Differentiating a proxy from the real site is difficult. The real site and the phishing site have the same time stamp, exactly 12 seconds ahead of real time, but a good proxy simply forwards the main site and MITMs the connection. Access times to hidden services can be variable, but taking averages over many access attempts might yield some fruitful results. I've discovered that TTLs are useless. They are reset along the circuit, so you always get 64. This is of course great for plausible deniability, if they are behind it. The thing is, Jack, it's not a single data point, but the aggregate of facts. Atlantis has been on an aggressive marketing campaign for some time now, and it's clear they want to steal SR users. They tried creating forum accounts and advertising here, but those accounts and posts were deleted. They tried drawing vendors to their market by waiving the vendor fee and 3 months of commission. They tried luring more vendors with these "buyer" shills with gift codes. They created an AMA on on the Silk Road subreddit, for Christ's sake. Is it really hard to believe they would engage in underhanded tactics to steal SR users? Do you believe those were real buyers with gift codes? I can't prove they weren't, but the aggregate of facts convinces me they were Atlantis shills.