaruzxk6sb.onion mybb.com animalsexporn.org 5izjgd3ot63ec6zu.onion gfycat.com 55ztmi4fzlvskhw5.onionm6su7s3ir7dxggwg.onion versero.pl bo7uextohjpuqvrh.onion hpysrwnlmylhsxkd.onionwayawaytcl3k66fl.onionzcashph5mxqjjby2.onionnvspconiond7o3so.onionmem4odqulpe6l3gg.onionsearchb5a7tmimez.onioncln62wylhyoyz4yr.onion hackerw6dcplg3ej.oniontmglsd2i7wmkjg2fmc6jhd77yu4ogsjqupsc4jw22ebbfnnwc7swmuqd.onionbooksubt62eeiyrb.onionpaisleli66axejos.onionhfutl2mzry7qztwi.onionakaoxb4ek4hm7vau.onion ol56t3xahrpk2b62.onion www.ouest-france.frlnt.org drive.hack2g2.fr buqlpzbbcyat2jiy.onion crypty22ijtotell.onionpublicibkxahavzc.onionea5faa5po25cf7fb.onionhydraruzxpnew4af.oniongoblin2xsbqonuv5.onionsoupksx6vqh3ydda.onion grrmailb3fxpjbwm.oniontorbox3uiot6wchz.onion pointgg344ghbo2s.onionicloud2t6jx3xrb4.onionredrooyvk6l4hc6n.onionqxq4i6bu3ylmtueu.onionm4ftndwsgqaugnsh.onion tknijuhhdg4476vl.onionwqapyiztripnwcgr.onionc2djzrn6qx6kupkn.onion makegunq4r36mego.onion www.hollywoodreporter.com kybrntq2plfim42a.onionwww.cnet.com escortseyhkpils3.onion www.npr.org writing.exchange 4bflp2c4tnynnbes.onionbn6kma5cpxill4pe.onionwayaway3mwkxuxkx.onionjekyllrb.com s7kgnncq3zbe3yza.onionsoupkso3la22ltl3.onionbznjtqphs2lp4xdd.oniondark3dxwtzxnsyvh.onionpopfilesxuru7lsr.onion7cbqhjnlkivmigxf.oniontorpress2sarn7xw.oniontmglsde7uimkreyqpj5ic7fbmkr4n33osmlxgm2lmusk3shvmnq7nnqd.onionv4gn2k725iokfu4u.onionmrisu6dzj2sy7uvl.onion v76n5o37d4ulmwcd.onion tys3lc2t5ysfpet635ohhk75kaps54co4yipbhk5rvuvsrbl2ylmnjad.onionicloudt2m5mrjtxf.onioncountrfoioed4ckx.onion7b42twezybs23hrr.onion www.lesechos.fr kzcx36ytbsm5iogs.onion guides.write.as secmailw453j7piv.onionsfgn6cvfi5buv55o.onionconnectkjsazkwud.onion j5ehssrshpxpdkto.onion www.cyruserv.netchchchiasaeljqgs.onioncoca63zilloxsvnt.oniondrugs6atkjvtk64f.onion xilliayhoiuv5qmk.onion www.ncc-1776.org www.20minutes.fr www.enedis.frwww.anfr.fr web.gencat.cat caught-in-the-crossfire.com icxe4yp32mq6gm6n.oniontsk3yv6dmnil65j6.onion privatexg5jduiol.onionnytimes3xbfgragh.onionenigmail.net doe6ypf2fcyznaq5.onionqj3m7wxqk4pfqwob.onion redroofvxabs3a3o.onion neoj2rlsd5udjxy5.onionpharc7s4wkeuk3zh.onion pitcairn.pn blog.bigd.fr crystal-lang.orgblog.mint-energie.comkybrntq25klxijj6.onionblog.liongrass.hktorrentz2.eu www.joomspirit.comwww.mit.edu alternativeto.net onionshare.org cpartywvpihlabsy.onion cocaine5nyqmki2d.oniondirectoryvi6plzm.onion7xqiawqkpxylbmr2.onion fileupauroqcplkb.onionscryptmaildniwm6.onion hackin5g57dcy7aq.onionmjturxqbtbncbv6i.oniondoxbinicvjqqmohl.onion zilionku2adniig6.onion ojkqyqxraj2rzlyr.onion vrmfaneizwqouf5k.onion e7sin3urmxxcnu6a.onion www.stamps.gov.pnwww.meraldaonpitcairn.com www.francebleu.frpodcast.ausha.comadame.lefigaro.fr alpha.app.net www.edgewall.orgwasamis.tk pic2tor5xilwqwxl.onionsuperkuhbitj6tul.onionqubesosmamapaxpa.onionservnetshsztndci.onion tramaci.org i2f4wczq2mzghxll.onion foggedli5gj36eoe.onionrothszo66bdrg5zr.onion www.redcorp.com www.donnerenligne.fr www.pbs.org cccsdeqpjd6h46n4.oniondatedilarm3leg2y.onion.link4ug5caenamaevlae.onion darkfailllnkf4vf.onion3gldbgtv5e4god56.onionyoutube.com writeas7pm7rcdqg.onionhaplab3nh5vvm5nt.onion 5r4bjnjug3apqdii.onionzerobinqmdqd236y.onionrb564gvo6isyhayz.onionbtcx7ktic5oxxodu.onionrealpissxny3hgyl.onionrospravjmnxyxlu3.onionit.louhlbgyupgktsw7.onionvolagitvnzf3o56b.onionniggervteelq47id.onionhinduismr3lkph62.onion fakeidskhfik46ux.oniontorlinkbgv6aabns.onion fakenotefzutekmq.onion2ik2ey3gnfuksgeg.onionkghlldrqpqzj2ncb.onion challenge-emeraude.weebly.com segmentationsolutions.nielsen.com mail.google.com 3kyl4i7bfdgwelmf.onionwww.torbsd.org wayaway2w35yxgq4.onionji3yb2tncy6naj7b.onion intel2iy3ky6hegf.onionfhoqzxgahij5dl2u.onionwww.globalresearch.caen.louhlbgyupgktsw7.onion grr.lawww.bitcoinfog.comgit.vola7ileiax4ueow.onionlibertyy56ecbupa.onion6r3pg2kyrn5e7jjd.onion momjzbkqooy4pios.onion www..com www.tu-chemnitz.de paxhumana5oopssw.onion escortnokqqptuxz.onionescortwapuibxtfi.onion elpais.com newsletter.torproject.org haklab4ulibiyeix.onion 4os63v6lqvlaiyz7.onion hss3uro2hsxfogfq.onion t3vntxnhkkampy5f.onionkpdqsslspgfwfjpw.onion www.excalibur-comics.fr hydra4jpwhfx4mst.onionunderground.xlvtwpdl2xgnyen6.oniondynedlzyi34wgks4.onion tt3j2x4k5ycaa5zt.oniontmglsdhn6f4hiqvbe36cdccecgb2lyf5wpmpbrzlqecosbndo4bhkdad.onionfdwmarkvokb5i7wh.onion z2hjm7uhwisw5jm5.onionredrooocf3it3g3d.onioniprdvbf4rxykyvvs.onion6ymncatj7dpirkn2.onion rfwlur2bf7jvqg2w.onionjsa2o25a4jy7tn3p.onion2dm32ww4hkdrl6vj.onion www.bountycrafts.pn cryptpad.fr www.bonjourmadame.fr www.justice.gov stayintech.com liongrasr5uy5roo.onionwww.zazzle.com 127.0.0.1:3456 onionirczesfffux.onionlwplxqzvmgu43uff.onionwww.lighttpd.netiz56hciijqh5uh5u.onionoffensive-warfare.com www.shinystat.comkdrcxean24rxglcy.onion redrooacrevuve3y.onion jewjewkeei4o4bvn.onion ffi5v46ltwox3fby.onionpinkmwiibcnugpom.onion 5rmsvktrpt7zihpm.onionzabgvgjcpjllyhho.onion digigangxiehugqk.onion soylentnews.orgfablabchemnitz.dewww.rockettheme.comwww.sindic.cat bitblendervrfkzr.onion.market uz8ttoomn6b8bqjhhzm7txqdsh7gp5i8ub8j7xfn7sxe56u4ewfo.lokiefxg3mscme5hy7je.onion fraccdhyuftduhia.onion www.superkuh.com www.buzzfeednews.com www.francetvinfo.frxqxf2ggcud2kntck.onion www.cccs.de www.yeswehack.comkvs3xgkasyoqd4hx.onion console.aws.amazon.comlists.torproject.org cheenazap345z6a7.onionread.write.as xmarket7sw2fba6b.onion ojdue4474qghybjb.onionjd6yhuwcivehvdt4.onion22222frgbeyo3n7v.onionsomafm.comcasesvrcgem4gnb5.onion yq3fmhhpvfcfr2vg.oniontorflix5djtgsbn3.onionmesc5wozvbdqbh2y.onion kyledixon-michaelstein.bandcamp.com www.cbsnews.com www.who.int 7rmath4ro2of2a42.onion iopx5pchfdldldwp.oniontorcheck.xenobite.eu vbzxwyz7552ixqsw.onionyggdrasil-network.github.iowww..com kgg2m7yk5aybusll.onion oshix7yycnt7psan.oniontor66sezptuu2nta.onion 4uwknqcrvaflsw43.onion berluscqui3nj4qz.oniony3jt4hzlp7u22lbi.onionow3dudnyquqdd3gnsqnxoxcne3cro7cx57rnktp2gmayrkw6urzmsgyd.onionkhldt5et3aekegpw.onionredroohkh2sig5r2.onionimwkdn62pvr6jueo.onion start.jungswtfwgjwile2.onionblog.daknob.netseomonivzvt73xks.onion metrics.torproject.orgcryptoparty.iswww.usenix.orgqdigse2yzvuglcix.oniondeepwebxvd6ys33x.onionfreerj4lgqdjjuk6.onion sigaintevyh2rzvw.onion inclibuql666c5c4.onion bw6y33vwyay7uun2.onionm7imyjppzh2ftfgz.onionweedy7vmtxvm2ymu.onion clonedxpjlq5764s.onion nlv3lks66dgp3e64.onion 7i42x3kjxjldvcqw.onion www.phoenixtearsmovie.com m.media-amazon.com satoshidisk.comwww.parlament.cat comstol.infoblogs.scientificamerican.comwww.teslarati.com deepdotdmrafyuzf.onion 54nujbl4qohb5qdp.oniongoose.xmarket334dtd4la.oniondfilesus7ldn2ab6vitajolxrrf6ynx2fuskpx6bxamttpixvxzz7uqd.onionanon3vukb6poutg6.oniony5fmhyqdr6r7ddws.onion bpo4ybbs2apk4sk4.onionredroocid5rlxm43.onionunixhelp.ed.ac.uknanochanxv2lxnqi.onionredroomklfgjmuz2.onion jtm5j25w7fq5tubs.onion it5x5z7iwzonwtfk.onionlmnoireegfn4johz.onion nfpgssa4tchfnk32.onions35ws7u7sj2g3uxm.onion www.tvguide.com painart.ruwww.navytimes.com blog.torproject.org ugxtcshopyk4a3vy.onionlc25qj2gdcaidarc.onion lchudifyeqm4ldjj.onionpropub3r6espa33w.onioncrdclub4wraumez4.onionmsydqstlz2kzerdg.onion32pbf32xi6ccm63z.oniontochka3evlj3sxdv.onionopenbsd.org hennigbuam.debl-antidot.livejournal.commes3hacklab.orgpirates-forum.org redrookkdukp37gd.onion3hu66ts3rafjyijobyl6fylzsoky6awgvspgypciqutcm5juwdkikgad.onion news.met.police.uk melisko.alokal.eu s7clinmo4cazmhul.onionkybrntqae2ceoele.onion24xbtc424rgg5zah.onionbridges.torproject.org{{isShop?(shopSellerNick+'.'):''}}xlvtwpdl2xgnyen6.onionngp5wfw5z6ms3ynx.onions2bweojt5vg52e5i.onion www.nytimes.comvideonwcswhrqynk.onion giyvshdnojeivkom.onion masterc3hq3mgvsc.onion www.dash.org darkhostkdee7jvi.onionnsmgu2mglfj7za6s.onion www.britainneedsguns.co.uk software.broadinstitute.org sauf.cazhuanlan.zhihu.com www.scientificamerican.com danschat356lctri3zavzh6fbxg2a7lo6z3etgkctzzpspewu7zdsaqd.oniondtnfqdwghaenxemq.oniondanielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion redroou4nzmn4sbi.onionppccpzam63drtosy.onion s36gxb6xjm662juk.onion saefjmgij57x5gky.onionafricanmc3gxy26y.onionssescrow.com ctlog3.wosign.com www.niwa.co.nzdezentrale.space van.physics.illinois.edu www.aljazeera.com duck.cokazbek-store.xlvtwpdl2xgnyen6.onionjld3zkuo4b5mbios.onion opalrwf4mzmlfmag.onioneprint.iacr.org www.elfqrin.com multivacigqzqqon.onionneboardo3svhysmd.onionwww.volokh.comgetmonero.orglk77akehj7cjj2qp.onion2qrdpoonwwqnic7j.onionqgemmxt7p3hiujif.onion weedukluew7c7fz6.oniona534p6bdxbf2niq7.onionccqvl5flhvacjjcs.onion france3-regions.francetvinfo.fr www.latimes.com6mtyxwochl2qalak.onionskgmctqnhyvfava3.onionboylandonline.com www.rotfront.su kazbek-store.xmarket334dtd4la.onionxlvtwpdl2xgnyen6.onion eludemaillhqfkh5.onionytkumj6u4q5w2vsg.onionnymphetomania.netdepastedihrn3jtw.onion redrookonj22ylrn.onion ruscx3lc5qran3vd.onion y3udbqtjjvhfvsde.onion yeti2021.ct.digicert.comyeti2019.ct.digicert.com www.liberation.fr code.gitea.io blog.cheena.netwww.gpgtools.orgwww.golem.de donate.torproject.orgcosmistljwunnzgr.onion privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion32avzir6unmcg2y2.onionenotegggr635n4lw.onionkaizushigdv5mrnz.onionantifa.torpress2sarn7xw.oniondeepwebvpnvvotmw.onion redrooatqqikkf4l.onion redroomcocx4xncm.onionredroorbjhy7wlpu.onion anthill.top hyeexpdkga445orn.onion thinkprogress.org www.sfchronicle.com va2min2eusilguqh.onion coincheckmate.com{{isShop?(shopSellerNick+'.'):''}}xmarket334dtd4la.onionowrnciwubb3f3dctvlmnaknb6tjdxtlzvv7klocb45mmhievdjhq.b32.i2p db.torproject.org oniichanylo2tsi4.onionarchivecrfip2lpi.onion genotypeinczgrxr.onionvrimutd6so6a565x.onion wc4vfyu7hsjw2kxa.oniondnstats.net cszhqinatmotanyg3g3yfwfuexopbvacwu5nhzosomfmwkwutxc7nsqd.onionknfvuv7ejwuptnyq.onion Onion www.lemonde.fr chemnitzer.linux-tage.dewww1.stuttgart.dedocs.gitea.io jabjabdevfoob7hl.oniongitweb.torproject.orgdgvdmophvhunawds.onionsubmit.wefightcensorship.org w7ehkkt2uuxy77bi.onionkruegernyuewww3c.onion2pdkdy3eo552mpiz.onion 76xkbxgntgu2uwxb.onion ct.ws.symantec.com www.quechoisir.org occrpweb4n2vlmih.onion www.warlog.ru 45tbhx5prlejzjgn36nqaxqb6qnm73pbohuvqkpxz2zowh57bxqawkid.onionhydra3rudf3j4hww.onion dosug4rea4kvnk5f.oniononion.torproject.orgawoooowoomkccwbs.onionmuflax65ngodyewp.onionnc110.sourceforge.netweasylartw55noh2.onionmsydqstjd6vtexpg.onion protonirockerxow.oniontraumlibrary.netredroomusrzsj3mb.onion rfwtogljhrrzxyrl.onionredroo4tg5znuux7.onion kj4ltd3twej7mjcan6uckkojngwnnaxas45bkh3fg73yt4xvhwqu7fyd.onionazrp5762cg2fddvc.onionrcwae3kn6kdhkcpu.onion cardsm4fgcw5po3v.onion www.zerohedge.com www.businessinsider.com tawk.tometrika.yandex.rucommunity.torproject.org www.openntpd.orghoagnooxlabpxd4ieqtn6pblk4324evslb24gmjktjbhzdmxst5trrad.onionsiebcgflb33to6s5.onion4m6omb3gmrmnwzxi.onion h4y5xramfiooe3mz.onionredrooaujxcjyohj.onion4jcfkzkwbl6t3qq4.onion uddofq2xrss7ybcx.onion rtwtyinmq4wzzl6d.onion ctlog.wotrus.com www.ak47world.com www.nature.comwww.elnuevodia.com developers.write.as status.cock.li www.piratenpartei.atunderdj5ziov3ic7.oniongjobqjj7wyczbqie.onionstariusluxrdfjch.onion www.grrmailb3fxpjbwm.onion redrooojqexak44d.onion tbgnhgw26jiamqxv.onion7qar3jcdhh53k5j2.onion stad.gent spaceapi.ccc.de pad.hack2g2.fr blog.thestever.netjenkins.torproject.orgoy77z5bhnjta4cyb.oniondonate.rsf.org c5qrls2slxqz6vdw.onionhydrarp2wgl6iwxq.onion cockbox.org twlba5j7oo5g4kj5.onionchat.shadows7vkjdyjtx.onion hackerp6via6npvw.onionredroomdwbagcjpn.onion imagexutrag65hxl.onion webacy4kdg2tltch.onion sirius.ws.symantec.com www.ccc.de www.nasa.gov darknetlive.com android.informer.comwww.wefightcensorship.org www.hauppauge.comanonymacb7sugdsx.onion 3b6clio4syptsnvvtzyxifqvtizyazgyowpp3v5f7dj3mzmfhyoy4iyd.onioncacxyzvuuzja55ey.onionjtovcabr2vhflcqg.onionhwikis25cffertqe.onionrutrackerripnext.onionpic2torqdbtzkasl.onionastarotyn5uilwx2.onion redroo6dogiqegxn.onionredroomifcjbj5qz.onionanthill365g4egaa.onion ansi4cnhd2a3si25.onionrtxoifxmiyimzp3m.onion ccguruetr5jwye5g.onion plausible.ct.nordu.netdeneb.ws.symantec.com nessie2021.ct.digicert.com horoiomuy6xignjv.onion vupr3ft6dgfgwkdp.onionvivido.studio fr.rsf.orghaplabreglas7ge4.onion torfrontbe3ukntm.onion ytxmrc3pcbv5464e.onion 6uwuyghhlm7ixmpo.onion erghn4uraag3kqwt.onion 35ghzscs3vmxp37y.onion ctlog.wosign.com lafibre.info codeforchemnitz.de kybrntq255acaopr.onionbitcoincasinos.reviews xmarket3gpgw2ftz.onion2d5quh2deowe4kpd.onion 23mg64vxd2t6kurv.onion godnotabatovgyqz.onion 2ooosblmcnaqvmju.onion6mduol2doz6vlcsn.onionredroozwwxrdwono.onion cpu.ccc.dehackerspaces.org www.livescience.com www.kire.ch www.rsf.org 6vdjlv4rz3lcnwxr.onion trac.edgewall.org www.motherjones.comwww.last.fm 7qzmtqy2itl7dwuu.onion 6d3zimnpbwbzdgnp.onion anthill3sqxhevct.onion jk7pdjla5xz3lmip.onion Surface freeross.org vps7nsnlz3n4ckiie5evi5oz2znes7p57gmrvundbmgat22luzd4z2id.oniongalaxy3m2mn5iqtn.onionl637codyp4pzrkgd.onionl2epd2e4g2hx3tdf.onion 5jp7xtmox6jyoqd5.onion log.gdca.com.cn ipfs.iomopo24.de g7xkczsfak32bq57.onion www.dyne.org www.cryptoparty.intumbachegvyaadyq.onion www.confidantmail.orgovo.sc atlayofke5rqhsma.onionrashadowwxave5qp.oniononion.toe4unrusy7se5evw5.onionsinbad66644fr5lq.onionredrooxkac6svpag.onionredroowe7pa4m5vz.onion anthillrixdtwsot.onion k5vbzl3ucwsjf2ye.oniontcrth4wace2g2ayk.onion hss33mlbykbsxmug.onioninvestigativedashboard.org www.clug.de fylvgu5r6gcdadeo.onion hyy72s35xpf3r2p7iakrngqvqid4xmattmezf2xpgbuwqodqc27zjtad.onioncryjabkbdljzohnp.oniontssa3saypkimmkcy.oniondr5aamfveql2b34p.onion tune4xs6mj2evcr6.onionexploitinqx4sjro.onion264nglqbtqlabsxl.onion gc3dzlki6foxaskkll36ryicjdao2h5yard2cslflv56nirbzf5uppad.onionmc6nld3smffo3vgm.onion costeirazb2xecgs.oniongrams7enufi7jmdl.onion redroothwefp5kza.onionmegaeeayahdmmeee.com anthill.shop anthill.fun 4r7utra6sdzvyn2j.onion ctgpe2yc6ez56dhwd5hpj2tdkiuz4m5iy7347cpzmxyacphl72dmfyqd.onionwww.certificate-transparency.org www.esa.int www.theaustralian.com.au z2huz7tsxluvnxoc.onionsuperjungswtf.tumblr.comconnect.ok.ru tb-manual.torproject.org macdownload.informer.com tj2djlce6qtevcai.oniononelonhoourmypmh.onion www..comerewhon.superkuh.comoeioei4qg23lbvew.onion yeti2022.ct.digicert.com cloud.torproject.orgwww.c3d2.detngjm3owsslo3wgo.onion bananassyrvk7buw.onion idcforumremsa2jk.onion 3xztn67lhic527zkhzm7jgh6hhb53zjb722asylbc7m3m7xpormuwvid.onionozon3kdtlr6gtzjn.onion4hohkxjvlt5fjzqv.onion cyruservvvklto2l.onion anthill.xxxg3kmrf5yo554nzouqqye3uagzrjjbz5nu4vwsqe272ck4hfmdegf5vad.onionprwrufrbsfdbhltg.onion 2qpmlx7wvq6her7y.onion athleticdvjcx5ca.onion www.icij.org dongzaarkvs6zs4n.onion kiy52zq46nqu426l.oniony2qmqomqpszzryei.oniondarkwikiss2rmeby.onion 3vfws2yqv4wii54e.onion fjmnwowzeavrf7z6.onionmop6w2wzinaj7sfv.onion74d4eshogf7wae6bpfiymdhvrdowsvkvjobu75xon5pgyncn6s2vp2id.onioni2puhsgl2aif6fk4.onion nessie2020.ct.digicert.com www.tag24.de media.npr.orgbelsteroid.comwww.bbc.co.uk ­deepdot­35w­vmeyd5­.onion.market yz7lpwfhhzcdyc5y.onionjobs.write.as legalrc.com www.parckwart.de papyrefb2tdk6czd.onionbah37war75xzkpla.onionosearchkiq5mvet6.onionjstyroyksfkwsjdj.onionktocienamierzyl.pl g6cgkxjp4cqikbn7uxt5d4ud5wlvhuyrnojxzvv7dz4rh64qq4dv5uqd.onionft3duakh6qoshogp.onion qgemzvfj74eb5oxq.oniontrinixy73gm6z4fq.onion ccgurujlhfjjx7tz.onion ctlog-gen2.api.venafi.com phys.org books.google.com xmarket334dtd4la.onionita1861.blogspot.comvhbbidwvzwhahsrg.onionWWw.THEJIDF.ORGs4bysmmsnraf7eut.onionibgk7stvp6bov6x6.onion apbv6itrkcr7k3ny.onionfacebookcorewwwi.onionqrjy2nhjdbzdprbq.onionwww.somafm.com tor4.zone ghostbotc3iwjptr.onion ctserver.cnnic.cn materializecss.comtni24htuexj6tgjw.onion AthleticPharma.shoptechnocrat.net www.lichtblickstuttgart.de 6nv3ix7omzrty6cm.onionwwjewp6ca4rkudyj.onionstatcounter.commobile.twitter.comdarksdsfyvkbn7yh.onionanarplexqtbch57j.onion www.lintellettualedissidente.itwww.anthonypryor.com3bbaaaccczcbdddz.onion ayp3gd4pm4qduff3.onion iikbmpwhwbbusn23.oniondarkach.com ixnyoncpod3p7pti.onion vega.ws.symantec.comctlog.keysupport.org p.eagate.573.jp mailinglists.dyne.org fzerooofqztxdkyy.onion www.pinterest.com2iqyjmvrkrq5h5mg.onion rutorc6mqdinc4cz.onion222222222c7r2gdj.onion2x6rzvgatbcev7cy.oniontor4ru7koxa2k4ts.onionverifieasmspsemk.onionjrz524vll72f4ljr.onion anthill2lyt77rpz.onion er7u5cptfqfsh5zx.onionmjqexslnaxungpwj.onion spruce.ct.letsencrypt.org engine.vichan.net getconnected.gmu.edu 67uhmt6exuptujkm.onionwww.SoylentNews.orgfah-web.stanford.edu sebsauvage.net chat.mibbit.com allyour4nert7pkh.onionfreedns.afraid.orgonionf3ck2i74bmm.onionbchz4vggexx63qvy.onion kmxw5vxiykow4ppymfrv5cgtrgl3ru5gmvhrj3mmnagiouwuhbvzt5qd.onionwlupld3ptjvsgwqw.onion5gppqkpx6jxgpuuu.onionnotoriedadefeminista.torpress2sarn7xw.onionsixteenhbsws3sr7.onionwww.beam.mw diw5z3renfje7p6oeqzxjexyhm3tuleqh4a6fybnmgbtr25lsm2klpid.onioneda2jx74zvsjmd4h.oniondtveoe72rdufunvp.onion hss33mlbykbsxmug.onion:1488yoitsu.moe repo.aosc.io fatphil.org www.reuters.com rotfrontkmemk66v.onion www.torservers.net f5ftj2czb6pfzcq7.onion pnxauh22krzb5xso.onion bestes77yawunk6p.onion www.sbs.com.ausqute.com www.cnn.com bugcrowd.com en.rsf.orgendstatngmzvkcv6.onionwww.producthunt.comcryptoparty.increativecommons.orgonionoo.torproject.organarplex.netwww.qubes-os.orgrtz6kznga4anujwu.onion manual.calibre-.comfelixxxboni3mk4a.onionwww.facebookcorewwwi.onion mucirnaewm6bumgn.onionwww.phpbb.comnarniaguz47mq3rq.onionis.gd 2cxhjkwp5mga2jv5.onion ctgpe47oofn4ov5v.onion webmail.netzguerilla.netkraut.space theintercept.com xmpp.net z5tfsnikzulwicxs.onion infantilefb6ovh4.onionrightloveqoyz6ow.onionwiki.ip-phone-forum.de alpha.libre.fmwww.eyeonpass.comzlal32teyptf4tvi.onion b2fxrnttdue72ntq.onion dodo.ct.comodo.comct.izenpe.comnessie2019.ct.digicert.comclicky.ct.letsencrypt.org 7gsvzcjvupypvz66.onion www.dhakatribune.com billpaymenthelp.commetalab.at clickcashmoney.comgajim.org 127.0.0.1:8888 www.dragonbyte-tech.comsshtunxizmbovzki.onion xenforo.info redroo6jmpfa5cv7.onionscanner.pcrisk.comredroo7gs4gvtr4l.onion tor4.ml anthill.la cbodkx5ookrtqugg.onion v6yfk5jbq5vcnyk4.onion sipuli7oouf7gupegfhxskhzg3yq5ifzz2vpljy3karyyrhybzs2tgid.onion uk.reuters.com hydra2exghh3rnmc.onionzfu7x4fuagirknhb.onion3sp6svxkyucma3i2.onion ct.sheca.com python.org www.usaid.gov www.freiepresse.degitea.io www.news.com.au supporters.eff.orgl3xrunzkfufzvw2c.oniontgel7v4rpcllsrk2.oniongpg4win.org askoin777773afmo.onionmattttttssi4lhud.onionunityfinxomxhf73.onionerlach6sjul42c7h.onion 5wddm7cim4qfrj3n.onion redrooi5lih6qadh.onion anthill4qbbdm2r5.onion vkqebv44sobdpsom.onion getpelican.com wiki.soylentnews.org folding.stanford.edu electrum.dash.org 7j7yvuud6xvutn6d.oniondomainwat.ch 2pei6r2naufy54vby3iqyezyqdebvphe2kf3sklvuhhj5id7h5lq.b32.i2pgreysec.net bylu6d6nx3og7shy.oniondoxbinjs77uawbbl.oniontorbox3uiot6wchz.onion gbpoundzv2ot73eh.onion vola7ileiax4ueow.onion nla423n3gyyunhci.onion age62hfu5rtptkg4.onion vomitbinqfozdz3d.onion klbl4glo2btuwyok.onionbitmixer2whesjgj.oniononionlandsearchengine.comdwebc5skmvqfr5g2.onion tssa3yo5xfkcn4razcnmdhw5uxshx6zwzngwizpyf7phvea3gccrqbad.onionprivatebin.infowww.stripes.com bdqvgdbomnv4qtuf65atcob6scwkmvlmgmc74i7k32rl3apbpon6mfyd.oniontorhooh46e624k5y.onionsuperkuh.com encryptor3awk6px.onion qopdcqhuvk2yd7co.onion yeti2018.ct.digicert.com aosc.io cloud.chch.it pubs.acs.orgaws.amazon.com www.cibercuba.com tssa3saypkimmkcy.onion.to qubesos4rrrrz6n4.onion ethereum.orgdreadditevelidot.onion suprbayoubiexnmp.oniontor4.ga nessie2023.ct.digicert.com sabre.ct.comodo.com stallman.org novoprof.net dccbbv6cooddgcrq.onion cosmista6thgibvv.onion3bbad7fauom4d6sgppalyqddsqbf5u5p56b5k5uk2zxsy3d6ey2jobad.oniondhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onioncryptex3m3o4vygu.onion nymphetomania.clubtorchatrfz2m4gvd.oniones-la.facebookcorewwwi.onion l.facebookcorewwwi.onion p4btzfloayu5s4ww.onion 6chfjp47en4uvaev.onion safepaybtc.net yeti2020.ct.digicert.com www.icfj.org www.thisisinsider.com time.com www.usatoday.com 172.31.254.180 344c6kbnjnljjzlz.onion5u2aa62nnbqylhyi.onionprivacyli6xhpkwl.onion phobosxilamwcg75xt22id7aywkzol6q6rfl2flipcqoc4e4ahima5id.onionuphnm2dgilz4dysl.onion volatile.ano ct.akamai.comct.gdca.com.cn news.rub.de lists.enn.luvk.com rogue.macrophile.com www.infowars.comfhacksnplmzxaaoo.onion redroozycqivqofz.onionxcm4pbxoaajsqrps.onion ct.filippo.io fiveyellowmice.com netzguerilla.net www.cryoutcreations.eu athleticforum.org jq77mc73wz5wuawt.onion archive.torproject.org abikogailmonxlzl.onion57f23hcybjqj4ime.onion antiscambrasil.torpress2sarn7xw.onion 2j2vuxeaqy3iro2m.onion ct.startssl.com news.google.com b374k.webshell-archive.org fr6scuhdp5dqvy7d.onionwww.cuba.cu ruv6ue7d3t22el2a.onionwww.informer.comilcosmista.i2p www.lastampa.ithydra2web.com tenecck4b4nk24yl.onioni3gg5dfzj5leiect.onion axcdo2zaeyrpdc6z.onionwhisper4ljgxh43p.onion cp5ju2qrbfrwz4z4.onionigdnewsdjfmg7kxu.onion2222222237z3q52l.onionlukmus.ru pad.netzguerilla.net rossbennetts.comcapulcu.blackblogs.org pt-br.facebookcorewwwi.oniondovooepjluycxo5r.onion3pc3yapw2xmsfnfx.onionwww.reactos.orgdeepmartyqzffl5n.onionxyaukzqqcdkop4ui.onionelevateeo6usyjlq.onion vij4p3cgway7ixi2hpekyigv5sp7673ghr5y33tgwscvz2qrzvmuepqd.onion data.occrp.org ajaxshell.webshell-archive.org hyntj47ow4ermsrh.onion music.monstercat.comzerobin.netright-to-love.name jgyujfb2olkozxgp.onion anon4jmy3f3ozlv6.oniondmzwvie2gmtwszof.onion xsqp76ka66qgue2s.onion spyiranhereogc3f.onion log2.gdca.com.cn www.occrp.org blog.malwarebytes.commailto:[email protected] .informer.com blog.psii2pdloxelodts.onion visitorfi5kl7q7i.onion me.atsp.in certspotter.comoak.ct.letsencrypt.orgct.wosign.comctlog3.wotrus.comctlog.gdca.com.cn rksmb.org1993-2013.ru rh7jaux2r3tzrqp4.onionsdscoq7snqtznauu.onion zsolxunfmbfuq7wf.onion pdzdg7cbqal33ns6.onion cafofoakiphznegicbgznr3z47cnlqzdbgcmubg3ihrbluuuckd2xsad.onion b6siqj6jyj5qwb5a.onion ct.izenpe.eus birch.ct.letsencrypt.orgalpha.ctlogs.org www.fleischerhandwerk.deapnews.com mydomain.tld webshell-archive.org quickcoke323rhzl.onionfreexd7d5vpatoe3.onionsoftware.informer.comwww.tigress.comstrega.sofurry.com nymphetowhsn3gpf.oniondarksell2cuknuca.onion zh-cn.facebookcorewwwi.onionbithxedusrw236ji.onionmda3nxsigriahnxq.onion applexhmkr5a6ka5.onion blog.aboutbatteries.com www.personadeinteres.orgwww.chemnitz.freifunk.net chaos.social endstation.jetzt deepneq25s3yooxa.onionyukoni2bjn5woljf.onion wiki.deepwebvpn.netprobiv7jg46vmbox.onion25xcyznj3pny7mzz.onion prometh5th5t5rfd.onion darkmarket.biz nqxrzrkvvy5hy7yn.onion mastodon.cloudoccrp.us2.list-manage.com www.bloomberg.com filesman.webshell-archive.orgstats.enn.lu n46o4uxsej2icp5l.onionitemnaaj35zkkako.onion ak2uqfavwgmjrvtu.onion 5iap2pzrthuf6eee.onion lfbg75wjgi4nzdio.onionrealpissxny3hgyl.onion?s=ppics athleticpharma.reformal.rucdn..com cbsrdi4vw4orqehzp2f4a4z36pmqbr2jsbf3piofifncqdnbx6movryd.onionlolksweb3waft3gw.onion www.law.cornell.edufsocie3diwtymprg.onionde-de.facebookcorewwwi.onionar-ar.facebookcorewwwi.oniondevelopers.facebookcorewwwi.onion chipmixerwzxtzbw.onion volatile.bz freewallet.org avaxhome5lcpcok5.onionopen-time.net y7pm6of53hzeb7u2.onionjqs44zhtxl2uo6gk.oniondildosky53jnf5mt.onionwww.warnerbros.com pecadopsqs2f43qn.onion sectum2xsx4y6z66.oniont3e6ly3uoif4zcw2.onion cubanosy4g7qdiog.onion zh-cn.messenger.com cckingdomtmf7w7l.onion chat.vola7ileiax4ueow.onionvolatile.i2p golem.ct.digicert.comct1.digicert-ct.comflimsy.ct.nordu.net www.swiss-contribution.rovis.occrp.orgonnjtpw627li4hg5.onion webshell-archive.org&title=WebShell%20Archive&summary=The%20most%20complete%20and%20updated%20Web%20Shell%20archive%20at%20your%20service.&source=www.vogue.co.uk benis.oniichanylo2tsi4.onion 2h3xkc7wmxthijqb.onion sayakbanerjee.comoxwugzccvk3dk6tj.oniondarknetfusiuzat2.onionphpbb.comsgkvfgvtxjzvbadm.oniongeneratorgu25g5b.onionwwhclublci77vnbi.oniondeadpool4x4a25ys.oniondark666b5l2e3lcu.onion thepiratebay.mn chat..org yeti2023.ct.digicert.com ct.cloudflare.comct.googleapis.com reformal.ru www.abc.net.au fqnqc7zix2wblwex.onion koz2sqqf4w23qxw2.onion digitalcourage.dekkvj4mhsttfcrksj.onion 3bbaaaccczcbdddz.tor.onlunderdj5pebcmfqf.onion nethack3dzllmbmo.onionit-it.facebookcorewwwi.onionegeeemjcvnebsrtl.oniontraditio3trziwpn.onion ctlog.api.venafi.com manjaro.org version6savanize.onion yabd3wlpvybdnvzg.onionnraswjtnyrvywxk7.onionwww.addthis.com anarplex.i2p uggu2zvewgda7xfzn2t6wypgbvtaigcegd4sr6jkqpqz3biylsxyw6ad.onionss7acc7br2hej43p.onion www.randevukasino.com cplfk4kp5dzeakwc.onionforum.suprbay.orgthepiratebay.la nfs6e454oyvajfro.onion comix.top rur.bz my.mail.ru www.cubadebate.cu torproject.lu wcgqzqyfi7a6iu62.onion librechbtnnmzoa7.onion gyklo5wruhin4qpg.onionwww.aktion-freiheitstattangst.orgrekt5jo5nuuadbie.onion pkwfkh3z76xczyxt.onion avax.news zifb.in www.statnews.com lists.netzguerilla.net 5bam5t36aombgv76.onionlfdhmyq24uacliu5.onion52g5y5karruvc7bz.onionpublicwww.i2p asocialfz7ncw5ui.onion3twqowj7hetz3dwf.onionwww.psyshop.comwww.tor2web.orgypnmxsti2gcrn4inem7qkhn4sl24xxhnypabu7aynfjshb6463ljzlad.onionssndobhdederaj2z.oniontssa3saypkimmkcy.onion.pet3rrpvbdzvbkzrwhu.onion dublik2uqiorycsj.onion nh5hqktdhe2gogsb.onion ctlog.sheca.comnessie2022.ct.digicert.com gpbym2647cd7bv6j.onion www.influxdata.com ezxmy5jb7rxi4oou.onion fhostingineiwjg6cppciac2bemu42nwsupvvisihnczinok362qfrqd.onionfr-fr.facebookcorewwwi.onion www.gstatic.com storage.googleapis.com www.opensocietyfoundations.orgirc.sylnt.us www.behance.net7tm2lzezyjwtpn2s.onionvariety.com publicwww.com x3nelbld33llasqv.onionsbe5fi5cka5l3fqe.onionnwoyhtkk4tloji3j.onion 7lvd7fa5yfbdqaii.onion domainyynclqkec3.onionwww.freehaven.netz7neko7rjbzqkkktrqvxn5h26ao32kcftijdbitdfzknfgolngabguyd.oniondublikat.io strngbxhwyuu37a3.oniononeirunda366dmfm.onion qxklmrhx7qkzais6.onion www.legalizer.info www.phpbbhq.com git.volatile.bz nessie2018.ct.digicert.com energycontrol-international.org lookz3wwyeucccba.onion hi-in.facebookcorewwwi.onion chipmixer.comchat.efnet.org:9090 mammoth.ct.comodo.com spicymags.xyz ihatesystemd.com www.leparisien.frpipedot.org krasnoe.tv xlabzclcrjuafjqb.onion torchan2:torchan2@zw3crggtadila2sg.onionapavr7fysl77tpwhlezlrmzqjmkfzcwl5jp7ua5iqxbzp6eec43wrsid.onion24boths2mh6sxaz5.onion forums.kkkkkkkkkk63ava6.onionfel23cncdhum7icf.onion torhiddenwiki.com hedgehog44773ens.onion nicrunicuit.com www.freiwurst.net dark3zzgex3xwmcj.onionturbod44gwmvxnu3.onionlgmtjgfpqk6hpik7yygkhavqivn6wsmfa7s7vszmcxwqkpwodinbhnad.onionbrasilxi6ajnjqdg.onion idomquol7lannf22.onion ctlog2.wosign.com www.certificatetransparency.cn www.nomeansnoworldwide.org devuanzuwu3xoqwp.onion twitrss.mebananasbdkj2y7xe.onionmaldicionekoextremista.torpress2sarn7xw.onionwww-users.cs.umn.edu society44nlbxqdz.onionmixermikevpntu2o.onionsuperkuh.bit ja-jp.facebookcorewwwi.oniondeeplinkdeatbml7.onion provizorii.ru pepaieloghlblocc.onionthepiratebay.ms anime.website www.imdb.com inetcore.com c99.webshell-archive.org users.software.informer.comwww.interpol.int f5sco6gxvt7twuthpufz3x4pa44v77oi2ycdara44dgajbrgisrolnqd.onion:5222www.mathjax.organticopyright.ruthehiddenwiki.org log.certly.io vered.tv wpthemepark.com jykwpwazyijyqloe.oniongijn.org lists.c3w.at amwgphmzeeojd6vf.onion chat7zlxojqcf3nv.onionxsstorweb56srs3a.onion5v6jwhjrcyxjjdfasrqtkwmvyqmrcm2m26tegjfhlwj5icetnp5ydoqd.onionprocrdpkbbqtweda.oniondigitk5khbmoayhm.onionselfdandism2ycbc.onion tp4ewd72yavuouuy.onion mariadb.org bugs.devuan.orgd3i6fh83elv35t.cloudfront.netslack.openobservatory.org top.mail.ru vijs2fmpd72nbqok.onion formac.informer.comozuchan.ru b7cxf4dkdsko6ah2.onion wikilink77h7lrbi.onion es-es.facebookcorewwwi.oniong2rvhyzcapyxswgu.onionz.cash clients2.google.com explore.webshell-archive.org bdfcctess3zhicun.onionsoundcloud.com 7pta37j2kgxquq6w.onion5jgis47vdcpaeafp.onion arhivachovtj2jrp.onion fel34pd37solhp2p.onion mixcox2htgxvtdmp.onionpostmill.xyz ct2.digicert-ct.com modeling & orteil.dashnet.org checker5oepkabqu.onion dot-bit.org cavetord6bosm3sl.onion khickshqi6k7zhpntdma7bguzxuutgjhb23cnfbehz3r4odggv7yy4qd.onion www.len.ru zriokjwqb244oci7.onion 17ysvSES8LyZ2mtAEo9GEYdujA9svP5r5uiilhskoicbbrepsy.onion kickassugvgoftuk.onion www.numerama.comwww.dotclear.netwhalebird.org freepressunlimited.org stats.labs.apnic.netcanceraobrhm4sfbvc6cxxlbtjikajikyekju3tkso33g26jgyazu4qd.onion wastun.jetztlists.riseup.net bai5vj7eniqkrau5.onionxmppspamc54buwix.onion traditio.wiki Type Filtering www.lepoint.fr www.floxie.com.ar hzmun3rnnxjhkyhg.onion77oxqa24eyjbsfkhya2r6y2krj26ouaxxbczdp4y2xjjguzzrli4fcqd.onion btrxgs3t4m3ljlnc.onion wiki7psimrgr3shv.onion wrhsa3z4n24yw7e2.onionphpbbex.com wsjabberhzuots2e.onion khicksdkaloavedb.onion rkrp-rpk.ru qrmfuxwgyzk5jdjz.onion lurkchat.com vtg3zdwwe4klpx4t.onion sm.riseup.nettracker2.postman.i2p xs2hkmcvdwvq4zbbghtfddhbt7fyven6njmh2may33icyivp3eelmzyd.oniondeepweb5xbdd5r2r.onion cuandojlp3cgenep.onion hi-in.messenger.comwww.semantic-mediawiki.orgtribute.stretchmyan.us forge.tourmentine.com www.bytemark.co.uk zaebokkun336dmmd.oniontr.rkrp-rpk.ru history.stanford.edu tenec.la teenxxxbtl7wsllp.onion kbofqp5albsmiqqw.onionsuicidio5364lj2l.onion freedomxexxwmqvi.onionygzf7uqcusp4ayjs.onionprobiv.biz blackmartdj3gzlh.oniondarkcon.nl dslvz6u2utvaylzg.onion linkdirdgrhkr2zm.onion www.notebookcheck.biz tor-browser.rumascherari.presswww.opentech.fund odz6noxeukaw43e7.onion722iprlhm7pw4mx7.onion git.psii2pdloxelodts.onion tornode23mdewcnp.onionu2irkkaqofthnsdu.onionezinecczeuqhxt3q.onion itworks.cyruservvvklto2l.onion mailru2zxiq5rorc.onionmat32scrdvrn5o4m.onion icerbox.com uhwikit3xeztgu3e.onion ru.wordpress.org www.measurementlab.netbgp.he.netigpr.ru com-piter.ruipv6.he.netdigitale-freiheit.jetzt e4nybovdbcwaqlyt.onion sites.google.comwww.allchan.su drosskgl7mnn6hr4.onion ksotfkmgxgcoj4tp.onion ijeeynrc6x2uy5ob.onionmegaeeayahdmmeee.onion pkginfo.devuan.org www.sixxs.netbogdyardcfurxcle.onion o3shuzjrnpzf2aiq.onionwww.themehouse.comnoticiaswfbvtnho.onionkonvertr6667fiat.onion maps..deddosecretspzwfy7.onion fel32ygk7gqkjmcg.onion lab.workdark.net forum.geekzone.frwww.bortzmeyer.org www.potaroo.net rqef5a5mebgq46y5.onion x44ygwfpblxugrbgcspizrii4kghsqxgwni2nwj5wttjfr5w7bjku6ad.oniongospel.muflax65ngodyewp.onionbeepedjhffvat3uwij5fxny72vlj7ugqb67ippjebise6adxf73y3uqd.onionklmtzk5epmfkkaxr.onion pedoisteria.ruhostingkmq4wpjgg.onion retracker.local x7ig3agdex7czbyn.onion next.liberation.frbugs..org onionscan.org btqwlm5n6filwdoj.onionmirrors.romanrm.net lfwvfcnxkyp2t3aj.onionpcus7yd4p4cxgvqypqgg7qnlkphomgigjkhuv5hccimskccbmtaojtqd.onion fel22gpzgvb63pn4.onionfel36ibuhqmitnju.onion thepiratebay.se www.miliwoman.com files.devuan.org r57.webshell-archive.org d6icqld2aunwupgp.onioneff.orgkrustykrab.restauranttelegram.me pay.reddit.com n6doy7ndydmvdlts.onionsilentpost.orgdarkconbp235ybwn.onionvegalogic.com 2ymtdo5gae2mwxlv.onion darkmarket.nlja-jp.messenger.commat25fp3lkbqz53q.onionmat26ebbb65svsy3.onion or7amhxzp7jc77xr.onion moridim-mirrors.xyz leanpub.com seomon.i2pwww.great-country.ru wastun.tem.li hackingoqvofmiis.onion asmithti65rvrwev.oniontordirhwtq6p7qcq.onionit.cyruservvvklto2l.onionmega2web.com DeepDot35Wvmeyd5.onion ferkey4nox6vbqwr.onion khicks.netkmlproject.com www.lesnumeriques.com dev-one.org www.ip6.nl itemname.i2p unityntfy5n7552k2zsxcajgwygpgdaqugxwbvmk4hmribl37xw6jiad.onionautinv5q6en4gpf4.onionlawiki24onnfcrfl.onionselfdevuilyolz3n.onion try.cyruservvvklto2l.onion thepiratebay.org matomo.orgcookieclicker.fandom.com git.devuan.orgdev-1.org bw6q53ranhnpgml6.onionqigcb4g4xxbh5ho6.onion www.asstr.org cebollabaezobsmm.onionstack4bw5slctbl6.onionfel26sefmxbluwkj.onion docs.electrum.org docs.influxdata.com greenhost.netexplorer.ooni.torproject.org rabochiyfront.org segurof64tgwwnwa.onionwww.nytimes3xbfgragh.onionjusfileobjorolmq.onionujnkg4uirpaiqejr.onionfel33logbgiycm5q.onion legalrcgaqsyxn6y.onion thepiratebay.gdwww.coinmama.comthepiratebay.vgspectrocoin.com termux.comtma.tourmentine.com kiwi.tourmentine.com vzmvmmaldx3h7vx6.onion0xacab.orghaibane.ru jabberlistbrrxyk.onion www.coup-de-vieux.fr dev1galaxy.org vj7kn5iwvtzsxh2uxnjhoi5c57g3xkqvw6xxxejekmk5zj5nhgzruuyd.oniondrogask3jz22rf67.onion shadowrkcrqp3lit.oniones.dstormer6em3i4km.onionjustryit.cyruservvvklto2l.onion bitblendervrfkzr.onion novchronic.ru masterlistwtfzgt.onion vejr.xyz asspainwkywd5wfs.onion fqnkc27p3khhsc5zlogyisgzhw63pvyh6pr2a76prmv3ryl2odmv7byd.onionurgayxfhweswcb47mm5ipda3msfqyrg253emly2mpeb3nu67p5vuk7qd.onion6thhimkhby4az3vz.onion www.miner.dk www.slate.fr test-.com openrunet.org j6uhdvbhz74oefxf.onion r3pl46dc2tg3axirndpbqij57qim4yxtunzlw4lpxyjzypwnbsftazad.oniongerkipwhfuqeeizl.onionzmodnpmqs24fxntuewqpt4ohljwhdqaggdynzn3ytozbjye7g47sedqd.onion mat33phug6lqndps.onion663wbgqczxp445am.onionharitonov.wiki melineencuisine.wordpress.comwww.legorafi.fr habrahabr.ru pleroma.oniichanylo2tsi4.onion bdf-tracker.top v2.24bot.biz opsectw42cbzew7f.onion qkq6mzqqnh56xyuoetla7zr44vlx6mgm74nl6d3yp3644e3opisv5fyd.onion ar-ar.messenger.com udod.traditio.ru matanga3jcpwwyr7.onion fr.1001mags.com community.grafana.com www.theatlantic.com torwsm6o2cyfmxas.onion linuxunflsafqsgh.onionsecdev.ieee.org www.suportephpbb.com.br www.madmoizelle.commessieurs.github.io secondinternet.org seomon.com psb4ukr.org iggv35owfk6d5bzf5e63xtekcofjkoiggfcthmjhe46zws4y47ucmqad.onionhidden24vowyrcic.onion rutor.info candybox2.github.io grafana.com ipv6.foxmoxie.orgtgnv2pssfumdedyw.onion gbinixxw7gnsh5jr.onion adios7s3x4vw42yv.onionkglddfz2wnvt7wiohbm6g6m5x5flufghnc4zxqdn76svdd3mtjr672id.onionforohpysho2t5mjs.onion shadows7vkjdyjtx.onion fr-fr.messenger.comfel354xtupzhdx7q.onioncarontevaha5x626.oniontraditio.i2p www.linux-france.orgblog.mozilla.org sixy.ch zkdppoahhqu5ihjqd4qqvyfd2bm4wejrhjosim67t6yopl77jitg2nad.onionwe.riseup.net 4gqmld3niitfvqqtqjuk5zzr4pugwe5ihynudyeivxefcs4czwylthid.oniongpiml63ncuoqc4dvyoohyvpfbtkqxyxcd2qp3zdnvbpmjp7waytdrbid.onion 5zm7mioo5fmomrp6.onionfsv2bgli7wk4hkvl.onion www.livejournal.com psi-im.org 3ur4xm2japn56c5f.onion www.escapadesalondres.com o4ql2kzcrurthqaa.onion loli3jjm7joz4yow.onionwww.iana.net uuxrei5or65anucg.onion windows.microsoft.comrosndp.org fel24rc3sssibpal.onion irc.tambov.ru itemname.com 4qt45wbulqipigwa.onion tenec.onlinenzh3fv6jc6jskki3.onionauutwvpt2zktxwng.onionortigavijwdxksbr.onionbacksysop.torpress2sarn7xw.onionserver66zf3ed473.onion infodesksorcvsgq.onion itvendskabe5uhy7.onion social.tourmentine.com maemo.cloud-7.de gpopai.usp.bripv6-test.com www.template-toolkit.orgxmpp.psii2pdloxelodts.onion answers.informer.comaccount.riseup.netvolzn6mmq52ejanz.onion xdyvuuy4ultwtfj3.oniononofbqheegw4thzm.onion securityzap.com www.dsfc.netlejournalminimal.fr infauxsec.github.ioloneworld.free.fr madduck.net user.riseup.net gghhublalbhwv535c3yux6jahcl6cyfodpgsujsislx46kg3phid4sad.onionoscura7h55bseml2.onion bible4u2kjgjvbxs.onion psyco2l2lrdxfnee.onioncommunity.livejournal.com www.coinbase.com wallofcoins.com eugenekay4yxdyn4.onion www.huffingtonpost.fr blog.mudy.info juick.com o4nwyaccskah2hloz236mqup2o3oohe4l45q6tlqjqubhtkfetuag6qd.onionacjhxk5yqwnw2jdu.onionbomberpqilacfsem.onionshop.spreadshirt.de3xdvknchriugpjjh.oniongladia5rwjtk5tcz.onionicxl2pwzgl7mfxz2imxhodplewzawpgwpjxm34tkeda3viug47fju7ad.onion z57whuq7jaqgmh6d.onionmedusas6rqee6x6e.oniontorifysmuvxesu6u.onion midcity7ccxtrzhn.onion cabinet.deepwebvpn.net www.mypacer.com hmxuku36whbypzxi.onionxlab.tv thegoldenasura.com 127.0.0.1:7657 darkseller.info mat22s4eohcboc7z.onion airvpn.org blog.ololo.cc black.riseup.net grams7ebnju7gwjl.onion knzmercmbiesb7pp.oniontmodel-ccs2018.github.io blog.darkach.comdocfarmjyoafnmji.onion it-it.messenger.commat36pz6dsdt3mnj.onion bit.ly a2jutl5hpza43yog.onion ftp.tourmentine.com monerof2plqfcrho.onion liber4hxj4bnxft4ougyjuyebmi7lz7uxxmv5oscjrtckvnpb4fcblid.onionsuma-ev.de eais.rkn.gov.ru www.openrightsgroup.org www.privacyfoundation.chhref.li support.informer.comzrz2f2r75h3shyw6tsacpjmaqan2koeaf3f3heebmymcq2xzbpgpxmad.onioncryptomuvozeb5ww.onion cyclowiki.org xorgateka6obqneh.onion psi-plus.com links.tourmentine.com tourmentine.com framablog.org share.riseup.net binario5yvaed5ie.onionu5ed42u6sbzq7xzs.onion arhivach.reformal.rude-de.messenger.com stretchmyan.useugenekay.com forum.ubuntu.ru en.linuxreviews.org dkb5f63obsb6wmzcgilebjvmgvw4wmcgzbkczu3sntgckmtzweza.b32.i2plw-addons.netnews.software.informer.com www.lifesitenews.com hackmerjqh352nps.onionmitosgwxixnihhua.onionunderzineoficial.torpress2sarn7xw.onionze4j4or7ax3omqdmsdnje3yk7oykg5bhy5uzrsmeuenlxgororsf4ryd.onionelstormer6vrre53.onion applei7nkshrsnih.onion godaddybqmlicbis.onion xboardgfawtcsfiu.onion larepubliquedeslivres.comreviews.freebsd.org ccc.de mamot.fr www.robgjansen.comrivwo3erj6nzo73dhtudwo6xzfi5z3ialia2o2q6iwj4hkp6yxq6hoid.onion oek4nfanuw4dccid.onion mariadb.com bestdarkforum.cc panopticlick.eff.org odaystoresh44tsy.onionworkdark.netwrkdrkod7ybdfbre.onion es-es.messenger.comdarkmarket.pw sarava.org mail.riseup.net d5fdxua4kdbbjo6zvdbch4xiybadk7vb43nzxsokbzbwtwzeehuppbqd.onionid.2bu5puxp6afwjgql.onionbvah64rf3sb25pq45c5kzuj2q3xk6yyexoh6a4cluugq6v2qt4pjz5ad.oniongbq6k4ty32e5p325frxp3hgqwnuu7lw54tpsu2zkpafqxfacn26rhlid.onion mat347etuzo2nweg.onionmat35lyu3qfqhgvs.onion www.miranda-im.org 193.23.244.244:80 qu3ezgsgfhciunfu2cfaxhhmevtjjhawc7ucc2r753polj4wcg5lrayd.onion43nt4qrcqgm4faju.onionzjbwojti4r6q2zsw.onionopiate2mhwjo563v.onionwww.syverson.org darkseller.pwx5iwbj5jtrtiaqzn.onion ztjn5gcdsqeqzmw4.onion www.subnetonline.comwww.actantes.org.br anospain79hispano5.torpress2sarn7xw.onionanunciosqh55ibrs.onion mentalg4vb6qto2r.onion3dboysn3o5d7dk3i.onion safeklad.com social.imirhil.fr h24wtibkbgc543ck.onion 5n5ef6e7njivmktfrkvnfspidqtbnk7ijsfb6ndqwfsofbaypdzod4yd.oniongnupg.org rahakottymyflyum.onion fel25g6iq2vvas65.onion g1.duniter.fr www.intervozes.org.br hackmeon2teb4ixo.onion www.wivb.cominfu6wcehh46hnic.onion 222227qyeb7kxxl7.onion steplaf3p2u4e7pg.onion vomitb.inmadeitwor.se bvhfrslkkdbncdhv.onion www.torproject.us catarse.me bdf-club.top blog.muflax65ngodyewp.onionnukzkckmwn6rs4u47lya54mrovf56nhor4zhi2gg6kqejysfhgthj5ad.onion paradiseckr3thoo.onion s74kepaw5tnkzj5j.onion safetyjabber.com x2tzc4z2kdi5io4j.onion www.limesurvey.org doooomdeqdwefuvn.onionsupport.riseup.net kxojy6ygju4h6lwn.onion gitlab.metager3.deeosdawn6knv2mno3.onion delostadpsfteoqc.onion 154.35.175.225:80194.109.206.212:80 cxppipjspjkat45r7lphkjfpgf7pbvdbgrom3hwid7rbbeur6zjv4mad.onionxpnmq54bybqiirea5u2gqx4zp6vkl3bz2o6rbfkk3i4o4epuzvmnbbqd.onionguiamkipxgiowexk.onionz6o5nzzzcnnhsmbj.onionwww.sigsac.org clonedusbmna6mmw.onion snvb5ffurikzeiod.onion www.senderbase.orgordilo.org qlncdtmmt5tnyrj7ur2jmqs4aasuzis4nvekc6sobfovag3bce6fsrqd.onionyhths4c4jxldu72e4xjwtwvnq4l7ahxru5hl3m5fqwkp3eopp7mxi4yd.onionscamsb5lxrovkgxi.onion probiv.one xmpp.org www.vuxml.org docs.grafana.org librelois.fr deepweb.to www.blockchain.com clc.am www.gajim.org nucleo.kharkov.ru www.openssl.org www.whonix.org&text=&via=Whonix www.larousse.fr www.ativismo.org.brfreehuman.frrls.org.br anodex.oniichanylo2tsi4.onion chanesbabzcuwebv.onion 204.13.164.118:80 nerv.8ch.netwww.breitbart.comcenter-club.pw anr2pcgf4xnhkecbrnalxbq7hfhcwztxchlkpqtfne4mg5mae53mdbid.onionwww.wecanhelp.de itvends.blog itvends.comgoatsekecj5gtyg6.onion darkseller.org vsdfdtkr5mh6y33p.onion www.rnp.bry7fb7p44dje3yici.onionwww.thoughtworks.combdf.vc .com libertedvbw5kkrh.oniondl.acm.org bdf.li rtozvgednwoz3jub.onion darkmarket.bz www.centrocultural.sp.gov.br www.expressvpn.com the-hidden-wiki.com www.wjbf.com f3ht2g7n3bmcso7z.onion bible4u2lvhacg4b3to2e2veqpwmrc2c3tjf2wuuqiz332vlwmr4xbad.onion www.itphx.ru 199.58.81.140:80 bdf-club.io www.wsj.com un62d2ywi33bho53.onionpedofuckk7zv4qxx.onion nginx.org www.onlineocr.net bsxsptv76s6cjht7.onion noxbit.com ruonion.com bdf.sh www.books.audiols.tenebris.cc deepwebzgark7qfc.onion bookdxr37kjmumpk.onionnoscamkvtrkanzxh.onion www.os-templates.com acestream.org jqnngpm3lcn5oa2lhimjhq44clp75zqdsevlbeo5zfb6qomcfyuewzqd.onionabc6onyourside.com 127.0.0.1:43110 v3xoewpevrengdp3.onion 171.25.193.9:443 daily.muflax65ngodyewp.onion zvldz46bbxqlw4od.onion 4pda.ru petsymposium.orgwww.petsymposium.org bdf.cool int.vichan.netwww.news4jax.com 128.31.0.34:9131 acestreamsearch.com spb.acidairlin.es www.powerball.com dembtxt2izv4tnpb.onion 86.59.21.38:80 www.foxnews.com DarkMarket.co tinyboard.org www.cs.unm.edu ms5qd5es5qltiqsf.onionbqs3dobnazs7h4u4.onion 131.188.40.189:80 bdf-club.cc pad.elbinario.net bible4u.i2p nehakumardotorg.files.wordpress.com api.whatsapp.com 3wcwjjnuvjyazeza.onion www.sec.in.tum.de trlr7pylub7xl7lolfv3adslni5yld5njquni2kk5b3etspirzhq.b32.i2pwww.itphx.i2p wiki.koumbit.net gnusocial.net www.directory-root.com 54sdi3p2kf4intp7.onion p6vbgbn7ggutkt3i.onion keyringer.pw www..com www.cs.toronto.eduwww.aaai.org kycklingar.i2p?i2paddresshelper=PKCCiiEU7vT5Q8vWm7sI5-B~mWbsBTCIo06y-WVqIE4uDsz9w1kLVRKYa0Y9XwuhZ95AsgT81nXE2ugCN9fjeG0-IiMbPgQaUdmh2TXbxAvuwkHfA6Fcc7SIs9qAo1wxC43pWdPpRJLV0h1-Z2RmeYYpOr~9ra47a-z8zT-BSuQWbb~R0tcGddlG~dIUKQAA-gW8aX8xOQSltsZxPAveb1QiydCjA8pE7z3SLOeo3PU7YAUIkP7Ehunmej~Sqf0-vB15k9c9T3IE7-ngkwUEVaYsXnfiYFHceu2hIQOorU6cfXB~a1FfwdgCmFBh0ITG13x5OWvtKExVkeGop5pRoapJRV-wEYJeuCbz7SbFNVkTtUMR~KRz9x-evG48B--ENKBTdka0dO5F3iuNCzSznBfeIKv4OTbdWu1xQ5OthPdl0DAOG3TuVdfEJA3yq8w62Hd3KArMfRQ8UJ9CGYFchqice9TPLj3RYFbWdwCUlc8XsE-IE2YyRVH7BbR3VP7dBQAEAAcAAA==bdf.ac git.elbinario.net:8000 elbinario.net gctswdhp4447yibxfbqg3uq2bvx63qjeqnaoaux75zw73leakyva.b32.i2p nfs3m4id5fja3lif.onionfinanvtj5j2wp5iz.onion www.newsbtc.comwww.addtoany.com statv2gccyh7roto.onion www.degruyter.com xz2bhyw5g7tnlx5r.onion.direct kashpureffdylp4t.onion .org auth.myrotvorets.center tiswww.case.edu www.tumblr.com conferences.npl.co.uk on5q7dqzlct7fvef.onion owmvhpxyisu6fgd7r2fcswgavs7jly4znldaey33utadwmgbbp4pysad.onion report.myrotvorets.center mqkrplmfqbtifk4n.onion [201:4806:21d5:c971:407f:4ea9:4d7d:e491]cathugger.i2p hgi.rub.de papers.ssrn.com www.cl.cam.ac.uk docfarm.com dedis.cs.yale.edu222222224gidecov.onion comp.social.gatech.edu explain4pg4j5wbw.onion ipfs.kycklingar.i2p?i2paddresshelper=9V7dNvkBiolE9VN4lbfI~n86lmrEMPT6ckXpCkN9Oxh9mwHsJ5DwnNDJ9yjAXStbyEEdamdxBuMKvMVrKbxvfEDuCqlbAwbX0NdLxl3mjg9QuEGX17GyEewM-Ez~cRg-nhnGTfem7gF2w1dwQTD7SaRAZ3CWlUyUlaOQCVBFSoO3lqPDT9YhMk3XMHbvVOefqoZLE2g086FRQbEaJTN9piskN1rRSGFJ5lPPGPGHgdQblXLlwFwoqWvExRoWBRvkCQ7tmgk91CGEGvUXUtQxf4kZTId7G1dPHYEiRHQf-drORDwdKnE3-2dg5C0DTIqa9zkbmJtGFNmRKuDpnt7to1gNjjO1og8VP2VIlVOQoO2jP8cEsw9I9jnpZuAs0sIRyjrvesJOZygLbskRK4DBJSk1ukyE9x~1F7Cd5eIl9wk4jnncxg5a8EPdtkb4~HT~GjkyRstcugloJuRJv07-ID6rzcFf3Blhl7Ti3y91pmbLTTAtzX3CsLQ78z36rGpkBQAEAAcAAA==ipfs.kycklingar.i2p [fd63:1e39:6f73:3f45::1] www.pcworld.com listas.elbinario.net:8090voip.elbinario.net pedofunhph4fwu4b.onion crypto.stanford.edu lite.myrotvorets.centervq43xjjcnejqpzfprws5qzrea2siieshu4tglpdepql2w3w3bpba.b32.i2p bdf.ms pages.cs.wisc.eduwww.researchwithoutwalls.org psb4ukr.natocdn.net thebitcoinnews.com research.torproject.org www.victoriamanfredi.com myrotvorets.center franky24xoy6jmdw.onion fusion.tv 21.0.0.1 gecodigital.com dalme.net web.eecs.umich.edu 72kkhupynpkdgevn.onionmoietybfhbdbulbw.onion anonet.org git.psi.i2p mail.will gerki.pw myrotvorets.news sps.cs.uni-saarland.de citeseerx.ist.psu.edu m3ccxdndkunffup6.onion www.interactivebuddha.com wpage.unina.it mjfjbs3547exsy6r.onion beeminder.com cyber.law.harvard.edu techscience.orgwww.eecs.berkeley.edutlsfingerprint.ioblanu.netsoftware.imdea.orgwww.ieee-security.org www.kashpureff.org dstormer6em3i4km.onion identigraf.center riseup.net .com nginx.com ipv6.psb4ukr.orgcathug2kyi4ilneggumrenayhuhsvrgn6qv2y47bgeet42iivkpynqad.onion roundcube.net homes.cs.washington.edu www.drupal.org cathugger.ano www.cogitatiopress.com debyjsrnyjduf3b6.onion dud.inf.tu-dresden.de nms.csail.mit.edu nrr7eouwbujknu22.onion gdaqpaukrkqwjop6.onion conferences.sigcomm.orggking.harvard.educryptome.orgcseweb.ucsd.edu www.eecs.harvard.edufc18.ifca.aiconferences2.sigcomm.org onionlstmjc7qkmj.onion undrol7rt4yu5zzd.onionacmccs.github.io www.xmpp.org tma.ifip.org www.icsi.berkeley.edu www.sympa.org gogvzhb6yvyn6zqk.onion rahakott.io grothoff.org it.dailystormer.name www.csd.uoc.grwww.icir.org security.cs.georgetown.edu ojti3yculams3ju2.onion cbo7whgxo2dnplgz.onion wind.lcs.mit.edu pages es.dailystormer.name netzpolitik.org www.cs.nyu.edu www.frankwang.org svn.torproject.org delivery.acm.org www.cs.rice.edu data.coop weibo.com censorbib.nymity.chpeople.cs.umass.eduifca.ai cbw.sh gab.ai hushmail.com thecostofknowledge.com cartel24.top www.cypherpunks.ca pages dailystormer.name secmail.pro www.cs.uml.edu hatswitch.orgseclab.cs.ucsb.edu gr.dailystormer.name cwoiopiifrlzcuos.onionjmqzlkivc2cfowv6qza6mlutnimfkbyzqfuavifbibtzqdad.onionodium.co dstormer6em3i4km.onion.link vivmyccb3jdb7yij.onion www.cs.princeton.edu onionvitae4u7l4m.onion www.fsf.orgwww.cs.ucr.edu www.margaretroberts.net bbs.dstormer6em3i4km.onion kuechenstud.us13.list-manage.com www.jbonneau.com m6rgrem34sednagr.onion nopasaran.samizdat.net kuechenstudio.memberful.com brestutj2ykkybea.onion indymedia.us communisation.net sedna.spip.net

d26vp7trenverss7.onion www.federation-anarchiste.org mediaslibres.orgwx4j4vmarsinfoxe.onion valencia.indymedia.orgroma.indymedia.org guide.boum.org microformats.org labrique.net maine.indymedia.org lille.indymedia.org qollasuyu.indymedia.org www.spip.net efjupw6biaatay5z.onion www.hpmor.comeo.wikipedia.org mail.boum.org mpq4dnmbrk5cnnmz.onion japan.indymedia.org rochester.indymedia.orgnigeria.indymedia.orgarizona.indymedia.org oclibertaire.free.fr www.ucimc.org ablogm.comch.indymedia.org mars-infos.org spip.net .indymedia.orgovl.indymedia.org www.zinzine.domainepublic.net www.alternativelibertaire.org tech.rebellyon.info arbuz.uz nice.indymedia.orgbigmuddyimc.org atlanta.indymedia.org regardeavue.com tampabay.indymedia.org czlarotosh3ap5kp.onion 193.189.147.16 vermont.indymedia.orgontario.indymedia.org bourrasque-info.orgwww.radiogalere.org sf.indymedia.orgbolivia.indymedia.org estrecho.indymedia.org loissauvages.rebellyon.info seaccp.org www.indymedia.ie rogueimc.org anarkismo.net www.zite.frwww.c-g-a.org opencontent.org bx.indymedia.org lepressoir-info.org mutu.mediaslibres.org grenoble.indymedia.orgcolumbus.indymedia.orgquebec.indymedia.org www.discourse.org mail.poivron.org ottawa.indymedia.cadc.indymedia.orgathens.indymedia.orgbc.indymedia.org labeling webmail.no-log.org paris-luttes.info renverse.co www.okimc.org burefestival.org manila.indymedia.orgreboot.stlimc.orgukraine.indymedia.org cvilleindymedia.orgtnimc.org wakareimsjohxxlx.onion renverse.ch linksunten.indymedia.org codecoop.org print.indymedia.org www.les-renseignements-genereux.orgradio.canut.free.frfafwatch.noblogs.org docs.indymedia.orgde.indymedia.org www.redside.tkpt.indymedia.org infokiosques.net dijoncter.info www.indymedia.org lundi.am rebellyon.info vicindymedia.orgwww.midiaindependente.org calabria.indymedia.org ctzzqqimlfamyhrc.onion lenumerozero.lautre.net bxl.indymedia.org madison.indymedia.orgbelarus.indymedia.orgwww.indymediascotland.orgcroatia.indymedia.org www.primitivi.org italy.indymedia.org qc.indymedia.orgbelgium.indymedia.orgpiemonte.indymedia.org reflexes.samizdat.net tmutujlcbrjni5b5.onion cleveland.indymedia.org bulgaria.indymedia.org zone.spip.org expansive.info iaata.info neworleans.indymedia.orgmaritimes.indymedia.org 4sy6ebszykvcv2n6.onion atelier.mediaslibres.lautre.netblogs.mediapart.frsearch.creativecommons.org toulouse.sous-surveillance.net www.adobe.de ambazonia.indymedia.org poland.indymedia.orgblog.eichhoernchen.fr www.google.dewww.doubleclick.net mumbai.indymedia.orglombardia.indymedia.orgsucre.indymedia.orgendofroad.blackblogs.orgkenya.indymedia.org openrepos.net burma.indymedia.orgnorthern.indymedia.org portland.indymedia.org southafrica.indymedia.org canarias.indymedia.orghungary.indymedia.org mail.rebellyon.info sa6pbdrbllyona5s.onion non.copyriot.com ecuador.indymedia.org rennes-info.org mprt35sjunnxfa76.onion barrikade.info sandiego.indymedia.orgnewmexico.indymedia.orghouston.indymedia.orgnantes.indymedia.org istanbul.indymedia.org larotative.info emiliaromagna.indymedia.orgromania.indymedia.orgpatras.indymedia.orgsarasota.indymedia.orgnottingham.indymedia.orgbelgrade.indymedia.org darwin.indymedia.org demosphere.euoffensive.samizdat.net indymediapr.orgbeirut.indymedia.orgpittsburgh.indymedia.orgbaltimore.indymedia.org jolla.com reseaumutu.info www.omniture.comwww.towerdata.comwww.disqus.com radio.indymedia.org mediaslibres.lautre.net montreal.indymedia.org austria.indymedia.orgkorea.indymedia.org livecounter.theyosh.nl chilesur.indymedia.org reimsmediaslibres.info 7gelilpariscn7k2.onion alternativesg7.org tijuana.indymedia.org laplana.indymedia.orgchicago.indymedia.orgmadrid.indymedia.org ov45qqzoe6fch6rk.onion twincities.indymedia.org jakarta.indymedia.orguruguay.indymedia.orglondon.indymedia.org sardegna.indymedia.orgmiami.indymedia.org piratenpartij.nl www.kissmetrics.com colorado.indymedia.orgrussia.indymedia.org www.indybay.orghawaii.indymedia.org www.observatoire-du-nucleaire.orgreims.sous-surveillance.netwakareimsjohxxlx.onion:8080 londonontario.indymedia.orgafrheinruhr.blogsport.de www.youtube.de hambacherforst.org liguria.indymedia.org uk.indymedia.org israel.indymedia.org gekko.theyosh.nl www.facebook.de venezuela.indymedia.org cyprus.indymedia.org www.indymedia.org.nzbrisbane.indymedia.orgvideo.indymedia.org bristol.indymedia.orgrosario.indymedia.org vcard.theyosh.nl asheville.indymedia.org nh.indymedia.orgbuffalo.indymedia.orgnyc.indymedia.org la.indymedia.org a-louest.info alacant.indymedia.org binghamton.indymedia.org basse-chaine.info peru.indymedia.org malta.indymedia.org www.linuxcounter.net labogue.info chapelhill.indymedia.orgsantiago.indymedia.orgthunderbay.indymedia.org austin.indymedia.org galiza.indymedia.orgabruzzo.indymedia.orgeuskalherria.indymedia.orgnapoli.indymedia.orgarkansas.indymedia.org richmond.indymedia.orgparis.indymedia.orgsbindymedia.orgliege.indymedia.orgbiotech.indymedia.organtwerpen.indymedia.org blog.spip.net andorra.indymedia.org marseille.indymedia.org publish.barrikade.info radiocanut.org manif-est.info sweden.indymedia.org valparaiso.indymedia.org www.indymedia.no boston.indymedia.orgseattle.indymedia.org lyon.sous-surveillance.netcric-grenoble.info lists.indymedia.org switzerland.indymedia.orgtorun.indymedia.orgnewjersey.indymedia.orgwww.phillyimc.org gkempen.de piter.indymedia.org www.hm.indymedia.orgwww.michiganimc.orgcolombia.indymedia.org mexico.indymedia.org perth.indymedia.org shop.taz.de windsor.indymedia.orgargentina.indymedia.org canutinfos.radiocanut.org chile.indymedia.org wmass.indymedia.org indymedia.nl www.taz.de www.radiocanut.org snjljmcxxtlyqitp.onion milwaukee.indymedia.org toscana.indymedia.orgchiapas.indymedia.org www.kontextwochenzeitung.de worcester.indymedia.org migration-control.taz.de blogs.taz.de kcindymedia.orgwww.addn.me sydney.indymedia.orgmelbourne.indymedia.org armenia.indymedia.org satellite.indymedia.orgvolunteer.indymedia.org gazete.taz.de www.nationalismusistkeinealternative.net monde-diplomatique.de pad.fuwafuwa.moe jena.fau.org pyonpyon.moe tech.indymedia.org status.fuwafuwa.moe www.ntimc.org irc.snjljmcxxtlyqitp.onion taz.de munin.lesderid.net india.indymedia.org ibpj4qv7mufde33w.onion cocaine.ninja psychosoma.tech pleroma.fuwafuwa.moeu.fuwafuwa.moealderleyvl3tqdun.onion superkawaii.moe flexcake.moe fuwafuwaqtlkkxwc.onion poll.fuwafuwa.moegit.snjljmcxxtlyqitp.onion fluffy.moetsumugi.online heligo.land fuwa.se pst.moe

box.cock.lip.snjljmcxxtlyqitp.oniongnu.moe

www.gazete.taz.de

tartarus.kd2.io xhywwjcqyawvj7o6.onion www.freecsstemplates.org priv8.biz liamsioka4xfa2gop6rrfkxfpd5l2ou4qvhgw36kx2etoidsc3i4ftad.onionwww.yeahiwin.com 5lek6m6d6g6o6uet.onion zy3dkytcaubkq2y3.onion darkw4u3xkeb5pzn.onionharamberipqdbxi4.onion wrkdeuobynil3tbiqnebzfqy52ub2dzbmilvyiywbsn5lcayxw4a.b32.i2p sandraccybpuex5m.onion z7rcatg2fob56sy4.oniondarkcomet-rat.com me-download.wickr.com nnm5gu6g2bs7nnmm.onion www.webring.org center4u6cm5cm4w.onionwww.solucija.com www.hackster.io unsplash.com www.sra.org.uk www.1centroulette.com flkcpcprcfouwj33.onionstart.jungswtfwgjwile2 docs..org www.ma.utexas.edu 222lotto3zga65ot.onion 2rgibznkzrtz7wme.onion 3cxmx5xalprbwmuu.onion 5jlofek2ajaywwk3.onion 3j6kc3lulyjrl5l4.onion acidlawhadbroaim.onion tmaxyctcdf2zqoiv.onion xxrlxxhjy6ed2d76.onion decodedsbwzj4nhq.onion ycfgjwbfhnqvtclm.onion forum.jungswtfwgjwile2.onion intu57shj4wfofk6.onion iwjke47bybivwh6i.onion priv8.in blackpagegodnunj.onion www.locorevue.com counter5nolixj34.onion dlegal66uj5u2dvcbrev7vv6fjtwnd4moqu7j6jnd42rmbypv3coigyd.onion member.1centroulette.com forum.joomla.org www.math.cmu.edu member.yeahiwin.com start.jungs.wtf 222222222fyhdxlj.onion packages.brom:3142 godel.se skynet7nefghsljj.onion ri65pna643erokwudtvnd72t35tgoyri6ecxhkbalialvymuyzemxtyd.onion www.artisteer.com 0100101110101101.org billie4dtzvlmcfb.onion bitlox.com vestacp.com fluxbb.org amindobroxhg2ts4.onion bytesex.org www.famfamfam.com voozaqizei2dborx.onion zzmerg7qst5gnzum.onion fvfphckqqprivate.onion 3p5otzpnvs3coxax.onion 4xzg7em4btak4lnu.onion 5cqzpj5d6ljxqsj7.onion www.redtube.com bitlox2twvzwbzpk.onion fudkjb2tonsizx7c.onion center222xdihudu.onion rhe4faeuhjs4ldc5.onion mb4z3nlfyrcjnoqf.onion n4udgsuyqgvaszza.onion kd2.io ofjodvyfwrlfakpg.onion s-kassa.com ezpo2kkovm3liams.onion aminuxersdk523ix.onion darktorch5lgddvm.onion kd2torrloy4oldux.onion nucleusoitxmebfx.onion rne4dheax4oobmmf.onion wiki.kd2.io z34uj4opd3tejafn.onion g.liams.io priv8.jp www.charlesescobar.com blog.liams.io priv8.ru www.unremote.org tm47kmrvlxuibig7.onion

t0r.ch:100 phidelt.org uouwxld4urvtvzim.onion

5p6dpc344vsbigv7.onion 5sn2hxofsu6b55lo.onion 64jme446shl7eogr.onion 67p4weg7hoowpvc3.onion anonymzn3twqpxq5.onion ays3742ohpasvdoq.onion b2ebtnyz25tr4nxl.onion bbbburnsnx2za2tp.onion canxzwmfihdnn7bz.onionendefensadelsl.orgladhzzr73kxkifxg.tor2web.orgwww.easycounter.comlocalmonerogt7be.onion b48.club www.adobe.comsignucajn2ue3dqngdvhcxrk6bm7fhnkqzadbtp4ywljevpskdtpi4qd.onionsilkroad4n7fwsrw.onion www.nixmoney.combrasshorncommunications.uk log.exodica.com.ar sirjohndtqrsfmhx.onion streamtmr46ysxw6.onion sxzgqh7j6sgiy6he.onion ttnkd47gkavn64yz.onion tvlh66qo23ksfk4k.onion wolfmu4yjw3srihs.onioncxpizstpfzlljfng.onion z4kzldluie37m5vp.onion rbaco5flcou46wpd.onion rjuvjyygjqm6mlqm.onion rkphrici4u5ffhhm.onion rocksolidyyacwsa.onion easyko3zrfooqrpo.onion ruv6gkdi2p42juij.onion elherbotsiddarol.onion empiremktxgjovhm.onion sale24u3apkfx252.onion feeds.propub3r6espa33w.onion savkhz37olwuub37.onion serialyheptjyrf5.onion giesn3ivtzp5z2us.onion gnshpojuxrioibud.onion grams7enqfy4nieo.onion gtgmep4mv6gdyvav.onion hpquscklwzoiw7qv.onion hydra23qk4ar6ycs.onion ilovecphfjziywno.onion jabber.jungswtfwgjwile2.onion www.freecounterstat.com espiv.net dedis.epfl.ch tor.eff.org du-bist-anonymous.de web.luchs.at www.majorgeeks.com bbbirc4oqgpjbpub.onion:8080 canxzwmfihdnn7bz%2eonion sirjohndigweed.tumblr.com stream.i2p www.acme.com imgs.xkcd.com wtj5psom5zufu4yo.onion hookshcsl3v6nzux.onion www.fluxo.info iitnxqlpmjrbhxoz.onion live.blockcypher.com espenav2n45atpsj.onion wiki.wmtransfer.com wallets.onion .ch elherbowejkqwf32.onion tpo7v66snknyugsf.onion www.pnyxe.shadow.com feed.press www.e-reading.pw www.simplecoin.cz www.valeo-one.de stkonsbado54og4t.onion toradsc6vvmtugty.onion thirdworlds.net bitnodes.21.co hydra.centre sao2lrurmcsakymy.onion wiki.jungswtfwgjwile2

l6eotn7hkrq6a4n3.onionladhzzr73kxkifxg.onionlarshilse3xpyawo.onionlclmnroewgycudgz.onionleak4hiof3jcngfc.onionlhy35yf2empduecq.onionma3lisqktqdlg3t6.onionmepsoo7dhu3ylzd4.onionnixmoneyr4osbyds.onionp7sjodulp43sez46.onionpasternjaui2k53d.onion 1centcasino.com

2okd3xv4nxsaturn.onion3soamencp7cpyozc.onion3zop6bkkb46vqpjz.onion4thievzv3hh26qeh.onion5k6tjwemgtbbing7.onion6gua6qlq3scz7jam.onion6yid7vhjltxgefhm.onion7iticqxxlav4odpd.onionaemhgqbg3ucm3rmo.onionautshpxnxhuv4aip.onionbestshop5zc7t3mf.onionbestvalidxne7pq3.onionblue3237xytrz5rk.onionboyplayzwhzai3ar.onionbtcmxrcouqeacrid.onionby4ontuocmhhbu2n.onionkurdox4tfzujxddq.onionlesbianc5ldxbex4.onionlibrusecnsep4ivs.onionmgcbu7twau7arfdi.onionnin3dscmw5n2pzbp.onionnpdg6gnstu2egxpi.onionntdcvkgv3kzrzdxp.onionspvxwgi4e73dfcs4.onionv7avmdv2l6dio3cg.onioncfwl3urfcsml22hb.onionchildrdechipse52.onionvxes67oilqrbkwsb.onionw7dwxilmiwidztza.onionxujnrmw3lkpyj57r.onionxxxhkf5nqnb6g6ca.onionrothminhoy6dq45c.onionescrowq5tus5jpgw.onionsatri4bb5r56y253.oniongaschambrmavriwo.oniongreenaxgw3nkwkf7.onionhackhelpnylin6d4.onioniug4yfvnmag6tqzq.onionjvauzb4sb3bwlsnc.onion

Figure 5.1: Flowchart of the data collection and processing.

5.1 Dataset collection and processing

We conducted a comprehensive multi-threaded crawl of the Tor network to collect data for this research. Figure 5.1 indicates the procedure used for data collection. The crawling strategy using 4 parallel crawlers extracts the HTML of any Tor website reachable by a depth-first search beginning from a seed list of 23,145 onion addresses. The seed list was built by merging the list used in a recent study [46] into those achieved by manual explo- ration of Reddit, Quora, , and other well-known surface and dark Web directories during the time performing the crawls. Table 5.1 presents the list of resources used to collect the set of initial seeds. Seeds should represent a diverse set of Tor services to ensure crawls originate across different parts of the dark web. We thus manually checked when exploring the content of the dark and surface resources (Table 5.1) to choose the initial seeds. Our manual filtering also removed any domains that are mirrors of others in the list. We further verified that the seeds are currently active on the Tor network (at the time of conducting this research). Although a manually collected seed list may carry the risk of missing some parts of the dark network, its hidden nature makes it unlikely for there to ever be a single major directory

45 Table 5.1: Dark/surface resources used to collect initial seeds Surface Resources Dark Resources DarkWebNews TorLinks DeepDotWeb TorDIR AlphabarMarket HiddenWiki StackExchange ParaZit Underground DreamMarket Drugs OnionSoup TheDarkWebLinks Danian DarkNetMarket The Quora TorWiki Reddit

of Tor Hidden services. We are confident that this way results in a broad crawling of Tor because Reddit, Quora, Ahmia, and other surface Web directories are well-known among Tor users for providing the latest news and information about Tor and its hidden links. It suggests that these seeds are at worst practically helpful, and at best are ideal as entry points to the world of Tor. Since this work studies the behavior of dark services in referencing to the surface Web, the main purpose in data collection was to ensure that the set of collected Tor services can represent the real behavior dark domains have in referencing to the surface websites. To this end, our attempt was to collect the part of Tor which has notably long lifetime. Based on [45], 50% of Tor hidden services have an estimate lifetime of only 10 days or less, and 80% have a lifetime of less than a month. Therefore, we focused on the part of Tor which was active for more than one month. In addition to this rapid change in the content and structure of Tor [46], some services have temporary downtime which should be also taken into consideration for data collection. To account for these issues, three crawls were repeated in June, August, and September 2019. The total number of unique (in both onion address and content) dark services found in each month was 7,341, 8,792, and 7,978, respectively. But, we considered the union of the Tor sites collected during this period to not only control the variability in the up and down time of services, but also ensure that the data set is a representative sample of the Tor domains that have been reachable for notably

46 long time (over 90 consecutive days). This resulted in 1,905,714 unique webpages. It is worth mentioning that the services may change their after a while [46][30]. Also, some services provide mirroring which have different onion addresses, but similar content. Hence, the union should be based on both the URL of domains and their content, so that two domains with different URLs, but similar content, will be considered identical. The crawlers are also assigned to cover all hyperlinks up to depth 4 from every entry page to make the data collection as broad as possible. The depth of four was selected in consideration of balancing the time to request a Tor page [46] and the total size of the crawl. We found that crawlers only reached 5 new unseen Tor domains after crawling at depth four on average, and thus chose to stop crawls at this dept. The average time per crawl was 27 days (27 days for crawling in June, 30 days in August, and 24 days in September). To prevent any access control polices, request rate limiters, and crawler blockers which may interrupt the data collection, the crawlers only request HTML and follow hyperlinks, and do not download the full content of Web pages. We adopted the following “crawling politeness policy”: (1) the crawlers paced requests to restrict the web crawler from over- loading server with sequential requests [6]; (2) the crawlers followed the robot exclusion protocol to consider what portions of the content per domain should not be accessed. Also, the user-agent string of the crawlers has been set to the latest version of the Tor browser 1 at the time of conducting this research. We implemented the crawlers in PhantomJS and hide the identity of the crawlers using the technique used in [46]. Also, regarding the slower loading time of dark pages in contrast to the surface websites, we executed several tests over three fifth of seed list addresses and took an average of the loading time of the tested pages. Accordingly, we set the waiting time of the crawlers to 75 seconds. The cookies and browsing cache were also refreshed after each visiting. The parallel crawlers have been executed on a machine with 62 gigabytes of memory, Intel core i7, 3.60GHz.

1Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like ) Chrome/32.0.1700.102 /537.36

47 Dark domain Surface Website

Figure 5.2: Network of data collected during crawling. Red nodes indicate Tor domains and green nodes represent surface websites.

A total of 1,905,714 distinct pages were captured across all crawls. To classify the crawled pages as surface or Tor, any webpage with suffix ‘.onion’ was classified as a Tor page, while the remainder are considered to be from the surface Web. We built a graph (presented in Figure 5.2) where vertices represent dark Web domains and surface websites and a directed relation indicates a hyperlink from a dark Web domain to a dark or surface Web domain. We avoided exploring the surface websites; thus, the graph does not contain any edges from surface Web nodes to other vertices. The investigation considers how Tor domains link to other resources on either dark or surface Web and presents analyses on the characteristics of this hyperlink structure conditioned by the type of service they provide. First, we examine some basic statistics of the network indicated in Table 5.2. We find a sparse network with only 29,519 directed edges and 6,882 nodes 2. Nodes colored in red in

2All self-loops and multi edges have been removed from this graph.

48 Table 5.2: Basic parameters of the network Basic Parameter Value No. Nodes (|V |) 6882 No. Edges (|E|) 29519 No. Isolated nodes 39 Density (ρ) 0.0072 No. Connected Components 127 Avg. Shortest Path length 4.108

Figure 5.2 indicate Tor domains and their population (3,288 nodes) is approximately equal to the number of surface websites (3,593) which are green nodes. The average shortest path length also represents that by average, each node is reached from any other node using 4 edges. The network also includes 127 weakly connected components where the largest one contains 6,564 vertices (95%) and the others with 28 and 13 nodes are the second and third largest connected components of this network. However, further analysis indicates that by removing the surface websites (green nodes) from the network, it shatters into 33 weakly connected components with the largest one having 2,053 (62% of all dark domains). This implies that the pattern Tor services use to link to surface resources make almost all the nodes connected in one single massive component. Hence, similar to other socio-technical networks [12], the formation process of this network encourages linking to others to alleviate information dissemination through the network. To categorize the services provided by Tor, we employ an automatic content discov- ery and labeling procedure that we previously developed and used in the Chapter4. The process runs the content of every Tor Web page 3 through the Latent Dirichlet Allocation (LDA) [10]. LDA is a widely used unsupervised method for topic modeling which assumes documents as probability distributions of the related topics and each topic as the probability distribution of the set of words associated with it and frequently occurring with each other. Since the results of LDA indicate the dominant topic of each document as a set of words, its intuitive approach would be beneficial for interpretation of the results. Although assigning

3content is defined as any string outside of a markdown tag.

49 a semantically meaningful label to the set of words per topic can be conducted manually, to avoid any bias towards a priori knowledge of human experts, we leveraged Graph-based Topic Labeling (GbTL) [27]. GbTL derives a unique semantic label for a set of words using concepts and relationships provided in DBpedia knowledge graph. Eventually, each Tor hidden service is assigned a label by the dominant topic present across the set of all Web pages investigated in the domain. For more details on the topic labels inferred, please refer to the Chapter4.

5.2 Evaluation of dark-to-surface referencing

We evaluate the network of references from dark domains to the surface websites with the following process. First, we provide an investigation over the relationships between dark domains with surface Web pages. The analysis reveals to what extent Tor services contain linking to resources on the surface Web which can be a threat for their users’ privacy. Then, we perform, a micro-level study on the reference network of Tor to surface resources using well-known network measurements. Such an analysis will indicate how referencing to the surface Web can have influence on the linking structure of the Tor network. The results of both evaluations provide insights into the type of content and information provided by the Tor services.

5.2.1 Linking process of Tor services to dark/surface resources

To gain an understanding of the linking process in the network, Figure 5.3 shows the num- ber of hyperlinks from each Tor domain to resources on the surface and dark Web. From the vertical and horizontal lines in the scatterplot, points can be classified into three divisions: (1) Services with less than 3 surface Web neighbors: This category is comprised of 13% of dark domains. The points colored in blue indicate the Tor domains belonged to

50 Figure 5.3: Number of references to surface Vs. dark Web; both axes in logarithmic scale.

this category. The more interesting finding is that 8% of all Tor services that belong to this category have only links to dark services with no reference to the surface websites. Therefore, only less than one tenth of dark services have immunity against the informa- tion leakage caused by linking to the surface Web. Figure 5.4 indicates the distribution of reference sizes, i.e. number of references, for the first group in logarithmic scale. Values with the largest frequency denote that most Tor domains in this category have around 50 to 100 hyperlinks to the other dark domains. Manual investigation on the domains with maxi- mum number of dark neighbors reveals that they belong to 31 Tor domains which is nearly equal to .94% of all Tor services studied in this research. Investigating their corresponding services shows that they are some well-known dark directories which provide large lists of onion addresses in Tor network. For instance, one of the domains with maximum num- ber of dark neighbors is a Tor directory (5jgis47vdcpaeafp.onion) containing 1,264 links to other onion services in Spanish. (2) Services with less than 3 dark Web neighbors: The points colored in green repre- sent services belonged to this group. This group is comprised of 20% of all Tor domains where 14% are dark services which have links to the surface Web, but no reference to dark

51 500 Frequency 1 2 5 10 50 200

1 2 5 10 20 50 100 No. Dark Web Neighbors Figure 5.4: Distribution of number of Dark Web neighbors for Tor domains in the first category; both axes in logarithmic scale.

domains. This implies that less than one fifth of dark services contain links to only surface resources. To further explore such services, Table 5.3 provides description of some Tor domains with number of surface Web neighbors near the maximum (500) with no links to other dark domains. These domains are some popular services that offer digital cryptocur- rency, hacking, and hosting Tor services. Clients of such domains are referred to surface pages to do bitcoin transactions, access latest news and information, or download multi- media such as electronic books. This finding reveals that there are some dark domains that regardless of their popularity among Tor visitors have high potential to leak confidential information of their users. Hence, not only their clients should be aware of this threat, their owners should also consider changes in the design of their pages or the content they host on their services. (3) The rest of points belong to dark services that contain hyperlinks to both surface and dark Web. The points colored in black indicate services belonged to this group. This group forms 78% of all points on the plot which in addition to the size of second group implies that more than 90% of Tor domains have at least one hyperlink to the surface

52 Table 5.3: Onion domains with more than 200 references to surface and no link to Tor Onion Domains Service # of Surface Web Neighbors 222222b63tfqitrx Bitcoin 188 222222zsr3ih57iw Bitcoin 196 3wcwjjnuvjyazeza Hacking books 697 4do6yq4iwstidagh Hosting Debian Services 158 4sy6ebszykvcv2n6 News (German) 1358 5nca3wxl33tzlzj5 Hosting Debian Services 232

Table 5.4: Summary statistics of network features Parameter Min 1st. Qu Median Mean 3rd. Qu Max Edge betweenness Cent. 0.00 1.00 3.00 59.75 28.00 81,126.53 Avg. Shortest Path Len. 0.00 0.00 0.00 0.21 0.00 6.64 Eccentricity 0.00 0.00 0.00 0.25 0.00 11.00 In-degree Cent. 0.00 2.00 3.00 4.29 4.00 309.00 Out-degree Cent. 0.00 0.00 0.00 4.29 0.00 1,358.00 Stress Cent. 0.00 0.00 0.00 175.00 0.00 230,857

resources. It reveals to what extent dark domains can have the potential for the information leakage caused by linking to surface world.

5.2.2 Analyzing reference view of Tor services

Now, we conduct topological analysis on the directed network of references from dark domains to other dark/surface resources based on several measurements of network prop- erties. Table 5.4 indicates the basic statistics of the network. As shown, distributions of all network parameters are right-skewed because the mean is larger than the median, right tail of the distribution is long, and median is closer to the first quartile. Figure 5.5 denotes the CCDF plot of the distribution of each feature in a log-log scale. Complementary cumu- lative distribution function, CCDF, of a random variable ν indicates the probability that ν will be larger than a particular value x [52]. 1. Edge betweenness centrality. 4 The edge betweenness centrality of an edge e shows number of shortest paths between each pair of vertices that traverses through e

4It is calculated for networks with no multiple edges.

53 0.02 0.10 0.50 0.005 0.050 0.500 0.01 0.05 0.20 1.00 0.001 0.010 0.100 1.000 1 100 10000 1 100 10000 1 5 20 100 12357 Edge Betweenness Stress In-degree Average Shortest Path Length 0.1 0.2 0.5 1.0 0.02 0.10 0.50 0.005 0.050 0.500 0.005 0.050 0.500 0.01 0.05 0.20 1.00 0.01 0.05 0.20 1.00 0.001 0.010 0.100 1.000 1 100 10000 11 1002 10000 5 10 11 5 5 20 50 100 500 1e-0512357 1e-03 1e-01 Edge Betweenness EccentricityStress Out-degreeIn-degree AverageClustering Shortest Coefficient Path Length

Figure 5.5: Frequency Distribution of Network Parameters

divided by total number of shortest paths between that pair of vertices [39]. Assuming

Centb(e) as the edge betweenness centrality of edge e, the partial betweenness value of this edge for each pair of nodes is defined as below: 0.1 0.2 0.5 1.0 0.005 0.050 0.500 0.01 0.05 0.20 1.00 1 2 5 10 1 5 50 500 1e-05 1e-03 1e-01 Eccentricity Out-degree Clusteringδvt (Coefficiente) bvt(e) = δvt

where δvt(e) denotes the number of shortest paths between v and t that have the edge e and

δvt is the number of shortest paths between v and t. Centb(e) is defined as the summation of the partial values for all pairs of vertices:

X Centb(e) = bvt(e) v6=t∈V

A high value of the edge betweenness centrality for an edge implies that it plays a

54 Table 5.5: List of edges with Edge betweenness Centralities greater than 10,000 Source Target Source service type Target service type dirnxxdraygbifgc wiki5kauuihowqi5 Directory Directory doe6ypf2fcyznaq5 dirnxxdraygbifgc Directory Directory hiddenwik55b36km newsiiwanaduqpre Directory News lwplxqzvmgu43uff doe6ypf2fcyznaq5 Forum Directory deurfnquin7mvni2 godnotabatovgyqz Directory Directory newsiiwanaduqpre dirnxxdraygbifgc News Directory

significant role in bridging communication between network vertices. Since the network does not contain any edges from surface to other nodes, edges here indicate relationships between a pair of Tor domains (dark-dark edges) or from one Tor domain to a surface website (dark-surface edges). Therefore, all dark-surface edges have low edge betweenness centrality and analysis on the edge betweenness centrality indicates the influence of dark- dark edges in bridging connections between the dark services. According to Table 5.4, average edge betweenness centrality is 59.75 which has sig- nificant difference with the maximum centrality (81,126.53). The reason of such high skew in the average is that centrality of sink nodes, surface websites, is zero which makes the average closer to zero. Figure 5.5 indicates that the probability of values greater than 100 is rapidly decreasing from values more than 0.1 to values near zero. There are a few domains with centralities near the maximum value. To gain an overall impression of such edges, Table 5.5 presents the type of services provided by their corresponding source and target domains. As illustrated, these domains are well-known Tor information providers as either directory or news/forum services. This finding emphasizes that any information dissemi- nation from the Tor information providers can be released over the dark Web. Also, any removal of these services may affect the communication between several pairs of services through the shortest paths between them. 2. Eccentricity. The eccentricity of a vertex is the maximum distance it has from other vertices in the graph [24]. The distance between two nodes is the length of the shortest path between them where length of a path is declared as the number of edges building the path.

55 Eccentricity of an isolated node is zero. By computing the shortest path between the vertex v with others, we calculate the eccentricity centrality of v, Ecc(v), as:

Ecc(v) = dist(v, k)

where k is the node which has longest shortest path with v and function dist returns the distance between them. Low (non-zero) value of eccentricity implies that other vertices are in proximity of v while high eccentricity reveals at least one node and its direct neighbors are located far from v. The maximum value of eccentricity can also depict the diameter of a network which is defined as the largest distance between two nodes. For a disconnected network, diameter is the maximum diameter of all the connected components. As Table 5.4 demonstrates, the diameter of the network in Figure 5.2 is equal to 11.0. The radius is also defined as the minimum none-zero eccentricity of a network which is here equal to 1.0. The distribution of eccentricity in Figure 5.5 indicates that the probability of eccentricity equal to 1 is close to 1 and the probability decreases by increasing the value of eccentricity. This indicates that most vertices of the dark-to-surface referencing network are in proximity of each other. This finding is in contrast to what observed for the Tor dark services in the Chapter4 where domains intend to make themselves isolated from other dark services. 3. Stress centrality. The stress centrality indicates the number of shortest paths running through each node in a network with no multiple edges [11]. Higher value of this centrality shows that the vertex is traversed by a large number of shortest paths and hence, plays an important role in information dissemination. However, the corresponding node may not be critical in maintaining the communication between pairs of vertices as there may be other shortest paths between each pair that are not passed over it. Let σst(v) denote the number of shortest path between two vertices of s and t that contain node v. The stress

56 Table 5.6: 20-top Tor Services with high Stress centrality Service address Service type/name Service address Service type/name Automated bots 24boths2mh6sxaz5 kpvz7ki2lzvnwve7 HiddenWiki for rent (Russian) Digital Crypto 24xbtc424rgg5zah hosting6iar5zo7c Real Hosting (Russian) Dark Community 2qrdpvonwwqnic7j gnvweaoe2xzjqldu VisiTor (Italian) 32pbf32xi6ccm63z Pornography 2ddjd7xsni7pefcx Fresh OnionLand DarkWiki 3bbaaaccczcbdddz darkwikiss2rmeby Search Engine (Russian) 3kyl4i7bfdgwelmf DeepDotWeb deurfnquin7mvni2 Pyrowiki drug wiki Runion Forum doe6ypf2fcyznaq5 torlinkbgs6aabns HiddenWiki (Russian) dirnxxdraygbifgc OnionDir wiki5kauuihowqi5 HiddenWiki Debian Onion 4do6yq4iwstidagh newsiiwanaduqpre News blog on Tor Service Search Engine Runion Forum 4hohkxjvlt5fjzqv lwplxqzvmgu43uff (Portuguese) (Russian)

centrality of v, Cents(v), is defined as follows:

X Cents(v) = σst(v) s6=t6=v∈V which results in the summation of partial centralities for all pairs of nodes in the network. According to the Table 5.4, the average stress centrality of the network is 175 while its maximum value is equal to 230,857. As Figure 5.5 illustrates, the probability of values higher than the mean is rapidly decreasing from 0.5 while the probability for the rest is near 0.5. Investigation reveals that most network nodes (94%) have stress below than the mean and only a few centralities (6%) are higher than this value. In addition, since surface nodes have no out-going edges, their stress centrality will be zero. Thus, the minor large centralities belong to the Tor services. This finding implies that most Tor domains are reluctant to contribute in information dissemination through the network which let them be hard to observe by Tor clients and law enforcement agencies. Assuming Tor domains sorted in descending order based on their stress centrality val-

57 Table 5.7: 20-top Tor Services without-degree centrality greater than 400 Service type Domain name Service type dirnxxdraygbifgc Directory jh32yv5zgayyyts3 Directory 4sy6ebszykvcv2n6 News wikitjerrta4qgz4 Directory 4zkgktc6hjdmp6kw Directory chws5ibwliag4fyc Directory 5jgis47vdcpaeafp Directory wiki5kauuihowqi5 Directory gnvweaoe2xzjqldu Multimedia hiddenwik55b36km Directory 7g5bqm7htspqauum Directory torwikignoueupfm Directory 2ddjd7xsni7pefcx Directory zgrl6sghf5jh37zz Directory

ues, Table 5.6 presents the 20-top dark domains that provide content in different languages such as Russian and Portuguese. More than half of these domains belong to popular di- rectories and their high stress centrality is the result of their huge number of in-coming and out-going connections. There are also two forums, one Bitcoin, and one bot rental domain that provide services in Russian. There are also one pornography, one news blog, and one hosting service which show the other main Tor domains conductive to information transmission through the dark Web. 4. Out-degree. The out-degree centrality indicates the number of links each domain or website has to others. As Table 5.4 illustrates, values range from 0 to 1,358 where the mean is 4.29. The distribution plot in Figure 5.5 shows that the probability of values lower than the mean is near 1. Most nodes (81%) have no link to others and it includes all sur- face nodes along with 60% of Tor domains. This finding implies that more than half of Tor services are reluctant to refer their clients to either surface or dark sources. For the remaining 40%, their out-degree lies in [1, 1358] and according to the manual investiga- tion, only 14 domains have out-degree centralities higher than 400. Table 5.7 provides the description of services provided by the domains which have more than 400 references to others. As shown, there are some popular directories, one news, and one multimedia service. This finding is not surprising as directories are the services that provide huge num- ber of onion addresses that results in high out-degree centrality value. News services also provide content in different subjects and may support their validity by referencing to the

58 Table 5.8: 10-top Tor Services with In-degree centrality greater than 100 Node Web address Node type blockchainbdgpzk.onion (and its 3 mirrors) Dark Bitcoin btc.com Surface Bitcoin twitter.com Surface Twitter Facebook.com Surface Facebook torproject.org Surface Tor github.com Surface GitHub 3g2upl4pq6kufc4m.onion Dark DuckDuckGo

original websites of the news. Manual exploration of the information hosted on the mul- timedia service also reveals that this domain contains several hyperlinks to other similar pages on both Tor and surface Web which provide technical information about Tor and Debian . 5. In-degree. This metric denotes the number of links to a dark domain or surface website. As Table 5.4 depicts, values range between zero and 309 with the mean of 4.29. Probability of values lower than the mean is near 0.5 while probability of values more than 100 is below 0.1. Manual investigation shows that only 8.8% of nodes have less-than- average in-degree, 91% have in-degree between the mean and 100, and only 10 vertices have more than 100 in-coming links. To further consider such outliers, Table 5.8 presents their address/names and whether each belongs to dark or surface world. As Table 5.8 indicates, one dark and surface bitcoin services are among the vertices having more than 100 in-coming references. It is not surprising because there are markets on dark Web which utilize digital cryptocurrency using either dark or surface Web services as their payment method. The DuckDuckGo search engine is another dark service with notably high in- degree value. This denotes that there are several Tor domains which refer their clients to DuckDuckGo for further search on Tor. There are also some well-known surface websites such as Twitter, Facebook, GitHub, and Tor project which are referenced by several Tor domains which reveals their popularity among even dark services. 6. Average Shortest Path Length. This metric is one of the most important features

59 of real-world complex networks [33]. This global metric denotes the expected distance between each connected pairs of vertices. Assuming G = (V,E) is a directed graph, dist(s, t) shows the shortest distance from s to t, and αG depicts the number of all paths in G, SP (G) which is the average shortest path length of G is defined as:

P|V | dist(vi, vj) SP (G) = vi,vj ∈V αG

where for an isolated node, the distance to any other vertex is 0. Similarly, if vi = vj, the average shortest path length will be 0. Based on Table 5.4, the average (.2) and maximum (6.64) values of this metric indicate that every network vertex can be reached from others using by average one and at most 7 edge(s), respectively. As Figure 5.5 illustrates, the probability of values lower than or equal to 2 is close to 1 while for values near seven, the probability is lower than .2. This finding implies that most nodes are accessible via at most two edges and only a few of them are far from the others. As discussed earlier, the linking process of the network shows that most nodes participate in a single massive connected component which can explain why the average shortest path length of most nodes have low values. Since the network is almost connected and the maximum value for the average shortest path is comparable with the logarithm of the network size, clients of this small world can reach every dark domain or surface website after traversing a short distance on the network.

5.3 Chapter summary

This work studies the network of references from dark Tor domains to surface resources using well-known network analysis measurements to answer how the network of dark-to- surface references differs with the linking pattern of Tor domains. It also investigates to what extent dark domains are vulnerable against information leakage caused by linking to

60 the surface Web world. To gain a deeper insight into the nature of Tor services, the results are also analyzed regarding the type of information provided by Tor domains. Results reveal a structure that contrasts with the hyperlink network of Tor. The linking network of Tor to surface Web is a single large connected component with small number of isolated Tor domains. However, Tor resources have still tendency towards isolation. Only a few Tor domains are immune against information leakage while more than 90% have at least one reference to the surface Web. Such referencing to surface makes Tor domains closer to each other and raises their tendency to cluster. But, it does not increase the contri- bution of dark domains to either communication or information dissemination through the network. Investigations on the service type of dark domains reveal that popular Tor directo- ries have the largest proximity to all the other Web resources and significantly contribute to both communication and information dissemination through the network. A few domains with other types of services such as news, pornography, and multimedia also contribute to information propagation through the dark-to-surface referencing network. Analysis on the degree distribution reveals that well-known surface websites such as GitHub, Twitter, and Facebook are popular even among Tor domains.

61 6

Structural Identity Characterization

There is still a gap in our understanding of the interplay between the structure and infor- mation on Tor. Structural identity is a concept of categorizing network nodes based on the structure of relationships they have with others. Assuming that the structural identity of Tor domains denotes their neighborhood structure independent of their service type or their location in the network, there are open questions whether the structural identity of Tor domains has any relationship with the type of services they provide and if there is any dom- inant structural identity on Tor. Answering these questions will give us hints on micro-level connections each domain has in the network. It will also reveal how different the Tor do- mains are in their structural identity and what makes this difference. If there is any relation between the service type and the neighborhood structure of dark domains, such an insight can be useful in predicting links between a new domain with the others based on their ser- vice type. Moreover, marketplaces in the dark Web may experience temporary downtime and appear after a while, but with a new identity. Identifying the linking patterns in the neighborhood structure of marketplaces can helps track the moving vendors even if they change their identity. Scrutinizing the dense or sparse patterns in relationships among do- mains also leads to predicting the proportions of the Tor network which have vulnerability against node removal or targeted attack.

62 To this end, we conduct a micro-level investigation on the neighborhood structure of Tor domains using struc2vec and classify the extracted structural identities by hierarchical clustering to study any relationship between domains’ structural identity and the type of service they provide. Our findings reveal that the structural identity of Tor services can be categorized into eight distinct groups. One group belongs to only Dream market services where neighborhood structure is almost fully connected and thus, robust against node re- moval or targeted attack. This insight helps track and trace moving vendors of the Dream market domains based on the linking patterns in the neighborhood structure of their ser- vices. Domains with different types of services form the other clusters based on if they have links to Dream market or to the domains with low/high out-degree centrality. Results indicate that the structural identity created by linking to services with significant out-degree centrality is the dominant structural identity for Tor services. Our study on the types of ser- vices illustrates that structural identity of shopping domains put them in a position that competing with their counterparts, Dream market, to attract and keep users’ attention will be difficult. This chapter is organized as follows: Section 6.1 explains how to extract the structural identity of Tor domains and presents the evaluation results and analyses over service types of domains. Finally, Section 6.2 summarizes the main conclusions.

6.1 Structural identity analysis

This section presents the analyses conducted on structural identity of Tor domains. First, we explain how to extract the structural identity of Tor domains using the struc2vec algorithm. Then, we conduct hierarchical clustering over the embedding vectors which represent the structural identity of Tor domains. This will let us find which vectors are similar to each other. Next, we analyze the clustering results with regard to the service type of domains.

63 6.1.1 Tor structural identity representation

The main purpose of this work is to specify the structural identity of Tor domains based on their network structure. This identity reveals latent similarities among domains regardless of the services they provide (as vertices’ labels) and their position in the Tor network. To this end, we employ the struc2vec algorithm to learn the latent representations for the structural identity of Tor domains. Struc2vec [40] is a technique to learn a language model from a network as vector embedding for vertices. The basic steps of struc2vec are as follows:

− Compute structural similarity between all node pairs: this similarity should be in- dependent of the node or edge attribute, node position in the network, and even the network connectivity. The latent representations of nodes should be also strongly co-related to their structural similarity. Hence, the more similar network structures of two nodes, the closer their latent representations. To do so, this step uses a hier- archical similarity metric to capture more information on the structural similarity of nodes for different neighborhood sizes.

Suppose that G = (V,E) indicates the graph of G with the node set V (n =| V |)

∗ and the edge set E. Let d indicate the network diameter, and Sd(u), d ≥ 0 denotes the set of nodes at distance d of the vertex u. Also, for S ⊂ V , os(S) denotes the ordered degree sequence of vertices in S. The elements in S are integers in the range of [1, n − 1] and repetition is possible. To impose a hierarchy to measure the latent similarities, comparisons between ordered degree sequences of each pairs of nodes

is considered. If fd(u, v) denotes the similarity between u and v based on their d- and (less than d)-hop neighbors (including all the edges among them), it is defined as follows:

fd(u, v) = fd−1(u, v) + g(os(Sd(u)), os(Sd(v))), d ≥ 0

64 where g(os(Sd(u), os(Sd(v)) indicates the distance between two ordered degree se-

quences of os(Sd(u)) and os(Sd(v)). It is worth mentioning that f(u, v) is only

defined when both vertices have nodes at distance d. And, f(u, v) = 0 if d 6 0,

and fd−1(u, v) = 0 if d-hop neighbors of both vertices are isomorphic and thus, map

the both vertices onto each other. Since Sd(u) and Sd(v) can have different sizes, to compute their distance, Dynamic Time Warping (DTW) is used to loosely compare the patterns in sequences with different sizes [43]. To do so, DTW matches the el- ements of sequences in a way that sum of distances between pairs of elements will

be minimized. Assuming ei ∈ Sd(u) and ej ∈ Sd(v), their distance, dist(ei, ej), is computed as follows:

max(ei, ej) dist(ei, ej) = − 1 min(ei, ej)

− Generate a weighted multilayer graph to encode the structural similarities between vertices: suppose that M indicates such a graph, it is comprised of d∗+1 layers where each layer d = 0, ..., d∗ is a weighted undirected complete graph of | V | nodes and

n 2 edges, and it is defined by the d-hop neighbors of nodes. Edge weights are also defined as the inverse proportion of the similarity calculated for their corresponding

node pairs. If wtd(u, v) indicates weight of the edge between u and v in the layer d, it is defined as follows:

−fd(u,v) wtd(u, v) = e

Based on the definition, edges corresponding to the vertices with high similarity to a vertex will have large weights across all the layers. To connect the layers, each vertex in layer d is attached to its corresponding vertex in the layers d − 1 and d + 1 using directed edges. The weights of such edges are defined as below:

∗ wt(Eud,ud+1 ) = log(Ωd(u) + e), d ∈ [0, d − 1]

65 ∗ wt(Eud,ud−1 ) = 1, d ∈ [1, d ]

where Ωd(u) is as follows:

X Ωd(u) = I(wt(Eud,vd ) > wtd) v∈V

I(st) indicates an indicator function, returning 1 if st is true. Based on the defi-

nitions, Ωd(u) shows the number of edges of vertex u with weights larger than the

average edge weight in the layer d (wtd). In other words, it represents the similarity of u to other nodes in the layer d.

− Produce structural context for nodes: this step uses a biased random walk moving on the multilayer graph M to generate node sequences. Assuming that the probability

of staying at the current layer is P rs > 0, the probability of moving from node u to node v ∈ V (v 6= u) in the layer d is defined as:

e−fd(u,v) P rd(u, v) = P e−fk(u,v)

According to the definition of P rd(u, v), the probability of moving to nodes which are structurally more similar to u will be higher than the probability of moving to nodes with small similarity.

Given the probability of stepping to another layer, 1 − P rs, the random walk will move to the layers d + 1 or d − 1 based on the following probabilities:

wt(Eud,ud+1 ) P rd(ud, ud+1) = wt(Eud,ud+1 ) + wt(Eud,ud−1 )

P rd(ud, ud−1) = 1 − pd(ud, ud+1)

66 Every vertex that the random walk moves to in a layer will be added to the context. This process of random walking is started for each node from layer 0 and repeated for a certain number of times.

− Learn the language model: this step generates the language models of node se- quences created in the previous step using Skip-Gram. Main purpose of Skip-Gram is to maximize the likelihood of each vertex’s context in the corresponding sequence. The vertex’s context is given by a window of size w centered on it, and the Skip- Gram architecture utilizes Hierarchical Softmax, where conditional probabilities are defined based on a tree of binary classifiers.

To implement struc2vec, we utilize all the default settings specified in the original paper [40]. In the experiments, we used the data collected and introduced in the Chapter4. For more information on the data description and the processing method, please refer to the section 4.1. Employing the struc2vec algorithm on the data results in a set of 1766 embedding vectors with default length of 128.

6.1.2 Clustering Tor structural identities

We classify the set of vectors using hierarchical clustering to see how vectors that belong to domains with similar service type locate in the same clusters. To ensure that the cluster- ing method is able to find small clusters, we utilize Agglomerative Hierarchical clustering algorithm (AGNES) which has a bottom-up approach in generating clusters and is able to capture clusters with small size [41]. AGNES starts with considering each point as a single- cluster. Each step, the similarity between each pair of clusters is calculated and two clusters with the highest similarity are combined into a new larger one. This procedure is repeated until all points are allocated to just one single cluster. To define the similarity between two clusters, we employ the Ward’s minimum variance method [49] which mini- mizes the final within-cluster variance by merging the pair of clusters that have minimum

67 sum of squared Euclidean distance. The reason of choosing the hierarchical clustering is that it avoids the problem of choosing the number of clusters before running the algorithm [38]. Dendrogram, also called cluster tree diagram, which captures the results of clustering provides a visualization of the clusters at different granularities. This visualization can help determine the number of clusters with no need to rerun the algorithm. Hierarchical clustering also allows to cope with more intricate shapes of clusters in contrast to some methods such as Kmeans or mixture models with more restrictive assumptions on, for instance, the shape of clusters to be spherical, the clusters’ sizes to be the same, or the original data to follow a particular distribution [38]. In this work to avoid any bias towards our a priori knowledge, we leverage average Silhouette width [42] to specify the number of clusters. This metric is a graphical aid to evaluate clustering validity based on comparison of similarity among clusters. In other words, it measures how cohort a sample is with other samples in the cluster. Assuming that s indicates a sample in cluster A, adA(s) is defined as the average dissimilarity sample s has with all other samples in A, and adC (s, C) denotes the average dissimilarity between s and samples in cluster C. If adall(s) = minC6=A(adC (s, C)), the Silhouette width of sample s, Silh(s) is defined as:

ad (s) − ad (s) Silh(s) = all A max(adall(s), adA(s)

Ranging in [−1, +1], Silhouette width equal to +1 for a sample denotes that it is perfectly matched to its own cluster and poorly matched to others. The higher the average Silhouette width, the more appropriate the clustering configuration. Figure 6.1 illustrates the values of this metric for different number of clusters from 1 to 20. As indicated, the average Silhouette width for eight clusters has the maximum value (0.54). Hence, in the following analysis we consider eight clusters for the original data.

68 Average Silhouette Width 0.1 0.2 0.3 0.4 0.5

2 4 6 8 10

Number of clusters k

Figure 6.1: Average Silhouette width Vs. different number of clusters

Figure 6.2 indicates the dendrogram of the hierarchies found in the data. With regard to cut-off equal to 8 as the number of clusters, first five clusters have a hierarchy separated from clusters 6, 7, and 8 with distance (dissimilarity) larger than 40. The distance between clusters 1 and 2 is less than 30, which is lower than the distance between other neighboring clusters. Clusters 1, 2, and 7 have the largest size among the others while clusters 3, 5, and 8 have the smallest size. To find a better insight into the clustering results, we further investigate the type of services for domains in each cluster (Figure 6.3). As mentioned before, samples within a cluster represent the structural identity of the Tor domains, and the labels of samples indicate the service type provided by the related domain. As Figure 6.3 illustrates, one group is belonged to Dream market while the others contain different types of services. As reported in the Chapter4, the Dream market domains have a tendency towards isolation which makes them separated from the other domains in the Tor network. This is in compliance with our finding which reveals the Dream market services have a distinguished structural identity. It also implies that with high probability, a new Dream market service contains hyperlinks to other Dream market domains which

69 Cluster distance aoiyi lses1t .Mna netgto ihnteecutr niae httheir that indicates clusters these within investigation Manual 4. market to 1 Dream clusters to in link majority no have that domains 1 to their belong in clusters these in samples of 80% with vertices The extracted. is structure data. neighborhood whose the domains in the indicate services size maximum these 6.4 of Figure structures marketplaces. neighborhood Dream some the denotes of intra-connectivity reported dense which and 4 Chapter modularity the high in finding the previous our with targeted accordance or in also removal is node This attack. against robust fully intra-connectivity almost the is their over services makes market exploration which Dream Manual connected, the of market. structure neighborhood Dream that as reveals Dream 6 type to cluster service links its several with predict domain can unknown we an given market, Also, Web. dark the on active are

0 10 20 30 40 ute netgto vrsmlsi lses1t hw htb vrg,mr than more average, by that shows 5 to 1 clusters in samples over investigation Further

st 80 83612312452761955753157328626078737563 n 2 and - 69560031929 2372412312713168812993063001615672058 44244177977728810377537434441401976 15779879632232110135843711511730429012 7918108178218098198128258588281411033349 96189594695291288292389488794492892281343 884900916918888940901950910898937931926956929 1006930934909876902889892907875869886896874873 1172594201418424187144155866859979968911942920 615690606738772806415388416381384776537523611 nd 112127118134109142116692532644645688558510 1461361471331321311191381401201391291497697 iue62 edormo h irrhclClustering. Hierarchical the of Dendrogram 6.2: Figure 88778974 dge egbrod ietre n/rsopn oan r the are domains shopping and/or Directories neighborhood. -degree 1059199865885938294668779849583 5905786395776186028237334906134975911027298 125108107106760648951832808712718346617056 289723687756104453399766805463538485159 450757417422413408427410423838749783758755862 1024420464466496435443459438570551407421949742 870865903962953995913939925857885921846856849 1011123512801282101711411097996899992936935978973960 123010151028102210531208863947986914977975985970905 100010091008105210371005957976994983965991908919871 1001665660761933971974972959945966969932938955 848851837830829839674581677697699850826835847 173137145175130148160216197702706754853855843 576585511664596574625528614563636545622589143 572555500623652521512640628653631673487522498 516671550514627566553666621610626651609524667 679598586588676499579612575637670542548642629 491663647533601603624597668669638656681650608 675635547519686616685662655684649661580565682 127310441256680833854941893964672643593634599569 751841904834792786890880803824852799782804678 479864861943897879845990924917927967915753752 Data samples 476543263639233231 63212812610011469847021221724962725 71071713586848278742672292141211181350 304111110113122121744153811656445534754 789457447436658734800771741700788317198295312 7908207844944284447268168574969555271 251292267188244860815732748750797767765822759 906877842814795793794867703701731778763883781 70 1040844 434432425429401617831818691445747689780840980 954657620696654827659683743708705693774419440 11061016785714721715709816872694725313329314963 1002128412861150430433463484891878948740739802736 745746807770768769764801485564460489431583549 503472517467513538449458454520539483582552540 562488529492595605475554506486477508462455587 534584465568525518480495448469633630451502571 559468567461478473456544604501560556546641481 504446515474471505530646526493535452507592561 374389366412339360335342402386607541509439536 265390338383404409395349232208373376411202209 343379242163192391151394350380347344385 Cut 196392221240372377370414387168164398183354378 219249193220189248263176272165294179203228239 170256406185230217190213205247275245276218211 223252212182159152226150171268194186191214172 158 - 238222181262210207162167233199154204178169253 1166110511161184109110191266236234224161174156 off = 8 111811211180106112621200126011731212126911331089115710561129 10751178124411891162103512171020109910451060118112371039988 105012331094111111911128122610951240114211601079119710141070 107712831027103010121185112411951246106512181086111912191192 10921175124212341186127110671139109011271136110012531066993 11561267105911901183123812201174128111451114101811871132984 10211204121511981120125711071083115111251275102610551102982 109811771123120610781251120712241279122112781038114010421265 1108115310321213118211961144127712491058106412411131958987 115212641154125511261168124810721036121412541164113810731029 106310621093120210881074106910841146122911941222127011151268 1211120311631071120510871239111710761130102310431243981 100710331231122511341034117912501031104811121137111311611057 11471165125912741247115512161193126112361169127212581285 115911881082114912091122120111011210114310471110122811711109 122712451025105412521232116712231085110310811080998999 12761046100411581263100311041135109610131176104110511148989 11701199104910681010716735737729704724711719713997 333359328332361371356403762773727720707730728 345323397334325353326369396375341365393348355 382364368363327367337352357331318340405362400 303280229255298246287320260266311279330351336 297308243315184284305309177281302206291261293 195200227166296258290282215278274286324180264 269301270225235277283285250254257259307310273 Cluster 8 7 6 5 4 3 2 1 Cluster1 Cluster3 Cluster5 Cluster7

100 20 20

100 75 15 15

50 10 10 50 5 5 25

0 0 0 0

Bitcoin EmailForum News Bitcoin EmailForum News Bitcoin EmailForum News Bitcoin EmailForum News Directory Shopping Directory Shopping Directory Shopping Directory Shopping GamblingMultimedia GamblingMultimedia GamblingMultimedia GamblingMultimedia Dream Market Dream Market Dream Market Dream Market

Cluster2 Cluster4 Cluster6 Cluster8

200 25 100 75 20 150 75 15 50 100 50 10

25 50 25 5

0 0 0 0

Bitcoin EmailForum News Bitcoin EmailForum News Bitcoin EmailForum News Bitcoin EmailForum News Directory Shopping Directory Shopping Directory Shopping Directory Shopping GamblingMultimedia GamblingMultimedia GamblingMultimedia GamblingMultimedia Dream Market Dream Market Dream Market Dream Market

Figure 6.3: Label Distributions in the resulted clusters

Figure 6.4: Examples of neighborhood structure for Dream market domains

71 Out-degree Centrality 1.000

0.100

0.010

0.001

1 10 100 Figure 6.5: CDF plot of out-degree centrality for Tor domains

Table 6.1: Basic statistics of the out-degree centrality for Tor domains Statistic Value Min 0.000 Max 407.000 Mean 6.486 Median 2.000 First Quartile 1.000 Third Quartile 5.000

samples belong to domains which have links to domains with high out-degree centrality. To have better insight into such clusters, we consider basic statistics of out-degree centrality, presented in Table 6.1, and its CDF plot, illustrated in Figure 6.5. As the Table 6.1 presents, the distribution of out-degree centralities is right-skewed since the mean is larger than the median and the median is closer to the first quartile rather than the third one. The CDF plot also denotes the probability of values larger than the average notably decreases from 1 to lower than 0.1. In fact, only 19% (249 domains) of Tor domains studied in this work have out-degree centralities larger than the average. The domains belonging to the clusters 1 to 4 have direct links to the domains with out-degree centralities greater than the average and this linking makes their 2nd-degree neighborhood large. On the other hand, gambling is the major population of domains in cluster 5. Investigation shows that the out-degree centrality of 73% of the domains in cluster 5 is lower than the average (Table 6.1) and they link to other domains which also have out-

72 Figure 6.6: Examples of 1st-deree neighborhood structure for domains in clusters 1 to 4

degrees centralities lower than this value. Therefore, their 1st-degree neighborhood is small, sparse, and thus, vulnerable against node removal. Regarding the cluster sizes, we observe that the first four clusters contain 60% of the Tor domains studied in this work. As mentioned, these clusters belong to domains which have links to services with high out-degree centrality. The 1st-degree neighborhood of the domains can be small or large depending on their out-degree centrality. Figure 6.6 illustrates some examples of 1st-degree neighborhood structure of such domains (specified with larger size). Figure 6.7 demonstrates some examples of the 2nd-degree neighborhood structure of the domains in clusters 1 to 4. As illustrated, due to linking to services with high out-degree centrality, the 2nd-degree neighborhood graph is large, dense, and hence, robust against node removal. This implies that in spite of the sparse nature of Tor domains discussed in the Chapter4, the structural identity of more than half of them indicates a 2 nd-degree neighborhood which is robust against node removal. Further investigation over the samples in clusters 7 and 8 reveals that in contrast to the

73 Figure 6.7: Examples of 2nd-degree neighborhood structure for domains in clusters 1 to 4

first five clusters, 88.4% of domains in cluster 7 have direct links to Dream market while 92% of domains in the cluster 8 have Dream market in their 2nd-degree neighborhood (in- direct linking). This explains the reason of having two distinct hierarchies in Figure 6.2 between clusters 1 to 5 and clusters 6 to 8. Therefore, not only Dream market has its own structural identity, its existence in the 1st- or 2nd-degree neighborhood of domains can make different structural identities for the Tor domains. As Figure 6.8:a indicates, two directories have direct links to Dream market which directly effects on their 1st-degree neighborhood. Based on Figure 6.3, directory has the maximum size in cluster 7, which is in accordance with our finding in the Chapter4 which reports that the directories have the largest num- ber of hyperlinks to Dream market. On the other hand, Figure 6.8:b shows one shopping domain (represented by the largest vertex) which has indirect linking to the Dream market domains. Regarding the number of shopping domains in different clusters, our analysis indicates that although shopping domains have the major population in cluster 8 (25%), this portion belongs to only 7% of all the shopping services in our data. This indicates that there is only a small number of shopping domains which have Dream market in their

74 (a) Direct linking to Dream markets (b) Indirect linking to Dream markets Figure 6.8: Examples of neighborhood structure for domains in clusters 7 and 8

2nd-degree neighborhood. However, this implies that Dream market, as the competitor of the dark shopping services, is only 2-hop far from them which can make it more difficult for the shopping service owners to attract and keep their customers’ attention.

6.2 Chapter summary

This chapter presents our investigation over structural identity of Tor domains and attempts to answer whether there is any relationship between structural identity of Tor domains and the type of information and services they provide. To this end, we employed struc2vec to extract the structural identity of Tor domains independently of their service type or their location in Tor. We utilized hierarchical clustering to classify the structural identities of do- mains and investigate any relationship the identities have with the domains’ service types. Based on our results, the structural identity of Tor services can be categorized into eight different groups. Structural identity of the Dream market domains makes them distinct from others: an almost fully connected structure which makes the neighborhood structure robust against node removal. Domains with direct or indirect linking to the Dream market

75 domains have structural identities which are different with the other domains. Number of shopping services with indirect links to Dream market is more than the other service types. This short distance from shopping domains’ competitor, Dream market, makes it difficult for their owners to attract and keep users’ attention. The structural identity created by linking to services with high out-degree is the dominant structural identity for Tor services, which makes their 2nd-degree neighborhood robust against node removal or targeted attack. In contrast, few domains have small sparse neighborhood structures which are vulnerable against node removal.

76 7

Conclusion

This dissertation presented a broad evaluation on Tor domains ecosystem, which compre- hensively characterized the ‘types’ of information and services hosted across a broad swath of Tor domains and their hyperlink relational structure, thoroughly investigated the po- tential for information leakage on Tor, identified how referencing to the surface Web can change the linking structure of the Tor domains, and examined the interplay between in- formation and structure on Tor which indicates if the type of information provided by Tor domains have any relationship with their neighborhood structure. The specific contribu- tions of this dissertation are:

• Evaluation on Tor information ecosystem: Our broad study on the information hosted by Tor domains and their hyperlink structure made revelations about the un- derlying structure of inter- and intra-connectivity of Tor domain, and answered essen- tial questions about the main application of the Tor dark Web, and the importance of its services based on their roles in the network. Analyses reported that more than half of Tor domains are used for browsing, communication, and releasing information to public. Also, people are now turning to Tor to play online gambling games that are otherwise illegal in many countries around the world. This implies that it is not valid to argue Tor is only used to enable criminal activities. Among our various findings

77 on the connectivity analysis of Tor domains, we found the tendency of Tor domains towards isolation which makes them difficult to discover by casual browsing. More- over, Dream market, one of the most popular marketplaces in dark Web, is revealed as the most structurally important, core service of Tor while directories play an im- portant role as the crucial entry points for probing the Tor ecosystem. These findings on the importance evaluation of Tor domains conditioned on their service type can give hints about ranking of Tor services for designing search engines or establishing mirroring domains for directories as the main source of information dissemination on Tor.

• Assessment of Tor information leakage: This work thoroughly analyzed the poten- tial for information leakage on Tor by comprehensively investigating the reference network of Tor domains to the surface Web. From the perspective of domains’ own- ers, designing webpages of domains in a way that it does not contain any potential for this information leakage can encourage their customers to trust their services. This can be important especially for Tor markets where competition to attract customers has a permanent importance. The results revealed that over 90% of Tor domains are vulnerable against leaking users’ confidential information. This finding implies that although the Tor domains’ owners intend to hide their identity by isolating their ser- vices on the network, the design of their services crucially suffer from the problem of leaking their customers’ identity. The analyses also indicated that popular surface websites of Facebook, GitHub, and Twitter also have popularity on the dark domain which implies their potential as the third-party to take advantage of the information leakage on Tor.

• Characterization of Tor structural identity: Our attempt to characterize the struc- tural identity of Tor domains examined relationships between the neighborhood struc- ture of Tor domains and the type of services they provide. Finding any relation be-

78 tween the structural identity of Tor domains and their service type can give hints for predicting links between a new domain with the others based on their service type. Moreover, some Tor services experience temporary downtime and use new network identity after their appearance to hide their existence. Identifying the linking patterns in the neighborhood structure of domains, especially marketplaces, can helps track the moving service publishers even if they change their identity. Scrutinizing the linking patterns in relationships among domains also leads to predicting the portions of the network which are vulnerable against node removal or targeted attack. Our evaluation revealed that the structural identity of Tor domains can be classified into eight distinct groups. Dream market services have their own structural identity: a fully-connected neighborhood network which is robust against node removal. This insight alleviates tracking the moving vendors of the Dream market domains using the unique linking pattern in the structural identity of their services. Domains that link to the others with high out-degree centrality form the dominant Tor structural identity where the domains’ 2nd-degree neighborhood is robust against node removal despite the tendency towards isolation in Tor.

Further advances in our understanding of the Tor ecosystem and the interplay between its structure and information will be done along a number of future research directions. Specifically, future work will closely study novel analytics to evaluate this ecosystem and compare and contrast its hyperlink structure with other socio-technical systems. It also attempts to answer if the underlying hyperlink structure of Tor domains can be modeled by other network models. Such a study can lead to link prediction between domains and gives hints on tracking and tracing malicious activities through domains. Modeling the do- mains’ linking patterns using network models also helps predict the domains’ relationships which are vulnerable against node removal or targeted attacks. Regarding the connections between Tor domains, another plan will further concentrate to track the moving vendors of dark markets by scrutinizing the patterns in their structural identity independent of their

79 temporal network identity. More comprehensive investigations will also intend to verify our experiments on the structural identity of Tor domains for datasets that differ in terms of size and method of data collection. Another direction of future work is to focus on phishing attack detection on dark Web. The anonymity provided on Tor allows its users to run their own phishing scams, especially on the dark market domains. Crawling similar domains on the surface Web and directly comparing and contrasting them with the dark Web pages can yield insights into the basic structure of webpages in dark Web and how they may be manipulated for phishing attack purposes. This can help identify services which try to deceive Tor users via the content or structure of their webpages. Also, surveying the current strategies to crawl and extract information from the Tor network and conducting comparative analysis on them can provide insights into new analytics to evaluate and/or improve the method for data collection on the dark network. Towards better understanding the modus operandi of services provided in non-English languages, deeper explorations of the Tor information and analyses from different aspects such as cultural approaches will be the other plan for the future work.

80 Bibliography

[1] Timothy G Abbott, Katherine J Lai, Michael R Lieberman, and Eric C Price. Browser- based attacks on tor. In International Workshop on Privacy Enhancing Technologies, pages 184–199, 2007.

[2] Daniel Arp, Fabian Yamaguchi, and Konrad Rieck. Torben: A practical side-channel attack for deanonymizing tor communication. In Proceeding of the 10th ACM Sympo- sium on Information, Computer and Communications Security, pages 597–602, 2015.

[3] Kevin Bauer and Damon McCoy. Block insecure protocols by default, 2008.

[4] Kevin Bauer, Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker. Low-resource routing attacks against tor. In Proceeding of the 2007 ACM workshop on Privacy in Electronic Society, pages 11–20, 2007.

[5] Massimo Bernaschi, Alessandro Celestini, Stefano Guarino, and Flavio Lombardi. Exploring and analyzing the tor hidden services graph. ACM Transactions on the Web, 11(4):24, 2017.

[6] Massimo Bernaschi, Alessandro Celestini, Stefano Guarino, Flavio Lombardi, and Enrico Mastrostefano. Spiders like onions: on the network of tor hidden services. In The Conference, pages 105–115, 2019.

81 [7] Alex Biryukov and Ivan Pustogarov. Bitcoin over tor is not a good idea. In 2015 IEEE Symposium on Security and Privacy, pages 122–134, 2015.

[8] Alex Biryukov, Ivan Pustogarov, Fabrice Thill, and Ralf-Philipp Weinmann. Content and popularity analysis of tor hidden services. In 34th International Conference on Distributed Computing Systems Workshops, pages 188–193, 2014.

[9] Alex Biryukov, Ivan Pustogarov, and Ralf-Philipp Weinmann. Trawling for tor hidden services: Detection, measurement, deanonymization. In Symposium on Security and Privacy, pages 80–94, 2013.

[10] David M Blei, Andrew Y Ng, and Michael I Jordan. Latent dirichlet allocation. Journal of Machine Learning Research, 3(Jan):993–1022, 2003.

[11] Ulrik Brandes. A faster algorithm for betweenness centrality. Journal of Mathemati- cal Sociology, 25(2):163–177, 2001.

[12] Andrei Broder, Ravi Kumar, Farzin Maghoul, Prabhakar Raghavan, Sridhar Ra- jagopalan, Raymie Stata, Andrew Tomkins, and Janet Wiener. Graph structure in the web. Computer Networks, 33(1-6):309–320, 2000.

[13] Pavlo Burda, Coen Boot, and Luca Allodi. Characterizing the redundancy of darkweb. onion services. In Proceeding of the 14th International Conference on Availability, Reliability and Security, page 19, 2019.

[14] Enrico Cambiaso, Ivan Vaccari, Luca Patti, and Maurizio Aiello. security: A categorization of attacks to the tor network. In Italian Conference on Cyber Security, 2019.

[15] Hsinchun Chen, Wingyan Chung, Jialun Qin, Edna Reid, Marc Sageman, and Gabriel Weimann. Uncovering the dark web: A case study of jihad on the web. Journal of the American Society for Information Science and Technology, 59(8):1347–1359, 2008.

82 [16] Nicolas Christin. Traveling the silk road: A measurement analysis of a large anony- mous online marketplace. In Proceeding of the 22nd International Conference on World Wide Web, pages 213–224, 2013.

[17] Diana S Dolliver. Evaluating drug trafficking on the tor network: Silk road 2, the sequel. International Journal of Drug Policy, 26(11):1113–1123, 2015.

[18] Diana S Dolliver, Steven P Ericson, and Katherine L Love. A geographic analysis of drug trafficking patterns on the tor network. Geographical Review, 108(1):45–68, 2018.

[19] Diana S Dolliver and Joseph B Kuhns. The presence of new psychoactive sub- stances in a tor network marketplace environment. Journal of Psychoactive Drugs, 48(5):321–329, 2016.

[20] Ingo Feinerer, Christian Buchta, Wilhelm Geiger, Johannes Rauch, Patrick Mair, and Kurt Hornik. The textcat package for n-gram based text categorization in r. Journal of Statistical Software, 52(6):1–17, 2013.

[21] Shalini Ghosh, Ariyam Das, Phil Porras, Vinod Yegneswaran, and Ashish Gehani. Automated categorization of onion sites for analyzing the darkweb ecosystem. In Proceeding of the 23rd ACM SIGKDD International Conference on Knowledge Dis-

covery and Data Mining, pages 1793–1802, 2017.

[22] David Goldschlag, Michael Reed, and Paul Syverson. Onion routing for anonymous and private internet connections. Technical report, Naval Research Lab Washington DC Center For High Assurance Computing Systems, 1999.

[23] Virgil Griffith, Yang Xu, and Carlo Ratti. Graph theoretic properties of the darkweb. arXiv preprint arXiv:1704.07525, 2017.

83 [24] Per Hage and Frank Harary. Eccentricity and centrality in networks. Social Networks, 17(1):57–63, 1995.

[25] Javad Hamidzadeh, Mahdieh Zabihimayvan, and Reza Sadeghi. Detection of web site visitors based on fuzzy rough sets. Soft Computing, 22(7):2175–2188, 2018.

[26] Fei Hu, Ali Mostashari, and Jiang Xie. Socio-technical networks: Science and engi- neering design. 2010.

[27] Ioana Hulpus, Conor Hayes, Marcel Karnstedt, and Derek Greene. Unsupervised graph-based topic labelling using dbpedia. In Proceeding of the sixth ACM Interna- tional Conference on Web Search and Data Mining, pages 465–474, 2013.

[28] Ken’ichi Ikeda and Yuki Yasuda. Social networks. The International Encyclopedia of Political Communication, pages 1–8, 2015.

[29] Christos Iliou, George Kalpakis, Theodora Tsikrika, Stefanos Vrochidis, and Ioannis Kompatsiaris. Hybrid focused crawling for homemade explosives discovery on sur- face and dark web. In 11th International Conference on Availability, Reliability and Security, pages 229–234, 2016.

[30] Ramnath Kumar, Shweta Yadav, Raminta Daniulaityte, Francois Lamy, Krish- naprasad Thirunarayan, Usha Lokala, and Amit Sheth. edarkfind: Unsupervised multi-view learning for sybil account detection. In Proceedings of The Web Con- ference 2020, pages 1955–1965, 2020.

[31] Quangang Li, Peipeng Liu, and Zhiguang Qin. A stealthy attack against tor guard se- lection. International Journal of Security and Its Applications, 9(11):391–402, 2015.

[32] Karsten Loesing, Steven J Murdoch, and . A case study on mea- suring statistical data in the tor anonymity network. In International Conference on Financial and , pages 203–215, 2010.

84 [33] Guoyong Mao and Ning Zhang. Analysis of average shortest-path length of scale-free network. Journal of Applied Mathematics, 2013, 2013.

[34] Damon McCoy, Kevin Bauer, Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker. Shining light in dark places: Understanding the tor network. In Privacy Enhancing Technologies, pages 63–76, 2008.

[35] David Mimno, Hanna M. Wallach, Edmund Talley, Miriam Leenders, and Andrew McCallum. Optimizing semantic coherence in topic models. In Proceeding of the Conference on Empirical Methods in Natural Language Processing, pages 262–272, 2011.

[36] Aziz Mohaisen and Kui Ren. Leakage of. onion at the dns root: Measurements, causes, and countermeasures. IEEE/ACM Transactions on Networking, 25(5):3059– 3072, 2017.

[37] Carl-Maria Mörch, Louis-Philippe Côté, Laurent Corthésy-Blondin, Léa Plourde- Léveillé, Luc Dargis, and Brian L Mishara. The darknet and suicide. Journal of Affective Disorders, 241:127–132, 2018.

[38] Fionn Murtagh. A survey of recent advances in hierarchical clustering algorithms. The Computer Journal, 26(4):354–359, 1983.

[39] Mark EJ Newman and Michelle Girvan. Finding and evaluating community structure in networks. Physical Review E, 69(2):026113, 2004.

[40] Leonardo FR Ribeiro, Pedro HP Saverese, and Daniel R Figueiredo. struc2vec: Learning node representations from structural identity. In Proceeding of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pages 385–394, 2017.

85 [41] Lior Rokach and Oded Maimon. Clustering methods. In Data Mining and Knowledge Discovery Handbook, pages 321–352. 2005.

[42] Peter J Rousseeuw. Silhouettes: a graphical aid to the interpretation and validation of cluster analysis. Journal of Computational and Applied Mathematics, 20:53–65, 1987.

[43] Stan Salvador and Philip Chan. Toward accurate dynamic time warping in linear time and space. Intelligent Data Analysis, 11(5):561–580, 2007.

[44] Amirali Sanatinia and Guevara Noubir. Off-path man-in-the-middle attack on tor hidden services. New England Security Day, 2017.

[45] Amirali Sanatinia, Jeman Park, Erik-Oliver Blass, Aziz Mohaisen, and Guevara Noubir. A privacy-preserving longevity study of tor hidden services. arXiv preprint arXiv:1909.03576, 2019.

[46] Iskander Sanchez-Rola, Davide Balzarotti, and Igor Santos. The onions have eyes: A comprehensive structure and privacy analysis of tor hidden services. In Proceeding of the 26th International Conference on World Wide Web, pages 1251–1260, 2017.

[47] Ryan Scrivens, Tiana Gaudette, Garth Davies, and Richard Frank. Searching for extremist content online using the dark crawler and sentiment analysis. Methods of Criminology and Criminal Justice Research, pages 179–194, 2019.

[48] Paul Syverson, R Dingledine, and N Mathewson. Tor: The second-generation onion router. In Usenix Security, 2004.

[49] Joe H Ward Jr. Hierarchical grouping to optimize an objective function. Journal of the American Statistical Association, 58(301):236–244, 1963.

[50] Jennifer Xu and Hsinchun Chen. The topology of dark networks. Communications of the ACM, 51(10):58–65, 2008.

86 [51] Mahdieh Zabihi, Majid Vafaei Jahan, and Javad Hamidzadeh. A density based clus- tering approach for web robot detection. In 2014 4th International Conference on Computer and Knowledge Engineering, pages 23–28, 2014.

[52] Mahdieh Zabihimayvan and Derek Doran. Some (non-) universal features of web robot traffic. In Annual Conference on Information Sciences and Systems, pages 1–6, 2018.

[53] Mahdieh Zabihimayvan, Reza Sadeghi, Derek Doran, and Mehdi Allahyari. A broad evaluation of the tor english content ecosystem. In Proceeding of the 10th ACM Conference on Web Science, pages 333–342, 2019.

[54] Mahdieh Zabihimayvan, Reza Sadeghi, H Nathan Rude, and Derek Doran. A soft computing approach for benign and malicious web robot detection. Expert Systems with Applications, 87:129–140, 2017.

[55] Reza Zafarani, Mohammad Ali Abbasi, and Huan Liu. Mining: an Introduction. 2014.

[56] Yulei Zhang, Shuo Zeng, Chun-Neng Huang, Li Fan, Ximing Yu, Yan Dang, Cather- ine A Larson, Dorothy Denning, Nancy Roberts, and Hsinchun Chen. Developing a dark web collection and infrastructure for computational and social sciences. In In- ternational Conference on Intelligence and Security Informatics, pages 59–64, 2010.

87