Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

Number of Darknet Sites Plunges After Freedom Hosting Hack

The number of hidden services has dropped significantly following the cyberattack on Freedom Hosting II, which had been estimated to host roughly 20 percent of the sites on the dark web.

The number of hidden services has dropped significantly following the cyberattack on Freedom Hosting II, which had been estimated to host roughly 20 percent of the sites on the dark web.

Freedom Hosting II, which hosted nearly 11,000 websites, was brought down by Anonymous-affiliated hackers in early February. The hacktivists accused the service of hosting many child pornography sites, and leaked a large quantity of data from its systems, including over 380,000 user records.

An analysis conducted this month using OnionScan, an open source tool designed for investigating the dark web, showed that of more than 30,000 known Tor-based services, only just over 4,400 were still online.

“These 4,400 hidden services are far fewer than previous scans,” said anonymity and privacy researcher Sarah Jamie Lewis, who runs the OnionScan project. “We believe that the Freedom Hosting II takedown not only removed many thousands of active sites but also may have affected other hosting providers who were hosting some infrastructure on top of Freedom Hosting II.”

Lewis believes the drop in the number of hidden services may also be a result of the disappearance of secure email service Sigaint. The service went offline without warning a few weeks ago.

According to the latest OnionScan report, roughly 4,000 HTTP services have been detected on the dark web. The scan has also identified approximately 250 TLS services, 270 SSH services, 220 Bitcoin nodes, 100 SMTP services, and a handful of FTP and VNC services.

The scan also showed that many hidden services are still not configured properly; researchers have managed to extract almost a thousand unique IP addresses belonging to hidden services and the clearnet clients that accessed them.

Several reports have been published since April 2016, when the OnionScan tool was made available. However, Lewis said OnionScan reports will no longer be released in the near future as the focus will shift on trying to solve the underlying problems. The tool will continue to be maintained and improved with new features.

Related Reading: Darknet Marketplace Hansa Launches Bug Bounty Program

Related Reading: Behind the Buzz – What Intel Can You Gather from Dark Web Markets

Related Reading: Top Reasons to Pay Attention to the Dark Web

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

CISO Conversations

In this edition of CISO Conversations, SecurityWeek speaks to two city CISOs, from the City of Tampa, and from Tallahassee.