The darknet is home to a diverse group of users with complex lexicons that often overlap with the hacking, gaming, software development, law enforcement communities, and more. DarkOwl’s Glossary of Darknet Terms is a continually evolving resource that defines the common vernacular, slang terms, and acronyms that our analysts find in places like underground forums, instant messaging platforms (such as Telegram), as well as in information security research pertaining to the darknet.

All below definitions unless otherwise noted refer to their specific usage on the darknet and deep web communities.



Slang term for marijuana 


Account Takeover

Exploit technique that involves hijacking an account. Account can be a victim’s electronic mailbox, chat platform, social media, or financial account where fiscal funds are stolen.


Potentially malicious individuals or groups that carry out targeted attacks or campaigns, with motives ranging from political hacktivism to cybercrime. 

Address (crypto)

A string of letters and numbers that together constitute a digital location by which cryptocurrency can be sent to and from. 


Individual in charge of the management and security of an organization’s network infrastructure and servers.


Acronym for Advanced Encryption Standard. One of many ciphers that the U.S. government uses to protect classified information. 


Business partner likely receiving a cut of proceeds in cooperation with the distribution or sale of illicit goods or services. Also referred to as PP (paid partners).

Affiliate Model

Underground business model in which a user buys a service from an actor and gives them a portion of the proceeds.


Acronym for Away From Keyboard. This is typically used in online gaming to indicate that somebody is inactive.


Slang term for aggressive or aggression. Can be used to describe how a person is behaving.  


A screen name meant to conceal the user’s identity that typically does not have any ties to the user’s real identity. Also referred to as pseudo and moniker.


Acronym for advanced persistant threat; Attack campaign where an intruder gains unauthorized access to a network and evades detection for delayed attack or espionage.


Acronym for Anti-Money Laundering.


Casual term which referes to any dark web user whose identity is unknown or “anonymous”.


A decentralized hacker collective whose members engage in hacktivism or geopolitically motivated campaings to oppose internet and government censorship.


Online 3rd party file data repository that allows users to upload and download files shared by others.


Acronym for affilitate partner; (also known as PP); Business partnership in which a ransomware (or malware) developer leases out their software to their affiliates in return for a percentage of the profits.


Acronym for Application Programming Interface. It allows two applications to talk to each other. 


The process of verifying the claimed identity of a user using digital credentials, keys, or social engineering.


Acronym for anti-virus. Software application that is designed to detect malicious programs. 


Acronym for “All your base” short for “All your base are belong to us” used in gaming.



Entry points to a system or piece of software. Backdoors can be built into code as an additional legitimate access point, but are also often planted by bad actors as a means of malicious exploitation. 

Bait & Switching

Tactic used by vendors (sellers) on the darknet where the goal is to attract customers by advertising a cheap product which may or may not exist, and then persuade them to buy a more expensive one.

Bank drops

Bank accounts where cyber criminals and fraudsters turn their hacked bank credentials into cash. Used by carding enthusiasts to exploit compromised account information through quiet bank transfers via money mules. 


Acronym for Bank Identification Numbers (also referred to as Issuer Identification Number (IINs)). These are a critical part of carding and fraud.


A shared ledger that facilitates the process of recording monetary and other asset digital transactions.


Slang term meaning incredibly awesome; great; “winning”. Can also be used as an insult to show that you don’t have respect for someone.


An army of compromised computers or internet of things (IoT) devices that collectively utilized for a malicious purpose.


An intentional attack on a network, usually targeting organizations or corporations. The information that comes from a breach can be the same or similar as what comes from a Leak, but the method of obtaining said data is by direct attack instead of undisclosed vulnerability.


A type of network device used to connect to OSI level 2 networks, often used in local area networks. In Tor, bridge relay nodes are like ordinary Tor relays, are also run by volunteers, but not listed publicly.

Brute force

An attack that involves trying to identify all possible combinations (usually passwords) to find a match of the credential via trial and error until entry is gained.


Slang term meant to be an insult that is most commonly used on imageboards (such as 4chan) to insinuate that their post is random or nonsensical. 


Acronym for bitcoin.


A device that is disposable and untraceable. These can be used to adopt another identity or access information that could harm or compromise the device.



Acronym for “command and control.” In cyber operations, C2 may be the persons leading an operation or a set of software applications that provide access to a botnet.


Coordinated cyber operations to achieve a specific outcome. 


A segment of the darknet involved in fraudulent financial cybercrime using credit card data. Often entails the illegal use of a credit card by an unauthorized person to purchase a product, good, or service. 


A deep web discussion style forum with anonymous users. Forum features ‘images’ with posts and known for fast-based, politically charged discussions.


Slang term for “Money.” Real cheese used to be handed out by the government for welfare. Fraudsters use the word in the phrase “cheese on deck” to mean, money is coming.


Cipher is the systems for encrypting or decrypting data, usually in the form of a specific encryption algorithm. 


Information that has been encrypted or encoded and is unreadable without the proper cipher.


The “regular” internet (non-darknet), also referred to as the surface web.  


Information that is readable and is not and has not been encrypted.

Click fraud 

A type of fraud on the internet that involves luring a user to click on a misleading advertisement for other (typically unsavory) purposes. This is mostly found in SEO fraud which exploits models that pay the perpetrators per each click, resulting in illicit financial gain. 


Computer hardware or software that accesses a service hosted by a server as part of the client–server model of computer networks. 


A malicious SEO method that involves delivering a custom version of the website based on the website visitor. For example, if the visitor is a Googlebot, a form of the website landing page is served with more keywords to increase the sites search engine ranking. IP cloaking may also involve delivering adware via a website. 


A remote set of servers and data stores for storing content outside of local devices and networks.

Cold wallet/ Cold Storage

Devices or applications that store your private keys offline. These are considered one of the safest ways to secure digital currency.

Combo Lists 

A list of email addresses and password combinations that may be used in a brute force attempt or credential stuffing operations to gain unauthorized access to servers and services.

Comment spamming

Using the comments section to negatively impact the site and carry out a malicious agenda by using spam.

Consensus (crypto)

Is achieved when all participants of the network agree on the order and content of the blocks in the blockchain. 

Cookie (technology)

Text that is sent by a server to a web client, and returned by the client each time it uses that server. This technology is typically used for authentication of website users, session tracking, and also for maintaining information about the users.

Corporate Risk 

The probability that a corporation will experience a security incident using data readily available from open sources and the darknet and cause reputation and/or financial harm to the corporation.


Acronym for Credit Profile Number, Credit Protection Number, or Credit Privacy Number. A nine-digit number sold by fraudulent credit repair companies. 


Cracking involves bypassing software application licenses and authentication to use software without purchase. 

Crawler (technology)

Program or automated script that browses and collects data hosted on webservers.

Credential Stuffing

A common technique utilized by cybercriminals to test if historically exposed e-mail addresses and password combinations are valid logins across multiple commercial websites. 


Entities needed to verify and authenticate a user, in order for them to gain access to a tool, location, or account. Most simply email & password combination.


Acronym for child sexual abuse material; illicit content often found on the darknet.


Acronym for cyber threat actor.

Cyber insurance

A type of insurance designed to protect policy holders against cyber incidents including ransomware, DDoS attacks, or any other method used to compromise a network and sensitive data.

Cybersecurity Incident

An event leading to the unauthorized breach of a network, or leak of data from a network. These occurrences ultimately jeopardize the entire information system and/or the information that system keeps.


A concept that describes interconnected digital technology and is used to distinguish between the physical and digital world. It includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers. 



Acronym for a Decentralized Autonomous Organizations. DAOs are setup on decentralized networks and track shareholder activity via smart contracts or blockchain ledger entries. 


Also referred to as the “dark web.” A layer of the internet that cannot be accessed by traditional browsers, but requires anonymous proxy networks or infrastructure for access. Tor is the most common. 

Data lake

A centralized repository that allows you to store all your structured and unstructured data at any scale. 


Darknet slang for “Database”.


Acronym for Distributed Denial of Service Attack. A malicious attack on a network that is executed by flooding a server with useless network traffic, which exploits the limits of TCP/IP protocols and renders the network inaccessible.


A model based on the distribution of power or information rather than having one central authority. 

Deep Web

Online content that is not indexed by search engines, such as authentication required protected and paste sites and can be best described as any content with a surface web site that requires authentication.


Acronynm for Decentralized Finance. Peer-to-peer financial services based on secure ledgers on public blockchains. 


False or inaccurate information spread with malicious intent. A disinformation campaign is a psychological operation to manipulate a target’s perception regarding select topics using strategic methods to disseminate false and half-truths via various media platforms and mediums.


Short for Linux distribution. An operating system based on open-source software development. 


Acronym for Direct Message.


Acronym for Domain Name System. The translation of an IP address to a domain name. 


A string of text (typically the name of the website or organization) that maps to an IP address, used to access a website from client software. For example, the DNS for Google is 


To publicly name or publish private information (PII) about an unwitting target. 


Deep web/darknet forum similar to Reddit. Established by HugBunter after Reddit banned darknet marketplace related discussions. 

Drop site

The location where a shipment of (typically illegal) goods will be deposited. 

Dump (crypto)

The action of dumping a crypto when the price has dropped, or sell it very quickly to get out of the investment. 


Also referred to as dumpz; Large pre-compiled lists of stolen financial data.



Acronym for Error Correction Code. A type of code that checks read or transmitted data for errors and corrects them as soon as they are found. 


Acronym for Endpoint Detection and Response.


Process obfuscating information or data such that it can be only be read by those that have the cipher.


Contractual arrangement designed to have a third party hold funds or assets while product is being transferred, ensuring that both parties will get what they expect. Popular with darknet marketplaces.


Acronym for Ethereum.


Slang for “Exfiltration”. The process of removing data from a victim network, often via SSH or FTP. 

Exit Relay

The final node in a Tor onion circuit that network traffic passes through before reaching the destination server. 

Exit Scam

Scam in which a darknet market administrator or vendor shuts down operations before providing the purchased good or service, or stealing the escrow funds held by the marketplace.


Procedure or code that takes advantage of a vulnerability or flaw in software, an operating system, or firmware. 

Exploit Kits 

(Also referred to as Exploit Packs); Collection of exploits that serve as a toolkit for cybercriminals to attack vulnerabilities.


The threat of leaking or holding stolen data, senstive information or computer systems until the criminals demands are met.



Acronym for Finalize Early, signaling that funds in a darknet marketplace’s ESCROW have been released before the product has arrived. 


Slang term for Fentanyl.


Network security system that continuously monitors incoming and outgoing network traffic, and blocks out any untrusted sources to ensure safe communications.


A type of software that is etched directly into a piece of hardware. It operates without going through APIs, the operating system, or device drivers—providing the needed instructions and guidance for the device to communicate with other devices or perform a set of basic tasks and functions as intended.


Slang term for cocaine that is more potent, purer, and more expensive.


Acronym for Fear of Missing Out; fear of not knowing about something, not being privy to certain information, or not being invited to an event or activity.


Online discussion site where people discuss and follow specific topics.


A type of peer-to-peer decentralized network designed for anonymity and censorship resistence by direct file sharing and hosting by the peers of the network. 


Acronym for Fear, Uncertainty, Doubt.


Slang term for Full Information; Consists of detailed PII that could be utilized by a cybercriminals to commit fraud or identity theft. 


Acronym for File Transfer Protocol. Network protocol used to transfer files between devices over the internet. 



Acronym for Good Gear, or for Gamma Goblin; A marketplace on the darknet.

GG (gaming)

Phrase meaning “Good Game.” Can also be used as an insult when a player has performed extremely poorly.

Ghosting (gaming)

Form of cheating in online games where certain players have beneficial information about the game or other players that they shouldn’t have and gives them the upper hand. Also describes a player that is offline but appears to still be available via chat.


Acronym for Greatest of all time; Someone that is the best in a certain category.



An individual who uses technical knowledge to solve problems, gain access, break into systems, or take information for nefarious purposes or social-good motivations for themselves or on behalf of a group or government.


Actions to jeopardize and the misuse of digital devices to compromise them and damage them and their networks, typically to extract information for malicious purposes. 


Individual/s who carry out cybercrimes against organizations that do not align with their particular social, religious, or political beliefs.


Physical tools, machinery, and equipment that a computer system needs to function. 

Hash Value 

A number that identifies a unique set of data.


Practice of taking data and inputing it into a cryptographic hash function to produce a hash value.


Also displayed as Haxor. Slang for hacker.


Shorthand for hack; Low level crime and cheating.

Hidden Service

Another term for an .onion (Tor) site. Also called “onion services”.

High-Risk Surface Web

Content from the surface web that has a high overlap with the darknet and deep web community, including mirrors of darknet sites.

HODL (crypto)

Acronym for Hold on for Dear Life; Passive, longer-term investment strategy of holding onto crypto instead of selling with hopes that the value will increase.


Website or hidden service setup by law enforcement to attract and identify individuals who participate in illegal activity online.

Hot wallet 

Virtual cryptocurrency wallet that is always connected to the internet and cryptocurrency network and is used to make cryptocurrency transactions.



Acronym for Invisible Internet Project; Encrypted, anonymous network that allows for protected, uncensored communication via peer-to-peer network communications.


Acronym for Initial Access Brokers; Individuals or gangs that have access to networks either by elite credentials or by a possession of known vulnerabilities and sell access to malicious actors.


Acronym for Industrial Control System. A generalization to describe types of control systems and apparatuses built to manage, automate, and operate industrial processes. 


Acronym for Intrusion Detection System; Device or software that monitors networks and scans them for an attack or malicious activity.


Acronym for Individual Identification Number; used in reference to bank and/or credit accounts.

Image Board

Internet forum that centers around the posting of images and comments around a specific topic where identity is kept anonymous, see chan. 


Acronym for Internet Protocol; rules for routing data in the internet. Can be ipv4 or ipv6. 


Acronym for Incident Response; Comprises of how an organization responds to a cyberattack.


Acronym for Intellectual Property; Intangible creations of the mind. Could also refer to Internet Protocol.

IP address

Unique identifier that a device has on the internet or local network.


Acronym for In-plane switching; Form of led display monitor known for having the best color and viewing angles.


Acronym for Internet Relay Chat; Text-based chat system for group discussion where chat servers allow network connections from users. 


Acronym for Internet Service Provider. A company providing paying customers access to the Internet.


(Cyber) Jihad

Islamic extremist terrorists’ use of the Internet to communicate, plan, and recruit.


A communication software platform provided by Cisco that is cloud-based and encrypts server-to-server connections. 



An open-source Debian-based, operating system distributed by Linux used in security auditing,  penetration testing, and popular with threat actors. 


Type of monitoring software that captures and records the keys pressed on a keyboard.


Acronym for know-your-customer/client; Standard identity verification to set up crypto exchange account. 



Acronym for live action role play; Type of role playing where people dress up as their characters and act out the game.


Acronym for Law Enforcement.


Acronym for Law Enforcement Agency.


An unintentional exposure of secured organizational data.


Financial record-keeping system that maintains the anonymity of the user’s identity, cryptocurrency balances, and transactions.


A person who downloads data, software or resources  (often unethically), without sharing or providing anything in return.

Leet (gaming)

(also referred to as l33t or 1337); Slang term for someone who has great skills at gaming or computing.

Link farms

Group of websites that all hyperlink to a target page in order to increase the search engine optimization ranking.


Offering of a product or service for sale on the darkweb.


(LTC) Peer-to-peer cryptocurrency and open-source software that uses Scrypt and operates like BitCoin.


Files of data generated by a computer that keeps information about use, patterns, activity, and operations within the operations system. 

Love Letter

Dark web slang for when the postal service seizes a package and leaves a notice in the receipient’s mailbox that illegal goods have been seized but no legal action has been taken.


Person who browses a internet board but never posts original threads. 


MAC address

Acronyn for Media Access Control address; Unique 48-bit serial number that uniquely idenfies a device in a network segment.


Malicious software program designed to hijack computer systems or steal sensitive information from a device or network. 

Mariana’s Web

A nick-name given to a mythical section of the darkweb inspired by Mariana’s trench. Supposedly the deepest part of the dark web with forbidden, illegal information and services. 


Also known as markets. Websites on the darknet where vendors can sell their goods or services while remaining anonymous.


Process of modifying data to a point where there is little usable material to those without granted access.

MD5 Hash

A message-digest algorithm that was designed as a cryptographic hash function. It is still used to authenticate files using a 128-bit hash value.


A humerous image, video or phrase that is often altered and spread via the internet using social media.


Data that provides more information about data or a document. Metadata is often hidden and not readily available to the consumer.


Tutorials and guides distributed and used to instruct cybercriminal activity.


Acronym for Multi-Factor Authentication. A user gives a combination of two or more credentials to gain accesss in a layered approach to securing data and information. 


Spreading false information regardless if the intention is to mislead others or not.


Acronym for Man in the Middle Attack; Attack that compromises the communication between the two parties who believe that they are communicating directly with eachother.

Mining (crypto)

Otherwise known as cryptocurrency mining; Process where new cryptocurrency coins are verified and added to the blockchain.

Mirror Site

A site with the same content as another but with a different domain or URL. 

Mix (crypto)

Otherwise known as a tumbler; Service offering to blend together potentially identifiable crypto funds with others in an effort to hide the trail to the fund’s original source and make crypto harder to trace.


Shorthand for Moderator; People who monitor online message boards, chatrooms, or discussions. 


Slang term for 3,4-Methylenedioxymethamphetamine (MDMA), commonly known as ecstasy; Psychoactive drug primarily used for recreational purposes.


A type of decentralized cryptocurrency that uses a public distributed ledger with privacy-enhancing technologies to keep finances anonymous and secure, increasing in popularity on the darknet.


Also known as money mules; People that help conceal the identity of a cybercriminal by assisting in fraud by moving money illegally on their behalf.


Abbreviation for Multi-Signature. Requiring two or more private keys for a cryptocurrency wallet to approve and send transactions. 


Nation-state actors

People who gather information on the dark web that would benefit their own country’s government.


Slang term for teenage or adult men who are socially awkward, pretentious, misogynistic, and have an inflated sense of self-worth. They often have a strong interest in gaming and/or anime.


Acronym for Not in Education, Employement, or Training; Slang term referring to a person who is not advancing in life and often lives at their parents playing video games or watching anime.


Slang term referring to a newcomer to an internet forum or game who is considered a nuisance.


Acronym for Non-Fungible Token. A digital assest representing a unique real-world or digital object held on the blockchain, usually Ethereum, allowing the buyer to own the original item.


Acronym for network interface controller; computer hardware part that connects a computer to a network.


In Tor, any volunteer server in the network that help bounce and route traffic to maintain obfuscation of the clients and servers in the network. Could consist of entry, exit, relay, or bridges. 

NPC (gaming)

Acronym for Non-player Character; character in a game that is not controlled by a player.



Recursive acronym for Multi-End Message and Object Encryption. OMEMO is an Extensible Messaging and Presence Protocol (XMPP) extension used for secure multi-client end-to-end encryption.


Top-level domain (TLD) extension for Tor-based domain addresses. 

Onion Browser

A mobile version of the Tor Browser Bundle application for iOS devices. 

Onion Router

Also known as Tor; Open-source darknet network used for anonymous browsing.

Onion Routing

Networking protocol that shares data between a client and server through numerous nodes to prevent the inadvertant disclosure of either’s identity. 


Acronym for Original Poster; The first person who begins a thread in a forum. Some cyber operations are also referred to as “ops”.

Open Source 

Any program, application, software, or data that is available to the public without purchase.


Acronym for OPerational SECurity; The standards and process a person or organization should implement to ensure that a security breach does not occur.


Acronym for Operating System. Software interfacing with hardware and manage resources and services to run applications making them user-friendly.


Acronym for Off-the-Record Messaging. A cryptographic protocol offering privacy and security by end-to-end encrypting instant messages with additional security measures. 



Acronym for Peer-to-peer; Decentralized type of computer network where the computer acts like the server and the client.


Small amount of data routed between its origin and a destination.


Also referred to as fraud pack, darknet pack, starter pack; Collection of technical resources to learn how to start crime on the darknet.


Online temporary content-hosting application that allows for users to share text online anonymously.


The malware a threat actor intends to deliver to the victim. May take form of virus, keylogger, rootkit, etc. 


Acronym for Private Blog Network; a group of high authority sites that one person owns and controls where they create links to drive traffic to their main site or money site. 


Slang term for Phencyclidine or phenyl cyclohexyl piperidine; dissociative hallucinogenic drug.


Acronym for PERsonal SECurity; Protection and control over personal information and identity.


Acronym for Pretty Good Privacy; Encryption program that provides cryptographic privacy and authentication for signing, encrypting, and decrypting data communications.

Phishing Package

Otherwise known as Phishing as a Service; Packages including templates, guides, and tutorials for an actor to carry out a phishing scam.


Otherwise known as phishing package; Acronym for phishing as a service; Packages including templates, guides, and tutorials for an actor to carry out a phishing scam.


Type of fraudulant social engineering for data collection designed to trick users into revealing sensitive information to what appear to be trustworthy sources via email.


Acronym for personal identifiable information; data tied to a specific individual that could potentially identify them. (ie. social security number)


Acronym for personal identification number; set of numbers used to prove identity or authenticate a service.

Pirate Bay

Can be abbreviated the TPB. A site founded by a Swedish anti-copyright group used for large file sharing of digital content such as entertainment media and gaming.


Information that can be read without using an decryption key but has been put into an encryption algorithm.


Acronym for Private Message. 


Acronym for Pump-and-Dump; Fraud involving the artificial inflation and manipulation of the price of a cryptocurrency with false and misleading statements.

POS (crypto)

Acronym for Proof-of-Stake; Mechanism used to verify cryptocurrency transations.

Private key

Otherwise known as secret key; Large numerical value used to encrypt and decrypt data and is only shared with those that should have access to said data.


Official procedure of how internet content is retrieved and then displayed to a browser.


Application that interrupts the connection between the client and the server in prder to hide the IP address to make the internal network more secure against cybercriminals.

Public key

Large numerical value used to encrypt data and is publicly shared and used as a security tool to check legitimacy of digital messages and signatures.


Slang phrase meaning to control or dominate another person’s computer or device.



A free peer-to-peer instant messaging service for chat, voice, video and file transferring that is end-to-end encrypted designed to protect users from surveillance.


A question or request for information asked in a particular syntax to retrieve information from a database.



Type of malware that involves encrypting the files and applications on a device or networked devices and then demands payment for decrpytion.


Acronym for Ransomware-as-a-Service; Business model for cybercriminals to hire ransomware operators to launch ransomware attacks on their behalf.

Ransomware Services

The onion services related to ransomware threat actors, where victims are announced and data is leaked. 


Acronym for Remote Access Trojans; Malware program that allows access into a computer bypassesing the system’s security and allows for control over the targeted computer.


Acronym for Remote Desktop Protocol; Protocol for accessing a computer remotely and often a potential unauthorized access point. 


Continuity tool that re-directs traffic from an old website to the new one. 


Slang term for someone that has not been radicalized; reference to the movie, The Matrix.


Slang term meaning “Wrecked”.


Darknet slang referring to a scammer.


Top-level directory of a file system.


Reword to: Malicious program or application designed to provide persistent, unauthorized, priviledged access to a target device. 


Hardware used to forward packets of information along a network, directing traffic on the internet.


Acronym for Rivest–Shamir–Adleman; Public-key cryptosystem used for secure data transmission.



Acronym for Supervisory Control and Data Acquisition. A control system that uses computers to control equipment and gather data for time-sensitive matters, often in conjuction with critical infrastructure. 

Secret Key

Otherwise known as private key; Large numerical value used to encrypt and decrypt data and is only shared with those that should have access to said data.


Acronym for the Simple Mail Transfer Protocol. A standard communication protocol on the internet for communicating electronic mail (e-mail). 


Acronym for Secure Over Credential-Based Kerberos Services. An internet protocol which routes network packets between a client and server using a proxy server. 


A software-based program, typically malware, that is deployed on victim devices that when executed or downloaded is designed to take credentials, cookies, and sensitive information to take advantage of the victim financially, engage in fraud, and possibly identity theft. 


Acronym for Software as a Service; software delivery and licensing that is available via a subscription service.


An isolated and controlled operating space where potentially dangerous programs are run so that they will not cause harm to the device.

Satoshi Nakamoto

The pseudonymous creator of Bitcoin. 


Slang used in fraud and hacking community to detail the steps required for conducting fraud or program exploitation for financial gain. 


Process of collecting large data sets from websites.

Script kiddie 

A person who lacks the skills to create original malicious software code, reuses code from other developers, or uses pre-installed applications. 

Search Operator

Comands or parameters that can combine, filter, or exclude items to in order to narrow the results and focus of a search. In Boolean, these are AND, OR, etc.


To take by force a website, online service or operation. It is common for law enforcement to seize specific darknet markets and services. 


Device that processes requests and provides a service to clients in a network. 


Scaling technique used to split database sets used by blockchain companies to reduce network congestion and enables more transactions per second.


Person who will advocate for an extreme idea without logic or reason. The person may sometimes be paid to influence a controversial conversation or convince others without publicly acknowledging their biases. 

SIM swapping

Otherwise known as SIM Splitting, port-out scam, or simjacking; Form of identity theft where a cybercriminal takes over the mobile phone account of its victim by assigning the mobile number to a new sim card.


Credit card information theft using a small device attached to a credit card transaction machine, which harvests the sensitive card data when transaction occurs. 

Slave (Zombie) 

One of the devices controlled by an attacker for malicious activity that is part of a group of other compromised devices which together make a botnet. 


Phishing through text messages where cybercriminals try to get the recipient to click on a malicious link.

SMS Bomber

Online tool used to send out numerous mobile phone notifications at the same time, often times used by spammers with a phishing link.

Smurf (gaming)

An experienced player who uses a different and new account to trick other players into thinking he is a new player and less experienced.


Security Operations Center. A central group of people and technology used for real-time threat intelligence analysis within an organization. 

Social Engineering

Psychological manipulation of people to get them to do things or share secret information.

Sock puppet

Fake online identity created for deception and/or investigations.


Applications, programs, and scripts that run on an information system. 


Method used by cybercriminals in which they falsify the origins of network communication to mislead or misdirect the recipient into thinking they are interacting with a known and trusted source.


Structured Query Language. The standard language used in database management systems that communicates with databases. 


Acronym for Secure SHell; Cryptographic network protocol that allows computers to communicate and exchange information over an unsecure network.


A type of cryptocurrency that fix their value using external references. 

Staking (crypto)

Action of locking up digital currency in order to influence the performance of a blockchain network and in turn earn interest.


A quantity of typically illegal materials that are hidden away to keep safe and secret.

Surface Web

Most commonly accessed layer of the internet that is public facing and searchable with standard search engines.


When more than one threat actor attacks a network or resource all at the same time. 


Acronym for Society for Worldwide Interbank Financial Telecommunication; messaging system used by financial institutions to transfer money and comunicate financial transaction information securely.


Process of using stolen account information or credit card data to make fraudulent purchases and having them delivered to a criminal’s address. May also refer to the process of using stolen debit card information to collect cash out of an ATM.



A form of LSD or ecstasy where it is soaked in a small sqaure of paper for consumption.


An operating system designed for security and to protect against surveillance. It only connects to the internet through Tor.


Confirmed datasets (ex. username + password) 


A messaging application and social communication platform that is cloud-based, available across devices, and provides end-to-end encryption for specific secret chats. 


Acronym for Transmission Control Protocol; communications method for exchanging data between applications. 


An online conversation involving multiple users contributions and comments, observed on darknet forums. 


Acronym for Top-Level Domain. It is the last part of the domain name after the dot. e.g. .com.


Acronym for Traffic-Light Protocol. A system of protocols used in the security community to facilitate information-sharing to classify and designate information indicating how sensitive data is and when it should be shared. 

To The Moon (crypto)

Slang term for profit often when cryptocurrency is expected to reach higher than a modeled or predicted price.

Token (crypto)

Virtual unit of value.


Slang term for a person with an over-inflated ego whose image of themselves exceeds that of reality and acts in accordance with their ego to make other perceives them more favorably. 


Acronym for The Onion Router and maintained by the Tor Project non-profit organization. 

Transaction (crypto)

Transfer of digital currency from point A to point B.


The hash of a unique password which allows one’s sign-in on an imageboard to be recognized without storing any data about them, allowing for signing posts anonymously. 


Otherwise known as Trojan Horse; Malicious code or software that appears to be useful but has malicious intent to cause harm.


An individual in an online community, chat, forum, or post who comments disparaging, rude, and offensive commentary so that other readers have an emotional or knee-jerk reaction.


The deliberate act by a troll of making unsolicited and/or controversial remarks on the internet with intent to provoke an emotional response.


Acronym for Tactics, Techniques, and Procedures.

Tumbler (crypto)

Also known as cryptocurrency mixing; Service offering to blend together potentially identifiable crypto funds with others in an effort to hide the trail to the fund’s original source and make crypto harder to trace.

Turtling (gaming)

Gameplay strategy emphasizing defense, where the player waits for their opponent to take risks while avoiding risk themselves.



Acronym for User Datagram Protocol. An internet communication protocol used for time-sensitive communications across the internet where applications can send datagrams to others on an Internet Protocol network. e.g. real-time multiplayer games and streaming media.


Acronym for User Interface; Industrial design of where human interaction meets computer.


Acronym for Coordinated Universal Time. Uses International Atomic Time and Universal Time (or solar time) to act as the world’s time standard.


A cute face emoji to express happiness or warm feelings. 



Confirmed datasets (credit cards, username + password combinations).


Acronym for Version Control System; A software system used by software developers to track changes to source code and manage software deployments.


Sellers of goods or services on darknet marketplaces. 

Vendor Shop

A darknet service advertising a single type of product category or service and sold by 1-2 vendors maximum.


A malicious computer program designed to change (or corrupt) installed applications on an infected system. Self replication is possible if by design. 


Acronym for Virtual Private Network.



Fictional female character who someone has great affection for and potentially considers a signifcant other.


Pirated software distributed online and in the darknet.


Individuals, institutions and exchanges who have uncommonly large amounts of crypto and the ability to manipulate currency valuations.


A Linux distribution focusing on privacy by running applications anonymosly as all communications go thorugh Tor. 


Website that allows registered users to collaboratively write and edit content directly for all users to be able to see.


A malicious self-contained program originating on a single computer that searches for computers on the same (or adjacent) network and self-replicates for additional destruction.



Slang term for Ecstasy; hallucinogenic and stimulant recreation drug containing 3,4-methylenedioxy-methamphetamine (MDMA).


Acronym for Extensible Messaging and Presence Protocol. An open technology protocol used for communication and collaboration using XML. 


Acronym for Monero. See: Monero


Acronym for Cross Site Scripting. A vulnerability in websites or an application that accepts user input consisting of cybercriminal’s malicious code. 



Also called, 0day, a security design flaw or vulnerability that can be exploited with critical consequence, but cannot be quickly mitigated or patched by the hardware or software vendor. 


A darknet site that combines trackerless Bittorrent and a blockchain for decentralized persistent website content and user identities with in the network. 


Websites hosted within the Zeronet decentralized network.

Download the pdf

Copyright © 2024 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.