Darknet 101: An Introduction to The Darkest Places Online


In my last blog, I talked a little about the general principles of the cyberattack marketplace.  Today, we will take a closer look at the Darknet. There is so much talk these days about the Darknet. It’s the stuff of crime novels – a hotbed of criminal activity where anything can be bought and sold.

While that is true, the Darknet also provides an anonymizing layer to journalists and activists around the world who fight for the freedom of information and privacy. It is often a place where they can securely and anonymously communicate with their contacts.

But first, what exactly is the Darknet?

  • Darknet – A Darknet is an overlay network that can only be accessed with specific software, configurations, or authorization, often using non-standard communications protocols and ports.
  • Dark web – The Dark web is content that exists on Darknet, overlay networks which use the public Internet but which require specific software, configurations or authorization to access.
  • Deep web – The Deep web is parts of the World Wide Web whose contents are not indexed by standard search engines for any reason.
  • Clearnet – The Clearnet is a term typically referring to the unencrypted, or non-darknet. This traditional world wide web has relatively low-base anonymity, with most websites routinely identifying users by their IP address.

To be clear, the Darknet is a dangerous place where illicit or underground activities are conducted and can be found if you look for them. One of the most predominant features found on the Darknet are the digital marketplaces where different types of goods and digital items are bought and sold mainly for bitcoin and other cryptocurrencies. Today we see a number of growing marketplaces found on both the Clearnet and the Darknet. These sites sell almost anything you can think of and are often a one stop shop for would be criminals.

Items found in the marketplace include:

  • Software/Malware
  • Security/Hosting
  • Counterfeit
  • Drugs
  • Guns

Figure: 24 Hour DDoS service

Figure: DoS 0-day exploit for Telegram

[You might also like: Cyber Attack Market Place]

How do I get there from here?

People often think that accessing the Darknet is a technical and complicated task. In reality accessing the Darknet has become very user friendly over the last several years. Both I2P and Tor offer great documentation for novice users and there are plenty on forums and tutorials out there to help educate those that want to learn more about the networks. The only part of the Darknet that actually requires a membership or invitation to join are certain marketplaces that want to control who can see and access the services that they are offering.

When accessing the Darknet you have many options to choose from. Two options include Tor, The Onion Router, and I2P, the Invisible Internet Project. Each has their own advantage and disadvantages and selection for use should be based on the user’s intentions.

Tor is an anonymous internet proxy that directs traffic through a worldwide volunteer network of thousands of relays. Tor wraps messages in encrypted layers and sends them through a bi-directional circuit of relays through the Tor network.  Tor also provides a central directory to manage the view of the network.

The Tor Project offers entry-level documentation for its new users and is easy to use. Tor over the years has become very popular with the common user. The Tor Browser Bundle made connecting to Tor very simple for the average user. Tor has received a large amount of academic review over the years and is a very well-funded project. One issue that still remains with Tor is the trust of exit nodes. Attackers can set up malicious exit nodes or spy on the traffic coming out of the network. The best use for Tor is for anonymous out proxing to the internet.

I2p is an anonymous peer-to-peer network overlay that focuses on internal services. It allows users to send data between computers running I2P with end-to-end encryption. I2P uses unidirectional tunnels and layered encryption versus Tor bi-directional tunnels.

I2P is not a very well-known service in comparison to Tor. It has received limited academic review but contains great documentation for all of its users. One issue regarding I2P is the limited number of out proxies to the internet. The best use for i2P is for peer-to-peer file sharing.

Accessing some of these market places on the Darknet can be a challenge if you do not know what you are looking for. Many times you can find lists of hidden services or .onion links on Clearnet sites like Reddit and DeepDotWeb. TheHiddenWiki.org is also a great place to start looking for hidden services and marketplaces along with DNstats.net. DNstats provides updated information about the current status of certain marketplaces along with news about new sites as they become available.

Darknet Marketplaces Include:

  • AlphaBay
  • Valhalla
  • Dream
  • Hansa
  • The Real Deal
  • DHL
  • Outlaw

Figure: DNstats, a Darknet status page

[You might also like: 5 Ways Hackers Market Their Services]

There are also a few search engines to help you find what you are looking for on the Darknet. Two popular Darknet search engines are Grams, http://grams7enufi7jmdl.onion/, a Google looking knockoff and Torch, http://xmh57jrzrnw6insl.onion/. Both of these sites will allow you to search for content in the marketplaces and other hidden services found on the Darknet.

Exploring the Dark Markets:

These markets are not exactly special or unique but they have grown in popularity following the Silk Roads take down. Some markets can also be found on both the Darknet and the Clearnet. Sites like 0day today, hack forums, TorCrds, Hell and others sell similar items found on the Darknet and they almost always deal in bitcoin as well. You can also normally find some of the same services available on the Darknet on a number of hacker forums as well.

Hacker Forums

  • V3rmillion
  • Raid Forums
  • GreySec
  • RealForums
  • Evilzone

Figure: Torcrds.cc, a website selling stolen credit cards on the Clearnet

Figure: HackForums users selling SSDP NTP and DNS list for amplified attacks

Most vendors usually deal in Bitcoin or other types of cryptocurrencies. On many of the sites the vendors have to pay some form of a bond to be allowed to sell items or services on the site. These bonds can cost anywhere between .1 to 1 BTC. Some of these sites are also closed to the public and require a referral to join the marketplace.

Some of the newest marketplaces this year include LEO Market, TheDetoxMarket and Apple Market. Last year there were around a dozen new sites that popped up. Some of these sites do not last long on the Darknet as they are often hacked or taken offline by their competition. The growth of the attack marketplace and the utilization of an anonymizing network like the Darknet will continue to grow over the next several years as the entry level for hackers keeps lowering.

In the next blog I will be talking about what an attacker can purchase on the underground marketplaces and what the going rate is for things like DDoS, Ransomware and more. We will be looking at some of the tools and services that are available for potential attackers along with how transactions work in the marketplace.


Download Radware’s DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.

Download Now


  1. I don’t get it…
    Nowadays we can buy almost “everything” online without having to do and buy extra software to have access to illegal things… Why will I buy guns through there is I can easily go to a gunshop a buy it myself… Drugs? No thank you I have enough with my coffee and my Coca Cola…

    • Cause the people buyin the guns and drugs usually cant walk into the local gun store and purchase them for themselves because they are often criminals with records etc duh.

  2. Carmen ..
    Sadly the point of the darknet is to illegally purchase items and to purchase people. People do not go to the darknet for anything legal really. Its sad… but mostly true.

    • That is so untrue its funny. Have you even explored the darknet to justify such a comment? Cause had to evven tried to you would see a world that is full of normal people who prefer to do their work or whatever in private. If it wasnt for darknet and the tor browser how do you think people like Edward Snowden could communicate and get their info out to the public. There is a lot more down there than just a bunch of idiots who are only doing their ‘dirty work’ using the tor network etc. geez.

  3. I praise your efforts to bring light to this very real issue and even though I have a extensive technological background I haven’t been up to date on this very topic. Now, my question is. If you talk to the people from TOR or I2P, I believe American companies, would they agree that the main reason for the dark-net will be to engage on illegal activities?, I guess not. But, maybe better question would be why not unifying efforts without damaging the freedom of the dark-net to find solutions to the major criminal activities.

  4. I believe everything posted made a lot of sense.
    But, what about this? suppose you were to write a killer headline?
    I ain’t suggesting your content is not solid., however what if you added something that makes people want
    more? I mean Darknet 101: An Introduction to The
    Darkest Places Online | Radware Blog is kinda plain. You
    should glance at Yahoo’s front page and note how they create post titles to grab viewers to open the links.
    You might add a related video or a pic or two to grab readers
    excited about what you’ve written. Just my opinion, it would bring your posts a little livelier.

  5. We supply only original high-quality counterfeit banknotes to all countries worldwide. We print and sell perfect Grade A counterfeit banknotes of $100 bills only. Our money is perfectly reproduced with all security features available and we assure you everything is safe and indistinguishable to the human eye and touch.

    Our Prices are:

    $2000 for $200
    $5000 for $500
    $10000 for $1000
    $50000 for $5000
    $100000 for $10000

    Contact Us via our Vendor ID to place an order

    ★KIK★ : Billzman

    ★Wickr★ : Billzman

    Email: Billsman@protonmail.com


Please enter your comment!
Please enter your name here