Connect with us

Hi, what are you looking for?



Hacked Server Marketplace Returns as a Tor Domain

xDedic, a marketplace selling access to hacked servers, has reemerged as a Tor domain after a report that exposed its illicit activity sparked its operators to take it down last month.

xDedic, a marketplace selling access to hacked servers, has reemerged as a Tor domain after a report that exposed its illicit activity sparked its operators to take it down last month.

After Kaspersky Lab researchers revealed in mid-June that they counted over 70,000 hacked servers made available for purchase on xDedic, some for as low as just $6, the marketplace operators closed the virtual shop on June 16. However, with roughly 30,000 users a month, the storefront was too popular to disappear for good, and intelligence firm Digital Shadows saw it re-emerge only a week later, but as a Tor domain now.

In an incident report shared with SecurityWeek, Digital Shadows reveals that a user named xDedic posted on 24 Jun 2016 a link to the new site on the criminal forum exploit[.]in. The user, who “had an established reputation on the forum and has been previously identified as associated with the site,” posted the link on a Russian language forum thread titled “xDedic спалили” (xDedic burned).

The original xDedic site was established in November 2014, and provided detailed information on each of the servers available for purchase on it: price, location, speed, anti-virus installed, and more. Kaspersky Lab researchers discovered 70,000 servers available on the marketplace, but later revealed that these might have been only the items that were the least attractive to buyers.

Several days after the initial report was published, the researchers received information that over 176,000 unique hacked servers were traded on xDedic between October 2014 and February 2016 and that many more might have been traded since February. The hacked servers were located in 173 countries and came from 416 unique sellers. The prices for these servers ranged from $6 to $6,000, though only around 50 servers cost more than $50.

The new xDedic site is identical in design to the previous one, but Digital Shadows researchers say that the marketplace’s operators didn’t import the user accounts from the initial website, meaning that accounts could be freely registered. However, they also discovered that a $50 credit was required after registration for an account to be activated.

Awareness on the new site is low at the moment, but researchers believe that this will change shortly, since the previous site was attracting 30,000 users a month when it closed down. It appears that the new xDedic domain was shared only on said criminal forum and on a French language dark web criminal site, but “with the exception of Tor domain aggregation lists could not be located elsewhere.”

Researchers couldn’t confirm how many users the new site has attracted for the time being, as the domain is hosted on the Tor network and they can’t assess the site’s traffic volumes. However, the research into the new xDedic site is still undergoing, Digital Shadows told SecurityWeek.

Advertisement. Scroll to continue reading.

“The nature of the dark web is naturally very volatile, so keeping a keen awareness of this naturally changing landscape is key for organizations,” said James Chappell, CTO and co-founder of Digital Shadows.

Kaspersky Lab researchers also are monitoring the situation. “We are aware of reports of the return of xDedic and are monitoring the situation. We have a policy to share the findings of cybercriminal research with the relevant law enforcement agencies, and we have already done so in the case of xDedic,” Kaspersky Lab told SecurityWeek via email.

Related: Hackers Will Break Into Email, Social Media Accounts for Just $129

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...