Newsletter 2020-05-11

Published on May 11, 2020 by

May 2020: New dorks website, Tor, DDoS test and a Europol takedown

Our dataset continues to grow significantly: 17,660,962,195 selectors

In the past few months, we have invested in 200+ TB of enterprise storage which allows us to scale up data collection even more. As for the public web, we are currently crawling these TLDs: DE, AT, LU, CH, UA, KZ, RU

Later this week we will increase our coverage of TLDs and include major ones like .com, .org, .net, and many others.

🕵🏻 New Dorks website

👉🏼 https://intelx.io/dorks

This new dorks page provides simple links to “find something interesting”.

✅ Discover invite URLs for popular communication apps
✅ Lookup of deleted pastes
✅ Find historical website copies

Tor

Last month, we took a close look on Tor. We investigated spam websites run as Tor hidden services and published a blog post here.

tl;dr we removed from our Tor index:

  • 209,081 unique onion domains detected as spam
  • 34 million website files
  • 500 GB of data
  • 28% of our Tor index

We looked into Tor vanity domains which are .onion domains that include human recognizable text usually in the beginning. An example is “silkroad7rn2puhj.onion”. Read all details in this blog post. tl;dr: Only 11 out of 16 characters of onion addresses can be cracked using a used $300 GPU. 12 out of 16 will cost you at least $12k and cracking a full onion domain about $13 billion.

Lastly, we want to push the message that Tor hidden services are a failed technology doing “much more harm than good in practice”. We reposted an important blog post from the Lawfare Institute here.

Self-ddosing test

Yesterday we tried to self-ddos ourselves by using a shady DDoS-attacks-as-a-service provider. We documented it here with screenshots of the attack, statistics, and graphs showing the amount of IPs, bandwidth and packets per seconds used in the attacks. tl;dr:

  • Some attacks have no impact at all
  • Network level attacks (TCP SYN, NTP, DNS) can often be filtered and mitigated via simple firewall rules
  • Some of the attacks are successful in slowing down the responsiveness of the website
  • No attack had any permanent effect.

Takedown supported by Europol

Europol issued a press release stating: “Polish and Swiss law enforcement authorities, supported by Europol and Eurojust, dismantled InfinityBlack, a hacking group involved in distributing stolen user credentials, creating and distributing malware and hacking tools, and fraud.”

This takedown included the website datasense[.]pw, which, according to its own description, is a “combo cloud service that let’s you access thousands of databases, in a matter of seconds”. It is said that the hacking group was responsible for the massive Collection #1 data leak from January 2019.

This new development follows the seizure of WeLeakInfo in January 2020 by the FBI and European authorities.

Follow us on Twitter for the latest updates: https://twitter.com/_IntelligenceX


Kleissner Investments s.r.o., Na Strzi 1702/65, 14000 Prague, Czech Republic

If you don’t wish to receive this newsletter anymore, please click here to unsubscribe.

Related articles

Can we DDoS ourselves? We are about to find out. Live self-ddos on 10.05.2020 13:00 UTC

Published on May 9, 2020 by

On Sunday, May 10, 2020, we will DDoS our own website, intelx.io. We will live tweet and update this blog post with any developments and the outcome. The attack will be executed in the same fashion as an actual attack: we’ll do some research, then pay a shady DDoS provider in Bitcoin (and hope they


Vanity .onion Tor Addresses

Published on April 27, 2020 by

Tor .onion domains are the hashes of public keys. Generally, they look random, but it is possible for am Tor hidden service operator to generate onion domains that start with a human readable part such as “silkroad7rn2puhj.onion”. Those are called “vanity onion addresses” and there are tools like Shallot and Eschalot that will create the


Combating spam websites from Tor

Published on April 27, 2020 by

Certain actors spam Tor by creating many duplicate websites under different .onion domains and then linking them to each other. The cost of doing that is pretty low, considering that all you need is creating a new public key pair (the onion domain is the hash of the public key). In theory anyone can create


Search the blog: