Newsletter 2020-10-19

Published on October 19, 2020 by

October 2020: Hunter Biden, Maltego Transform v4, Decentralized TLDs

🥳 It has been 2 years since the launch of Intelligence X!
At this point we would like to thank our users & customers for their trust and we look forward to the future.

-Intelligence X Team

Make sure to follow us on Twitter for the latest updates.

Hunter Biden

The New York Post published an alleged Hunter Biden email. We looked into it in our blog post An OSINT investigation into the alleged Hunter Biden email. tl;dr: It appears that the email addresses in the alleged email are accurate. This does not validate nor refute the content of said email.

We have indexed 29 published Hunter Biden emails here: https://intelx.io/?did=558538b2-c441-48f9-9bd5-1e4d19a14e03. Use the “Tree View” tab to nagivate between the documents.

Decentralized TLDs

We added support for .bit and .bazar domains. These are decentralized top-level domains by Emercoin and Namecoin. They store the DNS records on a blockchain, only allowing the owner of the private key to modify them.

  • .bit is often used by malware for command & control, in particular to evade takedowns
  • .bazar is often used for marketplaces

Example: https://intelx.io/?s=jstash.bazar

Our Phonebook also supports these TLDs and provides discovery of such domains:
https://phonebook.cz/?t=1&s=*.bazar

Maltego Transform v4

We have updated our Maltego Transform to v4. We added an “Intelligence X Selectors Transform” to pivot from a search result to entities, i.e. listing all URLs, domains, etc. from the given search result.

You can watch this GIF showing how it lists all domains and URLs from the original Silkroad site.

Another new transform is the “History Transform”, which lists all historical copies indexed by Intelligence X about a website.

Internal Improved SQL Parser

We developed a native SQL parser for our indexer. While some terms like email addresses were recognized in SQL dumps by our generic text parser, others such as IPs were not. The new algorithm is now running over the existing dataset.

Writing a generic SQL parser is tricky since Postgres, MySQL, MSSQL have slightly different syntaxes, on top of different encodings and escaping techniques.

Anti-spam algorithm deleting 2 billion records

As part of our ongoing quality efforts, we have improved our spam detection algorithm. It deleted 2 billion records in the Public Web bucket.

In our German Web bucket alone it removed 6 million subdomains with 1 TB of data that was detected as spam.

Moving forward our web crawlers are more efficient. 🕷

Deleting Unused Craigslist Bucket

In October 2019 we started crawling Craigslist, indexing and making historical copies. The project ran for about 6 months, but was not unlocked on intelx.io for public access. Stats on the data:

🔹 644 GB of data
🔹 16,857,052 website copies
🔹 464,776,016 total selectors

Since this is low value/quality data and we have a data minimization policy, we destroyed it. A fun fact is that in all the indexed Craigslist data, there was only 1 Bitcoin address present along with the message “The Bitcoin wishing well is here. Make a wish and send some btc. The more btc you send the more wishes you get.”.


Kleissner Investments s.r.o., Na Strzi 1702/65, 14000 Prague, Czech Republic

If you don’t wish to receive this newsletter anymore, please click here to unsubscribe.

Related articles

List of buckets

Published on May 5, 2022 by

At Intelligence X we categorize data sources into buckets. Buckets can be used as filters and to broadly identify the source of individual search results. For example, the bucket “Darknet Tor” indicates the result origins from some a Tor hidden service (.onion domain) and was collected by our Tor crawler. Buckets have human readable names


Adding support for new top-level domains

Published on April 6, 2022 by

We just added support for an additional 152 top-level domains (TLDs), increasing the support to 511 TLDs in total. Support means that you can search for those domains across intelx.io and APIs, and internally that our backend supports processing them. While you can start searching for them immediately, it will take some time until our


A word of #OPSEC @theguardian

Published on March 7, 2022 by

Earlier today at 11:24 The Guardian Journalist Shaun Walker posted the security procedure and the security token used to pass makeshift checkpoints in Ukraine related to the Russian Ukrainian war: This is a reminder to journalists – and the public – to take OPSEC (operations security) seriously and not endanger people on the ground. Posting


Search the blog: