Autoshop Marketplaces

Knowledge Base

Autoshop Marketplaces

Autoshops are a particular type of dark web marketplace that specialize in the sale of digital products - such as financial data, login credentials, remote access, and cookies. They differ from escrow marketplaces in that the transaction is automated (hence the name), meaning that there is little to no contact with the seller. This means they typically have a high turnover of listings, sometimes into the millions.

Autoshop Marketplaces

2easy

2Easy specializes in the sale of “logs” - data that is stored in the web browser, such as site credentials, cookies, and autofill form data - which can be used to digitally impersonate an individual.

Active since March 2020

Clear web

Bahira

Bahira has generated buzz in both Russian and English-speaking dark web spaces and boasts the sale of both card details and dumps (the information encoded onto a card's magnetic stripe and used to make physical clones).

Active since March 2022

Dark web and clear web

BidenCash

BidenCash specializes in the sale of payment card data. In spite of the use of his name and image, it is highly unlikely to be associated with the President of the United States.

Active since February 2022

Dark web and clear web

BlackPass

BlackPass specializes in stolen login details needed to hijack e-commerce accounts rather than card details. Some accounts have PII associated with them such as the victim’s name, country, ZIP code, and phone number.

Active since May 2017

Dark web and clean web

BriansClub

With earliest estimates placing its inception at 2014, BriansClub is the oldest autoshop on this list and sells a range of fraud products, including CVVs, fullz (card details packaged with additional cardholder information such as date of birth and social security number), and dumps.

Active since 2014

Dark web and clear web

Genesis

On April 5 2023, the Genesis market was seized as part of the international law enforcement crackdown dubbed “Operation Cookie Monster". The site had specialized in the sale of “browser fingerprints”.

Active since April 2017 (seized April 2023)

Dark web and clear web

PatrickStash

PatrickStash has two categories, Cards and Cards NoVBV (short for Verified By Visa). The site's forum representative is very active in advertising the shop, touting automatic refunds, live statistics, and sellers in a range of countries as their USPs.

Active since March 2022

Dark web and clear web

PutinCash

No doubt inspired by its predecessors TrumpsDumps and BidenCash, PutinCash is another carding shop named after a world leader. A clear web-only site, PutinCash offers credit card details and dumps (with or without the associated PIN).

Active since November 2023

Clear web

RussianMarket

RussianMarket specializes in the sale of “logs”, CVVs, dumps and RDP access. Unsurprisingly, it is suspected to be of Russian origin.

Active since February 2019

Dark web and clear web