Kilos: once there was Grams

Kilos: once there was Grams

Mister Serious
by Mister Serious
March 11, 2020

We constantly hear about the Dark Web and the dangers that can be found there. In fact, we can say that it is not such a frightening place, but only an environment where it is difficult to orientate. With a little experience, however, it is easy to find useful services and portals to stay updated and know how to move.

A bit of history...

Everyone, for better or worse, remembers Grams: it was a search engine designed to simultaneously consult the offers of narcotic substances present in different dark web markets. Obviously the service was not only useful to criminals, but also to investigators. In fact, by looking for a seller's nickname, it was possible to quickly check on which market he was active and get an idea of its turnover. Furthermore, since many sellers used to use slightly different nicknames for the various markets they registered on, it was also possible to perform searches based on the PGP public key. In this way it was also possible to link different nicknames to a single seller.

Grams search

In 2017, after the closure of several dark web markets, the Grams platform also announced its intention to close its doors. Today, to fill the void left by Grams, Kilos was born, a new search engine whose name clearly wants to pay homage to its predecessor. Once connected to the TOR network, you can visit it at the http://dnmugu4755642434.onion/ address.

How is it made?

Once we have started our browser connected to the TOR network and after typing the address of Kilos, we have to pass a (very complicated) captcha to find the following search mask.

Kilos search mask

We will immediately notice that searches are carried out on a large number of indexed contents, coming from different sources. Wanting to filter the results by single Market, we can see which are the five markets from which the platform takes information. Among these there is the Samsara market which seems to have recently stopped working.

Market list

In addition to the filter on the markets in which to carry out the search, we can select the results based on the price of the advertisements, the types of virtual currency accepted by the sellers, the country of origin of the shipments and the destinations to which the seller is willing to send the " goods".

Other useful information

Continuing the examination of the initial page of Kilos, at the bottom we can see some useful information, including the contact details of the administrator and a sort of changelog.

Kilos recent news

In addition to the administrator's email address, we can view his public PGP key. By importing it into our PGP key manager (Kleopatra, Enigmail, etc.) or by consulting one of the many public key servers, we can also assume the date of creation of the PGP key. We must remember that the timestamp is related to the loading of the key on the key server and not to its creation. However, creation and loading are operations that are generally performed at the same time.

Kilos PGP key

Test drive!

Now let's get to the most interesting part, let's test the search engine. We could start with a generic search for drugs. We can use, for example, the keywords "peruvian cocaine".

First search

In no time (2.83 seconds) we got a list of 325 ads. By clicking on the title of every ad, we can visit a more detailed tab on the advert and the related seller and get a link to connect directly to the corresponding page on the indicated market. There are also other links on which you can click. The first "BTC" shows a short summary sheet on the virtual currency where we can see the trend of its price in dollars and a statistic on the percentage of sellers who accept it.

We can then click on the seller's nickname. In doing so we will see a summary sheet in which they are present:

  • market on which the seller is active;
  • the latest feedbacks received by the seller;
  • links to pages where his nickname is mentioned;
  • the seller's PGP public key;
  • the "bio" that the seller indicates on the markets where he is active.

Seller mentions

Finally there is a link to the market from which the displayed ad was taken. Next to the market name there is a status indicator that tells us if the market is reachable at that particular moment. In our case, the indicator is red and indicates that the Apollon market is not active at that time.

By clicking on the market name we can obtain a further report, containing several useful information:

  • onion address of the market;
  • uptime of the market market (time in which the market is reachable compared to the total time);
  • total of registered sellers;
  • total of inserted ads;
  • counting of feedbacks issued by users;
  • link to web pages where the market is mentioned.

Market report

Other uses

Reasoning as investigators and not as criminals, such a service is undoubtedly very useful: it allows us to find a large amount of information in an organized manner in a very short time. For example, we can use the service to search not on a specific type of goods, but on a single seller. In doing so, if the seller is among those listed, we will see all his sales announcements listed. Let's try to find the keyword "instantgram", one of the biggest sellers currently active.

user search test

In addition, by clicking on the seller's nickname to view his report, we can see that the URL is of the type

dnmugu4755642434.onion/vendor/INSTANTGRAM

So even without searching and waiting for page load times, we can quickly pack the URLs of vendor reports that may interest us.

It would have been fun if typing the URL without indicating the nickname, a list of all indexed nicknames had appeared, but unfortunately the administrator has not yet implemented this function or has already foreseen that this eventuality would have been more convenient for investigators than for buyers.

error page

Useful advice

We briefly saw the functioning of a research tool created for dark web markets. Clearly there is much more that could be done to fully test its potential, depending on the needs of specific cases. However, it is always good to keep in mind that any such service could disappear overnight. So it is always necessary to store the information that you may need.

Another aspect to always keep in mind is that these services are not managed by third parties or able to provide any type of certification to the results shown. Therefore, it is a good habit to always check the information obtained, and not to rely solely on the results of a single tool. For example, if the Kilos administrator was also a drug dealer, he could provide altered results to favor his ads over those of his competitors.

Finally, we must also consider that Kilos could keep track of the searches we made. In order not to reveal a greater attention towards a seller or a market, it is good to use the service without logging in and also perform some random searches in addition to those we need.
Tags:
dark web, Osint, marketplace
Mister Serious
Post by Mister Serious
March 11, 2020
Head of the AnuBitux project. Works as a cryptocurrency analyst and in the blockchain forensics field. In the free time he develops this distro and codes with Python.

Comments
s1UtDEcxjrbk-_zL1EEzk2-QmrXyxtEk6HdXTMFJPHj7S9Gx7l790wPr3xZKntF7FfTVCVT9NyyT4y_h--ekcwrQR64r3Ip-3hwFefaHGV-mU5fK8xDIhW07UVuNKeQGTA66Rc4InOFV3gb_ha6MY

OsintOps Telegram/WhatsApp Channels

Jump into our Telegram and WhatsApp Channels and Groups, on which we publish daily information and resources regarding OSINT

Telegram OsintOps Channel

Telegram Group ENG

Telegram Group ITA

WhatsApp OsintOps Channel