All content not indexed by traditional web-based search engines is known
as the DeepWeb. Wrongly been associated only with the Onion Routing
(TOR), the DeepWeb's ecosystem comprises a number of other anonymous and
decentralized networks. The Invisible Internet Project (I2P), FreeNET,
and Alternative Domain Names (like Name.Space and OpenNic) are examples
of networks leveraged by bad actors to host malware, high-resilient
botnets, underground forums and bitcoin-based cashout systems (e.g., for
We designed and implemented a prototype system called DeWA for the
automated collection and analysis of the DeepWeb, with the goal of
quickly identifying new threats as soon they appear.
In this talk, we provide concrete examples of how using DeWA to detect,
e.g., trading of illicit and counterfeit goods, underground forums,
privacy leaks, hidden dropzones, malware hosting and TOR-based botnets.