Knowledge base
THE DARK WEB HUB
A resource to gain knowledge and insights into the dark web.
The Dark Web Hub equips law enforcement, enterprises, MSSPs, and researchers with essential knowledge to navigate dark web threats. Our continuously updated content provides in-depth insights into marketplaces, ransomware actors, and hacking forums, helping you stay informed and proactively address challenges to safeguard your organisation or community.
Areas of the Dark Web
What are Autoshop Marketplaces
Autoshops are a particular type of dark web marketplace that specialize in the sale of digital products - such as financial data, login credentials, remote access, and cookies. They differ from escrow marketplaces in that the transaction is automated (hence the name), meaning that there is little to no contact with the seller. This means they typically have a high turnover of listings, sometimes into the millions.
What are Escrow Marketplaces
Dark web marketplaces offer mostly illegal products and services in exchange for payment. In this section we focus on escrow marketplaces, where anyone with enough cash to pay the “vendor bond” can sign up and start selling. Imagine the dark web equivalents of Amazon or eBay, except with less reputable products and payments typically made in cryptocurrencies.
What are Hacking Forums
Dark web forums are very similar to their clear web counterparts in almost every way, except for the content they discuss. Indeed, some began life on the clear web before migrating to the dark web to evade surveillance or censorship. Forums cover the breadth of criminal activity but these examples show there is a particularly thriving community of cybercriminals sharing information, tutorials, access, and exploits.
What are Ransomware Leak Sites
Ransomware leak sites are publicity sites where ransomware groups share the details of their latest victims. However, they also play an important role in how these groups orchestrate and monetize their attacks. These sites provide the ransomware operators with a platform to accept payments from the victims, a space to shame them and apply pressure, and somewhere to leak their data if they don't pay.
Autoshop Marketplaces
Search A to Z
All
2easy [offline]
Active since March 2020
Clear web
2Easy specializes in the sale of “logs” - data that is stored in the web browser, such as site credentials, cookies, and autofill form data - which can be used to digitally impersonate an individual. 2Easy went offline in May 2024 after an unsuccessful attempt to sell the platform.
Learn MoreBahira
Active since March 2022
Dark web and clear web
Bahira has generated buzz in both Russian and English-speaking dark web spaces and boasts the sale of both card details and dumps (the information encoded onto a card's magnetic stripe and used to make physical clones).
Learn MoreBidenCash [offline]
Active since February 2022
Dark web and clear web
BidenCash specializes in the sale of payment card data. In spite of the use of his name and image, it is highly unlikely to be associated with the President of the United States.
Learn MoreBlackOps
Active since September 2024
BlackOps launched in September 2024. Its product offerings are fairly standard, though one quirk is that the number of digital products for sale exceeds its drug-related listings.
Learn MoreBlackPass
Active since May 2017
Dark web and clean web
BlackPass specializes in stolen login details needed to hijack e-commerce accounts rather than card details. Some accounts have PII associated with them such as the victim’s name, country, ZIP code, and phone number.
Learn MoreBriansClub
Active since 2014
Dark web and clear web
With earliest estimates placing its inception at 2014, BriansClub is the oldest autoshop on this list and sells a range of fraud products, including CVVs, fullz (card details packaged with additional cardholder information such as date of birth and social security number), and dumps.
Learn MoreDragonForce
Active since November 2022
DragonForce emerged in late 2023, and since then has repeatedly proved itself as a force to reckoned with. Originally a hacktivist operation, DragonForce pivoted to a RaaS model and has since innovated on the concept.
Learn MoreGenesis [offline]
Active since April 2017 (seized April 2023)
Dark web and clear web
On April 5 2023, the Genesis market was seized as part of the international law enforcement crackdown dubbed “Operation Cookie Monster". The site had specialized in the sale of “browser fingerprints”.
Learn MoreKerberos
Active since September 2022
Kerberos is a dark web market that began operation in 2022 and maintains a substantial userbase of vendors and customers, predominantly trading in drugs and stolen logins.
Learn MorePatrickStash
Active since March 2022
Dark web and clear web
PatrickStash has two categories, Cards and Cards NoVBV (short for Verified By Visa). The site's forum representative is very active in advertising the shop, touting automatic refunds, live statistics, and sellers in a range of countries as their USPs.
Learn MorePutinCash [offline]
Active since November 2023
Clear web
No doubt inspired by its predecessors TrumpsDumps and BidenCash, PutinCash was another carding shop named after a world leader. A clear web-only site, PutinCash offered credit card details and dumps (with or without the associated PIN).
Learn MoreRussianMarket
Active since February 2019
Dark web and clear web
RussianMarket specializes in the sale of “logs”, CVVs, dumps and RDP access. Unsurprisingly, it is suspected to be of Russian origin.
Learn MoreTorzon
Active since September 2022
Torzon launched in September 2022, its primary offerings are standard: drugs, fraud, counterfeits and digital products.
Learn More