DeepWeb Project

The Internet that we see and have access to through search engines like Google is only a small part that is connected to the Internet.
Every Internet user is a part of the Internet, whether it is the Internet at home, at work, via a mobile phone, etc.

DeepWeb is a term that describes the network of all Internet users, not just the servers that provide a service and whose services can be found on a browser.

But don’t confuse the term DeepWeb with DarkWeb. DarkWeb is something else. DarkWeb is part of DeepWeb, as is the indexed Internet part of DeepWeb. DarkWeb is tied to not-so-legal communications on the big Internet. More on that some other time.

To research DeepWeb, I developed a project that scans and displays some information about Internet users in Serbia. This project aims to investigate the potential security threat posed by the Internet-of-things and the current poor security practices of network equipment manufacturers. The project retrieves the HTTPS certificate from the IP addresses assigned to Serbia (Serbian providers) and displays the certificate’s information. In this way, the type of device available via the HTTPS service can be identified.

2023869 IP addresses were scanned and assigned to Serbian ISPs in 16 minutes.
At 11392 IP address, HTTPS service and some kind of certificate were found.
Of these, 3115 (27%) IP addresses are certified with “.rs” and are probably used for server and service authentication (HTTPS site).

Other addresses are probably user computer systems.
4447 (39%) of these addresses use private IP addresses within the certificate
3007 (26%) devices are UBNT devices, and their MAC address can be seen from the certificate
314 (2.7%) are QNAP NAS storage
52 (0.4%) are Synology NAS storage
431 (3.7%) have the word “local” in their certificate
313 (2.7%) are DAHUA video surveillance
708 (6.2%) have in their name the words “Self-Signed”
623 (5.4%) have the word “OID” in their name (ObjectID for remote monitoring)
87 (0.7%) are Cisco devices
17 (0.1%) are DLink devices
44 (0.3%) are TPlink devices
94 (0.8%) are Huawei devices
38 (0.3%) are Asus devices
266 (2.3%) are personal Apple iOS devices
24 (0.2%) are personal Windows PC devices
74 (0.6%) are VMWare ESX servers
55 (0.5%) are Fortinet firewalls
25 (0.2%) are devices with “cam” in the name
693 (6%) certificates have the default country of China in the certificate (probably other default settings)

You can see an overview of certificates obtained through the DeepWeb project at the link:

*Notes *
Display limited to 10 records.
The use of information and data from this project is allowed with the obligatory citation of the source (Petar Bojovic – Paxy).