MalwareTips
DANGEROUS

Critical risk detected

lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion.ly is a look-alike (homoglyph) of a well-known domain. Our security stack flagged multiple threat indicators on this website. Don't enter personal information, deposit money, or download files.

Security Review

Is lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion.ly legit or a scam?

Our verdict:Dangerous· 23/100

Clearnet mirror of LockBit ransomware onion site, listed in multiple threat intelligence reports as a payment portal.

Top reasons
Direct mirror of confirmed LockBit ransomware infrastructure used for extortion payments and data leaks.Minimal page content with no legitimate business indicators or contact information.Proxy service itself described as low-trust for accessing hidden services.
lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion.lyScanned 10d ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 62·MT 5
Category tags
ransomware#Malware95% MT confidence
Technical red flags (1)
Lookalike domain suspected
Warning signals (1)
Domain is 7 months old

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
Data unavailable
Domain Age
7 months old
Registered Oct 19, 2025
MT Intelligence
Dangerous
Critical likelihood · 95% confidence

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Critical scam likelihoodengineMT · Guardiantrust5/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The domain resolves to a known LockBit 3.0 ransomware infrastructure address via the onion.ly proxy service. Multiple threat reports explicitly identify the underlying onion address as the group's active payment and leak site. The page itself contains almost no content beyond a generic entry link, consistent with a minimal proxy front-end. While the hosting IP shows no abuse reports and browser blocklists are clean, the direct ransomware linkage overrides those signals. Domain age of 219 days matches the timeline of ongoing LockBit activity after law-enforcement actions.
Full dossier
Analysis complete

Page Content

The page displays only the text "onion.ly Click here to enter" with no contact details, forms, or business information. It functions as a simple redirector to the hidden Tor service.

Infrastructure

Hosted on IP 103.224.182.238 with zero abuse reports and valid Let's Encrypt SSL. The domain acts as a documented clearnet gateway to the LockBit onion address.

Domain History

Registered 219 days ago through Libyan Spider Network with no privacy protection. No business registration records exist.

Web Reputation

Explicitly listed in threat intelligence sources as the LockBit 3.0 payment portal. No user-level scam complaints were found for this exact mirror.

Risk Factors
3
  • Direct mirror of confirmed LockBit ransomware infrastructure used for extortion payments and data leaks.
  • Minimal page content with no legitimate business indicators or contact information.
  • Proxy service itself described as low-trust for accessing hidden services.
Positive Signals
3
  • Hosting IP carries zero abuse reports.
  • No detections from browser blocklist feeds.
  • Valid SSL certificate in place.
AI Recommendation
Do not visit or enter any information. This is active ransomware infrastructure; close the page immediately.
Scam network detected
1 linked domain correlated

Exact match to the primary LockBit 3.0 Tor payment and leak site.

lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion
Next-gen fraud intelligence
Evidence-backedCross-checked

Website Preview

Screenshot of lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion.ly
LIVE RENDER
lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion.ly

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion.ly, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
7 months
Registered Oct 2025
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
No scam reports found
No complaints, no negative coverage turned up in our sweep.
Key findings
6 headline facts from open-web research
  • Domain is .onion.ly clearnet mirror of LockBit ransomware Tor site: http://lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion
  • Listed in multiple threat intel reports (Sangfor, GitHub Advisory-Newsletter, INCIBE, Fortinet) as LockBit 3.0 payment/leak portal
  • onion.ly described by scam-detector.com as suspicious/low-trust proxy service for .onion sites
  • No user complaints, reviews, or scam reports specific to this exact domain found in searches
  • Domain age 219 days aligns with ongoing LockBit operations post-2023-2024 takedown attempts
  • No brand references or detected scam families beyond ransomware association
Research summary
Narrative write-up from our AI analyst, grounded on the facts above
We searched scam-report databases, consumer-review sites, and general web sources for lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion.ly and didn't find scam reports or complaints. For a new or low-traffic site this is expected and is not by itself a sign of trust.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age7 months old
RegistrarLibyan Spider Network (int)
RegisteredOct 19, 2025
ExpiresOct 19, 2026
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerLet's Encrypt · R13
ExpiresAug 17, 2026 (82d)
Self-signedNo
Hosting & Technology
HostingTrellian Pty. Limited
Server locationUS

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPTrellian Pty. Limited
Usage typeContent Delivery Network

Scam-Type Likelihood

1 scam-type patterns detected
Scam-Type Likelihood

0 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Malware
Malware
Low-level signals
0/100
  • AI analyst tagged this as malware / drive-by / cracked app.

Malware distribution detected

Signals suggest this page may deliver malicious files or exploit the browser.

  • Do not interact with lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion.ly

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • If you downloaded or ran a file from here

    Disconnect the device from the internet, run a full scan with a reputable antivirus (Malwarebytes, ESET, Bitdefender), and consider a second-opinion scanner. Change passwords on any account you used from the device afterwards — ideally from a different device.

  • Get free cleanup help

    MalwareTips has a dedicated malware-removal team who walk you through cleanup one-on-one.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered from the scan data on this page. These are auto-generated — not hand-written — so they always match the underlying report.

  • Our automated security review flags lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion.ly as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.

Final Verdict

0
Trust / 100
Final Verdict·lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion.ly
DANGEROUS

This is a clearnet proxy mirror of the LockBit ransomware payment and data-leak site. Our analysis flags it as malicious due to confirmed association with LockBit 3.0 operations in threat reports. Avoid visiting or interacting with it.

Do not visit or enter any information. This is active ransomware infrastructure; close the page immediately.

AV engines
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust1
loureiru.lol
37m ago
Read the review
Dangeroustrust14
cinewhale.cc
56m ago
Read the review
Dangeroustrust39
kabjember.com
2h ago
Read the review
Dangeroustrust41
by42.arswdppo.top
3h ago
Read the review
Dangeroustrust21
astral-games.xyz
3h ago
Read the review
Dangeroustrust25
oneshippros.com
3h ago
Read the review
Dangeroustrust34
movies4u.as
3h ago
Read the review
Dangeroustrust40
cineby.gd
3h ago
Read the review
Dangeroustrust14
lipopeakdrops.com
3h ago
Read the review
Dangeroustrust15
yooutube.com
7h ago
Read the review
Dangeroustrust1
youareanidiot.com
7h ago
Read the review
Dangeroustrust12
flixhd.cc
8h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.