Q3 2025: Product Updates and Highlights

October 23, 2025

As we wrap up Q3, we’re excited to share a major expansion to our investigative capabilities within Vision UI—introducing a powerful new module designed specifically for darknet marketplace research. This release reflects our continued commitment to delivering actionable intelligence with precision and depth. 

Enhanced Marketplace Research

DarkOwl has made substantial updates to the way we capture and store data collected from product listings on darknet marketplaces. Darknet marketplace listings now include up to 26 content fields—including listing titles, categories, vendors, shipping information, prices and payment options, reviews, refund policies, and many more. Access our full listing collection through our new Markets module in Vision UI, or Markets endpoint options in Vision API.  

Figure 1: An example of a market listing collected from Abacus market, prior to its shutdown in July 2025

Aggregated Result Set Summaries 

Search by product name, vendor, or even a market name—and see aggregated information and visualizations about your result set. This view provides: 

  • A timeline of new listings 
  • A map of Shipping Sources by volume 
  • Metrics of total and top markets  
  • Metrics of total and top vendors
Figure 2: Aggregated information for a product search ‘Xanax’. 

Additional Features in our Markets module 

  • Specialized search operators/filters: Search listings by Keyword, Vendor, Market, Category, Price, or other market-specific option. 
  • Additional date options: Search listings or sort results by when the listing was First Seen or Last Changed on the market. 
Figure 3: The Markets module provides customized searching and retrieval for product listings. Listings are also available in the All Sources general search, which provides a uniform experience across all data types within DarkOwl Vision. 
Figure 4: Additional filtering options in this module include Price, Shipping Source, and Shipping Destination.

Marketplace Research in Vision API 

We’ve launched three new endpoints for programmatic access to our enhanced darknet marketplace data. These endpoints provide optimized searching, filtering, and formatting specific to market listing content: 

  • The Markets Search endpoint for an optimized experience and market-specific parameters. 
  • The Markets Summary endpoint provides aggregate information about your search result set. 
  • The Listing Detail endpoint retrieves all information from a single market listing. 

You can continue to find market listing results using our Search API endpoint, which have been enhanced with vendor, price, shipping information, as well as a reference to pull the full listing content from the Listing Detail endpoint if desired. 

Other Vision UI Updates 

We’ve made several search experience upgrades, which streamline and improve search workflows in Vision UI

  • Source Domains Filter: The input field has been redesigned for a cleaner, more intuitive experience, making it easier to include or exclude source domains in your searches. 
  • Chat Channel Filters: Our chat filters now support exclusion, allowing you to refine result sets by removing specific channels. 
  • Search Block Expansion: Chat types are now available as search block types—ideal for monitoring high-interest sources. 
Figure 5: The new Source Domains filter provides easier ways to filter to or exclude specific domain sources. 

Leaks of Interest Collected

When your search results are from data leaks, users can review additional information curated by DarkOwl analysts, giving you enrichment on the data leak. The descriptions below are all available in our Leak Explore UI feature, or Leak Context API endpoint. 

USA fullz info cc x200

A post on LeakBase, a hacking forum, on January 28, 2025, linked to the file: ggjtv.txt. According to the post, there are 200 lines of full USA credit cards. Data exposed includes names, email addresses, CVV, physical addresses, expiration dates, dates of birth, Social Security Numbers, phone numbers, passwords, mobile numbers, and credit card numbers.

etsy.com

Data purported to be from Etsy was posted on BreachForums, a hacking forum, on December 5, 2024. According to the post, the leak consists of 3,600 rows of data, containing 3,535 unique Social Security numbers, 1,915 email addresses, and 32 email domains. Data exposed includes customer information, email addresses, physical addresses, genders, dates of birth, SSNs, phone numbers, mobile numbers, user identification number (UID), company names, and product data. The threat actor noted the leak contained additional files of parsed and deduplicated SSN, emails and email domains from the raw leak data, noting the files that contained emails and email domains had free email services removed from them. While the victim data is listed as Etsy, the post indicates the company exploited by the MOVEit vulnerability was Delta Dental.

3.9M Allianz Life 2025.19.08 Sample

Data purported to be from Allianze Life, obtained via Salesforce, was posted on scattered lapsus$ hunters, a Telegram channel, on August 19, 2025. According to the post, the leaked data include Salesforce’s “Accounts” and “Contacts” tables and contains a total of 3.9 million sensitive records, though only 2.8 million were publicly posted. Data exposed includes customer and partner data, names, addresses, dates of birth, and professional information. The Threat Actor indicated that the full leaked database was posted for sale for $10,000 US, with a final sale of $9,000 for the complete database completed on August 21, 2025 by Season via a BitCoin transaction. According to media reports, Allianz Life confirmed a third-party CRM platform was accessed by a threat actor on July 16, 2025. The Threat Actor group is a combination of Scattered Spider, ShinyHunters and Lapsus$. Telegram channels associated to the group are quickly banned, with backup channels being regularly created to repost content associated to their recent activities.

Serasa Experian 2.9 GB

Data purported to be from Serasa Experian was posted on LeakBase, a hacking forum, on September 10, 2022. According to the post, a hacker known as JBR initially posted the file that affected 223 million users. Data exposed includes names, genders, dates of birth, and CPF (Cadastro de Pessoas Físicas) numbers. The dataset includes static identifiers such as CPF numbers and dates of birth. Consequently, the age of the leak does not lessen the potential impact of the exposed data. A February 2023 post on BreachForums from a user named “TheBlob” explained that the original breach was carried out by a Brazilian hacker known as “JustBr” (or “JBR”), who initially advertised the data on the now-defunct forum, RaidForums. The complete database was reportedly sold for $30,000, while portions, which consisted of 40 parts, were available for $755 each.

Curious how these features and data can make your job easier? Get in touch!

Explore the Products

Button Product Vision
Vision UI ›
Button Product Search
Search API ›
Button Product Entity
Entity API ›
Button Product Score
DarkSonar API ›
Button Product Score
Score API ›
Button Ransomware API
Ransomware API ›
Button Product Datafeeds
Datafeeds ›

See why DarkOwl is the Leader in Darknet Data

Get a Demo
Get a Demo

Products

Services

Use Cases

Company

Copyright © 2024 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.