I wanted to make sure sheepmarketplace's clearnet site is really unofficial. Because clearnet and tor site using same technologies (Bootstrap and Nette Framework - look at clearnet site's X-Powered-By response header: http://i.imgur.com/HlalJHn.png) and it enhances my doubts.
So i went to sheep5u64fi457aw.onion and i looked up for comments in source.
I found that he forgot to remove comments in screen.css:
http://i.imgur.com/e5xw5hx.png
Those comments are in Czech, hmm.. But maybe that's not him, this stylesheet made by he's frontend developer?
Lets find out!
I checked name servers of sheepmarkatplace.com. Ooops.. This site uses CloudFlare as reverse proxy. So we can't find out real ip but we can check subdomains that not behind CloudFlare!
First attempt:
ping direct.sheepmarketplace.com
PING sheepmarketplace.com (185.2.42.79): 56 data bytes
64 bytes from 185.2.42.79: icmp_seq=0 ttl=50 time=101.444 ms
Oh, we found sheepmarketplace.com's real ip at the first attempt. Not bad..
Let's check IP details
whois 185.2.42.79
Result:
http://i.imgur.com/YUUUjtf.png
Well, as you see sheepmarketplace.com hosted in Czech Republic on HexaGeek's servers
Guess what it means
sheepmarketplace.com's owner same as sheep5u64fi457aw.onion
He is living in Czech Republic
He sucks at security (here is another proof!)
Want to add to the discussion?
Post a comment!