SOCRadar® Cyber Intelligence Inc. | Under the Spotlight: Most Popular Dark Web Marketplaces (DWMs)


Mar 11, 2021
11 Mins Read

Under the Spotlight: Most Popular Dark Web Marketplaces (DWMs)


The demand for malicious and illegal products, services, and data has hit new peaks across dark web marketplaces (DWMs), due to COVID19 and related global trends. The vendors on the marketplace mainly traded all kinds of drugs and sold counterfeit money, stolen or counterfeit credit card details, anonymous SIM cards, and malware.

Numbers about DWMs can give us a better understanding.[1] In DWMs;

  • almost 500 000 users;
  • more than 2 400 sellers;
  • over 320 000 transactions;
  • more than 4 650 Bitcoin and 12 800 Monero transferred.

SOCRadar scans these DWMs to find if your data is exposed on the internet. SOCRadar Labs will help you to create a free dark web report on your company’s data exposed on DWMs. Search to the area below and find out if your data has been exposed.

What are the characteristics of DWMs?

DWMs offer access to the shadow economy. They offer a variety of goods including drugs, firearms, credit cards, and fake IDs. The most popular currency on DWMs is Bitcoin, but other cryptocurrencies are accepted for payment as well. The first modern DWM was the Silk Road, launched in 2011 and shut down by the FBI in 2013.

Since then, dozens of more DWMs have sprung up and many have shut down due to police action, hacks, or scams. Today, DWMs form an ecosystem that has proven extremely resilient to law-enforcement. Whenever a DWM is shut down, users swiftly migrate to alternative active DWM, and the economic activity recovers within a matter of days.

What kind of information is on sale on DWMs?

Almost all kind of information can be easily obtained on the dark web including:

  • Payment card information: Stolen or skimmed credit card data (and the software to capture it) is a perennial bestseller.
  • Research data: Medical research including information about new drugs and therapies is a hot commodity, especially COVID-19 data.
  • Trade secrets and formulas: Proprietary manufacturing information is both popular and easy to sell.
  • Blueprints and security plans: From buildings to networks, all kinds of schematics and planning data is useful for bad actors.
  • Medical records: They’re especially popular for blackmail and spearfishing ammunition.
  • Financial records: This multipurpose data is desirable for money laundering, blackmail, spearfishing, and identity theft.
  • Intelligence reports: International espionage is a big market that’s high-danger but high-reward.
  • Government secrets: Investigations, communication, programs, budgets, documents, and more sell fast.

What are the most demanded cyber services/products on DWMs?

The most demanded cyber services/products on DWMs are…

  • DDoS-for-hire services
  • Exploit kits: Phishing, ransomware, and others.
  • RDP server access
  • Payment card data
  • Bank logs and routing information
  • Fullz (the slang term for full information)

What is the price range for the most demanded cyber services/products on DWMs?

DDoS service listings typically range from $20 to $100 per day based upon bandwidth and duration requirements. And go higher to meet more specific requirements.

Figure 1 – 2020 Pricing (USD): DDoS-for-hire services[2]

Exploit kits are automated attack tools that first compromise websites, and then exploit vulnerable browsers of site visitors in order to spread malware or carry out other attacks. Demands for exploit kits increased dramatically.

Figure 2 – 2020 Pricing (USD): Exploit Kits for phishing, ransomware, and others.[3]

RDP is also one of the attackers’ favorites to exploit. Cybercriminals use RDP access to execute a range of attacks, including account takeover attacks (ATOs), carding, payment fraud, and hiding in plain sight.

Figure 3 – 2020 Pricing (USD): RDP server access[4]

Pricing for payment card data varies greatly and is influenced by a number of factors. This includes characteristics like freshness (i.e., how recently the data was sourced), country of origin, availability of track 1 and track 2 magnetic strip data and expiration date. Dumps are more expensive because they include track 1 and track 2 information and can be used for a wider variety of fraudulent activities.

Figure 4 – 2020 Pricing (USD): Payment card data

The price of bank accounts on DWMs are most significantly determined by the amount of its available balance as well as the financial institution from which it originates.

Figure 5 – 2020 Pricing (in USD): Bank logs and routing numbers[5]

The typical range stretches from $4 to $10. Fullz that include the victims’ financial information are more expensive, as they enable additional types of fraud schemes. Some vendors organize their fullz listings by credit scores; those with higher credit scores are priced higher.

Figure 6 – 2020 Pricing (USD): Most popular “Fullz” packages[6]

How does trade work on DWMs?

Similar to other internet markets, such as Amazon, eBay, or Craigslist, dark markets exist in which traders sell their goods and get ratings. Normally suppliers are responsible for distribution. In general, transactions flow from buyers to the dark market place which, after buyers have confirmed reception of the products, then sends money to sellers. Clients will leave feedback that add to the credibility of sellers.

What are the popular and active DWMs?

Deep Sea Market

Deep Sea Market is a marketplace founded by long-time veteran members of the dark web scene. They’ve built this Market with an aggressive look and user-friendly design. Coding it from scratch with a very secure, stable, and scalable language that allows for the best security and user experience.

Some features of the Deep Sea Market are clean, well-organized interface. Robust escrow system. Strong security features like 2FA/PGP (mandatory for vendors) and PGP encrypted messages between vendors/buyers and staff members. Anti-phishing displays secret phrases. Strong Anti-Flood Protection and Auto-Deploy system for mirrors to give 100% uptime.

Scalable and user-friendly forums. Feedback, trust score, and vendor level systems derived and optimized from AlphaBay and other old marketplaces. Featured Products with an auction system to allow anyone to promote their products on Deep Sea Market’s homepage. No vendor fees for the first months. Fast support tickets processing and dispute resolution. State-of-the-art hot/cold wallet system with funds isolation and much more.



Market for cannabis products only, By this it wants to distance this marketplace explicitly from illegal and highly dangerous class A drugs. For non-US buyers and sellers. US buyers are discouraged to join to avoid any heat from u.s law enforcement agencies.

White House Market

White House Market is a secure darknet market built from scratch. It is a privacy centric market with enforced PGP requirements. WHM is one of the few dark web marketplaces that accept monero as their only form of payment. It operates both on tor and i2p networks.

It is owned by a market spammers gang which is behind multiple exit scams within the recent years. Caution is advised.

The Magestic Garden

Forum for Psychedelics. No fees are charged, totally runs on donations. No wallets, supports P2P transactions only.

Monopoly Market

Monopoly Market is a wallet less, userless market with main focus on drugs. It accepts monero only. Monopoly is the only dark web marketplace that aims to reduce exit scams by allowing only experienced vendors to sell on their platform. They are a true walletless market which means you make the payment directly to the vendor. It is a small, very secure and trusted market.


Dark0de offers all new and never before seen market categories combined with a high quality design.

It has on board BTC and XMR wallets as well as supports MultiSig payments. Dark0de also features a coin mixer and coin exchange + Dead Drop functionalities. The market supports English & Russian and more languages will be added soon. This makes Dark0de the most complete dark web market.

World Market

It is a dark web marketplace that is run by a modern and skilled team. World market is a darknet market that is self coded by its developers with top notch security. World market has strong anti-DDoS protection, is user friendly, and easy to navigate.

Some market features: Auto shops (with a CC Checker) for fraud vendors, avoid making unnecessary listings, just upload your batch and see the money coming. First market offering btc to xmr exchange that completely defeats the risk of using Bitcoin. Currencies are automatically converted at the current average of worldwide exchange rates. Featured escrow market platform, buyers fund is protected.

Functionality of the site matches what users expect. For vendors, import your stats from other markets and show them on your profile. 100% Javascript-free Stay safe with us, we don’t even use it. Sellers have a full product and order management system. Easy to use messaging system with conversations. Search based on geographic location, like country or continent, keywords, price, etc.

Dark Fox Market

It is a new innovative dark web market. It consists of the latest security features combined with a beautiful frontend design. It is a wallet based market with support available. Dark fox is the only darknet market that currently has a credit card auto shop.

Big Blue Market

It is a new feature rich market created with security and customer satisfaction in mind. Unlike other markets big blue support staff is online 24/7 with an average response time of no more than 15 minutes which is remarkable. A robust Anti-Phishing system is in place for optimum security. The user interface gives the feel of alphabay with a modern touch. We believe Big Blue Market has the potential to be the next big thing.

Asean Market

It was established in January and became online in March 2020. User’s Safety and good opsec is always their first priority. Asean Market is built from scratch by experienced developers that’s why the market is free of flaws. The admins aim of creating a long-term marketplace with nice features that will become the next top marketplace in the darknet.

Market is built with top notch securityand performance, well known as the most stable market platform. Proud to be first to introduce DeadDrop and with Maps feature. Offering the best user experience and advanced safety feature for deaddrop marketplace.

How dangerous are DWMs really?

The data that is on sale on DWMs could be really dangerous and harmful for the organizations and individuals. The statistics, below, can give an idea how serious DWMs are;

  • 60% of the information available on the dark web could potentially harm enterprises.
  • Hackers attack every 39 seconds, on average 2,244 times a day.
  • A ransomware attack will take place every 11 seconds by 2021.
  • Dark web activity has increased by 300% in the last 3 years.
  • The estimated annual revenue generated by cybercrime in 2019 was $1.5 trillion.
  • More than 2 million active users connect to the dark web through the TOR browser every day.
  • TOR’s bandwidth capacity has increased from around 50 gigabits per second (in 2014) to approximately 300 gigabits per second (in 2018).
  • The total value of bitcoin transacted on the dark web jumped by 65% in 2019.

Is it possible to monitor the deep and dark web to stay safe?

With the help of SOCRadar, yes it is. SOCRadar provides a thorough Dark & Deep Web Monitoring solution that enables organizations to identify and mitigate threats across the surface, deep, and dark web. Using our unparalleled reconnaissance capacities and threat analysis, we deliver actionable intelligence to help you proactively secure your organization.

The fusion of automated external cyber intelligence with a dedicated analyst team enables SOC teams to take control of the outer world beyond their perimeters. Get proactive against a variety of malicious activities. Continuously monitor the common forums with many sub-forums split into different categories which are well-divided for trading of a broad variety of malicious activities such as botnets, malware, data dumps, exploits, hacking as-a-service, remote access and PII trading.

Discover SOCRadar® Free Edition of Extended Threat Intelligence

With SOCRadar® Free Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets. Plus, a 1-week Professional License!