Dark Web Shops Are Leaking IPs Left and Right

If you’re not reading Catalin Cimpanu every day or following him on Twitter, you’re missing some good stuff.  Here’s what he reported a few days ago:

The takedown of three major Dark Web markets by law enforcement officials over the summer has driven many vendors of illegal products to set up their own shops that, in many cases, are not properly configured and are leaking the underlying server’s IP address.

In case of Dark Web portals, leaking the real-world IP address means law enforcement can move in, seize the server, and possibly track down the illegal shop’s owner and much of his clientele.

Researcher loves tracking down Dark Web portals

Over the past two months, one security researcher, in particular, has been quite efficient at finding Dark Web shops festering with criminal activity that are also leaking their real IPs.

Going online by the pseudonym of Sh1ttyKids, the researcher’s latest victim is a cannabis-selling shop named ElHerbolario, which he tracked down to two Dutch IP addresses ( and that were being used by BlazingFast, a well-known bulletproof hosting company operating out of Ukraine.

Read more on BleepingComputer and then do yourself a favor and bookmark that site.

About the author: Dissent

Comments are closed.