Unified Open & Dark Web Intelligence for Cyber Investigations

Dark Web IntelligenceOSINT Tools & Techniques

When security teams approach us, they’re often dealing with groups of bookmarks or several different tools to gather intelligence. Media Sonar integrates a variety of data providers, open-source scripts, and the most powerful tools in the industry to help analysts accelerate the investigative process. 

For this article, we’ve partnered with the founder of one of our trusted data providers, Peter Kleissner from IntelligenceX. IntelligenceX streamlines and archives data from Tor, I2P, data leaks, and the public web by email, domain, IP, Classless Inter-Domain Routing (CIDR), Bitcoin address, and more.

IntelligenceX automatically collects data, categorizes it, and presents it to the end-user. IntelligenceX currently searches approximately 25 billion records. As they scale up their efforts, they will be expanding by 1-2 billion records per month. 

Having access to a large index of exposed data archives is critical to detect information leaks, mentions on the dark web, or other threats towards your company and assets. 

IntelligenceX is fully transparent with its data, ensuring customers have 100% visibility into the metadata, which is important for any analyst collecting intelligence.

Historical Dark Web Data

The big difference between IntelligenceX compared to other solutions is they are both a search engine and a data archive. IntelligenceX stores historical data which is critical for the dark web where things disappear all the time. Being able to search historical dark web marketplaces that no longer exist allows analysts to add more context and insight into the data they collect.

In the image above, a domain was found that needed to be further investigated. On the historical tab directly within IntelligenceX, you can see there are a number of copies dating back to 2017. It shows you how similar the versions are, when it was changed in time, and the size of the change. For example, on May 16, 2020, there was a change that reduced the website to 240 Bytes.

When you click on this date to investigate further, you’ll see there was a redirect that was active on it until May 2020 to Silk Road 4. As an analyst, you’d be able to move forward with that URL and investigate further.

IntelligenceX also takes requests for removing leaked content once it’s been detected. If you put out a content removal request it will be handled within 24 hours. If there is a search result that contains personally identifiable information or your companies data, report it and it will be removed.

Now that we’ve covered a basic domain investigation, we will move into how Media Sonar provides action-based lookups across multiple sources, including IntelligenceX, and supports a security team’s entire lifecycle of detection, investigation, and remediation of threats.

Unifying OSINT & Dark Web Intelligence

In the previous example when we had an email address that was detected from IntelligenceX, Media Sonar would instantly recognize different pivot points you could use to continue your investigation, such as other email addresses, domains, or usernames. 

When you have disparate data sources and OSINT tools, it’s hard to make connections and see the bigger picture. Media Sonar pulls together best in market OSINT tools, data sources, searching capabilities, collaboration, sharing, and case management into one platform.

When you’re looking for a piece of content, whether it’s from the dark web, news source, blog, social, etc – the system instantly breaks down each piece of data into the core entities that make it up and pulls out what you can investigate further. 

Investigating Leaked Credit Card Information on the Dark Web

As a specific example, let’s say we’re trying to find leaked CVVs across multiple deep and dark web sources. Immediately upon putting the information into the system it has already pulled out related sites, credit cards, emails, phone numbers, etc, and displayed them on the right-hand side. 

With only one click, we could take an email address that was returned and pump it right back in for further searching and exploring.  

From here, all of the information in an investigation can be placed into Pathfinder, an interactive graph to visualize connections. This makes it easier to analyze larger amounts of data on a single screen. 

Preserving Historical Open & Dark Web Intelligence

When you take a piece of information and then preserve it in your case, it is encrypted and stored in your specific client segment within the Media Sonar platform. If it’s no longer available within the data provider’s index, it’s still preserved within your case in Media Sonar. This ensures that all the information you need to continue to protect an organization is preserved in a safe and secure manner. 


By consolidating data from sources like IntelligenceX & equipping analysts with industry-leading investigation tools, Media Sonar users see a 30x average increase in the speed of investigations vs traditional methods such as a stack of bookmarks or running searches across multiple different sources. 

Maximize the speed of your investigations with access to the most powerful OSINT tools and sources, in one seamless, easy-to-use platform.

Limited Time Offer!

We want to make our Web Intelligence & Investigations platform more accessible. Make the most of your 2022 security budget with up to 25% off all Media Sonar packages from now until March 1st, 2022.

Some conditions apply

Previous Post
Web Intelligence: The Good, Bad & Ugly
Next Post
Providing Executive Protection: The Best Defense is Good Web Intelligence

[Live Webinar]

Defending Digital Risk Profiles

February 3, 2022

Become a Media Sonar Insider

Become a Media Sonar Insider

Please fill in a few details & we'll add you to our communications list.

Looking For More Content?

– Limited Time Offer –

Up To 25% Off All Media Sonar Packages

– Ends March 1, 2022 –

Some conditions apply