docs
DocsFAQKnowledge BaseSubmit a RequestMy RequestsGet Started

FAQ

What categories of deep & dark web websites are covered?

  • Cyber Threat Intelligence - Hacking forums, datastores, data leak sites, ransomware sites, cyber-related blogs, and cyber news sources.
  • Financial Crime - Carding forums, credit card shops, and blogs related to cryptocurrency crime.
  • Illicit Trafficking - Black markets and underground forums focused on illegal trade, including drug trafficking, weapon trafficking, counterfeit goods, and violations of intellectual property.
  • Extremism & Misinformation - Radical forums, extremist news websites, and alternative social media platforms that spread misinformation and hate speech.
  • Brand Monitoring - Social media and Imageboards discussing brands and companies.

What types of illicit content is covered?

  • Hacking - Discussions and trade of tools for exploiting vulnerabilities, CVEs, hacking techniques, and planning or executing cyber attacks, including methods and targets.
  • Data Breach - Data leak sites, exposure of personally identifiable information (PII), trade of data breaches, account takeovers (ATO), and techniques or discussions related to identity theft.
  • Carding - Activities involving the sale and use of stolen credit card details, bank account information, financial fraud schemes, and ATM fraud.
  • Crypto - Fraudulent schemes and criminal activities involving cryptocurrencies, including anti-money laundering evasion, crypto jacking, and dark web crypto exchanges.
  • Phishing - Tools, kits, and discussions about phishing attempts, including scam pages, phishing emails, and social engineering techniques.
  • Malware - Trade and discussions of malware types and their distribution methods.
  • Ransomware - Ransomware groups sites, trade and distribution of ransomware-as-a-service (RaaS), and discussions among ransomware group affiliates.
  • Stealer Logs - Trade, sharing, and discussions of stealer logs/
  • Counterfeit - Trade of counterfeit goods, forged money, fake documents, intellectual property theft, and piracy-related activities.
  • Gaming - Exchange of hacked gaming accounts, unauthorized game mods, and leaked game releases.
  • Extremism - Radical discussions promoting extremist ideologies, terrorism, misinformation, and conspiracy theories.
  • Drugs - Trafficking and distribution of illegal and prescription drugs.
  • Weapons - Trafficking and distribution of weapons and ammunition.
  • Sexual - Discussions and distribution of sexual media and content.

How far back can we search, calling the Cyber Endpoint?

The Cyber repositories store up to 2 years back of crawled content.

What sources are supported in the Cyber endpoint?

Webz.io crawls gated content, password, and captcha-protected sources from a variety of anonymous networks including TOR, Open and Deep Web, I2P, OpenBazaar, messaging apps such as Telegram, or other chat apps.

My company uses Webz.io for Domain-Threat-Monitoring. I'm running a search for the company name and receive 0 results. Does it mean my company is safe?

Unfortunately, it does not. Hackers might not explicitly use a company name since they wouldn't want to get exposed. So, for example - after running a search for a particular company’s name that didn't necessarily yield results - you'd want to back it up with a search for the company's IP addresses (e.g. SMTP or POP) that could also potentially return hits.
Another example is searching for credit card BINs rather than searching for the bank's name - which wouldn't usually return results.
Other company 'identifiers' are variations of the company name, the website, email domain, products, services, C-level executives.

I searched for posts from specific TOR addresses and received very few results

When you filter results by a specific marketplace Onion, you’ll get results only from this specific marketplace address, even though there might be many more Onions mirrors for that marketplace. Using the site.name filter, would usually do the trick, so for example matching against site.name:"Dream Market" - would yield millions of search results.

What entities are supported?

  • Emails
  • Phone numbers
  • Credit Cards
  • Social Security Numbers
  • Wallet IDs
  • IP addresses
  • Domains
  • CVEs
  • Persons
  • Organization
  • Locations

Why not all the keywords are highlighted with highlight=true ?

Highlighters don’t reflect the boolean logic of a query when extracting terms to highlight. Thus, for some complex boolean queries (e.g nested boolean queries, queries using minimum_should_match etc.), parts of documents may be highlighted that don’t correspond to query matches.