The exposed data revealed extensive visitor activity to Leakzone.net, a prominent underground forum known for distributing hacking tools, exploits, and compromised accounts.
Each database object contained sensitive information, including domain requests, user IP addresses, geolocation data, and internet service provider metadata, providing unprecedented insight into the digital footprints of users accessing illicit cybercrime marketplaces.
The leaked database schema revealed that 95% of the 22 million records were directed to leakzone.net, with the remaining 2.7% targeting accountbot.io, a marketplace for selling compromised user credentials.
UpGuard researchers verified the attribution by registering an account with Leakzone and confirming their IP address appeared in the logs, definitively linking the database to the forum’s web traffic.
The temporal analysis showed records spanning from June 25 to the discovery date, with approximately one million daily requests averaging 2,862 bytes per request – metrics consistent with a moderately successful website operation.
The dataset contained 185,000 unique IP addresses, significantly exceeding Leakzone’s registered user base of 109,000 members, indicating widespread use of anonymization techniques.
Approximately 5% of requests originated from public proxy servers, identified through database fields marking “is_proxy” and “proxy_type” values of “PUB,” accounting for 1,375,599 records across 3,983 IP addresses.
Further analysis revealed a heavy concentration of traffic through VPN services, particularly three IP addresses operated by Cogent Communications that collectively generated around 600,000 records.
The traffic distribution exhibited characteristics of a truncated normal distribution, suggesting coordinated VPN usage rather than organic user activity.
The geographic distribution of IP addresses reflected global internet infrastructure patterns, notably excluding direct Chinese traffic, which researchers attributed to mandatory proxy routing.
Cloud service providers, including Amazon, Microsoft, and Google, featured prominently among the traffic sources, while 39% of IP addresses appeared only once in the logs – likely representing unprotected users connecting without VPN services.
This incident underscores the fragility of digital anonymity, as highlighted by recent law enforcement successes, including the arrest of XSS.is forum administrator.
The leak serves as a stark reminder that even sophisticated privacy measures can be compromised, exposing the digital identities of users engaged with underground cybercrime communities despite their technical countermeasures.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post Leak Zone Dark Web Forum Exposes 22 Million User Records, Including IPs and Locations appeared first on Cyber Security News.
LANSING, MI (WOWO) Governor Gretchen Whitmer has expanded Michigan’s state of emergency as severe weather…
LANSING, MI (WOWO) Advocates and lawmakers are urging Michigan Governor Gretchen Whitmer to grant clemency…
A proof-of-concept (PoC) exploit has been publicly released for a newly disclosed vulnerability in Microsoft’s…
INDIANAPOLIS, IND. (WOWO) State leaders in Indiana are supporting a major new investment aimed at…
The firing of Arthur T. Demoulas, the now-former Market Basket CEO popularly known as “Artie…
The firing of Arthur T. Demoulas, the now-former Market Basket CEO popularly known as “Artie…
This website uses cookies.