The Hackr

The Dark Web Massive Shrinkage to 85%

The sort of Dark Web services has absent downbound significantly mass the Freedom Hosting II grapple

According to a recently published OnionScan report, the number of Dark web services has gone down significantly following the Freedom Hosting II hack that took place at the start of February.

There are only 30,000 services on Dark Web, according to research published by threat intelligence firm Deep Light. Of the 30,000 queried just over 4,400 were online. This shows a decrease of almost 85% in the overall size of Dark Web in the last year alone.


Downfall of Freedom Hosting II

According to Sarah Jamie Lewis, the main researcher behind the OnionScan report, at the heart of this dramatic drop in numbers is the downfall of Freedom Hosting II, a Dark Web hosting service.

A previous report, also by Lewis, estimated that Freedom Hosting II hosted around a fifth of the entire Dark Web.

“We believe that the Freedom Hosting II takedown not only removed many thousands of active sites but also may have affected other hosting providers who were hosting some infrastructure on top of Freedom Hosting II,” Lewis explained.

At least 3 of the largest databased in the dump were related to sharing and discussing child sexual exploitation. Hacktivists decided to destroy the hosting provider and leak the database.

The lifespan of an onion service can range from minutes to years.


Dark Web 1

A zoomed out image of the dark web connection graph produced by OnionScan. Multiple clusters of hidden services can be seen connected by a large number of identifiers and misconfigurations.

The Dark Web is laughably small

According to the recent OnionScan statistics, the Dark Web is laughably small. The Dark Web is left with around 4,000 HTTP websites, 250 TLS (HTTPS) endpoints, 100 SMTP services, and only 10 FTP nodes.

♠      HTTP Detected  – ~4000
♠      TLS Detected     –  ~250 (In line with previous counts – unaffected by FHII)
♠      SSH Detected    –  ~270 (much lower, mostly due to the FHII hack)
♠      FTP Detected    –  < 10 (much lower, again expected to be related to FHII)
♠      SMTP Detected –  < 100
♠      VNC Detected   –   < 10
♠      Bitcoin Nodes Detected – ~220 (much higher, likely because of better bitcoin capability in OnionScan)

SSH endpoints are down substantially mostly linked to the downfall of Freedom Hosting II.

Otherwise not much as changed. Even in terms of security the state remains much the same as it was a year ago.

“We were able to extract nearly a thousand unique IP addresses from our data set belonging to both services and clearnet clients accessing misconfigured hidden services,” Lewis said.

OnionScan scans included Apache mod_status exposures (7-10% of sites), open directories, EXIF metadata left intact in image headers, and host header co-hosting leaks.

Overall, despite its allure, the Dark Web has shrunk tremendously riddled with misconfigured servers. Sigaint, a very popular email provider operating from the Dark Web, went down ten days after the Freedom Hosting II hack, and has yet to return.

2017 has not been a good year to be operating a hidden service.



It was a hobby I got into a long time ago, hacking cameras. And I am here making posts @TheHackr today!

Chat With Our Bot ☎️

IntroducingTheHackr Chatbot,now anyone can interact with our messenger bot and get daily crunches about Cyber-Security in just a clicks away!