(doubt) - How deep web market phishing scams works?

[MoPharma]

Hello everyone,
I've been having this doubt for a time.
Anyone know how deep web market phishing works or in what lang/systems are based?
In this scams you can logon with your true account, access the products, etc
The only scam its when you will deposit money, where they change the deposit address.

An example of this (if its down you can find many scam link of original markets):
Original - https://archetyp.cc/enter
Phis - https://archety.cc/enter

I think that it can be based in node js etc (?)
Or maybe something like evilginx/modlishka...

Thanks any answer

 

[crypt0]

Пожалуйста, обратите внимание, что пользователь заблокирован
not in node as .onion sites dont use .js
im guessing its simply a hard coded deposit address that like a link in an email is hidden behind text
cant see it being but more complex than this as .onion sites run bare bones to avoid security errors

 

[MoPharma]

crypt0 сказал(а):
not in node as .onion sites dont use .js
im guessing its simply a hard coded deposit address that like a link in an email is hidden behind text
cant see it being but more complex than this as .onion sites run bare bones to avoid security errors

Its like if you have a bank phishing page, where you can login with your real bank account, you will access to your real account, but your iban its changed.

 

[crypt0]

Пожалуйста, обратите внимание, что пользователь заблокирован
Yup I understand bro hit me on tox lets chat ive DM you my tox id

 

[vei]

if you know what you're replacing, like a bitcoin address, then then you just curl the website then run it through regex for replacing text. very simple stuff.