Newsletter 2020-10-19

Published on October 19, 2020 by

October 2020: Hunter Biden, Maltego Transform v4, Decentralized TLDs

🥳 It has been 2 years since the launch of Intelligence X!
At this point we would like to thank our users & customers for their trust and we look forward to the future.

-Intelligence X Team

Make sure to follow us on Twitter for the latest updates.

Hunter Biden

The New York Post published an alleged Hunter Biden email. We looked into it in our blog post An OSINT investigation into the alleged Hunter Biden email. tl;dr: It appears that the email addresses in the alleged email are accurate. This does not validate nor refute the content of said email.

We have indexed 29 published Hunter Biden emails here: Use the “Tree View” tab to nagivate between the documents.

Decentralized TLDs

We added support for .bit and .bazar domains. These are decentralized top-level domains by Emercoin and Namecoin. They store the DNS records on a blockchain, only allowing the owner of the private key to modify them.

  • .bit is often used by malware for command & control, in particular to evade takedowns
  • .bazar is often used for marketplaces


Our Phonebook also supports these TLDs and provides discovery of such domains:*.bazar

Maltego Transform v4

We have updated our Maltego Transform to v4. We added an “Intelligence X Selectors Transform” to pivot from a search result to entities, i.e. listing all URLs, domains, etc. from the given search result.

You can watch this GIF showing how it lists all domains and URLs from the original Silkroad site.

Another new transform is the “History Transform”, which lists all historical copies indexed by Intelligence X about a website.

Internal Improved SQL Parser

We developed a native SQL parser for our indexer. While some terms like email addresses were recognized in SQL dumps by our generic text parser, others such as IPs were not. The new algorithm is now running over the existing dataset.

Writing a generic SQL parser is tricky since Postgres, MySQL, MSSQL have slightly different syntaxes, on top of different encodings and escaping techniques.

Anti-spam algorithm deleting 2 billion records

As part of our ongoing quality efforts, we have improved our spam detection algorithm. It deleted 2 billion records in the Public Web bucket.

In our German Web bucket alone it removed 6 million subdomains with 1 TB of data that was detected as spam.

Moving forward our web crawlers are more efficient. 🕷

Deleting Unused Craigslist Bucket

In October 2019 we started crawling Craigslist, indexing and making historical copies. The project ran for about 6 months, but was not unlocked on for public access. Stats on the data:

🔹 644 GB of data
🔹 16,857,052 website copies
🔹 464,776,016 total selectors

Since this is low value/quality data and we have a data minimization policy, we destroyed it. A fun fact is that in all the indexed Craigslist data, there was only 1 Bitcoin address present along with the message “The Bitcoin wishing well is here. Make a wish and send some btc. The more btc you send the more wishes you get.”.

Kleissner Investments s.r.o., Na Strzi 1702/65, 14000 Prague, Czech Republic

If you don’t wish to receive this newsletter anymore, please click here to unsubscribe.

Related articles